HOMELAND SECURITY 3

 

How successful has the creation of the DHS been in providing the United States with a huge law enforcement capability that would deter, prepare, and prevent any future September 11th type events? Defend your position in 3-4 paragraphs. 

your initial post should be a minimum of 200-250 words.

Homeland Security law

Homeland SecurityHomeland Security

Safeguarding the U.S. from Domestic Catastrophic DestructionSafeguarding the U.S. from Domestic Catastrophic Destruction

by CW Productions Ltd.

Edited by Richard White, Ph.D., Tina Bynum, DM, and Stan Supinski, Ph.D.

Homeland Security

Safeguarding the U.S. from Domestic Catastrophic Destruction

By CW Productions Ltd.

Edited by:

Richard White, Ph.D., Tina Bynum, DM, and Stan Supinski, Ph.D.

Homeland SecurityHomeland Security

Safeguarding the U.S. from Domestic Catastrophic DestructionSafeguarding the U.S. from Domestic Catastrophic Destruction

by CW Productions Ltd.

Edited by Richard White, Ph.D., Tina Bynum, DM, and Stan Supinski, Ph.D.

Cover art: New York City Freedom Tower, Mandritoiu, courtesy of Shutterstock.com

Copyright © 2016 by CW Productions, Ltd.

Permission in writing must be obtained from the publisher before any part of this work may be reproduced in any form or by any

means, electronic or mechanical, including photocopying and recording, or by any information storage or retrieval system.

All trademarks, service marks, registered trademarks, and registered service marks are the property of their respective owners and

are used herein for identification purposes only.

Previously published as The U.S. Department of Homeland Security: An Overview, by Richard White, Tina Markowski, and Kevin

Collins © 2010

Printed in the United States of America.

10 9 8 7 6 5 4 3 2

ISBN 0-536-15295-0

2005420444

EH

Please visit our web site at www.cwpnow.com

CW Productions Ltd.

Colorado Springs, CO

A Homeland Security Education Company

ii

Preface

Welcome to the third edition of our textbook. As indicated by the new title, this edition is significantly different than

the previous two, and accordingly stocked with mostly new material. Whereas the first two editions described “what”

was being done in the name of homeland security, this one explains “why”. In keeping with our previous approach, we

do not ascribe ourselves as “authors” but “editors” because the bulk of material is drawn directly from government

documents, either primary sources or publicly available derivatives. Two of our foremost derivative sources were

reports published by the Congressional Research Service (CRS) and Government Accountability Office (GAO). They

have access to information, unclassified as it may be, well beyond the means of the general public. We would also like

to acknowledge the many public websites that were also instrumental in completing this text. And while we were only

“editors”, we think this book offers its own unique contributions to the field of homeland security. First, it delivers both

a comprehensive yet concise treatment of a very broad subject spanning numerous separate fields, from national

security to military operations to law enforcement to emergency management, to name only a few. Second, and most

importantly, it offers insight into the exact nature of homeland security. Because it was brought to the forefront of

national attention by an act of terrorism, homeland security has become confused with terrorism. While terrorism

certainly remains a concern to homeland security, it is not the root concern. As we try to make eminently clear in this

textbook, the homeland security concern predates 9/11, stemming back to the 1995 Tokyo Subway Attacks which saw

the first employment of a weapon of mass destruction by non-state actors. As our title suggests, the homeland

security concern is domestic catastrophic destruction. 9/11 demonstrated how it could be achieved by subverting

critical infrastructure. Hurricane Katrina demonstrated how it could be accomplished without malicious intent. While

we give due attention to the terrorist motive, we don’t give it the undue attention it has gained by becoming almost

synonymous with homeland security. In this regard, we hope to set the record straight and make it clear what

homeland security “is”, and what it “is not”. Homeland security is not terrorism, nor is it mass killings. While closely

related, homeland security, terrorism, and mass killings are distinctly separate. We hope to demonstrate that in this

book. More importantly, we hope to impart a clarity of understanding that will give you, the reader, a corresponding

advantage in your academic and professional pursuits supported by this knowledge.

iii

Richard White, Ph.D.

Rick White is an Assistant Research Professor at the University of Colorado at Colorado Springs. His Ph.D. is in

Engineering Security. He has published works on critical infrastructure risk management. Rick’s interest in homeland

security stems back to 9/11 when he was teaching at the Air Force Academy and watched together with his cadets as

the hijacked aircraft crashed into the Twin Towers. A retired Air Force officer, Rick has developed and taught

homeland security courses for colleges, universities, and various government agencies over the years. Other textbooks

include Homeland Defense: An Overview (Pearson 2007), Introduction to Joint and Coalition Warfare (FastPlanet

2005), and United States Military Power (FastPlanet 2004).

Tina Bynum , DM

Tina Bynum is the University Program Director for the College of Security Studies at Colorado Technical University

where she develops and manages the curriculum for homeland security, criminal justice, and public administration

programs at the undergraduate, graduate, and doctoral levels. She is an editorial review board member for the Journal

for Homeland Security Education and is a member of the International Society for Preparedness, Resilience and

Security (INSPRS). A retired firefighter and emergency medical technician, Dr. Bynum also plays key roles in local

emergency planning and exercising under the Homeland Security Exercise and Evaluation Program (HSEEP) protocols

and teaches courses in criminal justice, emergency and fire management services, public administration, and homeland

security. While serving as the Associate Director for the University of Colorado’s Trauma, Health and Hazards Center,

she developed a peer support program to build resilience and assist recovery from high-risk occupational traumatic

experiences that was implemented in local police and fire departments. This program has gone on to serve the needs

of military personnel returning from combat. Dr. Bynum also co-authored The United States Department of Homeland

Security, An Overview (2Ed, 2010).

Stan Supinski, Ph.D.

Stan Supinski is the Deputy Director of Partnership Programs and faculty member for the Naval Postgraduate School,

Center for Homeland Defense and Security. He has taught and directed Homeland security courses for a variety of

institutions, to include Long Island University, the University of Denver and the University of Massachusetts. He also

founded and formerly directed the Homeland Security/Defense Education Consortium on behalf of NORAD/US

Northern Command. Dr. Supinski is a retired US Air Force officer, having served as a professor of Russian at the US Air

Force Academy and as an intelligence officer in various locations worldwide.

About the Authors

iv

Contents

Part I: Hard Lessons
Chapter 1: Turning Point ……………………………………………………………………. 3

Chapter 2: Lost Opportunities …………………………………………………………… 19

Chapter 3: We Have Some Planes ……………………………………………………. 33

Chapter 4: And They Saved Many …………………………………………………….. 47

Chapter 5: Not by Chance ………………………………………………………………… 71

Chapter 6: Surpassing Disproportion …………………………………………………. 89

Chapter 7: Failure of Imagination ………………………………………………………. 99

Chapter 8: Failure of Initiative ………………………………………………………….. 111

Part II: HS, DHS, & HS Enterprise
Chapter 9: Homeland Security ………………………………………………………… 135

Chapter 10: DHS Formation ……………………………………………………………. 149

Chapter 11: DHS Evolution …………………………………………………………….. 163

Chapter 12: DHS Progress …………………………………………………………….. 187

Chapter 13: HS Enterprise ……………………………………………………………… 223

Part III: Mission Areas
Chapter 14: Critical Infrastructure Protection ……………………………………… 239

Chapter 15: Counter WMD Strategy …………………………………………………. 251

Chapter 16: Cybersecurity ……………………………………………………………… 261

Chapter 17: Counterterrorism………………………………………………………….. 277

Chapter 18: Emergency Preparedness & Response …………………………… 293

Chapter 19: Aviation Security …………………………………………………………… 309

Chapter 20: Maritime Security ………………………………………………………….. 327

Chapter 21: Surface Transportation Security ……………………………………… 341

Chapter 22: Border Security …………………………………………………………….. 353

Chapter 23: Immigration Enforcement ……………………………………………….. 367

v

Contents

Part IV: Mission Components
Chapter 24: National Protection & Programs Directorate ……………………… 383

Chapter 25: Science & Technology Directorate …………………………………… 397

Chapter 26: Domestic Nuclear Detection Office ………………………………….. 413

Chapter 27: Intelligence & Analysis …………………………………………………… 425

Chapter 28: Federal Emergency Management Agency ………………………… 439

Chapter 29: U.S. Coast Guard …………………………………………………………. 457

Chapter 30: Transportation Security Administration …………………………….. 473

Chapter 31: U.S. Customs & Border Protection …………………………………… 485

Chapter 32: U.S. Secret Service ………………………………………………………. 503

Chapter 33: U.S. Immigration & Customs Enforcement ………………………… 513

Chapter 34: U.S. Citizenship & Immigration Services …………………………… 529

Part V: Mission Partners
Chapter 35: Congress …………………………………………………………………….. 543

Chapter 36: National Security Council ……………………………………………….. 555

Chapter 37: Intelligence Community …………………………………………………. 567

Chapter 38: Department of Defense ………………………………………………….. 583

Chapter 39: National Guard …………………………………………………………….. 595

Chapter 40: Federal Bureau of Investigation ………………………………………. 613

Chapter 41: State & Local Law Enforcement ………………………………………. 625

Chapter 42: First Responders ………………………………………………………….. 641

Appendices
Appendix A: DHS Budgets ………………………………………………………………. 651

Appendix B: Glossary ……………………………………………………………………… 669

Appendix C: Index ………………………………………………………………………….. 681

Appendix D: Works Cited ………………………………………………………………… 695

vi

Contents

List of Tables
3-1: 9/11 Hijackers & Flights ……………………………………………………………… 34

3-2: 9/11 Timeline ……………………………………………………………………………. 45

8-1: Hurricane Katrina New Orleans Timeline …………………………………….. 119

10-1: Organizations Transferred to DHS ……………………………………………. 155

11-1: DHS Initial Operating Organization …………………………………………… 169

11-2: Mapping DHS Organization & Critical Mission Areas …………………… 170

11-3: Comparison of Strategy Objectives ………………………………………….. 177

11-4: QHSR Missions & Goals ………………………………………………………… 180

12-1: 2007 GAO Assessment of Border Security ………………………………… 190

12-2: 2007 GAO Assessment of Immigration Enforcement …………………… 191

12-3: 2007 GAO Assessment of Immigration Services ………………………… 192

12-4: 2007 GAO Assessment of Aviation Security ………………………………. 193

12-5: 2007 GAO Assessment of Surface Transportation Security………….. 194

12-6: 2007 GAO Assessment of Maritime Security ……………………………… 195

12-7: 2007 GAO Assessment of Emergency Preparedness& Response … 196

12-8: 2007 GAO Assessment of Critical Infrastructure Protection ………….. 197

12-9: 2007 GAO Assessment of Science and Technology …………………… 198

12-10: Comparison of 2011 & 2007 GAO Mission Area Assessments ……. 199

12-11: 2011 GAO Expectations for Aviation Security …………………………… 202

12-12: 2011 GAO Expectations for CBRN Threats ……………………………… 203

12-13: 2011 GAO Expectations for CIP of Physical Assets…………………… 204

12-14: 2011 GAO Expectations for Surface Transportation ………………….. 205

12-15: 2011 GAO Expectations for Border Security …………………………….. 207

12-16: 2011 GAO Expectations for Maritime Security ………………………….. 209

12-17: 2011 GAO Expectations for Immigration Enforcement ……………….. 211

12-18: 2011 GAO Expectations for Immigration Services …………………….. 213

12-19: 2011 GAO Expectations for CIP of Cyber Assets ……………………… 215

12-20: 2011 GAO Expectations for Emergency Preparedness & Response …….. 217

12-21: 2015 GAO Assessment of DHS Management Functions ………….. 2019

vii

Contents

List of Tables (continued)
14-1: CIP Directives, Strategies, & Plans …………………………………………… 242

14-2: Infrastructure Sectors and Lead/Sector-Specific Agencies ……………. 243

15-1: CWMD Guidance Documents ………………………………………………….. 253

16-1: U.S. Tier 1 ISPs …………………………………………………………………….. 266

16-2: DHS National Cyber Risk Alert Levels……………………………………….. 272

19-1: Transportation Subsectors ………………………………………………………. 310

19-2: Cyber Attack Vectors ……………………………………………………………… 322

19-3: Potential Types of Aircraft Cyber Attacks …………………………………… 323

20-1: Transportation Subsectors ………………………………………………………. 328

21-1: Transportation Subsectors ………………………………………………………. 342

24-1: Critical Infrastructure Sectors …………………………………………………… 386

25-1: DHS Laboratories ………………………………………………………………….. 403

25-2: DOE Laboratories ………………………………………………………………….. 403

25-3: DHs Centers of Excellence ……………………………………………………… 404

38-1: Organization of U.S. Military Forces ………………………………………….. 584

38-2: National Guard Direction, Payment, & Authorities ……………………….. 585

38-3: U.S. Combatant Commands ……………………………………………………. 585

viii

Contents

List of Figures
5-1: Pentagon Crash Sites………………………………………………………………… 75

5-2: AFCD Incident Command on 9/11 ……………………………………………….. 79

8-1: Track of Hurricane Katrina ………………………………………………………… 115

10-1: DHS Organization …………………………………………………………………. 159

11-1: 2003 DHS Organization ………………………………………………………….. 171

11-2: 2008 DHS Organization ………………………………………………………….. 179

11-3: 2015 DHS Organization ………………………………………………………….. 181

12-1: Selected Factors Influencing DHS Mission and Performance

Ten Years Following 9/11 ……………………………………………………….. 200

14-1: 2013 NIPP Risk Management Framework …………………………………. 244

14-2: PSA Security Survey Example “Dashboard” Results …………………… 246

15-1: DoD Geographic Combatant Commands ………………………………….. 254

16-1: Schematic Representation of a Portion of the Internet …………………. 265

16-2: Internet ISP Tiers ………………………………………………………………….. 266

16-3: IXP Role in Today’s Internet ……………………………………………………. 267

16-4: AVOIDIT Cyber Attack Taxonomy ……………………………………………. 269

20-1: USCG Security In-Depth ………………………………………………………… 335

22-1: Total Estimated Illegal Border Inflows, FY2000-FY2012 ………………. 364

23-1: Annual Immigration Admissions 1900-2010 ……………………………….. 369

23-2: Immigrant Countries of Origin 1900-2010 ………………………………….. 370

23-3: Foreign-Born Residents by Region of Origin 1960-2010 ………………. 371

23-4: Nonimmigrant Visas Issued by U.S. Department of State 1987-2013 ……… 372

23-5: Nonimmigrant Admissions at U.S. Ports of Entry 2003-2013 ………… 373

23-6: Inadmissible Aliens at Ports of Entry 2005-2013 …………………………. 374

23-7: Alien Formal Removals and Voluntary Returns 1990-2013 ………….. 376

23-8: Estimated Number of Unauthorized Resident Aliens …………………… 377

24-1: NPPD Organization Chart ………………………………………………………. 385

24-2: NIPP Risk Management Framework …………………………………………. 386

25-1: DHS S&T Organization …………………………………………………………… 399

ix

Contents

List of Figures (continued)
25-2: DHS S&T Annual Funding ……………………………………………………….. 406

26-1: DNDO Organization ……………………………………………………………….. 415

26-2: Layers of the Nuclear Detection Architecture ……………………………… 419

27-1: DHS Office of Intelligence & Analysis Organization Chart …………….. 428

28-1: FEMA Leadership Organization Chart ……………………………………….. 444

28-2: FEMA Regions ………………………………………………………………………. 445

29-1: United States Coast Guard Organization Chart …………………………… 466

29-2: United States Coast Guard Districts ………………………………………….. 467

30-1: TSA Organization Chart 2010 ………………………………………………….. 477

31-1: CBP Organization Chart ………………………………………………………….. 488

31-2: The U.S. Import Process …………………………………………………………. 496

32-1: U.S. Secret Service Organization Chart …………………………………….. 505

33-1: ICE Organization Chart …………………………………………………………… 515

33-2: ICE Removal Statistics ……………………………………………………………. 524

34-1: USCIS Organization Chart ………………………………………………………. 532

36-1: National Security Council Organization ……………………………………… 560

37-1: The U.S. Intelligence Community ……………………………………………… 576

38-1: Geographic Combatant Commands’ Areas of Responsibility ………… 586

38-2: Dual-Status Commander Chain of Command …………………………….. 590

39-1: Reserve Component Mobilization Authorities ……………………………… 598

40-1: Balancing Civil Liberties ………………………………………………………….. 621

42-1; Emergency Preparedness Cycle ………………………………………………. 646

x

Contents

List of Figures (continued)
A-1: FY03 DHS Budget Allocation ……………………………………………………. 653

A-2: FY04 DHS Budget Allocation ……………………………………………………. 654

A-3: FY05 DHS Budget Allocation ……………………………………………………. 655

A-4: FY06 DHS Budget Allocation ……………………………………………………. 656

A-5: FY07 DHS Budget Allocation ……………………………………………………. 657

A-6: FY08 DHS Budget Allocation ……………………………………………………. 658

A-7: FY09 DHS Budget Allocation ……………………………………………………. 659

A-8: FY10 DHS Budget Allocation ……………………………………………………. 660

A-9: FY11 DHS Budget Allocation ……………………………………………………. 661

A-10: FY12 DHS Budget Allocation ………………………………………………….. 662

A-11: FY13 DHS Budget Allocation ………………………………………………….. 663

A-12: FY14 DHS Budget Allocation ………………………………………………….. 664

A-13: FY15 DHS Budget Allocation ………………………………………………….. 665

A-14: FY16 DHS Budget Allocation ………………………………………………….. 666

xi

Part I:

Hard Lessons

This section explores the events that created and shaped U.S. homeland security policy. It begins shortly after the end

of the Cold War in 1991. After a four-decade standoff between the United States and Soviet Union, there was a global

sense of relief and great expectation that the world would become a much safer place after the threat of imminent

nuclear war had subsided. Those illusions were shattered in March 1995 after a religious cult attempted to murder

thousands of Japanese commuters aboard the Tokyo subway system using Sarin nerve gas. It was the first time a non-

state actor employed a weapon of mass destruction, marking a watershed moment in history when small groups

attained the destructive power of nations. The implication was not lost on Congress which, spurred by the Oklahoma

City bombing a few months later, chartered a number of commissions to investigate the prospects of WMD attack on

U.S. soil. Because the Tokyo subway attacks sought to topple the Japanese government, they were, by definition, acts

of terrorism. The congressional committees subsequently blurred the distinction between act and motive, labeling a

WMD attack by non-state actors as “terrorism”. The committees also introduced the term “homeland security” to

describe various organizational proposals to prevent and respond to WMD attack. In February 2001, the Hart-Rudman

Commission recommended creation of a National Homeland Security Agency. These recommendations would’ve gone

unheeded except for 9/11. On September 11th, 2001, nineteen hijackers inflicted as much damage as the Imperial

Japanese Navy on December 7th, 1941; 3,000 dead and $40 billion in direct damages. The 9/11 Commission

characterized the attack as one of “surpassing disproportion”. However, instead of using WMD, the attackers

achieved WMD effects by subverting the nation’s transportation infrastructure, turning passenger jets into guided

missiles. The enduring lesson from 9/11 is that the critical infrastructure essential to an industrial economy also

contains the means for catastrophic destruction. What makes critical infrastructure particularly vulnerable, and

therefore a tempting target, is that little of it was designed to withstand deliberate attack, and much of it, due to the

Internet revolution, is susceptible to cyber attack. Moreover, the national security system built during the Cold War to

counter threats from nation states, suffered a collective “failure of imagination” to counter threats from non-state

actors. Accordingly, the U.S. Federal government underwent its largest reorganization since the end of World War II

and created a new Department of Homeland Security. But in its rush to close the gap exposed by this new threat, the

Federal government overlooked the consequences posed by an even older threat. In August 2005, Hurricane Katrina

forced the evacuation of a major U.S. city and killed over 1,400 of its citizens. It was another hard lesson that

catastrophic destruction comes in both natural and manmade forms.

2

Part I: Hard Lessons

3

Turning Point

Careful study of this chapter will help a student do the following:

 Explain the significance of the 1995 Tokyo subway attacks.

 Describe the legal definition of terrorism.

 Compare the different classes of weapons of mass destruction.

 Discuss how the 1995 Tokyo subway attacks precipitated U.S. homeland security policy.

Chapter 1

Learning Outcomes

Chapter 1: Turning Point

4

“The 1995 Sarin nerve gas attack on the Tokyo subway marked a turning point in the

history of terrorism.”

– 1999 Gilmore Commission Report

Introduction

Providing for the common defense is a purpose of U.S. government enumerated in the

Preamble to the Constitution. For over two hundred years the nation’s military

defended the country from other nations who sought to do us harm. But as weapons

of war developed into weapons of mass destruction (WMD), a new threat began to

emerge towards the end of the 20th century that the nation’s military could not

counter. That threat was nuclear terrorism, or more generally speaking, the

employment of WMD by non-state actors. This chapter examines the turning point

when the nation first realized its vulnerability, and events surrounding the evolution

from national security to homeland security.

From the Frying Pan into the Fire

With the dissolution of the Soviet Union in August 1991, the United States emerged

from the Cold War as the world’s sole remaining superpower. After forty-four years of

facing down the Soviet Union in global brinkmanship, it seemed the United States

could finally step back from the nuclear abyss that threatened at a moment’s notice to

turn the Cold War into World War III. As events would turn out though, it seemed that

the United States had jumped from the frying pan into the fire.

Loose Nukes

By 1991, the Soviet Union had amassed a stockpile of 35,000 nuclear warheads1 [1]

strategically located in the Soviet Republics of Russia, Ukraine, Belarus, and

Kazakhstan. The failed coup in Moscow in August 1991 and subsequent disintegration

of the Soviet Union raised concerns about the safety and security of nuclear weapons

in the former Soviet Republics. [2, pp. 3-4] In 1968, the United States and Soviet

Union signed the nuclear Nonproliferation Treaty (NPT) agreeing to keep nuclear

weapons from countries that did not have them. [3] Fearing that those weapons and

their secrets might now fall into the hands of rogue nations, in November 1991,

senators Sam Nunn (D-GA), and Richard Lugar (R-IN) sponsored the Soviet Nuclear

Threat Reduction Act authorizing $400 million to assist former members of the Soviet

Union with 1) destroying nuclear, chemical, and other weapons of mass destruction, 2)

providing secure transport for weapons on their way to destruction, and 3) establishing

verifiable safeguards against proliferation of these weapons. [2, pp. 3-4]

Part I: Hard Lessons

1By 1991, the United States had amassed over 20,000 nuclear warheads. [1]

5

Chapter 1: Turning Point

Initially, many in Congress saw U.S. assistance under Nunn-Lugar as an emergency

response to impending chaos in the former Soviet Union. Even after the sense of

immediate crisis passed in 1992 and 1993, many analysts and members of Congress

remained concerned about the potential for diversion or a loss of control of nuclear

and other weapons. Russia’s economy was extremely weak and press accounts

reported that nuclear materials from Russia were appearing on the black market in

Western Europe. Consequently, many began to view the Cooperative Threat Reduction

Program as part of a long-term threat reduction and nonproliferation effort in keeping

with the 1968 Nonproliferation Treaty. This view changed, though, after 1995 Tokyo

Subway Attack. [2, p. 5]

1995 Tokyo Subway Attack

At 6:00 am on the morning of March 20, 1995, Ken’ichi Hirose was driven to the

Yotsuya subway station in Tokyo. Upon arrival, Hirose boarded a westbound train to

Shinjuku Station where he caught a northbound train to Ikebukuro Station. While

waiting to board his next train, Hirose bought a sports tabloid then sought to isolate

himself among the crowd. After surveying the other passengers to confirm nobody

was looking, Hirose removed two plastic bags filled with clear liquid and wrapped them

in the newspaper. The bags were filled with the deadly nerve agent Sarin. Ken’ichi

Hirose was part of a five-man team dispatched by Shoko Asahara to attack the

Japanese government. [4]

Shibuya Asahara proclaimed himself “Christ” and sought to take on the sins of the

world in advance of a nuclear Armageddon from which he would emerge as “emperor”

of Japan. On March 20, 1995, Asahara sought to hasten his prophesied apocalypse by

murdering thousands of commuters transiting Tokyo’s Kasumigaseki and Nagatacho

districts, home to the Japanese government. Asahara also hoped it would put an end

to a police investigation into murder charges against the cult. To attain his designs,

Asahara would release the chemical agent Sarin within the crowded and confined

Tokyo subway. [4]

Sarin is an odorless, colorless liquid that attacks the nervous system. Developed as a

pesticide in 1938 Germany, it is outlawed by the 1993 Chemical Weapons Convention.

Sarin quickly vaporizes when exposed to the atmosphere, posing a threat to victims

either through inhalation or direct contact. Sarin is fatal even at very low

concentrations; a single drop the size of a pinhead can kill an adult. Death follows

quickly in one to ten minutes. [5]

Sarin is an odorless,

colorless liquid that

attacks the nervous

system.

6

On the morning of March 20, 1995, five members of Aum Shinrikyo, Ken’ichi Hirose,

Ikuo Hayashi, Toru Toyoda, Masato Yokoyama, and Yasuo Hayashi, picked up their bags

of Sarin and set out for the rush hour commute aboard the Tokyo subway. Hirose was

a thirty-year-old doctor of Physics. Hayashi was a medical doctor held in esteem at the

Ministry of Science and Technology before quitting his job and joining Aum. Toyoda

was a Physics student who graduated with honors from the University of Tokyo and

was about to begin doctoral studies when he joined Aum. Yokoyama was a thirty-one-

year-old Applied Physics major who worked at an electronics firm before joining Aum.

Thirty-seven year old Hayashi, the oldest member of the group, studied Artificial

Intelligence at university and traveled to India to study yoga before joining Aum. Five

men, all highly educated and psychologically sound, set out that Monday morning to

launch a chemical attack on the world’s busiest commuter transport system at the

peak of morning rush hour. [4]

Each perpetrator carried two bags of Sarin, except Yasuo Hayashi who carried three.

Carrying their bags of sarin and umbrellas with sharpened tips, the perpetrators

boarded their appointed trains. At prearranged stations, the sarin bags wrapped in

newspaper were dropped and punctured several times with the sharpened tip of an

umbrella. Each perpetrator then got off the train and exited the station to rendezvous

with pre-arranged getaway cars. They left behind them packets of Sarin leaking out

onto train cars packed with passengers. [4]

Ken’ichi Hirose was aboard the second car of the A777 heading inward to the

government district. As he was about to release the Sarin, Hirose caught the

unwanted attention of a schoolgirl. He paused. To ward off her attention, Hirose

decided to move up to the third car, taking his packet with him. As the train

approached Ochanomizu Station, Hirose dropped the packet to the floor, whispered an

Aum mantra, then punctured it with the tip of his umbrella. Hirose poked the packet

with such force that he bent the tip of his sharpened umbrella. Still, both bags were

successfully broken, and the Sarin began to leak across the train floor. Hirose

immediately departed and fled for his waiting getaway car. [4]

Ikuo Hayashi arrived at Sendagi Station and purchased a copy of the Japan Communist

Party newspaper to wrap his bags of Sarin. At 7:48 am he boarded the first car of the

A725K inbound to Tokyo’s central business district. Hayashi wore a surgical mask

commonly worn by Japanese during cold and flu season. At Shin-Ochanomizu Station

he dropped his packet to the floor and poked it with his umbrella. In his haste to flee,

though, Hayashi succeeded in puncturing only one of the two bags. Sarin leaked out

across the train as Hayashi moved quickly to join his getaway driver. [4]

Part I: Hard Lessons

7

Masato Yokoyama stopped on his way to Shinjuku Station to buy a paper to wrap his

bags of Sarin. Yokoyama put on a wig and fake glasses before boarding the fifth car of

the B801 inbound to the government district on the Marunouchi Line. As his train

approached Yotsuya Station, Yokoyama dropped his packet to the floor and began

poking it. He succeeded in making only a single puncture in one of the bags. As

Yokoyama fled the scene, the single bag leaked Sarin slowly across the floor. [4]

Toru Toyoda picked up a newspaper and wrapped his Sarin bags on the way to Naka-

Meguro Station. At 7:59 am he boarded the first car of the B711T inbound to Tokyo’s

central district. Sitting close to the door, Toyoda set the Sarin packet on the floor.

When the train arrived at the next station, Ebisu, Toyoda punctured the bags as he

disembarked. He was on the train a total of two minutes, the quickest drop of the day.

[4]

In order to prove his loyalty, Yasuo Hayashi carried three bags of Sarin. These he

wrapped in newspaper before boarding the train at 07:43. Hayashi took the third car

of the A720S departing Ueno Station. Shortly after boarding, he dropped his packet to

the floor. Two stops later, Hayashi punctured the bags as he departed the train at

Akihabara Station. Hayashi made the most punctures of any of the perpetrators. [4]

As the Sarin started vaporizing, passengers within the packed cars began to fall sick.

Victims would later report feeling nauseous and experiencing blurred vision. Neither

knowing nor understanding what was happening, instinct took control and compelled

them to flight. As the trains pulled into the next station, victims pushed their way out

of the contaminated cars, unwittingly spreading the agent onto the crowded platforms.

One passenger, noticing a liquid-soaked package on the floor, kicked it out the door

onto the Kodenmacho Station platform. Soon, waiting commuters began feeling the

effects and started pushing towards the exits. Some collapsed on the platform before

they could make it. [4]

Unaware what was happening, the contaminated trains continued towards central

Tokyo. Only after people started collapsing did agents realize something was seriously

wrong and ordered all trains stopped. But not before thousands had been exposed.

Hundreds collapsed outside the station entrances and lay on the ground waiting for

assistance. Ambulances transported 688 to nearby hospitals. More than 4,000 made

their own way, including the “worried well”. Hospitals were overwhelmed. [4]

Chapter 1: Turning Point

8

Of the 5,510 who sought treatment, 17 were deemed critical, 37 severe, and 984

moderate. By mid-afternoon, the mildly affected victims had recovered from vision

problems and were released. Most of the remaining patients were well enough to go

home the next day. Twelve people were not so fortunate and eventually died from

their exposure. Most of them were station attendants who had sought to help stricken

passengers. Experts suggest that if the attackers had been more successful in deploying

the Sarin, thousands could have died. [4]

In 2008, victims were authorized payment of damages because the attack had been

directed at the Japanese government. By 2009, 5,259 had applied for benefits under

the law. Of those, 47 were certified disabled, and 1,077 certified having serious

injuries or illnesses. Surveys of the victims showed that many still suffer from post-

traumatic stress disorder. In one survey, 27% of 837 respondents complained they felt

insecure whenever riding a train. [4]

The Terrorism Threat

The Tokyo subway attack was a seminal event; it was the first time a non-state group

had used a weapon of mass destruction against civilians. The incident appeared to

underscore both the vulnerabilities and potentially catastrophic consequences of

unprotected societies and ill-prepared governments in the face of indiscriminate

attacks employing weapons of mass destruction. Two years earlier, the bombing of

New York City’s World Trade Center by Islamic fundamentalists had demonstrated that

the United States itself was not immune to acts of terrorism intent on causing large

numbers of casualties. Indeed, the six persons who perished in that attack and the

approximately 1,000 others who were injured paled in comparison to the tens of

thousands who might have been harmed had the terrorists’ plans to topple one of the

towers into the other actually had succeeded. If any further evidence were needed of

this potential, it was provided less than a month after the Tokyo attack when Timothy

McVeigh used a large truck bomb to demolish the Alfred P. Murrah Federal office

building in Oklahoma City, killing 168 persons and injuring hundreds more. [6, p. 1]

Terrorism. “Acts dangerous to human life that are a violation of the criminal laws of

the United States or of any State, that appear to be intended to intimidate or coerce a

civilian population; influence the policy of a government by intimidation or coercion; or

to affect the conduct of a government by mass destruction, assassination, or

kidnapping.”

– Title 18 United States Code, Section 2331

Part I: Hard Lessons

The Tokyo subway

attack was a seminal

event; it was the first

time a non-state group

had used a weapon of

mass destruction

against civilians.

9

Until the 1993 attack on the World Trade Center, most Americans thought that

terrorism was something that happened elsewhere. However frequently U.S. citizens

and interests were the target of terrorists abroad, many nonetheless believed that the

United States itself was somehow immune to such violence within its own borders.

Terrorism, accordingly, was regarded as a sporadic—albeit attention-grabbing—

problem that occasionally affected Americans traveling or living overseas and

concerned only those U.S. government agencies with specific diplomatic and national

security responsibilities. If the 1993 World Trade Center bombing shattered that

complacency, then the explosion in Oklahoma City two years later dramatically

underscored the breadth of grievances felt toward the U.S. government. The list of

potential adversaries had seemed suddenly to grow from the foreign radicals and

religious extremists located in other regions of the world about whom we had always

worried, to include wholly domestic threats, such as those posed by the militantly

antigovernment, white supremacist organizations that had come to light in the

aftermath of the Oklahoma City tragedy. [6, p. 6]

In the wake of the New York and Oklahoma City bombings and Tokyo subway attacks,

there was a dramatic shift in the perceived threat of WMD terrorism. A number of

developments account for this sudden shift in direction and appreciation for what had

been previously dismissed as a far less realistic threat scenario. [6, p. 7]

First, terrorism had arguably shown a marked trend toward greater lethality. While

some observers pointed optimistically to the decline in the number of international

terrorist incidents during the 1990s as a noteworthy and salutary development in the

struggle against terrorism, the percentage of terrorist incidents with fatalities had

paradoxically increased. For example, at least one person was killed in 29% of terrorist

incidents in 1995. That represented the highest ratio of fatalities to incidents recorded

over the previous thirty years. [6, p. 7]

Second, the dangers posed specifically by chemical and biological weapons became

increasingly apparent. In part, this was a function of the demise of the Cold War

preoccupation with the nuclear dimension of international relations. Perhaps more

significant, however, was the possibility that, given the ongoing travails of the Russian

economy, poorly paid, disgruntled former Soviet scientists might attempt to sell their

expertise in chemical, biological and nuclear weapons on the “open market” to

terrorists or rogue states. [6, p. 8]

Chapter 1: Turning Point

In the wake of the New

York and Oklahoma City

bombings and Tokyo

subway attacks, there

was a dramatic shift in

the perceived threat of

WMD terrorism.

10

Finally, a precedent for mass destruction had been set in the guise of the 1995 Aum

nerve gas attack. That incident represented the first widely known attempt by a non-

state group to use WMD with the specific intent of causing mass civilian casualties.

Moreover, Aum’s use of such an exotic weapon as sarin may have raised the stakes for

terrorists everywhere, who might feel driven to emulate or create their own version of

the Tokyo attack to attract attention to themselves and their causes. [6, p. 9]

In the wake of these incidents, a new era of terrorism was perceived by experts and

government officials alike who foresaw a potentially bloodier and more destructive age

of violence emerging as we approached the twenty-first century. The changes in

terrorism that they described raised concerns in the United States, especially within

Congress and the Executive Branch, about the implications of evolving terrorist threats

that were now seen to include use of WMD. [6, p. 1]

WMD Terrorism

According to 18USC S2332a, a weapon of mass destruction is “any weapon that is

designed or intended to cause death or serious bodily injury through the release,

dissemination, or impact of toxic or poisonous chemicals, or their precursors; any

weapon involving a biological agent, toxin, or vector; or any weapon that is designed to

release radiation or radioactivity at a level dangerous to human life.” For simplicity,

current convention recognizes chemical, biological, radiological, and nuclear (CBRN)

agents as general classes of WMD. 18USC S2332a makes it illegal to employ WMD

against U.S. citizens, anywhere in the world.

Chemical weapons are defined in 18USC S229F as “chemicals, precursors, munitions, or

devices specifically designed to cause death or other harm through the toxic properties

of the chemicals.” Under 18USC S229F, it is illegal to develop, produce, acquire, or

transfer chemical weapons. Chemical agents are generally classified by their effects.

Thus nerve agents attack the body’s nervous system, blood agents block oxygen

transfer in the blood, blister agents cause blisters, and choking agents attack the

respiratory system. Experts also recognize that a host of toxic industrial chemicals

(TICs) essential to manufacturing processes may also be employed as weapons. [7, pp.

II-10 – II-11] In 2005, the National Planning Scenarios were released, examining

possible attack scenarios and their potential consequences. Of the fifteen listed

scenarios, four related to chemical attacks. Two pertained to the release of chemical

agents. The other two involved the release of toxic industrial chemicals. The

deliberate destruction of a chlorine storage tank produced the most casualties,

estimated at 17,500 according to the scenario. The nerve agent attack resulted in the

second most casualties, estimated at 6,000 according to that scenario. In both

scenarios, rescue operations were hampered by the difficulty of operating in a

contaminated environment. [8]

Part I: Hard Lessons

WMD is defined in

18USC S2332a. Current

convention recognizes

chemical, biological,

radiological, and nuclear

agents as general

classes of WMD.

11

Biological weapons are defined in 18USC S178 as “any microorganism or infectious

substance, or any naturally occurring, bioengineered or synthesized component of any

such microorganism or infectious substance, capable of causing death, disease, or

other biological malfunction in a human, animal, plant, or other living organism;

deterioration of food, water, equipment, supplies, or materials of any kind; or

deleterious alteration of the environment.” As with chemical weapons, it is illegal to

develop, produce, stockpile, transfer, acquire, retain, or possess a biological agent or

delivery system for use as a weapon. Biological agents include three basic categories:

pathogens, toxins, and bioregulators. Pathogens are disease producing

microorganisms such as bacteria, rickettsia, or viruses. Pathogens can occur naturally

or can be altered with biotechnology. Toxins are poisons formed by a vegetable or

animal, but can be produced synthetically also. Bioregulators affect cell processes in

the body. Used as a bioweapon, they can cause severe adverse effects or death. [7, pp.

II-18] The fifteen National Planning Scenarios describe five different types of biological

incidents, four of them stemming from some form of attack. According to the Planning

Scenarios, an anthrax attack could result in 13,000 casualties. Alternatively, the

deliberate introduction of foot and mouth disease could kill an untold number of

livestock. Either attack would be hugely disruptive to the national economy. [8]

Radiological Dispersal Devices (RDDs), or “dirty bombs” are covered by the definition

for WMD found in 18USC S2332a. Specifically, they include “any weapon that is

designed or intended to release radiation or radioactivity at a level dangerous to

human life; or any device or object that is capable of and designed or intended to

endanger human life through the release of radiation or radioactivity.” 18USC S2332h

makes it illegal to knowingly produce, construct, acquire, transfer, receive, possess,

import, export, possess, or threaten to use an RDD. The Planning Scenarios have only

one RDD scenario. An RDD is not considered particularly destructive, but it is

considered highly disruptive. According to the scenario, an RDD released in a major

urban area could contaminate up to thirty-six city blocks. Essentially, the area of

contamination would have to be evacuated until such time as it could be

decontaminated. Decontamination could take years and cost billions of dollars. [8, pp.

11-1 – 11-4]

Chapter 1: Turning Point

18USC S2332a makes it

illegal to employ WMD

against U.S. citizens,

anywhere in the world.

12

Nuclear weapons are also covered by the definition for WMD found in 18USC S232a.

The Planning Scenarios postulate a situation in which a terrorist group assemble a gun-

type nuclear device from highly enriched uranium (HEU) stolen from a former Soviet

facility. The materials are smuggled into the United States and assembled near a major

metropolitan center. The improvised nuclear device (IND) is transported by van to the

central business district and detonated. The estimated 10-kiloton blast would

incinerate most everything within half mile of the detonation. Blast damage would

gradually taper off out to four miles from the epicenter. Electromagnetic pulse (EMP)

would render any surviving electronics inoperative within three miles of the

detonation. Those outside the blast radius but within twelve miles of detonation could

be affected by radiation exposure. Winds could carry radioactive fallout as far as 150

miles and contaminate as much as 3,000 square miles. [8, pp. 1-1 – 1-5] Dissimilar

circumstances make it difficult to draw comparisons with the August 6, 1945 bombing

of Hiroshima with a similar type device, but casualties from the blast, radiation, and

fallout might be expected to exceed 100,000. Of course, recovery would take decades

and cost hundreds of billions of dollars.

Still, most experts agree that even if terrorists want to employ WMD, they don’t

necessarily have the requisite scientific knowledge or technical capabilities to

implement their violent ambitions. Accordingly, as easy as some may argue it is for

terrorists to culture anthrax spores or brew up a concoction of deadly nerve gas, the

effective dissemination or dispersal of these viruses and poisons still presents serious

technological hurdles that greatly inhibit their effective use. Indeed, the ultimate

failure of the Tokyo subway attacks seems to affirm this position. [6, p. 38]

It should also be noted that, as serious and potentially catastrophic as a domestic

terrorist CBRN attack might prove, it is highly unlikely that it could ever completely

undermine the national security, much less threaten the survival, of the United States

as a nation. Indeed, following the 1995 nerve gas attack, the Japanese government did

not fall, widespread disorder did not ensue, nor did society collapse. There is no reason

to assume that the outcome would be any different in the United States. [6, pp. 37-38]

However, because of the extreme consequences that could result from a successful

CBRN attack, even the remotest likelihood of one cannot be dismissed as insignificant.

The challenge in responding to the threat of potential terrorist use of CBRN weapons is

to craft defense capabilities to respond to an incident if it occurs that are not only both

cost-effective and appropriate, but dynamic enough to respond as effectively as

possible in a wide a range of circumstances or scenarios. [6, pp. 34-35] The problem

was, the Federal government was not ready.

Part I: Hard Lessons

As serious and

potentially catastrophic

a CBRN attack might

prove, it is highly

unlikely it could ever

completely undermine

national security.

However, because of the

extreme consequences

that could result from a

successful CBRN attack,

event the remotest

likelihood of one cannot

be dismissed as

insignificant.

13

U.S. Counterterrorism Posture

At the time of the Tokyo Subway Attacks, the U.S. response to a terrorist incident was

seen as a highly coordinated interagency operation that included federal, state, and

local participation. Primary federal agencies besides the Department of Justice (DoJ),

Federal Bureau of Investigation (FBI), and Federal Emergency Management Agency

(FEMA) included the Department of Defense (DoD), Department of Energy (DoE), the

Environmental Protection Agency (EPA), and the Department of Health and Human

Services (DHHS). [9, pp. CRS-6]

The National Security Council was the center of U.S. government efforts to coordinate

the national response to threats or acts of domestic terrorism. The NSC Principals

Committee, the Deputies Committee, and the Counterterrorism and National

Preparedness Policy Coordination Committee (PCC) constituted the major policy and

decision making bodies involved in the federal response to terrorism. [9, pp. CRS-7]

The PCC had four standing subordinate groups to coordinate policy in specific areas.

The Counterterrorism and Security Group (CSG) coordinated policy for preventing and

responding to foreign terrorism, either internationally or domestically. The

Preparedness and Weapons of Mass Destruction Group provided policy coordination

for preventing WMD attacks in the United States and developing response and

consequence management capabilities to deal with domestic WMD incidents. The

Information Infrastructure Protection and Assurance Group handled policy for

preventing and responding to major threats to America’s cyberspace, and the

Continuity of Federal Operations Group was charged with policy coordination for

assuring the continued operation of Constitutional offices and federal departments and

agencies. [9, pp. CRS-7 – CRS-8]

When the NSC was advised of the threat of a terrorist incident or actual event, the

appropriate subordinate group would convene to formulate recommendations for the

Counterterrorism and Preparedness PCC who in turn would provide policy analysis for

the Deputies Committee. The Deputies Committee would ensure that the issues being

brought before the Principals Committee and NSC were properly analyzed and

prepared for a decision by the President. [9, pp. CRS-8]

In the wake of the Tokyo subway attacks and Oklahoma City bombing, President

Clinton in June 1995 signed Presidential Decision Directive #39 (PDD-39) updating U.S.

policy on counterterrorism. Among its provisions, PDD-39 designated the FBI the Lead

Federal Agency for responding to terrorist attacks on U.S. soil. PDD-39 also assigned

FEMA primary responsibility for coordinating federal efforts in responding to the

consequences of a WMD attack. [9, pp. CRS-5]

Chapter 1: Turning Point

In the wake of the Tokyo

subway attacks and

Oklahoma City bombing,

President Clinton in June

1995 signed PDD-39

updating U.S. policy on

counterterrorism. PDD-

39 designated the FBI as

the Lead Federal Agency

for responding to

terrorist attacks on U.S.

soil. FEMA was assigned

responsibility for

coordinating the Federal

response to a WMD

attack.

14

The FBI’s first step when a terrorist threat was discovered was to initiate a threat

credibility assessment. The FBI would take immediate steps to identify, acquire, and

plan for the use of federal resources to augment the State and local authorities if the

threat was deemed highly credible or an incident was verified. The FBI will designate a

Federal On-Scene Commander (OSC) who would function as the incident manager for

the U.S. Government. The FBI would operate from a Joint Operations Center (JOC) and

report back to the Strategic Information Operations Center (SIOC) at FBI Headquarters

in Washington DC. If necessary, the FBI could call upon a Domestic Emergency Support

Team (DEST) comprised of representatives from other Federal agencies to help advise

on the incident. In the event of a WMD incident, the FBI on-scene commander could

request DoD support through the Attorney General. [9, pp. CRS-9 – CRS-13]

Homeland Security

Concerned about the overall leadership and coordination of programs to combat

terrorism, Congress established three separate commissions to include the Advisory

Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of

Mass Destruction (also known as the Gilmore Panel because it was chaired by

Governor James Gilmore III of Virginia); the United States Commission on National

Security in the 21st Century (also known as the Hart-Rudman Commission because it

was chaired by former Senators Gary Hart and Warren Rudman); and the National

Commission on Terrorism (also known as the Bremer Commission because it Chairman

was former Ambassador Paul Bremer). [10, p. 37]

The Bremer Commission raised the issue that the National Coordinator, the senior

official responsible for coordinating all U.S. counterterrorism efforts, didn’t have

sufficient authority to ensure the President’s priorities were reflected in agencies’

budgets. The United States didn’t have a single counterterrorism budget. Instead,

counterterrorism programs existed in the individual budgets of 45 departments and

agencies of the federal government. [11]

In December 2000, the second report of the Gilmore Commission issued a finding that

the organization of the federal government’s programs for combating terrorism was

fragmented, uncoordinated, and politically unaccountable. It linked the lack of a

national strategy to the fact that no entity had the authority to direct all of the

agencies that may be engaged. At the federal level, no entity had the authority even

to direct the coordination of relevant federal efforts. As a consequence, the Gilmore

Commission recommended that the next President should establish a National Office

for Combating Terrorism in the Executive Office of the President, and should seek a

statutory basis for this office. [12]

Part I: Hard Lessons

Concerned about the

overall leadership and

coordination of

programs to combat

terrorism, Congress

established three

separate commissions to

investigate the

prospects for WMD

attack on U.S. soil.

15

The Gilmore Commission recommended that the National Office for Combating

Terrorism should have a broad and comprehensive scope, with responsibility for the

full range of deterring, preventing, preparing for, and responding to international as

well as domestic terrorism. The director of the office should be the principal

spokesman of the Executive Branch on all matters related to federal programs for

combating terrorism and should be appointed by the President and confirmed by the

Senate. The office should have a substantial and professional staff, drawn from

existing National Security Council offices and other relevant agencies. The Gilmore

Commission argued that the office should have at least five major sections, each

headed by an Assistant Director:

1. Domestic Preparedness Programs

2. Intelligence

3. Health and Medical Programs

4. Research, Development, Test, and Evaluation (RDT&E), and National Standards

5. Management and Budget [12]

The Hart-Rudman Commission decried the fact that responsibility for homeland

security resided at all levels of the U.S. government—local, state, and federal. That

within the federal government, almost every agency and department was involved in

some aspect of homeland security, but none was organized to focus on the scale of the

contemporary threat to the homeland. The Hart-Rudman Commission recommended

an organizational realignment that:

 Designated a single person, accountable to the President, to be responsible for

coordinating and overseeing various U.S. government activities related to

homeland security;

 Consolidated certain homeland security activities to improve their effectiveness

and coherence;

 Established planning mechanisms to define clearly specific responses to specific

types of threats; and

 Ensured that the appropriate resources and capabilities were available. [13]

In February 2001, the Hart-Rudman Commission recommended the creation of a

National Homeland Security Agency (NHSA) with responsibility for planning,

coordinating, and integrating various U.S. government activities involved in homeland

security. [13] Sadly, the recommendation came too little too late. Less than seven

months later the nation would suffer a terrorist attack of catastrophic proportions on

its own soil. What few had foreseen was how it would be accomplished not by WMD,

but by subverting the nation’s infrastructure.

Chapter 1: Turning Point

In February 2001, the

Hart-Rudman

Commission

recommended the

creation of a National

Homeland Security

Agency .

16

Conclusion

The United States stepped back from the brink of nuclear annihilation at the end of the

Cold War only to face the threat of nuclear terrorism at the outset of the 21st century.

The incident that brought this terrible prospect to the forefront of national security

concern was the Tokyo subway bombing in 1995. It was the first employment of WMD

by a non-state agent. Taken together with the increasing frequency and ferocity of

terrorist attacks against the United States itself, the Tokyo subway bombing suddenly

made the unthinkable not only thinkable, but credible. So as the United States

prepared for a new century, it also started preparing for the prospect of a domestic

terrorist attack employing a CBRN agent. As various advisory committees investigated

the matter and advised Congress, they developed the concept of homeland security

and the recommendation for a homeland security agency. What made it happen was

what nobody expected would happen.

Part I: Hard Lessons

17

Chapter 1: Turning Point

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. What was the historic significance of the Tokyo subway attacks?

2. Why are the Tokyo subway attacks considered an act of terrorism?

3. Do you have to be a terrorist to employ a WMD agent? Explain your answer.

4. What type of WMD agent do you think would be easiest to acquire? Explain your answer.

5. What type of WMD agent do you think would be most physically destructive? Explain your answer.

6. What type of WMD agent do you think could possibly cause the most deaths? Explain your answer.

7. Would you rather have one enemy with many WMD, or many enemies with one WMD? Explain your answer.

8. Identify five differences between a soldier fighting for a country and a terrorist fighting for a cause.

9. Identify five differences between the 1995 Tokyo subway attacks and the 1995 Oklahoma City bombing.

10. Identify five differences between the 1995 Tokyo subway attacks and the 2007 Virginia Tech shooting.

18

Part I: Hard Lessons

19

Lost Opportunities

Careful study of this chapter will help a student do the following:

 Explain why Osama bin Laden declared war on the U.S.

 Describe the difficulties in arresting or killing Osama bin Laden.

 Compare the differences between an attack on U.S. soil and an attack against U.S. foreign interests.

 Discuss how 9/11 might have been prevented.

Chapter 2

Learning Outcomes

Chapter 2: Lost Opportunities

20

Part I: Hard Lessons

“A direct attack against American citizens on American Soil is likely over the next

quarter century.”

– Phase III Report of the U.S. Commission on National Security/21st Century

February 15, 2001

Introduction

On September 11th, 2001, the unthinkable happened, but not in the manner anybody

imagined. This chapter examines the opportunities missed in the gathering storm that

would become 9/11.

New Priorities

After a bitterly contested election, George W. Bush was inaugurated the 46th President

of the United States in January 2001. He campaigned on a platform that included

bringing integrity and honor back to the White House, increasing the size of the

military, cutting taxes, improving education, and aiding minorities. [1] Under the

direction of his newly appointed National Security Advisor, Condoleezza Rice, the

incoming national security team focused their priorities on China, missile defense, the

Middle East peace process, and the Persian Gulf. In January 2001, Rice was briefed by

the outgoing National Security Advisor, Sandy Berger, and told she would find herself

spending more time on terrorism in general, and al Qaeda in particular. [2, p. 199]

Al Qaeda

Al Qaeda was conceived in 1988 by Osama Bin Laden, the seventeenth child of a Saudi

construction magnate. [2, p. 55] In 1980, Bin Laden left university to help the

mujahideen fight the Soviets in Afghanistan. [3] In December 1979, the Soviet Union

sent the 40th Army into the Afghan capital of Kabul to prop up the pro-Soviet

government of Nur Mohammad Taraki. [4] Arriving in Pakistan, bin Laden joined

Abdullah Azzam and used money and machinery from his own construction company

to help the mujahideen. By 1984, bin Laden and Azzam established Maktab al-

Khidamat (MAK) to funnel money, arms, and fighters from around the Arab world into

Afghanistan. [3] After nine years, the Soviets had killed 850,000-1.5 million Afghan

civilians at a cost to their own forces of 14,453 killed and 11,654 wounded, but were

still no nearer to suppressing the mujahideen insurgency. Unwilling or unable to

sustain a counter-insurgency, Soviet forces withdrew from Afghanistan in April 1988.

[4] As they departed, Bin Laden and Azzam agreed that the organization they created

should not be allowed to dissolve. Accordingly, they established what they called a

base or foundation, “al Qaeda” as a potential general headquarters for future jihad.

Though Azzam had been considered number one in the MAK, by August 1988 bin

Laden was clearly the leader of al Qaeda [2, pp. 55-56]

Al Qaeda was conceived

in 1988 by Osama Bin

Laden, the seventeenth

child of a Saudi

construction magnate.

21

Chapter 2: Lost Opportunities

Bin Laden

In 1990, bin Laden returned home to Saudi Arabia. On August 2, 1990, Saddam

Hussein launched the Iraqi invasion of Kuwait. With nothing to stop Iraqi forces from

crossing into Saudi Arabia, the royal family felt at risk. Bin Laden, whose efforts in

Afghanistan had earned him celebrity and respect, proposed to the Saudi monarchy

that he summon mujahideen for a jihad to retake Kuwait. He was rebuffed, and the

Saudis joined the U.S.-led coalition. [2, p. 57] On August 7, 1990, the U.S. 82nd

Airborne landed in Dhahran Saudi Arabia, and took up positions barely 400 miles from

Medina, the second holiest site in Islam. [3] Bin Laden and a number of Muslim clerics

began to publicly denounce the arrangement. The Saudi government exiled the clerics

and undertook to silence bin Laden by, among other things, confiscating his passport.

With help from a dissident member of the royal family, bin Laden managed to get out

of the country and make his way to Sudan. [2, p. 57]

Exile in Sudan

Previously, In 1989, bin Laden had been invited by Hassan al Turabi, head of the

National Islamic Front, to assist him in Sudan. After making his escape from Saudi

Arabia in 1991, bin Laden moved to Khartoum and set about building a large set of

complex and intertwined business and terrorist enterprises. In time, his business

ventures would encompass numerous companies and a global network of bank

accounts and nongovernmental institutions. Fulfilling his bargain with Turabi, bin

Laden used his construction company to build a new highway from Khartoum to Port

Sudan on the Red Sea coast. Meanwhile, al Qaeda finance officers and top operatives

used their positions in bin Laden’s companies to acquire weapons, explosives, and

technical equipment for terrorist purposes. In early 1992, al Qaeda issued a fatwa, a

religious edict calling for jihad against the Western “occupation” of Islamic lands,

specifically singling out U.S. forces for attack. During bin Laden’s time in Sudan, al

Qaeda was suspected of supporting attacks against U.S. forces in Yemen, Somalia, and

Saudi Arabia. [2, pp. 57-61] In 1995 al Qaeda was implicated in an assassination

attempt against Egyptian President Hosni Mubarak. Subsequent pressure from Saudi

Arabia, Egypt, and the United States forced the expulsion of bin Laden from Sudan.

Because his citizenship had been revoked in 1994, bin Laden could not return to Saudi

Arabia. Instead, he chose to return to Pakistan and eventually make his way back to

Afghanistan. [3]

In response to Saddam

Hussein’s invasion of

Kuwait on August 2,

1990, the U.S. 82nd

Airborne deployed to

Dhahran Saudi Arabia,

and took up positions

barely 400 miles from

Medina, the second

holiest site in Islam. Bin

Laden and a number of

Muslim clerics began to

publicly denounce the

arrangement.

22

Part I: Hard Lessons

Return to Afghanistan

When bin Laden arrived in Pakistan in May 1996, the Taliban were still fighting to gain

control of Afghanistan. After the Soviets departed in April 1988, Afghanistan erupted

in civil war between competing militias. In 1994, the Taliban arose as a political-

religious force, and with financial backing from Pakistan and Saudi Arabia, succeeded in

rising to power in September 1996. [5] Under the protection of the Taliban leader,

Mullah Muhammed Omar, bin Laden re-established al Qaeda operations in Kandahar,

Afghanistan. Through his connections, bin Laden brought much needed financial

support to the Taliban. In return, bin Laden and al Qaeda were given a sanctuary in

which to train and indoctrinate fighters and terrorists, import weapons, and plot and

staff terrorist schemes. The Taliban seemed to open the doors to all who wanted to

come to Afghanistan to train in the camps. It is estimated some 10,000 to 20,000

fighters underwent instruction at bin Laden supported camps in Afghanistan from 1996

to 2001. [2, pp. 65-67]

War on the United States

Shortly after arriving in Afghanistan in 1996, bin Laden issued a fatwa declaring war

against the United States. U.S. forces remained in Saudi Arabia to protect the kingdom

from any further aggression by Saddam Hussein. [3] In his 1996 fatwa, bin Laden

decried the “occupation of the land of the two Holy Places—the foundation of the

house of Islam, the place of the revelation, the source of the message and the place of

the noble Ka’ba, the Qiblah of all Muslims—by the armies of the American Crusaders

and their allies.” [6] Two years later, after al Qaeda had regathered its strength, bin

Laden issued a second fatwa in February 1998. The second fatwa declared the killing

of North Americans and their allies an “individual duty for every Muslim” to “liberate

the al Aqsa Mosque (in Jerusalem) and the holy mosque (in Mecca) from their grip”. At

the public announcement of the fatwa, bin Laden called North Americans “very easy

targets”, and told journalists “You will see the results of this in a very short time.” On

August 7, 1998, two truck bombs were exploded outside U.S. embassies in Nairobi,

Kenya, and Dar es Salaam, Tanzania. Together, the explosions killed 224 people

including 12 Americans, and injured 4,500 more. The attacks were linked to al Qaeda,

and bin Laden was placed on the FBI’s list of Ten Most Wanted. [3]

Shortly after arriving in

Afghanistan in 1996, bin

Laden issued a fatwa

declaring war against

the United States.

23

Chapter 2: Lost Opportunities

Cat and Mouse

Al Qaeda and bin Laden had come to the attention of the U.S. before the African

embassy bombings. The CIA had even conceived a kidnapping plan to deliver bin

Laden to an Arab court to answer for his role in the failed assassination attempt on

Egypt’s president. Because CIA senior management didn’t think the plan would work,

it was never executed. Still, the CIA maintained surveillance of bin Laden and al Qaeda.

It was because of this monitoring they were able to quickly trace the embassy

bombings back to bin Laden. Debate about what to do settled very soon on one

option: Tomahawk cruise missiles. [2, pp. 114-118] Two weeks later, on March 20,

1998, Navy vessels in the Arabian Sea fired about 75 cruise missiles at four training

camps inside Afghanistan. One camp was where bin Laden met with other leaders.

According to the CIA, bin Laden departed the camp just hours before the cruise

missiles hit. [7] At the same time he authorized the cruise missile attacks, President

Clinton issued a Memorandum of Notification authorizing the CIA to capture bin Laden.

A second memorandum issued in December authorized the CIA to capture or kill bin

Laden. As the agency examined alternative plans throughout 1999, all were discarded

as either unlikely to succeed or likely to cause significant collateral damage. [2, pp. 126

-143] At the turn of the new century, al Qaeda was implicated in failed attacks against

targets in Jordan, and the USS The Sullivans. Jordanian police foiled the first, and the

boat filled with explosives sank before detonating. Together with a failed attack on Los

Angeles International Airport they were collectively called the “Millennium Plot”. [8]

While reviewing these actions in January 2000, National Security Advisor Sandy Berger

was advised that more al Qaeda attacks were not a question of “if” but rather of

“when” and “where”. The warning placed increased pressure on efforts to capture or

kill bin Laden. The State Department was thwarted by the Taliban’s refusal to give him

over. CIA progress was slowed by attempts to recruit Taliban rivals in southern

Afghanistan. Military options were stymied by absence of a friendly operating base in

the area. President Clinton noted the lack of progress in March 2000 when he wrote in

the margin of his daily briefing that “the United States could surely do better.” [2, pp.

182-190] On October 12, 2000, a speed boat laden with explosives rammed the USS

Cole in Yemen, killing 17 sailors and heavily damaging the destroyer. While al Qaeda

was suspected in the attack, the absence of “smoking gun” evidence prevented the

White House from delivering an ultimatum to the Taliban to give up bin Laden. Further

action was subsequently deferred to the new Bush Administration after belatedly

winning one of the closest presidential contests in U.S. history. [2, pp. 190-198]

On October 12, 2000, a

speed boat laden with

explosives rammed the

USS Cole in Yemen,

killing 17 sailors and

heavily damaging the

destroyer.

24

Part I: Hard Lessons

The Planes Operation

By early 1999, al Qaeda was already a potent adversary of the United States. Bin Laden

and his chief of operations, Abu Hafs al Masri, also known as Mohammed Atef,

occupied undisputed leadership positions atop al Qaeda’s organizational structure.

Within this structure, al Qaeda’s worldwide terrorist operations relied heavily on the

ideas and work of enterprising and strong willed field commanders who enjoyed

considerable autonomy. Khalid Sheikh Mohammed (KSM) was one such commander.

[2, p. 145] KSM was involved in the “Bojinka” plot, a 1995 plan to bomb 12 U.S.

commercial jets in midair over the Pacific as they flew home from the Philippines. The

plot was discovered, however, and KSM’s accomplices arrested in Manila. KSM evaded

capture and made his way to Afghanistan in 1996. Shortly after arriving, he managed a

meeting with bin Laden and Mohammed Atef. KSM presented several ideas for attack

against the United States. One proposal involved hijacking ten planes to attack targets

on both the East and West coasts of the United States. In addition to the Twin Towers

and Pentagon, the planes were to hit the White House, CIA and FBI headquarters,

unidentified nuclear power plants, and the tallest buildings in California and

Washington State. The tenth plane was to kill every adult male passenger before

landing and denouncing U.S. Middle East policies in front of the media. Bin Laden

listened, but did not commit. [9, pp. 1-2] He had just arrived in Afghanistan himself,

and had yet to re-establish al Qaeda operations. It wasn’t until after the African

embassy bombings in 1998 that planning for the 9/11 operation began in earnest. In

March/April 1999, bin Laden summoned KSM to Kandahar and told him al Qaeda

would support his proposal, but he had to scale it back. KSM and bin Laden agreed to

four targets: the Twin Towers, Pentagon, White House, and U.S. Capitol. The plot was

now referred to within al Qaeda as the “Planes Operation”. [2, pp. 148-154]

Recruitment

Bin Laden soon selected four individuals to serve as suicide operatives: Nawaf al

Hazmi, Khalid al Mihdhar, Walid Muhammad Salih bin Attash, also known as Khallad,

and Abu Bara Taizi. Hazmi and Mihdhar were Saudi nationals; Khallad and Abu Bara

were from Yemen. KSM knew the Yemeni nationals would have trouble obtaining U.S.

visas. Therefore, KSM decided to split the operation into two parts. Hazmi and

Mihdhar would go to the United States, and Khallad and Abu Bara would go to

Malaysia to carry out a smaller version of the Bojinka plot. The four spent most the rest

of the year at the Mes Aynak training camp in Afghanistan before they flew to Kuala

Lumpur where they were to study airport security and conduct surveillance of U.S.

carriers. On January 15, 2000, Hazmi and Mihdhar took off for Los Angeles to complete

plans for the U.S. portion of the attack. Khallad and Abu Bara remained behind, but

they would never complete their portion of the Planes Operation; in the spring of

2000, bin Laden cancelled the Malaysia part of the operation because it was too

difficult to coordinate with the U.S. part. Meanwhile, those plans continued. [9, pp. 2-

3]

al Qaeda’s worldwide

terrorist operations

relied heavily on the

ideas and work of

enterprising and strong

willed field commanders

who enjoyed

considerable autonomy.

Khalid Sheikh

Mohammed (KSM) was

one such commander.

KSM presented several

ideas for attack against

the United States.

25

Chapter 2: Lost Opportunities

While KSM was deploying his initial operatives for the 9/11 attacks to Kuala Lumpur, a

group of four Western-educated men who would prove ideal for the attacks were

making their way from Hamburg Germany to al Qaeda camps in Afghanistan. The four

were Mohamed Atta, Marwan al Shehhi, Ziad Jarrah, and Ramzi Binalshibh. Atta,

Shehhi, and Jarrah would become pilots for the 9/11 attacks, while Binalshibh would

act as a key coordinator for the plot. [9, p. 3]

Binalshibh, Atta, and Jarrah met with Bin Laden’s deputy, Mohamed Atef, who directed

them to return to Germany and enroll in flight training. Atta was chosen as the emir, or

leader, of the mission. He met with Bin Laden to discuss the targets: the World Trade

Center, which represented the U.S. economy; the Pentagon, a symbol of the U.S.

military; and the U.S. Capitol, the perceived source of U.S. policy in support of Israel.

The White House was also on the list, as Bin Laden considered it a political symbol and

wanted to attack it as well. In early 2000, Shehhi, Atta, and Binalshibh met with KSM in

Karachi for training that included learning about life in the United States and how to

read airline schedules. [9, p. 4]

By early March 2000, all four new al Qaeda recruits were back in Hamburg. They began

researching flight schools in Europe, but quickly found that training in the United

States would be cheaper and faster. Atta, Shehhi, and Jarrah obtained U.S. visas, but

Binalshibh—the sole Yemeni in the group—was rejected repeatedly. In the spring of

2000, Atta, Shehhi, and Jarrah prepared to travel to the United States to begin flight

training. Binalshibh would remain behind and help coordinate the operation, serving as

a link between KSM and Atta. [9, p. 4]

Training

While the Hamburg operatives were just joining the 9/11 plot, Nawaf al Hazmi and

Khalid al Mihdhar were already living in the United States. Having arrived in Los

Angeles in January, they moved to San Diego in February. KSM contends that he

directed the two to settle in San Diego after learning from a phone book about

language and flight schools there. Hazmi and Mihdhar were supposed to learn English

and then enroll in flight schools, but they made only cursory attempts at both. Mihdhar

paid for an English class that Hazmi took for about a month. The two al Qaeda

operatives also took a few short flying lessons. According to their flight instructors,

they were interested in learning to fly jets and did not realize that they had to start

training on small planes. In June 2000, Mihdhar abruptly returned to his family in

Yemen, apparently without permission. KSM was very displeased and wanted to

remove him from the operation, but Bin Laden interceded, and Mihdhar remained part

of the plot. [9, pp. 4-6]

In March/April 1999, bin

Laden summoned KSM

to Kandahar and told

him al Qaeda would

support his proposal,

but he had to scale it

back. KSM and bin

Laden agreed to four

targets: the Twin

Towers, Pentagon,

White House, and U.S.

Capitol. The plot was

now referred to within

al Qaeda as the “Planes

Operation”.

26

Part I: Hard Lessons

On the East Coast, in May and June 2000, the three operatives from Hamburg who had

succeeded in obtaining visas began arriving in the United States. Mohamed Atta and

Marwan Shehhi flew into New Jersey; Ziad Jarrah flew into Florida. Atta and Shehi

looked into flight schools in New Hampshire and New Jersey, and, after spending about

a month in New York City, visited the Airman Flight School in Norman, Oklahoma. For

some reason, Atta and Shehhi decided not to enroll there. Instead, they went to

Venice, Florida, where Jarrah had already started his training at Florida Flight Training

Center. Atta and Shehhi enrolled in a different flight school, Huffman Aviation, and

began training almost daily. Jarrah obtained his single engine private pilot certificate in

early August; Atta and Shehhi received their pilots’ licenses a few weeks later. Their

instructors described Atta and Shehhi as aggressive and rude, and in a hurry to

complete their training. [9, p. 6]

The plot called for four pilots. By the fall of 2000, Atta, Shehhi, and Jarrah were

progressing in their training. It was clear, though, that Hazmi and Mihdhar would not

learn to fly aircraft. In their place was sent a young Saudi named Hani Hanjour.

Hanjour had studied in the United States intermittently since 1991, and had undergone

enough flight training in Arizona to obtain his commercial pilot certificate in April 1999.

In 2000, he was training for al Qaeda at the al Faruq camp in Afghanistan. Recognizing

his skills, Hanjour was sent to KSM for inclusion in the plot. On December 8, 2000,

Hani Hanjour joined Nawaf al Hazmi in San Diego; Khalid al Mihdhar was still absent in

Yemen. Together, Hanjour and Hazmi relocated to Mesa Arizona where Hanjour spent

most of his previous time in the United States. By early 2001, Hanjour was training in a

Boeing 737 simulator. Because his performance struck his flight instructors as sub-

standard, they discouraged Hanjour from continuing, but he persisted. By the end of

March, Hanjour finished training and drove east with Hazmi. On April 1 they were

stopped and issued a speeding ticket in Oklahoma. A few days later they arrived in

Northern Virginia and rented an apartment in Alexandria outside Washington DC. In

May they moved to Paterson New Jersey to be closer to New York City. [9, pp. 7-8]

Back in Florida, the Hamburg pilots—Atta, Shehhi, and Jarrah—continued to train. By

the end of 2000, they also were starting to train on jet aircraft simulators. Around the

beginning of the New Year, all three of them left the United States on various foreign

trips. Atta traveled to Germany for an early January 2001 meeting with Ramzi

Binalshibh. Atta reported that the pilots had completed their training and were

awaiting further instruction from al Qaeda. After the meeting, Atta returned to Florida

and Binalshibh headed to Afghanistan to brief the al Qaeda leadership. [9, p. 7]

The plot called for four

pilots. By the fall of

2000, Atta, Shehhi, and

Jarrah were progressing

in their training.

27

Chapter 2: Lost Opportunities

While the pilots trained in the United States, Bin Laden and al Qaeda leaders in

Afghanistan started selecting the muscle hijackers—those operatives who would storm

the cockpit and control the passengers on the four hijacked planes. (The term “muscle”

hijacker appears in the interrogation reports of 9/11 conspirators KSM and Binalshibh,

and has been widely used to refer to the non-pilot hijackers.) The so-called muscle

hijackers actually were not physically imposing, as the majority of them were between

5’5” and 5’7” in height and slender in build. In addition to Hazmi and Mihdhar, the first

pair to enter the United States, there were 13 other muscle hijackers, all but one from

Saudi Arabia. They were Satam al Suqami, Wail and Waleed al Shehri (two brothers),

Abdul Aziz al Omari, Fayez Banihammad (from the UAE), Ahmed al Ghamdi, Hamza al

Ghamdi, Mohand al Shehri, Saeed al Ghamdi, Ahmad al Haznawi, Ahmed al Nami,

Majed Moqed, and Salem al Hazmi (the brother of Nawaf al Hazmi). [9, p. 8]

The muscle hijackers received special training in Afghanistan on how to conduct

hijackings, disarm air marshals, and handle explosives and knives. Next KSM sent them

to the UAE, where his nephew, Ali Abdul Aziz Ali, and another al Qaeda member,

Mustafa al Hawsawi, would help them buy plane tickets to the United States. In late

April 2001, the muscle hijackers started arriving in the United States, specifically in

Florida, Washington, DC, and New York. They traveled mostly in pairs and were

assisted upon arrival by Atta and Shehhi in Florida or Hazmi and Hanjour in DC and

New York. The final pair, Salem al Hazmi and Abdulaziz al Omari, arrived New York on

June 29 and likely were picked up the following day by Salem’s brother, Nawaf, as

evidenced by Nawaf’s minor traffic accident while heading east on the George

Washington Bridge. Finally, on July 4, Khalid al Mihdhar, who had abandoned Nawaf al

Hazmi back in San Diego 13 months earlier, re-entered the United States. Mihdhar

promptly joined the group in Paterson, New Jersey. [9, pp. 8-9]

In addition to assisting the newly-arrived muscle hijackers, the pilots busied

themselves during the summer of 2001 with cross-country surveillance flights and

additional flight training. In addition to the test flights, some of the operatives

obtained additional training. The 9/11 operatives were now split between two

locations: southern Florida and Paterson, New Jersey. Atta had to coordinate the two

groups, especially with Nawaf al Hazmi, who was considered Atta’s second-in-

command for the entire operation. Their first in-person meeting probably took place in

June, when Hazmi flew round-trip between Newark and Miami. [9, p. 9]

While the pilots trained

in the United States, Bin

Laden and al Qaeda

leaders in Afghanistan

started selecting the

muscle hijackers—those

operatives who would

storm the cockpit and

control the passengers

on the four hijacked

planes.

28

Part I: Hard Lessons

The next step for Atta was a mid-July status meeting with Binalshibh at a small resort

town in Spain. According to Binalshibh, the two discussed the progress of the plot, and

Atta disclosed that he would still need about five or six weeks before he would be able

to provide the date for the attacks. Atta also reported that he, Shehhi, and Jarrah had

been able to carry box cutters onto their test flights; they had determined that the best

time to storm the cockpit would be about 10-15 minutes after takeoff, when they

noticed that cockpit doors were typically opened for the first time. Atta also said that

the conspirators planned to crash their planes into the ground if they could not strike

their targets. Atta himself planned to crash his aircraft into the streets of New York if

he could not hit the World Trade Center. After the meeting, Binalshibh left to report

the progress to the al Qaeda leadership in Afghanistan, and Atta returned to Florida on

July 19. [9, pp. 9-10]

In early August, Atta spent a day waiting at the Orlando airport for one additional

muscle hijacker intended for the operation, Mohamed al Kahtani. Kahtani was turned

away by U.S. immigration officials and failed to join the operation. On August 13,

another in-person meeting of key players in the plot apparently took place, as Atta,

Nawaf al Hazmi, and Hanjour gathered in Las Vegas. Two days later, the FBI learned

about the strange behavior of Zacarias Moussaoui, who was now training on flight

simulators in Minneapolis. [9, p. 10]

On August 15, 2001, the flight school reported its suspicions about Moussaoui to the

FBI, including that he only wanted to learn how to take off and land the airplane, that

he had no background in aviation, and that he had paid in cash for the course. The

Minneapolis FBI opened an investigation on Moussaoui, believing that he was seeking

flight training to commit a terrorist act. . [10, p. 101] On August 16, 2001, Moussaoui

was arrested by FBI and INS agents in Minnesota and charged with an immigration

violation. Materials itemized when he was arrested included a laptop computer, two

knives, flight manuals pertaining to Boeing’s 747 aircraft, a flight simulator computer

program, fighting gloves and shin guards, and a computer disk with information about

crop dusting. [11] Without any firm evidence of terrorist intentions, and unable to

obtain a warrant to search Moussaoui’s laptop, the FBI began plans to deport

Moussaoui to France and ask French authorities to search his belongings. [10, p. 101]

On August 15, 2001, a

flight school reported to

the FBI that one of its

students, Zacarias

Moussaoui only wanted

to learn how to take off

and land the airplane,

that he had no

background in aviation,

and that he had paid in

cash for the course.

29

Chapter 2: Lost Opportunities

Moussaoui’s arrest occurred about a month after an FBI field agent in Phoenix sent an

electronic communication to headquarters suggesting that bin Laden affiliated agents

were attending flight schools with possible intent of targeting civil aviation. Later

referred to as the “Phoenix Memo”, the message was transmitted to the FBI

Counterterrorism Division and New York Division on July 10, 2001. The message was

sent after conducting surveillance on four students attending aviation colleges and

universities in Arizona. While some of the subjects confessed to being al Qaeda

members, none were associated with the Planes Operation. The Phoenix Memo did

not raise any particular alarm at the FBI because it gave no specific evidence and was

marked for “routine” action. [10, pp. 60-64]

Just over two weeks before the attacks, the conspirators purchased their flight tickets.

Between August 26 and September 5, they bought tickets on the Internet, by phone,

and in person. Once the ticket purchases were made, the conspirators returned excess

funds to al Qaeda. The last step was to travel to the departure points for the attacks.

[9, p. 10]

The teams assembled according to their assigned targets. Operatives attacking the

Pentagon gathered in Laurel Maryland near Dulles Airport where they were scheduled

to take American Airlines Flight 77. On September 10th they stayed the night at a

hotel in Herndon, Virginia. Operatives assigned to attack the White House gathered in

Newark where they were scheduled to take United Airlines Flight 93. Just after

midnight on September 9, Jarrah received a speeding ticket as he headed north

through Maryland along Interstate 95, towards his team’s staging point in New Jersey.

The two teams targeting the Twin Towers both staged out of Boston. By September 9,

Marwan al Shehhi and the team he would lead against United Airlines Flight 175 had

arrived in Boston. The team that Mohammed Atta would lead against American

Airlines Flight 11 was also assembled in Boston. Then, for reasons unknown, on

September 10, Atta picked up Abdul Aziz al Omari, one of the Flight 11 muscle

hijackers, from his Boston hotel and drove to Portland, Maine. They would take a

commuter flight to Boston during the early hours of September 11 to connect to Flight

11. The Portland detour almost prevented Atta and Omari from making Flight 11 out of

Boston. In fact, the luggage they checked in Portland failed to make it onto the plane.

On the morning of September 11, after years of planning and many months of

intensive preparation, all four terrorist teams were in place to execute the attacks of

that day. [9, pp. 10-11]

On August 16, 2001,

Moussaoui was arrested

and charged with an

immigration violation.

Moussaoui’s arrest

occurred about a month

after an FBI field agent

sent what was later

called the “Phoenix

Memo” to headquarters

suggesting that bin

Laden affiliated agents

were attending flight

schools with possible

intent of targeting civil

aviation.

30

Part I: Hard Lessons

Conclusion

Though the 9/11 attacks were unforeseen, it is plausible they might still have been

prevented. Before the attacks occurred, bin Laden was a known terrorist with an

avowed mission to kill Americans, wanted by the U.S. government. Attempts to

capture or kill him, though, were ultimately thwarted by a lack of will; while the CIA

dallied in tribal negotiations, the administration was unwilling to risk the collateral

damage attendant to overt military operations. Still, the Planes Operation might have

been foiled during any number instances at home, particularly when 1) known al

Qaeda operatives crossed U.S. borders, 2) the FBI received the Phoenix Memo warning

of a potential strike against U.S. civil aviation, coupled with 3) the arrest of Zacarias

Moussaoui while attending flight school, and 4) when plot members were ticketed for

speeding. These lost opportunities, and more such on the day of the attacks, would

figure prominently in shaping the nation’s homeland security policy.

31

Chapter 2: Lost Opportunities

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. Why did Osama bin Laden declare war on the United States?

2. Describe the two different attacks Osama bin Laden successfully mounted against the U.S. before 9/11.

3. Identify five similarities between the 2000 attack on the USS Cole and the 1983 Beirut barracks bombing.

4. Identify five differences between the 2000 attack on the USS Cole and the 1993 attack on the World Trade Center.

5. Would you classify the following attacks as a criminal act or act of war? Explain your answers.

a. 1983 Beirut barracks bombing

b. 1993 attack on the World Trade Center

c. 2000 attack on the USS Cole

6. Why didn’t the U.S. simply arrest Osama bin Laden after the 2000 attack on the USS Cole?

7. Why didn’t the U.S. simply kill Osama bin Laden after the 2000 attack on the USS Cole?

8. List three reasons why an attack on U.S. soil would be harder than an attack against U.S. foreign interests.

9. List three reasons why Osama bin Laden would want to mount an attack on U.S. soil.

10. Do you think 9/11 was preventable? Explain your answer.

32

Part I: Hard Lessons

33

We Have Some Planes

Careful study of this chapter will help a student do the following:

 Describe the 9/11 attacks.

 Explain the significance of the targets.

 Assess whether a similar attack would be successful today.

 Demonstrate the relationship between 9/11 and the 1995 Tokyo subway attacks.

Chapter 3

Learning Outcomes

Chapter 3: We Have Some Planes

34

Part I: Hard Lessons

“American 11: We have some planes. Just stay quiet, and you’ll be okay. We are

returning to the airport.”

– 2004 9/11 Commissioner Report

Introduction

Tuesday, September 11, 2001, dawned temperate and nearly cloudless in the eastern

United States. Millions of men and women readied themselves for work. Some made

their way to the Twin Towers, the signature structures of the World Trade Center

complex in New York City. Others went to Arlington, Virginia, to the Pentagon. Across

the Potomac River, the United States Congress was back in session. At the other end

of Pennsylvania Avenue, people began to line up for a White House tour. In Sarasota,

Florida, President George W. Bush went for an early morning run.

For those heading to an airport, weather conditions could not have been better for a

safe and pleasant journey. Among the travelers were Mohamed Atta and Abdul Aziz al

Omari, who arrived at the airport in Portland Maine.

Boston: American 11 and United 175

On Tuesday, September 11, 2001, Mohammed Atta and Abul Aziz al Omari arrived at

the airport in Portland Maine to catch a 6:00 a.m. flight to Boston’s Logan

International Airport. [1, p. 253]

When he checked in for his flight to Boston, Atta was selected by a computerized

prescreening system known as CAPPS (Computer Assisted Passenger Prescreening

System), created to identify passengers who should be subject to special security

measures. Under security rules in place at the time, the only consequence of Atta’s

selection by CAPPS was that his checked bags were held off the plane until it was

confirmed that he had boarded the aircraft. [1, p. 1]

Table 3-1: 9/11 Hijackers & Flights

AA Flt. 11, Boston Logan AA Flt. 77, Dulles

1. Mohammed Atta* 11. Hani Hanjour*

2. Abul Aziz al Omari 12. Khalid al Midhhar

3. Satam al Suqami 13. Majed Moqed

4. Wail al Shehri 14. Nawaf al Hazmi

5. Waleed al Shehri 15. Salem al Hazmi

UA Flt. 175, Boston Logan UA Flt. 93, Newark

6. Marwan al Shehhi* 16. Ziad Jarrah*

7. Fayez Banihammad 17. Saeed al Ghamdi

8. Mohand al Shehri 18. Ahmed al Nami

9. Ahmed al Ghamndi 19. Ahad al Haznawi

10. Hamza al Ghamdi
*Designated Pilot

35

Chapter 3: We Have Some Planes

At 6:45 a.m., Atta and Omari arrived in Boston. Between 6:45 and 7:40, Atta and

Omari, along with Satam al Suqami, Wail al Shehri, and Waleed al Shehri, checked in

and boarded American Airlines Flight 11, bound for Los Angeles. The flight was

scheduled to depart at 7:45. [1, p. 2]

Elsewhere at Logan Airport, Marwan al Shehhi, Fayez Banihammad, Mohand al Shehri,

Ahmed al Ghamdi, and Hamza al Ghamdi checked in for United Airlines Flight 175, also

bound for Los Angeles. Their flight was scheduled to depart at 08:00. [1, p. 2]

As Atta’s team passed through passenger screening, three members–Suqami, Wail al

Shehri, and Waleed al Shehri–were selected by CAPPS. Their selection affected only

the handling of their checked bags, not their screening at the checkpoint. All five men

cleared the checkpoint and made their way to the gate for American 11. Atta, Omari,

and Suqami took their seats in business class. The Shehri brothers had adjacent seats

in row 2 in the first-class cabin. They boarded American 11 between 7:31 and 7:40.

The aircraft pushed back from the gate at 7:40. [1, p. 2]

Shehhi and his team, none of whom had been selected by CAPPS, boarded United 175

between 7:23 and 7:28. Their aircraft pushed back from the gate just before 8:00. [1,

p. 2]

Washington Dulles: American 77

At 7:15 a.m., Khalid al Mihdhar and Majed Moqed checked in with the American

Airlines ticket counter at Dulles International Airport in Virginia. Both were ticketed for

Flight 77 bound for Los Angeles. Within 20 minutes, three other members of the team

checked in including Hani Hanjour, Nawaf al Hazmi, and Salem al Hazmi. Hani Hanjour,

Khalid al Mihdhar, and Majed Moqed were flagged by CAPPS. The Hazmi brothers

were also selected for extra security by the airline’s customer service representative at

the check-in counter. He did so because one of the brothers did not have photo

identification nor could he understand English, and because the agent found both

passengers to be suspicious. The only consequence of their selection was that their

checked bags were held off the plane until it was confirmed that they had boarded the

aircraft. [1, p. 3]

On the morning of

September 11, 2001,

eight of the nineteen

hijackers were flagged

by the Computer

Assisted Passenger

Prescreening System

(CAPPS). Under security

rules in place at the

time, the only

consequence was that

their checked bags were

held off the plane until it

was confirmed that they

had boarded the

aircraft.

36

Part I: Hard Lessons

The five hijackers proceeded to the Main Terminal’s west security screening point. The

checkpoint featured closed-circuit television that recorded all passengers, including the

hijackers as they were screened. Both Mihdhar and Moqed set off the metal detector

and were directed to a second metal detector. Mihdhar did not trigger the alarm and

was permitted through the checkpoint. Moqed set it off, a screener wanded him with

a hand-held magnetic detector. He passed this inspection. About 20 minutes later,

Hani Hanjour, Nawaf al Hazmi, and Salem al Hazmi entered the screening area. Nawaf

al Hazmi set off both the first and second metal detectors and was then hand-wanded

before being passed. In addition, his over-the-shoulder carry-on bag was swiped by an

explosive trace detector and then passed. [1, p. 3]

At 7:50 a.m., Majed Moqed and Khalid al Mihdhar boarded American 77 and were

seated in 12A and 12B in coach. Hani Hanjour, assigned to seat 1B in first class, soon

followed. The Hazmi brothers, sitting in 5E and 5F, joined Hanjour in the first-class

cabin. [1, pp. 3-4]

Newark: United 93

At Newark Airport in New Jersey, another hijacking team assembled. Between 7:03

and 7:39, Saeed al Ghamdi, Ahmed al Nami, Ahad al Haznawi, and Ziad Jarrah checked

in at the United Airlines Ticket counter for Flight 93, going to Los Angeles. Haznawi

was selected by CAPPS. His checked bag was screened for explosives and then loaded

on the plane. [1, p. 4]

The four men passed though the security checkpoint and boarded their plane between

7:39 and 7:48. All four had seats in the first-class cabin. Jarrah was in seat 1B, closest

to the cockpit; Nami was in 3C, Ghamdi in 3D, and Haznawi in 6B. [1, p. 4]

The 19 men were aboard four transcontinental flights. They were planning to hijack

these planes and turn them into large guided missiles, loaded with up to 11,400 gallons

of jet fuel. By 8:00 a.m. on the morning of Tuesday, September 11, 2001, they had

defeated all the security layers that America’s civil aviation security system then had in

place to prevent hijacking. [1, p. 4]

The Hijacking of American 11

American Airlines Flight 11 provided nonstop service from Boston to Los Angeles. On

September 11, Captain John Ogonowski and First Officer Thomas McGuinness piloted

the Boeing 767. It carried its full capacity of nine flight attendants. Eighty-one

passengers boarded the flight with them, including the five terrorists. [1, p. 4]

At Washington Dulles,

three of the hijackers set

off metal detectors and

were directed to

secondary screening. All

three passed inspection

with a hand-held

magnetic detector.

37

Chapter 3: We Have Some Planes

American Flight 11 took off at 7:59. Just before 8:14, it had climbed to 26,000 feet, not

quite its initial assigned cruising altitude of 29,000 feet. All communications and flight

profile data were normal. About this time, the “Fasten Seatbelt” sign would usually

have been turned off and the flight attendants would have begun preparing for cabin

service. [1, p. 4]

At this time, American 11 had its last routine communication with the ground when it

acknowledged navigational instructions from the FAA’s air traffic control (ATC) center

in Boston. Sixteen seconds after that transmission, ATC instructed the aircraft’s pilots

to climb to 35,000 feet. That message and all subsequent attempts to contact the

flight were not acknowledged. From this and other evidence, it is believed the

hijacking began at 8:14 or shortly thereafter. [1, p. 4]

Reports from two flight attendants in the coach cabin, Betty Ong and Madeline “Amy”

Sweeney, tell us most of what we know about how the hijacking happened. As it

began, some of the hijackers–most likely Wail al Shehri and Waleed al Shehri, who

were seated in row 2 in first class–stabbed the two unarmed flight attendants who

would have been preparing for cabin service. [1, p. 5]

It’s not known exactly how the hijackers gained access to the cockpit; FAA rules

required that the doors remain closed and locked during flight. Ong speculated that

they had “jammed their way” in. Perhaps the terrorists stabbed the flight attendants

to get a cockpit key, to force one of them to open the cockpit door, or to lure the

captain or first officer out of the cockpit. [1, p. 5]

At the same time or shortly thereafter, Atta–the only terrorist on board trained to fly a

jet–would have moved to the cockpit from his business-class seat, possibly

accompanied by Omari. As this was happening, passenger Daniel Lewin, who was

seated in the row just behind Atta and Omari, was stabbed by one of the hijackers–

probably Satam al Suqami, who was seated directly behind Lewin. Lewin had served

four years as an officer in the Israeli military. He may have made an attempt to stop

the hijackers in front of him, not realizing that another was sitting behind him. [1, p. 5]

The hijackers quickly gained control and sprayed Mace, pepper spray, or some other

irritant in the first-class cabin, in order to for the passengers and flight attendants

toward the rear of the plane. They claimed they had a bomb. [1, p. 5]

By 8:00 a.m. on the

morning of Tuesday,

September 11, 2001, the

nineteen hijackers had

defeated all the security

layers that America’s

civil aviation security

system then had in place

to prevent hijacking.

38

Part I: Hard Lessons

About five minutes after the hijacking began, Betty Ong contacted the American

Airlines Southeastern Reservations Office in Cary, North Carolina, via an AT&T airphone

to report an emergency aboard the flight. The emergency call lasted approximately 25

minutes, as Ong calmly and professionally relayed information about events taking

place aboard the airplane to authorities on the ground. [1, p. 5]

At 8:19, Ong reported: “The cockpit is not answering, somebody’s stabbed in business

class–and I think there’s Mace–that we can’t breathe–I don’t know, I think we’re

getting hijacked.” She then told of the stabbings of the two flight attendants. [1, p. 5]

American’s Southeastern Reservations Office quickly contacted the American Airlines

operations center in Fort Worth, Texas, who soon contacted the FAA’s Boston Air

Traffic Control Center. Boston Center knew of a problem on the flight in part because

just before 8:25 the hijackers had attempted to communicate with the passengers.

The microphone was keyed, and immediately one of the hijackers said, “Nobody move.

Everything will be okay. If you try to make any moves, you’ll endanger yourself and the

airplane. Just stay quiet.” Air traffic controllers heard the transmission; Ong did not.

The hijackers probably did not know how to operate the cockpit radio communication

system correctly, and thus inadvertently broadcast their message over the air traffic

control channel instead of the cabin public-address channel. Also at 8:25, and again at

8:29, Amy Sweeney got through to the American Flight Services Office in Boston but

was cut off after she reported someone was hurt aboard the flight. Three minutes

later, Sweeney was reconnected to the office and began relaying updates to her

manager. [1, pp. 5-6]

At 8:26, Ong reported that the plane was “flying erratically.” A minute later, Flight 11

turned south. American also began getting identifications of the hijackers, as Ong and

then Sweeney passed on some of the seat numbers of those who had gained

unauthorized access to the cockpit. [1, p. 6]

At 8:41 Sweeney reported that passengers in coach were under the impression there

was a routine medical emergency in first class. Other flight attendants were busy at

duties such as getting medical supplies while Ong and Sweeney were reporting events.

[1, p. 6]

At 8:41, American’s operations center learned that air traffic controllers had declared

Flight 11 a hijacking, and thought it was headed toward Kennedy airport in New York

City. Air traffic control was busy moving other flights out of the way as they tracked

Flight 11 on primary radar, which seemed to show the aircraft descending. [1, p. 6]

At 8:46:40, American 11

crashed into the North

Tower of the World

Trade Center in New

York City. All on board,

along with an unknown

number of people in the

tower, were killed

instantly.

39

Chapter 3: We Have Some Planes

At 8:44 contact was lost with Betty Ong. About this time Sweeney reported

“Something is wrong. We are in a rapid descent… we are all over the place.” When

asked to look out the window, Sweeney reported “We are flying low. We are flying

very, very low. We are flying way too low.” Seconds later she said, “Oh my God we are

way too low.” The phone call ended. [1, p. 7]

At 8:46:40, American 11 crashed into the North Tower of the World Trade Center in

New York City. All on board, along with an unknown number of people in the tower,

were killed instantly. [1, p. 7]

The Hijacking of United 175

United Airlines Flight 175 was scheduled to depart for Los Angeles at 8:00. Captain

Victor Saracini and First Officer Michael Horrocks piloted the Boeing767, which had

seven flight attendants. Fifty-six passengers boarded the flight. [1, p. 7]

United 175 pushed back from its gate at 7:58 and departed Logan Airport at 8:14. By

8:33, it had reached its assigned cruising altitude of 31,000 feet. The flight attendants

would have begun their cabin service. [1, p. 7]

The hijackers attacked sometime between 8:42 and 8:46. They used knives, Mace, and

the threat of a bomb. They stabbed members of the flight crew. Both pilots had been

killed. The eyewitness accounts came from calls made from the rear of the plane, from

passengers originally seated further forward in the cabin, a sign that passengers and

perhaps crew had been moved to the back of the aircraft. [1, p. 7]

The first operational evidence that something was abnormal on United 175 came at

8:47 when the aircraft changed beacon codes twice within a minute. At 8:51, the flight

deviated from its assigned altitude, and a minute later New York air traffic controllers

began repeatedly and unsuccessfully trying to contact it. [1, p. 7]

At 8:52, in Easton, Connecticut, a man named Lee Hanson received a phone call from

his son Peter, a passenger on United 175. His son told him: “I think they’ve taken over

the cockpit–an attendant has been stabbed–and someone else up front may have

been killed. The plane is making strange moves. Call United Airlines–Tell them it’s

Flight 175, Boston to LA.” Lee Hansen then called the Easton Police Department and

relayed what he had heard. [1, p. 7]

The first operational

evidence that something

was abnormal on United

175 came at 8:47 when

the aircraft changed

beacon codes twice

within a minute. At

8:51, the flight deviated

from its assigned

altitude, and a minute

later New York air traffic

controllers began

repeatedly and

unsuccessfully trying to

contact it.

40

Part I: Hard Lessons

Also at 8:52, a male flight attendant called a United office in San Francisco. The flight

attendant reported that the flight had been hijacked, both pilots killed, a flight

attendant stabbed, and the hijackers were probably flying the plane. The call lasted

about two minutes. [1, pp. 7-8]

At 8:58, the flight took a heading toward New York City. At 8:59, Flight 175 passenger

Brian David Sweeney tried to call his wife, Julie. He left a message on their home

answering machine that the plane had been hijacked. He then called his mother, Luise

Sweeney, told her the flight had been hijacked, and added that the passengers were

thinking about storming the cockpit to take control of the plane away from the

hijackers. [1, p. 8]

At 9:00, Lee Hanson received a second call from his son Peter: It’s getting bad, Dad–A

stewardess was stabbed–They seem to have knives and Mace–They said they have a

bomb–It’s getting very bad on the plane–Passengers are throwing up and getting sick–

The plane is making jerky movements–I don’t think the pilot is flying the plane–I think

we are going down–I think they intend to go to Chicago or someplace and fly into a

building–Don’t worry Dad–If it happens, it’ll be very fast–My God, my God. [1, p. 8]

The call ended abruptly. Lee Hanson had heard a woman scream just before it cut off.

He turned on a television, and in her home so did Luise Sweeney. Both then saw the

second aircraft hit the World Trade Center. [1, p. 8]

At 9:03:11, United Airlines Flight 175 struck the South Tower of the World Trade

Center. All on board, along with an unknown number of people in the tower, were

killed instantly. [1, p. 8]

At 9:03:11, United

Airlines Flight 175 struck

the South Tower of the

World Trade Center. All

on board, along with an

unknown number of

people in the tower,

were killed instantly.

41

Chapter 3: We Have Some Planes

The Hijacking of American 77

American Airlines Flight 77 was scheduled to depart from Washington Dulles for Los

Angeles at 8:10. The aircraft was a Boeing 757 piloted by Captain Charles F.

Burlingame and First Officer David Charlebois. There were four flight attendants. On

September 11, the flight carried 58 passengers. [1, p. 8]

American 77 pushed back from its gate at 8:09 and took off at 8:20. At 8:46, the flight

reached its assigned cruising altitude of 35,000 feet. Cabin service would have begun.

At 8:51, American 77 transmitted its last routine radio communication. The hijacking

began between 8:51 and 8:54. As on American 11 and United 175, the hijackers used

knives and moved all the passengers to the rear of the aircraft. Unlike the earlier

flights, the Flight 77 hijackers were reported by a passenger to have box cutters.

Finally, a passenger reported that an announcement had been made by the “pilot” that

the plane had been hijacked. Neither of the firsthand accounts mentioned any

stabbings or the threat or use of either a bomb or Mace, though both witnesses began

the flight in the first-class cabin. [1, p. 8]

At 8:54, the aircraft deviated from its assigned course, turning south. Two minutes

later the transponder was turned off and even primary radar contact with the aircraft

was lost. The Indianapolis Air Traffic Control Center repeatedly tried and failed to

contact the aircraft. American Airlines dispatchers also tried, without success. [1, p. 9]

At 9:00, American Airlines Executive Vice President Gerard Arpey learned that

communications had been lost with American 77. This was now the second American

aircraft in trouble. He ordered all American Airlines flights in the Northeast that had

not taken off to remain on the ground. After learning that United Airlines was missing

a plane, American Airlines headquarters extended the ground stop nationwide. [1, p. 9]

At 9:12, Renee May called her mother, Nancy May, in Las Vegas. She said her flight

was being hijacked by six individuals who had moved them to the rear of the plane.

She asked her mother to alert American Airlines. Nancy May and her husband

promptly did so. [1, p. 9]

As some point between 9:16 and 9:26, Barbara Olson called her husband, Ted Olson,

the solicitor general of the United States. She reported that the flight had been

hijacked, and the hijackers had knives and box cutters. She further indicated that the

hijackers were not aware of her phone call, and that they had put all the passengers in

the back of the plane. About a minute into the conversation the call was cut off. [1, p.

9]

At 8:54, American 77

deviated from its

assigned course, turning

south. Two minutes

later the transponder

was turned off and even

primary radar contact

with the aircraft was

lost. The Indianapolis

Air Traffic Control

Center repeatedly tried

and failed to contact the

aircraft. American

Airlines dispatchers also

tried, without success.

42

Part I: Hard Lessons

Shortly after the first call, Barbara Olson reached her husband again. She reported that

the pilot had announced that the flight had been hijacked, and she asked her husband

what she should tell the captain to do. Ted Olson asked for her location and she

replied that the aircraft was then flying over houses. Another passenger told her they

were traveling northeast. The Solicitor General then informed his wife of the two

previous hijackings and crashes. She did not display signs of panic and did not indicate

any awareness of an impending crash. At that point the second call was cut off. [1, p.

9]

At 9:20, the autopilot on American 77 was disengaged; the aircraft was at 7,000 feet

and approximately 38 miles west of the Pentagon. At 9:32, controllers at the Dulles

Terminal Radar Approach Control “observed a primary radar target tracking eastbound

at a high rate of speed.” This was later determined to have been Flight 77. [1, p. 9]

At 9:34, Ronald Reagan Washington National Airport advised the Secret Service of an

unknown aircraft heading in the direction of the White House. American 77 was then 5

miles west-southwest of the Pentagon and began a 330 degree turn. At the end of the

turn, it was descending through 2,200 feet, pointed toward the Pentagon and

downtown Washington. The hijacker pilot then advanced the throttles to maximum

power an dove toward the Pentagon. [1, p. 9]

At 9:37:46, American Airlines Flight 77 crashed into the Pentagon, traveling at

approximately 530 miles per hour. All on board, as well as many civilian and military

personnel in the building, were killed. [1, p. 10]

The Battle for United 93

At 8:42, United Airlines Flight 93 took off from Newark (New Jersey) Liberty

International Airport bound for San Francisco. The aircraft was piloted by Captain

Jason Dahl and First Officer Leroy Homer, and there were five flight attendants. Thirty-

seven passengers, including the hijackers, boarded the plane. Scheduled to depart the

gate at 8:00, the Boeing 757’s takeoff was delayed because of the airport’s typically

heavy morning traffic. [1, p. 10]

As United 93 left Newark, the flight’s crew members were unaware of the hijacking of

American 11. Around 9:00, the FAA, American, and United were facing the staggering

realization of apparent multiple hijackings. At 9:03, they would see another aircraft

strike the World Trade Center. Crisis managers at the FAA and the airlines did not yet

act to warn other aircraft. At the same time, Boston Center realized that a message

transmitted just before 8:25 by the hijacker pilot of American 11 included the phrase,

“We have some planes.” [1, p. 10]

At 9:37:46, American

Airlines Flight 77

crashed into the

Pentagon, traveling at

approximately 530 miles

per hour. All on board,

as well as many civilian

and military personnel

in the building, were

killed.

43

Chapter 3: We Have Some Planes

The hijackers attacked at 9:28. While traveling 35,000 feet above eastern Ohio, United

93 suddenly dropped 700 feet. Eleven seconds into the descent, the FAA’s air traffic

control center in Cleveland received the first of two radio transmissions from the

aircraft. During the first broadcast, the captain or first officer could be heard declaring

“Mayday” amid the sounds of a physical struggle in the cockpit. The second radio

transmission, 35 seconds later, indicated that the fight was continuing. The captain or

first officer could be heard shouting: “Hey get out of here–get out of here–get out of

here.” [1, p. 11]

At 9:32, a hijacker, probably Jarrah, made or attempted to make the following

announcement to the passengers of Flight 93: “Ladies and Gentlemen: Here the

captain, please sit down keep remaining sitting. We have a bomb on board. So, sit.”

The flight data recorder (also recovered) indicates that Jarrah then instructed the

plane’s autopilot to turn the aircraft around and head east. [1, p. 11]

The cockpit voice recorder data indicate that a woman, most likely a flight attendant,

was being held captive in the cockpit. She struggled with one of the hijackers who

killed or otherwise silenced her. [1, p. 12]

Shortly thereafter, the passengers and flight crew began a series of calls from GTE

airphones and cellular phones. The calls between family, friends, and colleagues took

place until the end of the flight and provided those on the ground with firsthand

accounts. They enabled the passengers to gain critical information, including the news

that two aircraft had slammed into the World Trade Center. [1, p. 12]

Five calls described the intent of passengers and surviving crew members to revolt

against the hijackers. According to one call, they voted on whether to rush the

terrorists in an attempt to retake the plane. They decided, and acted. [1, p. 13]

At 9:57, the passenger assault began. Several passengers had terminated phone calls

with loved ones in order to join the revolt. One of the callers ended her message as

follows: “Everyone’s running up to first class. I’ve got to go. Bye.” [1, p. 13]

The cockpit voice recorder captured the sounds of the passenger assault muffled by

the intervening cockpit door. Some family members who listened to the recording

report that they can hear the voice of a loved one among the din. We cannot identify

whose voices can be heard. But the assault was sustained. [1, p. 13]

Aboard United 93, five

calls described the

intent of passengers and

surviving crew members

to revolt against the

hijackers. According to

one call, they voted on

whether to rush the

terrorists in an attempt

to retake the plane.

They decided, and

acted.

44

Part I: Hard Lessons

In response, Jarrah immediately began to roll the airplane to the left and right,

attempting to knock the passengers off balance. At 9:58:57, Jarrah told another

hijacker in the cockpit to block the door. Jarrah continued to roll the airplane sharply

left and right, but the assault continued. At 9:59:52, Jarrah changed tactics and

pitched the nose of the airplane up and down to disrupt the assault. The recorder

captured the sounds of loud thumps, crashes, shouts, and breaking glasses and plates.

At 10:00:03, Jarrah stabilized the airplane. [1, pp. 13-14]

Five seconds later, Jarrah asked, “Is that it? Shall we finish it off?” A hijacker

responded, “No. Not yet. When they all come, we finish it off.” The sounds of fighting

continued outside the cockpit. Again, Jarrah pitched the nose of the aircraft up and

down. At 10:00:26, a passenger in the background said, “In the cockpit. If we don’t

we’ll die!” Sixteen seconds later, a passenger yelled, “Roll it!” Jarrah stopped the

violent maneuvers about 10:01:00 and said, “Allah is the greatest! Allah is the

greatest!” He then asked another hijacker in the cockpit. “Is that it? I mean, shall we

put it down?” To which the other replied, “Yes, put it in it, and pull it down.” [1, p. 14]

The passengers continued their assault and at 10:02:23, a hijacker said, “Pull it down!

Pull it down!” The hijackers remained at the controls but must have judged that the

passengers were only seconds from overcoming them. The airplane headed down; the

control wheel was turned hard to the right. The airplane rolled onto its back, and one

of the hijackers began shouting “Allah is the greatest. Allah is the greatest.” With the

sounds of the passenger counterattack continuing, the aircraft plowed into an empty

field in Shanksville, Pennsylvania, at 580 miles per hour, about 20 minutes flying time

from Washington, D.C. [1, p. 14]

Jarrah’s objective was to crash his airliner into symbols of the American Republic, the

Capitol or the White House. He was defeated by the alerted, unarmed passengers of

United 93. [1, p. 14]

Table 3-2: 9/11 Timeline

11 Sep 01 Flt. Events

07:59 AA 11 Takeoff from Boston Logan

08:14 UA 175 Takeoff from Boston Logan

08:19 AA 11 Report of Onboard Trouble

08:20 AA 77 Takeoff from Dulles

08:41 AA 11 Declared Hijacking

08:42 UA 175 Suspected Time of Attack

08:42 UA 93 Takeoff from Newark

08:46 AA 11 Crashes into WTC North Tower

08:47 UA 175 Aircraft Beacon Codes Changed

08:51 AA 77 Suspected Time of Attack

08:54 AA 77 Aircraft Deviates from Course

09:03 UA 175 Crashes into WTC South Tower

09:28 UA 93 Suspected Time of Attack

09:32 AA 77 Tracked Inbound to DC

09:37 AA 77 Crashes into Pentagon

09:57 UA 93 Passengers Assault Hijackers

10:03 UA 93 Crashes in Shanksville, PA

At 10:02:23, with the

sounds of the passenger

counterattack

continuing, United 93

plowed into an empty

field in Shanksville,

Pennsylvania, at 580

miles per hour, about 20

minutes flying time from

Washington, D.C.

45

Chapter 3: We Have Some Planes

Conclusion

More than 2,600 people died at the World Trade Center; 125 died at the Pentagon;

256 died on the four planes. The death toll surpassed that at Pearl Harbor in December

1941. This immeasurable pain was inflicted by 19 young Arabs acting at the behest of

Islamist extremists headquartered in distant Afghanistan. Some had been in the United

States for more than a year, mixing with the rest of the population. Though four had

training as pilots, most were not well-educated. Most spoke English poorly, some

hardly at all. In groups of four or five, carrying with them only small knives, box cutters,

and cans of Mace or pepper spray, they had hijacked the four planes and turned them

into deadly guided missiles.

Table 3-2: 9/11 Timeline

11 Sep 01 Flt. Events

07:59 AA 11 Takeoff from Boston Logan

08:14 UA 175 Takeoff from Boston Logan

08:19 AA 11 Report of Onboard Trouble

08:20 AA 77 Takeoff from Dulles

08:41 AA 11 Declared Hijacking

08:42 UA 175 Suspected Time of Attack

08:42 UA 93 Takeoff from Newark

08:46 AA 11 Crashes into WTC North Tower

08:47 UA 175 Aircraft Beacon Codes Changed

08:51 AA 77 Suspected Time of Attack

08:54 AA 77 Aircraft Deviates from Course

09:03 UA 175 Crashes into WTC South Tower

09:28 UA 93 Suspected Time of Attack

09:32 AA 77 Tracked Inbound to DC

09:37 AA 77 Crashes into Pentagon

09:57 UA 93 Passengers Assault Hijackers

10:03 UA 93 Crashes in Shanksville, PA

46

Part I: Hard Lessons

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. Who was responsible for airport security on 9/11?

2. Describe three airport security measures the 19 hijackers defeated on 9/11.

3. What was the purpose of hijacking transcontinental passenger jets?

4. Describe three different methods the hijackers used to subdue aircraft cabin and crew.

5. How were the hijackers able to evade FAA tracking?

6. Why do you suppose the Twin Towers and Pentagon were selected as targets?

7. What do you suppose was the target of the fourth aircraft?

8. Why do you suppose the passengers of the first three aircraft didn’t mount a collective resistance?

9. Identify five similarities between 9/11 and the 1995 Tokyo subway attacks.

10. Do you think a similar attack would be successful today? Explain your answer.

47

And They Saved Many

Careful study of this chapter will help a student do the following:

 Describe emergency response efforts in New York City on 9/11.

 Evaluate emergency response efforts in New York City on 9/11.

 Appreciate the dedication and effectiveness of first responders on 9/11.

Chapter 4

Learning Outcomes

Chapter 4: And They Saved Many

48

Part I: Hard Lessons

“That day we lost 2,752 people at the World Trade Center; 343 were firefighters. But

we also saved 25,000 people. And that’s what people should remember because

firefighters and rescuers went in and they knew it was dangerous, but they went in to

save people. And they saved many.”

– 9/11 Commission Staff Statement No. 13, 2004

Introduction

Unlike most of America, both New York City and the World Trade Center had been the

target of terrorist attacks before 9/11. On February 26, 1993, a 1,500-pound bomb

stashed in a rental van was detonated on a parking garage ramp beneath the Twin

Towers. The explosion killed six people, injured 1,000 more, and exposed

vulnerabilities in the World Trade Center’s and the City’s emergency preparedness. The

towers lost power and communications capability. Generators had to be shut down to

assure safety. Elevators stopped. The public address system and emergency lighting

systems failed. The unlit stairwells filled with smoke and were so dark as to be

impassable. Rescue efforts by the Fire Department of New York were hampered by the

inability of its radios to function in buildings as large as the Twin Towers. The 9-1-1

emergency call system was overwhelmed. [1, p. 3] Despite a $100 million overhaul to

the WTC, including fire safety enhancements, many of the same problems plagued the

WTC response on 9/11. This chapter reviews the emergency response to the 9/11

attacks in New York City, and examines compounding factors that contributed to the

largest loss of life of any emergency response agency in U.S. history.

The World Trade Center

The World Trade Center (WTC) complex was built for the Port Authority of New York

and New Jersey. Construction began in 1967, and tenants began to occupy its space in

1970. The Twin Towers came to occupy a unique and symbolic place in the culture of

New York City and America. [1, p. 2]

The WTC actually consisted of seven buildings, including one hotel, spread across 16

acres of land. The buildings were connected by an underground mall one level below

the plaza area. The Twin Towers (“1 WTC” or the “North Tower,” and “2 WTC” or the

“South Tower”) were the signature structures, containing 10.4 million square feet of

office space. On any given work day up to 50,000 office workers occupied the towers,

and 40,000 visitors passed through the complex. [1, p. 2]

The WTC actually

consisted of seven

buildings spread across

16 acres, connected by

an underground mall.

The Twin Towers were

the signature structures,

containing 10.4 million

square feet of office

space. On any given

work day up to 50,000

office workers occupied

the towers, and 40,000

visitors passed through

the complex.

49

Chapter 4: And They Saved Many

The Twin Towers

Both towers had 110 stories and were about 1,350 feet high. Both were square; each

wall measured 208 feet in length. The outside of each tower was covered by a frame of

14- inch-wide steel columns; the centers of the steel columns were 40 inches apart.

These exterior walls bore the majority of the weight of the building. [1, p. 2]

The interior core of the buildings was a hollow steel shaft, in which elevators and

stairwells were grouped. Each tower contained three central stairwells, which ran

essentially from top to bottom, and 99 elevators. Generally, elevators originating in the

lobby ran to “sky lobbies” on upper floors, where further elevators carried passengers

to the tops of the buildings. [1, p. 2]

Stairwells A and C ran from the 110th floor to the mezzanine level and Stairwell B ran

from the 107th floor to level B6. All three stairwells ran essentially straight up and

down, except for two deviations in Stairwells A and C where the staircase jutted out

toward the perimeter of the building. These deviations were necessary because of the

placement of heavy elevators and machine rooms. These areas were located between

the 42nd and 48th floors and the 76th and 82nd floors in both towers. [1, p. 2]

On the upper and lower boundaries of these deviations were “transfer” hallways

contained within the stairwell proper. Each hallway contained “smoke doors” to

prevent smoke from rising from lower to upper portions of the building. Smoke doors

were kept closed but not locked. Other than these slight deviations in Stairwells A and

C, the stairs ran straight up and down. [1, p. 2]

Doors leading to the roof were kept locked. The Port Authority told us that this was

because of structural and radiation hazards, and for security reasons. To access the

roof in either towers required passing through three doors: one leading from the

stairwell onto the 110th floor, and two leading from the floor onto the roof itself.

There was no rooftop evacuation plan. The roof was a cluttered surface that would be

a challenging helipad even in good conditions and, in a fire, smoke from the building

would travel upward. [1, pp. 2-3]

Emergency Preparedness

To address the problems encountered during the response to the 1993 bombing, the

Port Authority implemented $100 million in physical, structural, and technological

changes to the WTC. In addition, the Port Authority enhanced its fire safety plan. [1, p.

3]

50

Part I: Hard Lessons

The Port Authority added battery-powered emergency lighting to the stairwells and

backup power to its alarm system. Other upgrades included glow-in-the-dark signs and

markings. Upgrades to the elevator system included a redesign of each building’s lobby

command board to enable it to monitor all of the elevators. [1, p. 3]

To aid communications the Port Authority installed a “repeater system” for use by the

Fire Department of New York. The “repeater” used an antenna on the top of 5 WTC to

“repeat” and greatly amplify the wave strength of radio communications, so they could

be heard more effectively by firefighters operating many floors apart. [1, p. 3]

The Port Authority also sought to prepare civilians better for future emergencies.

Deputy fire safety directors conducted biannual fire drills, with advance notice to

tenants. During a fire drill, designated fire wardens were instructed to lead people in

their respective areas to the center of the floor where they would use an emergency

intercom phone to obtain specific information on how to proceed. [1, p. 3]

Civilians were taught basic procedures such as to evacuate by the stairs and to check

doors for heat before proceeding. Civilians who evacuated in both 1993 and 2001 have

told us that they were better prepared in 2001. [1, p. 3]

Civilians were not, however, directed into the stairwells during these drills. Civilians

were not provided information about the configuration of the stairwells and the

existence of transfer hallways or smoke doors. Neither full nor partial evacuation drills

were held. Participation in the drills that were held, moreover, varied greatly from

tenant to tenant. [1, pp. 3-4]

Civilians were never instructed not to evacuate up. The standard fire drill instructions

advised participants that in the event of an actual emergency, they would be directed

to descend to at least two floors below the fire. Most civilians recall simply being

taught to await instructions which would be provided at the time of an emergency. [1,

p. 4]

Civilians were not informed that rooftop evacuations were not part of the Port

Authority’s evacuation plan. They were not informed that access to the roof required a

key. The Port Authority acknowledges that it had no protocol for rescuing people

trapped above a fire in the towers. [1, p. 4]

Civilians were not

informed that rooftop

evacuations were not

part of the Port

Authority’s evacuation

plan. They were not

informed that access to

the roof required a key.

The Port Authority

acknowledges that it

had no protocol for

rescuing people trapped

above a fire in the

towers.

51

Chapter 4: And They Saved Many

First Responders

On 9/11, the principal first responders were from the Fire Department of New York

(FDNY), the New York Police Department (NYPD), the Port Authority Police Department

(PAPD), and the Mayor’s Office of Emergency Management (OEM). [1, p. 4]

NYPD

The 40,000-officer New York Police Department consisted of three primary divisions:

operations, intelligence, and administration. The Special Operations Division

supervised units critical in responding to a major event. This division included the

aviation unit, which provided helicopters for the purpose of survey and/or rescue, and

the Emergency Service Units (ESU), or rescue teams, which carried out specialized

missions. [1, p. 4]

The NYPD had standard operating procedures for the dispatch of officers to an

incident. Gradations in response were called “mobilization” levels and went from 1

(lowest) to 4 (highest). Level 3 and 4 mobilizations could not be ordered by someone

below the rank of captain. [1, p. 4]

The NYPD ran the City’s 9-1-1 emergency call center. 9-1-1 operators were civilians

trained in the rudiments of emergency response. Fire emergencies were transferred to

the FDNY dispatch center. [1, p. 4]

FDNY

The 11,000-member Fire Department of New York was headed by a Fire Commissioner,

who, unlike the Police Commissioner, lacked operational authority. Operations were

controlled by the Chief of the Fire Department. The logistics of fire operations were

coordinated by Fire Dispatch Operations division. 9-1-1 calls concerning fire

emergencies were transferred to this division. [1, p. 4]

Basic operating units included ladder companies, to conduct standard rescue

operations, and engine companies, to put out fires. The Department’s Specialized

Operations Command contained specialized units, including five rescue companies, to

perform specialized and highly risky rescue operations, and one HAZMAT team. [1, p.

4]

On 9/11, the principal

first responders were

from the Fire

Department of New

York (FDNY), the New

York Police Department

(NYPD), the Port

Authority Police

Department (PAPD), and

the Mayor’s Office of

Emergency

Management (OEM).

52

Part I: Hard Lessons

Alarm levels escalated from first (lowest) to fifth (highest) with a pre-established

number of units associated with each. Prior to 9/11, it was common FDNY practice for

units to arrive with extra personnel, and for off-duty firefighters to respond to major

incidents. . [1, p. 5]

The years leading up to 9/11 were successful ones for the FDNY. In 2000, fewer people

died from fires in New York City—107—than in any year since 1946. Firefighter

deaths—22 during the 1990s—compared favorably with the best periods in FDNY

history. The FDNY had fought 153,000 fires in 1976; in 1999, that number had been

reduced to 60,000. [1, p. 5]

Emergency Operations

In July 2001, Mayor Rudolph Giuliani signed a directive entitled “Direction and Control

of Emergencies in the City of New York.” Its purpose was “to ensure the optimum use

of agency resources while … eliminating potential conflict among responding agencies

which may have areas of overlapping expertise and responsibility.” [1, p. 5]

The directive designated, for different types of emergencies, an appropriate agency as

“Incident Commander.” The Incident Commander would be “responsible for the

management of the City’s response to the emergency.” The role of the Mayor’s Office

of Emergency Management was supportive, to “coordinate the participation of all city

agencies in resolving the event,” and to “assist the Incident Commander in his/her

efforts in the development and implementation of the strategy for resolving the

event.” [1, p. 5]

The Mayor’s creation of the Office of Emergency Management and the issuance of his

Incident Command Directive were attempts to address the long-standing rivalry

between the NYPD and the FDNY. This rivalry has been acknowledged by every witness

we have asked about it. Some characterized the more extreme manifestations of the

rivalry—fistfights at the scenes of emergencies, for instance—as the actions of “a few

knuckleheads.” Some described the rivalry as the result of healthy organizational pride

and competition. Others told us that the problem has escalated over time and has

hampered the ability of the City to respond well in emergency situations. [1, p. 5]

The NYPD and the FDNY were two of the preeminent emergency response

organizations in the United States. But each considered itself operationally

autonomous. Each was accustomed to responding independently to emergencies. By

September 11 neither had demonstrated the readiness to respond to an “Incident

Commander” if that commander was an official outside of their Department. The

Mayor’s Office of Emergency Management had not overcome this problem. [1, p. 5]

The Mayor’s creation of

the Office of Emergency

Management and the

issuance of his Incident

Command Directive

were attempts to

address the long-

standing rivalry

between the NYPD and

the FDNY.

53

Chapter 4: And They Saved Many

September 11, 2001

At 8:46:40 a.m. the hijacked American Airlines Flight 11 flew into the upper portion of

the North Tower. [1, p. 6]

A jet fuel fireball erupted upon impact, and shot down at least one bank of elevators.

The fireball exploded onto numerous lower floors, including the 77th, 50th, 22nd,

West Street lobby level, and the B4 level, four stories below ground. The burning jet

fuel immediately created thick, black smoke which enveloped the upper floors and

roof of the North Tower. The roof of the South Tower was also engulfed in smoke

because of prevailing light winds from the north. [1, p. 6]

Within minutes, New York City’s 9-1-1 system was flooded with eyewitness accounts of

the event. Most callers correctly identified the target of the attack. Some identified the

plane as a commercial airliner. [1, p. 6]

The first response came from private firms and individuals—the people and companies

in the building. Everything that would happen to them during the next few minutes

would turn on their circumstances and their preparedness, assisted by building

personnel on site. [1, p. 6]

Trapped

Because all of the building’s stairwells were destroyed in the impact zone, the

hundreds of survivors trapped on or above the 92nd floor gathered in large and small

groups, primarily between the 103rd and 106th floors. A large group was reported on

the 92nd floor, technically below the impact but trapped by debris. Civilians were also

reported trapped below the impact zone, mostly on floors in the eighties, though also

on at least the 47th and 22nd floors, as well as in a number of elevators. [1, p. 6]

Because of damage to the building’s systems, civilians did not receive instructions on

how to proceed over the public address system. Many were unable to use the

emergency intercom phones as instructed in fire drills. Many called 9-1-1. [1, p. 6]

At 8:46:40 a.m. the

hijacked American

Airlines Flight 11 flew

into the upper portion of

the North Tower. The

first response came

from private firms and

individuals—the people

and companies in the

building. Everything that

would happen to them

during the next few

minutes would turn on

their circumstances and

their preparedness,

assisted by building

personnel on site.

54

Part I: Hard Lessons

9-1-1 operators and FDNY dispatchers had no information about either the location or

magnitude of the impact zone and were therefore unable to provide information as

fundamental as whether callers were above or below the fire. 9-1-1 operators were

also not given any information about the feasibility of rooftop rescues. In most

instances, 9-1- 1 operators and FDNY dispatchers, to whom the 9-1-1 calls were

transferred, therefore relied on standard operating procedure for high-rise fires. Those

procedures are to advise civilians to stay low, remain where they are, and wait for

emergency personnel to reach them. This advice was given to callers from the North

Tower for locations both above and below the impact. [1, pp. 6-7]

The protocol of advising against evacuation, of telling people to stay where they were,

was one of the lessons learned from the 1993 bombing. Fire chiefs told us that the

evacuation of tens of thousands of people from skyscrapers can create many new

problems, especially for disabled individuals or those in poor health. Many of the

injuries after the 1993 bombing occurred during the evacuation. Evacuees also may

complicate the movements and work of firefighters and other emergency workers. [1,

p. 7]

Although the default guidance to stay in place may seem understandable in cases of

conventional high rise fires, all the emergency officials that morning quickly judged

that the North Tower should be evacuated. The acting fire safety director in the North

Tower immediately ordered everyone to evacuate that building, but the public address

system was damaged and no one apparently heard the announcement. [1, p. 7]

Hence, one of the few ways to communicate to people in the building was through

calls to the 9-1-1 or other emergency operators. We found no protocol for

communicating updated evacuation guidance to the 9-1-1 operators who were

receiving calls for help. Improvising as they learned information from callers, some

operators advised callers that they could break windows. Some operators were

advising callers to evacuate if they could. [1, p. 7]

Evacuation

Below the impact zone in the North Tower, those civilians who could began evacuating

down the stairs almost immediately. [1, p. 7]

Although the default

guidance to stay in place

seemed understandable

in cases of conventional

fire, all the emergency

officials that morning

quickly judged that the

North Tower should be

evacuated. The acting

fire safety director in the

North Tower

immediately ordered

everyone to evacuate

that building, but the

public address system

was damaged and no

one apparently heard

the announcement.

55

Chapter 4: And They Saved Many

Civilians who called the Port Authority police desk at 5 WTC were advised to leave if

they could. Most civilians began evacuating without waiting to obtain instructions over

the intercom system. Some had trouble reaching the exits because of damage caused

by the impact. While evacuating, they were confused by deviations in the increasingly

crowded stairwells, and impeded by doors which were locked or jammed as a result of

the impact. Despite these obstacles, the evacuation was relatively calm and orderly. [1,

p. 7]

Within ten minutes of impact, smoke was beginning to rise to the upper floors in

debilitating volumes and isolated fires were reported, although there were some

pockets of refuge. Faced with insufferable heat, smoke, and fire, and no prospect for

relief, some jumped or fell from the building. [1, p. 8]

Confusion Next Door

Many civilians in the South Tower were unaware initially of what happened in the

other tower. Many people decided to leave. Some were advised to do so by fire

wardens. In addition, some entire companies, including Morgan Stanley, which

occupied over 20 floors of the South Tower, were evacuated by company security

officials. [1, p. 8]

The evacuation standard operating procedures did not provide a specific protocol for

when to evacuate one tower in the event of a major explosion in the other. At 8:49

a.m. the deputy fire safety director in the North Tower spoke with his counterpart in

the South Tower. They agreed to wait for the FDNY to arrive before determining

whether to evacuate the South Tower. According to one fire chief, it was unimaginable,

“beyond our consciousness,” that another plane might hit the adjacent tower. [1, p. 8]

In the meantime, an announcement came over the public address system in the South

Tower urging people to stay in place. Indeed, evacuees in the sky lobbies and the main

lobby were advised by building personnel to return to their offices. The Port Authority

told us that the advice may have been prompted by the safety hazard posed by falling

debris and victims outside the building. Similar advice was given by security officials in

the sky lobby of the South Tower. We do not know the reason for this advice, in part

because the on-duty deputy fire safety director in charge of the South Tower perished

in the tower’s collapse. As a result of the announcement, many civilians in the South

Tower remained on their floors. Others reversed their evacuation and went back up.

The Port Authority Police desk in 5 WTC gave conflicting advice to people in the South

Tower about whether to evacuate. [1, pp. 8-9]

Within ten minutes of

impact, smoke was

beginning to rise to the

upper floors in

debilitating volumes and

isolated fires were

reported, although there

were some pockets of

refuge. Faced with

insufferable heat,

smoke, and fire, and no

prospect for relief, some

jumped or fell from the

building.

56

Part I: Hard Lessons

FDNY Response

The FDNY response began immediately after the crash. Chief Pfeifer, Deputy Assistant

Chief, FDNY and four companies arrived at about 8:52 a.m. As they entered the lobby,

they immediately encountered badly burned civilians who had been caught in the path

of the fireball. [1, p. 9=10]

Peter Hayden, Assistant Chief, FDNY, and Chief Pfeifer, the initial FDNY incident

commanders were briefed on building systems by building personnel. Units began

mobilizing in the increasingly crowded lobby. It was challenging for the chiefs to keep

track of arriving units. They were frustrated by the absence of working building

systems and elevators. [1, p. 10]

Shortly before 9:00 a.m., FDNY chiefs advised building personnel and a Port Authority

Police Department officer to evacuate the adjacent South Tower. Impressed by the

magnitude of the catastrophe, fire chiefs had decided to clear the whole WTC complex,

including the South Tower. [1, p. 11]

By 9:00 a.m., many senior FDNY leaders, including seven of the eleven most highly

ranked chiefs in the department, had begun responding from headquarters in

Brooklyn. The Chief of Department and the Chief of Operations called a 5th alarm,

which would bring additional engine and ladder companies; they also called two more

FDNY Rescue teams. The Chief of Department arrived at approximately 9:00 a.m. He

established an overall Incident Command Post on the median of the West Side

Highway. [1, p. 11]

Emergency Medical Service (EMS) personnel were directed to one of four triage areas

around the perimeter of the WTC. In addition, many private hospital ambulances were

rushing to the WTC complex. [1, p. 11]

In the North Tower lobby, the chiefs quickly made the decision that the fire in the

North Tower could not be fought. The chiefs decided to concentrate on evacuating

civilians from the North Tower, although they held various views about whether

anyone at or above the impact zone could be saved. [1, p. 11]

As of 9:00 a.m., if only those units dispatched had responded, and if those dispatched

units were not “riding heavy” with extra men, 235 firefighters would be at the scene or

enroute. The vast majority of these would be expected to enter the North Tower. [1, p.

11]

The FDNY response

began immediately after

the crash. Chief Pfeifer,

Deputy Assistant Chief,

FDNY and four

companies arrived at

about 8:52 a.m. Shortly

before 9:00 a.m., FDNY

chiefs advised building

personnel and a Port

Authority Police

Department officer to

evacuate the adjacent

South Tower. Impressed

by the magnitude of the

catastrophe, fire chiefs

had decided to clear the

whole WTC complex.

57

Chapter 4: And They Saved Many

NYPD Response

The NYPD response also began seconds after the crash. At 8:47 a.m. the NYPD ordered

a Level 3 Mobilization. An initial mobilization point for patrol officers was established

on the west side of the intersection of West and Liberty Streets. NYPD rescue teams

were directed to mobilize at the intersection of Church and Vesey Streets. The first of

these officers arrived at Church and Vesey at 8:56 a.m. At 8:50 a.m., the aviation unit

of the NYPD dispatched two helicopters to the WTC to report on conditions and assess

the feasibility of a rooftop landing or special rescue operations. [1, p. 12]

Within ten minutes of the crash, NYPD and Port Authority Police personnel were

assisting with the evacuation of civilians. [1, p. 12]

At 8:58 a.m., a helicopter pilot reported on rooftop conditions for the possibility of

rooftop extraction. They didn’t see anybody up on the roof. Even so, the heat and the

smoke from the building interfered with the rotor system, making it difficult to hold

position. [1, p. 12]

At 8:58 a.m., while enroute, the Chief of the NYPD raised the department’s

mobilization to Level 4—its highest level—which would result in the dispatch of

approximately 30 lieutenants, 100 sergeants, and 800 police officers, in addition to

rescue teams, which were already at the scene. The Chief of Department arrived at

Church and Vesey at 9:00 a.m. [1, p. 12]

At 9:01 a.m., the NYPD patrol mobilization point at West and Liberty was moved to

West and Vesey, in order to handle the greater number of patrol officers who would

be responding to the Level 4 mobilization. These officers would be stationed around

the perimeter of the complex to assist with evacuation and crowd control. [1, p. 13]

Around the city, the NYPD cleared routes along major thoroughfares for emergency

vehicles responding to the WTC. The NYPD and Port Authority police coordinated the

closing of bridges, subways, PATH trains, and tunnels into Manhattan. [1, p. 13]

The NYPD response also

began seconds after the

crash. At 8:47 a.m. the

NYPD ordered a Level 3

Mobilization. At 8:58

a.m., the NYPD Chief

raised the department’s

mobilization to Level 4—

its highest level—which

would result in the

dispatch of

approximately 30

lieutenants, 100

sergeants, and 800

police officers, in

addition to rescue

teams, which were

already at the scene.

58

Part I: Hard Lessons

Port Authority Response

The Port Authority’s on-site commanding police officer was standing in the concourse

when a fireball exploded out of the North Tower lobby, causing him to dive for cover.

Within minutes of impact Port Authority police from bridge, tunnel, and airport

commands began responding to the WTC. Officers from the WTC command began

assisting in evacuating civilians. The Port Authority Police Department lacked clear

standard operating procedures to guide personnel responding from one command to

another during a major incident. [1, p. 13]

The fire safety director in charge of the complex arrived in the North Tower lobby at

approximately 8:52 a.m. and was informed by the deputy fire safety director there that

evacuation instructions had been announced over the public address system within

one minute of impact. As mentioned earlier, to our knowledge, because the public

address system had been damaged upon impact, no civilians heard that

announcement. [1, p. 13]

At 9:00 a.m., the Port Authority Police commanding officer ordered an evacuation of

civilians in the World Trade Center complex because of the danger posed by highly

flammable jet fuel from Flight 11. The order was issued, however, over a radio channel

which could be heard only by officers on the Port Authority WTC command channel.

There is no evidence that this order was communicated to officers in other Port

Authority Police commands or to members of other responding agencies. At 9:00 a.m.,

the Port Authority Police Superintendent and Chief of Department arrived together at

the WTC complex, and made their way to the North Tower lobby. Some Port Authority

officers immediately began climbing the stairs and assisting civilians. [1, p. 13]

OEM Response

Officials in the Office of Emergency Management’s headquarters at 7 WTC began to

activate its emergency operation center immediately after the North Tower was hit. At

approximately 8:50 a.m. a senior representative from that office arrived in the lobby of

the North Tower and began to act as its field responder. [1, p. 13]

In the 17-minute period between 8:46 a.m. and 9:03 a.m. on September 11, New York

City and the Port Authority of New York and New Jersey had mobilized the largest

rescue operation in the City’s history. Well over one thousand first responders had

been deployed, evacuations had begun, and the critical decision that the fire could not

be fought had been made. [1, p. 14]

The Port Authority’s on-

site commanding police

officer was standing in

the concourse when a

fireball exploded out of

the North Tower lobby,

causing him to dive for

cover. Within minutes of

impact Port Authority

police from bridge,

tunnel, and airport

commands began

responding to the WTC.

Officers from the WTC

command began

assisting in evacuating

civilians.

59

Chapter 4: And They Saved Many

The decision was made to evacuate the South Tower as well. At 9:02 a.m., a further

announcement in the South Tower advised civilians to begin an orderly evacuation if

conditions warranted. [1, p. 14]

One minute later, a plane hit the South Tower. [1, p. 14]

Second Crash

At 9:03 a.m., the hijacked United Airlines Flight 175 hit 2 WTC (the South Tower) from

the south, crashing through the 78th to 84th floors. What had been the largest and

most complicated rescue operation in city history instantly doubled in magnitude. [1,

p. 14]

The plane banked as it hit the building, leaving portions of the building undamaged on

impact floors. As a consequence—and in contrast to the situation in the North Tower—

one of the stairwells (Stairwell A) initially remained passable from top to bottom. [1, p.

14]

At the lowest point of impact, the 78th floor sky lobby, hundreds had been waiting to

evacuate when the plane hit. Many were killed or injured severely; others were

relatively unaffected. We know of at least one civilian who seized the initiative and

shouted that anyone who could walk should walk to the stairs, and anyone who could

help should help others in need of assistance. At least two small groups of civilians

descended from that floor. [1, p. 14]

Others remained alive in the impact zone above the 78th floor, though conditions on

these floors began to deteriorate within ten minutes. [1, p. 14]

Repeat Nightmare

As in the North Tower, civilians became first responders. Some civilians ascended the

stairs and others remained on affected floors to assist colleagues. Although Stairwell A

in the South Tower remained passable from above the impact zone to the lobby,

conditions were difficult and deteriorating. [1, p. 15]

Many ascended in search of clearer air or to attempt to reach the roof. Those

attempting to reach the roof were thwarted by locked doors. Others attempting to

descend were frustrated by jammed or locked doors in stairwells or confused by the

structure of the stairwell deviations. [1, p. 16]

In the 17-minute period

between 8:46 a.m. and

9:03 a.m. on September

11, New York City and

the Port Authority of

New York and New

Jersey had mobilized the

largest rescue operation

in the City’s history. Well

over one thousand first

responders had been

deployed, evacuations

had begun, and the

critical decision that the

fire could not be fought

had been made.

60

Part I: Hard Lessons

By 9:35 a.m., the West Street lobby level of the South Tower was becoming

overwhelmed by injured who had descended to the lobby but were having difficulty

continuing. [1, p. 16]

Within 15 minutes of the impact, debilitating smoke had reached at least one location

on the 100th floor, and severe smoke conditions were reported throughout floors in

the nineties and hundreds over the course of the following half hour. By 9:30 a.m. a

number of civilians who had failed to reach the roof and could not descend because of

intensifying smoke became trapped on the 105th floor. There were reports of

tremendous smoke in most areas of that floor, but at least one area remained less

affected until shortly before the building collapsed. [1, p. 16]

Still, there were several areas between the impact zone and the uppermost floors

where conditions were better. At least a hundred people remained alive on the 88th

and 89th floors, in some cases calling 9-1-1 for direction. The 9-1-1 system remained

plagued by the operators’ lack of awareness of what was occurring and by the sheer

volume of emergency calls. [1, p. 16]

No one in the first responder community knew that Stairwell A remained potentially

passable. No callers were advised that helicopter rescues were not feasible. Civilians

below the impact were also generally advised to remain where they were by 9-1-1 or

FDNY dispatch operators. [1, p. 17]

North Tower

Back in the North Tower, evacuation generally continued. Thousands of civilians

continued to descend in an orderly manner. On the 91st floor, the highest floor with

stairway access, all but one were uninjured and able to descend. At 9:11 a.m., Port

Authority workers at the 64th floor of the North Tower were told by the Port Authority

Police desk in Jersey City to stay near the stairwells and wait for assistance. These

workers eventually began to descend anyway, but most of them died in the collapse of

the North Tower. [1, p. 17]

Those who descended Stairwell B of the North Tower exited between the elevator

banks in the lobby. Those who descended the Stairwells A and C exited at the raised

mezzanine level, where the smoky air was causing respiratory problems. All civilians

were directed into the concourse at lobby level. Officers from the Port Authority and

New York Police Departments continued to assist with the evacuation of civilians, for

example, guiding them through the concourse in order to shelter the evacuees from

falling debris and victims. [1, p. 17]

In the North Tower,

evacuation generally

continued. Thousands of

civilians continued to

descend in an orderly

manner. On the 91st

floor, the highest floor

with stairway access, all

but one were uninjured

and able to descend.

61

Chapter 4: And They Saved Many

By 9:55 a.m., those few civilians who were still evacuating consisted primarily of

injured, handicapped, elderly, or severely overweight individuals. [1, p. 17]

Calls to 9-1-1 reflect that others remained alive above and below the impact zone,

reporting increasingly desperate conditions. [1, p. 17]

Double Trouble

Immediately after the second plane hit, the FDNY Chief of Department called a second

5th alarm. While nine Brooklyn units had been staged on the Brooklyn side of the

Brooklyn Battery tunnel at 8:53 a.m., these units were not dispatched to the scene at

this time. Instead, units from further away were dispatched. [1, p. 17]

Just after the South Tower impact, chiefs in the North Tower lobby huddled to discuss

strategy for the operations and communication in the two towers. [1, p. 18]

At 9:05 a.m., two FDNY chiefs tested the WTC complex’s repeater system. This was the

system installed after the 1993 bombing in order to enable firefighters operating on

upper floors to maintain consistent radio communication with the lobby command.

The system had been activated for use on portable radios at 8:54 a.m., but a second

button which would have enabled the master hand-set was not activated at that time.

The chief testing the master handset at 9:05 a.m. did not realize that the master

handset had not been activated. When he could not communicate, he concluded that

the system was down. The system was working, however, and was used subsequently

by firefighters in the South Tower. [1, p. 18]

The FDNY Chief of Safety agreed with the consensus that the only choice was to let the

fires “burn up and out.” The chiefs in the North Tower were forced to make decisions

based on little or no information. [1, p. 18]

Climbing up the stairwells carrying heavy equipment was a laborious task even for

physically fit firefighters. Though the lobby command post did not know it, one

battalion chief in the North Tower found a working elevator, which he took to the 16th

floor before beginning to climb. Just prior to 10:00 a.m., about an hour after

firefighters first began streaming into the North Tower, at least two companies of

firefighters had climbed to the sky lobby on the 44th floor of the North Tower.

Numerous units were located between the 5th and 37th floors in the North Tower. [1,

p. 18]

Just after the South

Tower impact, chiefs in

the North Tower lobby

huddled to discuss

strategy for the

operations and

communication in the

two towers.

62

Part I: Hard Lessons

South Tower

At approximately 9:07 a.m., two chiefs commenced operations in the South Tower

lobby. Almost immediately they were joined by an Office of Emergency Management

field responder. They were not immediately joined by a sizable number of fire

companies, as most, if not all units which had been in the North Tower lobby remained

there. One chief and a ladder company found a working elevator to the 40th floor.

From there they proceeded to climb Stairwell B. One member of the ladder company

stayed behind to operate the elevator. [1, pp. 18-19]

Poor Communications

Unlike the commanders in the North Tower lobby, these chiefs in the South Tower

kept their radios on the repeater channel. For the first 15 minutes of the operations in

the South Tower, communications among them and the ladder company which

ascended with the chief worked well. Upon learning from a company security official

that the impact zone began at the 78th floor, a ladder company transmitted this

information, and the chief directed an engine company on the 40th floor to attempt to

find an elevator to reach that upper level. [1, p. 19]

Unfortunately, no FDNY chiefs outside the South Tower realized that the repeater

channel was functioning and being used by units in the South Tower. Chiefs in the

North Tower lobby and outside were unable to reach the South Tower lobby command

post initially. [1, p. 19]

Communications also began to break down within the South Tower. Those units

responding to the South Tower were advised to use tactical channel 3. From

approximately 9:21 a.m. on, the ascending chief was unable to reach the South Tower

lobby command post. The lobby chief ceased to transmit on repeater channel 7 at that

time. [1, p. 19]

The first FDNY fatality of the day occurred at approximately 9:25 a.m. when a civilian

landed on a fireman on West Street. [1, p. 19]

At approximately 9:07

a.m., two FDNY chiefs

commenced operations

in the South Tower

lobby. Unlike the

commanders in the

North Tower lobby,

these chiefs in the South

Tower kept their radios

on the repeater channel.

Because they were

unaware of the repeater

channel, chiefs in the

North Tower lobby and

outside were unable to

reach the South Tower

lobby command post

initially.

63

Chapter 4: And They Saved Many

Confusion

By 9:30 a.m., few of the units dispatched to the South Tower had arrived at their

staging area. Many units were unfamiliar with the complex and could not enter the

South Tower because of the danger of victims and debris falling on Liberty Street.

Some units entered the Marriott Hotel and were given assignments there; others

mistakenly responded to the North Tower. An additional 2nd alarm was requested at

9:37 a.m. because so few units had reported. At this time, units which had been staged

on the Brooklyn side of the Brooklyn Battery Tunnel were sent, and many of them

arrived at the WTC by 9:55 a.m. [1, p. 19]

At 9:50 a.m., a ladder company had made its way up to the 70th floor of the South

Tower. There they encountered many seriously injured people. At 9:53 a.m. a group of

civilians were found trapped in an elevator on the 78th floor sky lobby. By 9:58 a.m.,

the ascending chief had reached the 78th floor on Stairwell A, and reported that it

looked open to the 79th floor. He reported numerous civilian fatalities in the area. A

ladder company on the 78th floor was preparing to use hoses to fight the fire when the

South Tower collapsed. [1, p. 19]

Incident Command

The overall incident command was just outside the WTC complex. At approximately

9:10 a.m., because of the danger of falling debris, this command post was moved from

the middle of West Street to its western edge by the parking garage in front of 2 World

Financial Center. The overall command post’s ability to track all FDNY units was

extremely limited. [1, pp. 19-20]

At approximately 9:20 a.m., the Mayor and the NYPD Commissioner reached the FDNY

overall command post. The FDNY Chief of Department briefed the Mayor on

operations and stated that this was a rescue mission of civilians. He stated that he

believed they could save everyone below the impact zones. He also advised that, in his

opinion, rooftop rescue operations would be impossible. None of the chiefs present

believed a total collapse of either tower was possible. Later, after the Mayor had left,

one senior chief present did articulate his concern that upper floors could begin to

collapse in a few hours, and so he said that firefighters thus should not ascend above

floors in the sixties. [1, p. 20]

By 9:30 a.m., few of the

units dispatched to the

South Tower had arrived

at their staging area.

Many units were

unfamiliar with the

complex and could not

enter the South Tower

because of the danger

of victims and debris

falling on Liberty Street.

Some units entered the

Marriott Hotel and were

given assignments

there; others mistakenly

responded to the North

Tower.

64

Part I: Hard Lessons

Surge

By 9:20 a.m., significantly more firemen than were dispatched were at the WTC

complex or enroute. Many off-duty firemen were given permission by company officers

to “ride heavy.” Others found alternative transportation and responded. In one case an

entire company of off-duty firefighters managed to congregate and come to the WTC

as a complete team, in addition to the on-duty team which already had been

dispatched to the scene. Numerous fire marshals also reported to the WTC. [1, p. 20]

At 9:46 a.m., the Chief of Department called a third 5th alarm. This meant that over

one third of all of the FDNY units in New York City were at or enroute to the WTC. [1, p.

20]

The Police Department was also responding massively after the attack on the South

Tower. Almost 2,000 officers had been called to the scene. In addition, the Chief of the

Department called for Operation Omega, to evacuate and secure sensitive locations

around the city. At 9:06 a.m. the NYPD Chief of Department instructed that no units

were to land on the roof of either tower. [1, p. 20]

An NYPD rescue team in the North Tower lobby prepared to climb at approximately

9:15 a.m. They attempted to check in with the FDNY chiefs present, but were rebuffed.

Office of Emergency Management personnel present did not intercede. The team went

to work anyway, climbing Stairwell B in order to set up a triage center on upper floors

for victims who could not walk. Later, a second rescue team arrived in the North Tower

and did not attempt to check-in with the FDNY command post. [1, p. 20]

NYPD rescue teams also entered the South Tower. The Office of Emergency

Management field responder present ensured that they check-in with the lobby chief.

In this case, both agreed that the rescue team would ascend in support of FDNY

personnel. By 9:15 a.m., two more of these teams were preparing to leave the Church

and Vesey mobilization point in order to enter the towers. [1, p. 20]

At approximately 9:30 a.m. one of the helicopters present advised that a rooftop

evacuation still would not be possible. [1, p. 20]

By 9:20 a.m.,

significantly more

firemen than were

dispatched were at the

WTC complex or

enroute. Many off-duty

firemen were given

permission by company

officers to “ride heavy.”

Others found alternative

transportation and

responded. In one case

an entire company of off

-duty firefighters

managed to congregate

and come to the WTC as

a complete team.

65

Chapter 4: And They Saved Many

Structural Failure

At 9:37 a.m., a civilian on the 106th floor of the South Tower reported to a 9-1-1

operator that a lower floor—“90-something floor”—was collapsing. This information

was conveyed incorrectly by the 9-1-1 operator to an NYPD dispatcher. The NYPD

dispatcher further confused the substance of the 9-1-1 call in conveying at 9:52 a.m. to

NYPD officers that “the 106th floor is crumbling.” [1, p. 21]

By 9:58 a.m., there were two NYPD rescue teams in each of the two towers, another

approaching the North Tower, and approximately ten other NYPD officers climbing in

the towers. [1, p. 21]

In addition, there were numerous NYPD officers on the ground floors throughout the

complex, assisting with evacuation, and patrolling and securing the WTC perimeter. A

greater number of NYPD officers were staged throughout lower Manhattan, assisting in

civilian evacuation, keeping roads clear, and conducting other operations in response

to the attacks. [1, p. 21]

Prior to 9:59 a.m., no NYPD helicopter transmission predicted that either tower would

collapse. [1, p. 21]

Agency Coordination

Initial responders from outside Port Authority Police commands proceeded to the

police desk in 5 WTC or to the fire safety desk in the North Tower lobby. Officers were

assigned to assist in stairwell evacuations and to expedite evacuation in the plaza,

concourse, and PATH station. As reports of trapped civilians were received, Port

Authority Police officers also started climbing stairs for rescue efforts. Others, including

the Port Authority Police Superintendent, began climbing toward the impact zone in

the North Tower. The Port Authority Police Chief and other senior officers began

climbing in the North Tower with the purpose of reaching the Windows of the World

restaurant on the 106th floor, where there were at least 100 people trapped. [1, p. 21]

The Port Authority Police Department lacked clear standard operating procedures for

coordinating a multi-command response to the same incident. It also lacked a radio

channel that all commands could access. Many officers remained on their local

command channels, which did not work once they were outside the immediate

geographic area of their respective commands. [1, pp. 21-22]

The Port Authority

Police Department

lacked clear standard

operating procedures

for coordinating a multi-

command response to

the same incident. It

also lacked a radio

channel that all

commands could access.

Many officers remained

on their local command

channels, which did not

work once they were

outside the immediate

geographic area of their

respective commands.

66

Part I: Hard Lessons

Many Port Authority Police officers from different commands responded on their own

initiative. By 9:30 a.m. the Port Authority’s central police desk requested that

responding officers meet at West and Vesey and await further instructions. In the

absence of predetermined leadership roles for an incident of this magnitude, a number

of Port Authority inspectors, captains, and lieutenants stepped forward at West and

Vesey to formulate an on-site response plan. They were hampered by not knowing

how many officers were responding to the site and where those officers were

operating. Many of the officers who responded to this command post lacked suitable

protective equipment to enter the complex. [1, p. 22]

By 9:58 a.m., one Port Authority Police officer had reached the sky lobby on the 44th

floor of the North Tower. Also in the North Tower, two Port Authority teams had

reached floors in the upper and lower twenties. Numerous officers also were climbing

in the South Tower, including the Port Authority rescue team. Many also were on the

ground floors of the complex assisting with evacuation, manning the Port Authority

Police desk in 5 WTC, or supporting lobby command posts. [1, p. 22]

The emergency response effort escalated with the crash of United 175 into the South

Tower. With that escalation, communications and command-and-control became

increasingly critical and increasingly difficult. First responders assisted thousands of

civilians in evacuating the towers, even as incident commanders from responding

agencies lacked knowledge of what other agencies and, in some cases, their own

responders were doing. [1, p. 22]

Then the South Tower collapsed. [1, p. 22]

South Tower Collapse

At 9:59 a.m., the South Tower collapsed in ten seconds. It is believed that all of the

people still inside the tower were killed, as well as a number of individuals—both first

responders and civilians—in the concourse, the Marriott, and on neighboring streets.

[1, pp. 22-23]

The next emergency issue was to decide what to do in the North Tower, once the

South Tower had collapsed. In the North Tower, 9-1-1 calls placed from above the

impact zone grew increasingly desperate. The only civilians still evacuating above the

10th floor were those who were injured or handicapped. First responders were

assisting those people in evacuating. [1, p. 23]

At 9:59 a.m., the South

Tower collapsed in ten

seconds. It is believed

that all of the people

still inside the tower

were killed, as well as a

number of individuals—

both first responders

and civilians—in the

concourse, the Marriott,

and on neighboring

streets.

67

Chapter 4: And They Saved Many

Every FDNY command post ceased to operate upon the collapse of the South Tower.

Lacking awareness of the South Tower’s collapse, the chiefs in the North Tower

nonetheless ordered an evacuation of the building. [1, p. 23]

An FDNY marine unit radioed immediately that the South Tower had collapsed. To our

knowledge, this information did not reach the chiefs at the scene. [1, p. 23]

Within minutes some firefighters began to hear evacuation orders over tactical 1, the

channel being used in the North Tower. Some FDNY personnel also gave the

evacuation instruction on command channel 2, which was much less crowded, as only

chiefs were using it. Two battalion chiefs on upper floors heard the instruction on

Command 2 and repeated it to everyone they encountered. At least one of them also

repeated the evacuation order on tactical 1. [1, p. 23]

Other firefighters did not receive the transmissions. The reasons varied. Some FDNY

radios may not have picked up the transmission in the difficult high-rise environment.

The difficulty of that environment was compounded by the numerous communications

all attempted on tactical 1 after the South Tower collapsed; the channel was

overwhelmed, and evacuation orders may have been lost. Some of the firefighters in

the North Tower were among those who had responded even though they were off-

duty, and they did not have their radios. Finally, some of the firefighters in the North

Tower were supposed to have gone to the South Tower and were using the tactical

channel assigned to that Tower. [1, p. 24]

Many firefighters who did receive the evacuation order delayed their evacuation in

order to assist victims who could not move on their own. Many perished. [1, p. 24]

Many chiefs on the scene were unaware that the South Tower collapsed. To our

knowledge, none of the evacuation orders given to units in the North Tower followed

the specific protocols—which would include stating “mayday, mayday, mayday”—to

be given for the most urgent building evacuation. To our knowledge none of the

evacuation orders mentioned that the South Tower had collapsed. Firefighters who

received these orders lacked a uniform sense of urgency in their evacuation. [1, p. 24]

None of the evacuation

orders given to FDNY

units in the North Tower

followed the specific

protocols to be given for

the most urgent building

evacuation. None of the

evacuation orders

mentioned that the

South Tower had

collapsed. Firefighters

who received these

orders lacked a uniform

sense of urgency in their

evacuation.

68

Part I: Hard Lessons

The Police Department had a better understanding of the situation. The South Tower’s

collapse disrupted the NYPD rescue team command post at Church and Vesey.

Nonetheless, the NYPD command structure gave vital help to its units. [1, p. 24]

Many NYPD radio frequencies became overwhelmed with transmissions relating to

injured, trapped, or missing officers. By 10:10 a.m., the NYPD rescue team advised that

they were moving their command post north and began moving vehicles in that

direction. [1, p. 25]

NYPD Aviation radioed in immediately that the South Tower had collapsed. At 10:08

a.m., an aviation helicopter pilot advised that he did not believe the North Tower

would last much longer. There was no ready way to relay this information to the fire

chiefs in the North Tower. [1, p. 25]

Both NYPD rescue teams in the North Tower knew that the South Tower had collapsed

and evacuated the building. One remained in the complex near 5 and 6 WTC in order

to keep searching for people who needed help. A majority of these officers died. [1, p.

25]

At the time of the South Tower’s collapse, a number of NYPD and Port Authority Police

officers, as well as some FDNY personnel, were operating in different groups in the

North Tower mezzanine, the WTC plaza, and the concourse, as well as on the

neighboring streets. Many of these officers were thrown into the air and were

enveloped in the total darkness of the debris cloud. Within minutes of the South Tower

collapse, these officers began to regroup in the darkness and to lead the remaining

civilians and injured officers out of the complex. Many of these officers continued

rescue operations in the immediate vicinity of the North Tower and remained there

until the North Tower collapsed. Many lost their lives. [1, p. 25]

The collapse of the South Tower also forced the evacuation of the Port Authority Police

command post on West and Vesey, forcing its officers to move north. There is no

evidence that Port Authority Police officers from outside the WTC command ever

heard an evacuation order on their radios. Some of these officers in the North Tower

determined to evacuate, either on their own, or in consultation with other first

responders they came across. One Port Authority Police officer from the WTC

command reported that he heard an urgent evacuation instruction on his radio soon

after the South Tower collapsed. Other Port Authority police stayed in the WTC

complex, assisting with the evacuation. [1, pp. 25-26]

The Police Department

had a better

understanding of the

situation. The South

Tower’s collapse

disrupted the NYPD

rescue team command

post at Church and

Vesey. Nonetheless, the

NYPD command

structure gave vital help

to its units.

69

Chapter 4: And They Saved Many

North Tower Collapse

The FDNY Chief of Department and the Port Authority Police Department

Superintendent and many of their senior staff were killed. The Fire Department of New

York suffered 343 casualties, the largest loss of life of any emergency response agency

in U.S. history. The Port Authority Police Department suffered 37 casualties, the largest

loss of life of any American police force in history. The New York Police Department

suffered 23 casualties, the second largest loss of life of any police force in U.S. history,

exceeded only by the loss of Port Authority police the same day. [1, p. 26]

On 9/11, 403 officers from FDNY, NYPD, and PAPD lost their lives. They were part of

the 2,752 killed at the World Trade Center that day. The nation suffered the largest

loss of civilian life on its soil as a result of a domestic attack in its history. [1, p. 26]

Conclusion

Because of its experience in 1993, New York City was seen as the best prepared city in

the nation ready to contend with catastrophic terrorism. The events of 9/11 proved

otherwise. And if New York City wasn’t ready, how did that bode for the rest of the

nation? These concerns would weigh heavily in the shaping of U.S. homeland security

policy.

On 9/11, 403 officers

from FDNY, NYPD, and

PAPD lost their lives.

They were part of the

2,752 killed at the World

Trade Center that day.

The nation suffered the

largest loss of civilian

life on its soil as a result

of a domestic attack in

its history.

70

Part I: Hard Lessons

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. Which tower was first hit, and which tower was first to collapse on 9/11?

2. Why do you suppose the standing guidance was to remain in place during an emergency?

3. What options were available to those whose offices were located above the crash sites?

4. What options were available to those whose offices were located below the crash sites?

5. Identify the three agencies who led emergency response efforts at the World Trade Center.

6. Summarize the overall emergency response plan devised by the first responders.

7. Describe the problems with coordination and communication between first responders at the World Trade Center.

8. Identify two reasons why self-dispatching units would complicate an emergency response?

9. Identify two ways that first responders significantly reduced the death toll at the World Trade Center.

10. If you had been mayor of New York City, what would you have done different on 9/11?

71

Not By Chance

Careful study of this chapter will help a student do the following:

 Describe emergency response efforts at the Pentagon on 9/11.

 Evaluate emergency response efforts at the Pentagon on 9/11.

 Appreciate the dedication and effectiveness of first responders on 9/11.

 Compare emergency operations at the Pentagon to emergency operations at the World Trade Center.

Chapter 5

Learning Outcomes

Chapter 5: Not By Chance

72

Part I: Hard Lessons

“The success of the ACFD response to the terrorist attack on the Pentagon did not

happen by chance.”

– Arlington County After Action Report, 2002

Introduction

On any other day, the disaster at the Pentagon would be remembered as a singular

challenge, an extraordinary national story. Yet the calamity at the World Trade Center

included catastrophic damage 1,000 feet above the ground that instantly imperiled

tens of thousands of people. The two experiences are not comparable. Nonetheless,

broader lessons in integrating multiagency response efforts are apparent in analyzing

the Pentagon response. [1, p. 4]

The Pentagon

The Pentagon is the headquarters of the United States Department of Defense, located

in Arlington County, Virginia. [2] It has served for more than 70 years as a symbol of

power in defense of the United States. Ironically, the groundbreaking ceremony for

construction of the Pentagon took place on September 11, 1941, less than 3 months

before the U.S. entry into World War II. Built on a site previously known as Arlington

Farms, the five surrounding roadways dictated its pentagonal shape. The Pentagon’s

placement was personally approved by President Franklin Roosevelt to avoid

obstructing the view of the U.S. Capitol from Arlington National Cemetery. The 380,000

tons of sand dredged from the Potomac River produced the reinforced concrete used

to construct the building and the 41,492 concrete piles that support it. This innovative

use of concrete saved enough steel to build an additional aircraft carrier for the War

Department. Construction of the Pentagon was completed in just 16 months at a cost

of $83 million. [3, p. 7]

The Pentagon is a massive structure. The building covers 29 acres of land, with a floor

area of almost 7 million square feet. Almost 18 miles of corridors connect the 5 floors

of office space housing some 23,000 employees. The heating and refrigeration plant

alone covers a full acre and more than 100,000 miles of telephone cables run through

the building. Although the network of corridors, escalators, elevators, and stairwells is

designed to speed movement from place to place, to the uninitiated, maneuvering

through the Pentagon can be daunting. [3, p. 7]

On September 11, 2001, exactly 60 years after the building’s construction began,

American Airlines Flight 77 was hijacked and flown into the Western side of the

building, killing 189 people including the five hijackers. It was the first significant

foreign attack on the capital’s governmental facilities since the burning of Washington

during the War of 1812. [2]

On September 11, 2001,

exactly 60 years after

the Pentagon’s

construction began,

American Airlines Flight

77 was hijacked and

flown into the Western

side of the building,

killing 189 people

including the five

hijackers. It was the first

significant foreign

attack on the capital’s

governmental facilities

since the burning of

Washington during the

War of 1812.

73

Chapter 5: Not By Chance

Emergency Preparedness

In the event of a fire, even one of significant size, the issue of “who’s in charge” is

usually straightforward. The fire department that owns the jurisdiction owns the scene

until the fire is extinguished or brought under control. All other organizations support

and are under the tactical control of the fire department’s designated Incident

Commander. Once the fire is out, command might be transferred to a law enforcement

agency if, for example, arson or some other criminal act is suspected. The fire scene

would then become a crime scene. [3, pp. A-20]

While the Pentagon resided firmly within the jurisdiction of the Arlington County Fire

Department (ACFD), many unique aspects about the facility combined to create

overlapping areas of authority. To begin with, the Pentagon is a U.S. military facility

under direct control of the Secretary of Defense. Building entry is restricted and

controlled by its own law enforcement organization, the Defense Protective Service

(DPS). The fire station at the Pentagon heliport is operated by the Fort Myer Fire

Department. [3, pp. A-20] The responsibility for contingency operations at Department

of Defense (DoD) facilities in the Washington Metropolitan Area, including the

Pentagon, belong to the Commanding General of the Military District of Washington

(MDW). [3, p. 8]

Another complication was the nature of the incident itself. Following on the heels of

the attacks on the World Trade Center in New York, it was clear this was a terrorist act.

Under the terms of Presidential Decision Directive (PDD)-39, acts of terrorism are the

exclusive domain of the Department of Justice (DOJ) and the FBI. This major fire

incident, the jurisdictional responsibility of the ACFD, occurred because of a terrorist

attack, thereby rendering the site a crime scene, the responsibility of the FBI. These

complex jurisdictional and organizational relationships tested the coordination and

relationships of everyone involved. [3, pp. A-20]

Fortunately, in March 2001, the Washington area Council of Governments adopted the

National Incident Management System (NIMS) and Incident Command System (ICS)

model. Thus, there was a common understanding of basic working relationships among

local jurisdictions. However, establishing and maintaining command of the response to

the Pentagon attack was daunting. There were thousands of people and hundreds of

pieces of equipment from more than a dozen different jurisdictions, as well as many

Federal, State, and Arlington County government agencies, and scores of volunteer

organizations, businesses, and individuals. This understandably challenged the

leadership of a fire department that usually directs the efforts of some 260 uniformed

personnel. Although the ACFD performed well in responding to the terrorist attack on

the Pentagon, the actual experience of coordinating the multifaceted response proved

significantly more challenging than previously envisioned. [3, pp. A-20]

While the Pentagon

resided firmly within the

jurisdiction of the

Arlington County Fire

Department (ACFD),

many unique aspects

about the facility

combined to create

overlapping areas of

authority. Fortunately,

in March 2001, the

Washington area

Council of Governments

adopted the National

Incident Management

System (NIMS) and

Incident Command

System (ICS) model.

74

Part I: Hard Lessons

September 11, 2001

The only thing special about the morning of September 11, 2001, was the spectacular

fall weather across the Washington Metropolitan Area. In Arlington County, the 67

firefighters and emergency medical technicians of the fire department’s “B” shift were

staffing the county’s 10 neighborhood fire stations. By 8:30 a.m., training classes at the

Arlington County Fire Training Academy were in full swing. Other ACFD personnel were

engaged in meetings in the District of Columbia, preparing for the upcoming

International Monetary Fund (IMF) conference. Several Arlington County chief officers

were at a county sponsored management class at the Fairlington Community Center.

At 8:45 a.m., when American Airlines Flight #11 slammed into the north tower of New

York City’s World Trade Center, it was abundantly clear this would be a day like no

other. At 9:06 a.m., United Airlines Flight #175 crashed into the World Trade Center’s

south tower, revealing the true nature of the unprecedented horror. A brutal, mind-

numbing terrorist attack was under way against the United States. [3, pp. A-4]

At 9:37 a.m., in Arlington County, Captain Steve McCoy and the crew of ACFD Engine

101 were enroute to a training session in Crystal City, traveling north on Interstate 395.

Their conversation about the World Trade Center attack earlier that morning was

interrupted by the sight and sound of a commercial airliner in steep descent, banking

sharply to its right before disappearing beyond the horizon. At the same time,

Arlington County Police on patrol in south Arlington County, saw a large American

Airlines aircraft in a steep dive and on a collision course with the Pentagon. [3, p. 9]

At 9:38 a.m., American Airlines Flight #77 crashed into the west side of the Pentagon,

just beyond the heliport. It was traveling at a speed of about 400 miles per hour,

accelerating with close to its full complement of fuel at the time of impact. [3, p. 9]

The destruction caused by the attack was immediate and catastrophic. The 270,000

pounds of metal and jet fuel hurtling into the solid mass of the Pentagon was the

equivalent in weight of a diesel train locomotive, except it was traveling at more than

400 miles per hour. More than 600,000 airframe bolts and rivets and 60 miles of wire

were instantly transformed into white-hot shrapnel. The resulting impact, penetration,

and burning fuel had catastrophic effects to the five floors and three rings in and

around Pentagon Corridors 4 and 5. [3, p. 9]

All 64 people aboard the airliner were killed, as were 125 people inside the Pentagon

(70 civilians and 55 military service members). [1, p. 5]

75

Chapter 5: Not By Chance

Emergency Response

At 9:38 a.m., shortly after American Airlines Flight #77 disappeared from sight, a

tremendous explosion preceded a massive plume of smoke and fire. Unable to

pinpoint the precise location, Captain McCoy aboard Engine 101 immediately radioed

the Arlington County Emergency Communications Center (ECC), reporting an airplane

crash in the vicinity of the 14th Street Bridge or in Crystal City. Aware of the World

Trade Center attack, Captain McCoy also advised that the Federal Bureau of

Investigation should be notified, since this was a possible terrorist attack. Hearing the

radio message, fire and rescue units from Arlington County and elsewhere began to

respond, self-dispatching from stations or diverting from other destinations. [3, pp. A-

4]

Figure 5-1: Pentagon Crash Site [3, p. 8]

At 9:38 a.m., shortly

after American Airlines

Flight #77 disappeared

from sight, a

tremendous explosion

preceded a massive

plume of smoke and fire.

Unable to pinpoint the

precise location, Captain

McCoy aboard Engine

101 immediately

radioed the Arlington

County Emergency

Communications Center

(ECC), reporting an

airplane crash in the

vicinity of the 14th

Street Bridge or in

Crystal City.

76

Part I: Hard Lessons

At 9:38 a.m. on September 11, only one fire crew, Foam 161 of the Fort Myer Fire

Department, knew the exact location of the crash site. Captain Dennis Gilroy and his

team were already on station at the Pentagon when Flight #77 slammed into it, just

beyond the heliport. Foam 161 caught fire and suffered a flat tire from flying debris.

Firefighters Mark Skipper and Alan Wallace were outside the vehicle at impact and

received burns and lacerations. Recovering from the initial shock, they began helping

victims climb out of the Pentagon’s first floor windows. Captain Gilroy called the Fort

Myer Fire Department, reporting for the first time the actual location of the crash. [3,

pp. A-4]

Help was already on the way from several directions as units sped toward the source of

the smoke plume, not toward a specific street address. ACFD Truck 105 reached the

scene first, followed shortly by fire and medical units from several Arlington County

stations. [3, pp. A-5]

At the FBI Washington Field Office (WFO), Special Agent-in-Charge (SAC) Arthur

Eberhart was putting in motion the steps necessary to support New York City. Of

WFO’s four senior leaders, he was the only one present at headquarters that morning.

Upon learning of the World Trade Center crashes, SAC Eberhart activated the WFO

Command Center. Members of the WFO National Capital Response Squad (NCRS) were

paged and instructed to report immediately to headquarters. Supervisory Special

Agent (SSA) Jim Rice, the NCRS leader, was at the FBI WFO Command Center on the

telephone with Mr. Larry Cirutti of the Military District of Washington at the Pentagon

when a monitored District of Columbia police radio transmission reported an explosion

at the Pentagon. Mr. Cirutti told SSA Rice a helicopter must have “slid off the helipad”

into the building. Special Agent Chris Combs, the NCRS Fire Service Liaison, was

teaching a class at the District of Columbia Fire Academy when he received his page.

While enroute to the WFO Headquarters, he heard a news report of the Pentagon

attack and proceeded directly to the Pentagon. [3, pp. A-6]

Meanwhile, at the Metropolitan Washington Airports Authority (MWAA) Fire

Department at Ronald Reagan Washington National Airport, Captain Michael Defina

was investigating an incident at Terminal B when he heard the impact and saw the

smoke rising in the distance. He called Fire Communications and was advised of a

report of a Boeing 757 crash off the end of Runway 1-19. That was quickly amended,

identifying the Pentagon as the crash site. The MWAA contacted the Arlington ECC and

was directed to respond to the Pentagon. They did so with substantial resources: a

rescue engine, two foam units, two mass casualty units, a mini-pumper, and a

command vehicle. Because MWAA had authority to respond automatically to an

airplane crash within 5 miles of the airport, two heavy rescue units had already self-

dispatched to the Pentagon. [3, pp. A-6]

Help was already on the

way from several

directions as units sped

toward the source of the

smoke plume, not

toward a specific street

address. ACFD Truck 105

reached the scene first,

followed shortly by fire

and medical units from

several Arlington County

stations.

77

Chapter 5: Not By Chance

ACFD’s Training Officer Captain Chuck Gibbs reached the incident site within the first 3

minutes, followed by Battalion Chief Bob Cornwell, who assumed initial Incident

Command responsibilities. Those duties were quickly assumed by Assistant Fire Chief

for Operations James Schwartz, who assigned Battalion Chief Cornwell, a 35-year

veteran firefighter, to lead fire suppression efforts inside the building. Captain Gibbs

commanded the River Division. Special Agent Combs arrived moments after Chief

Schwartz. The partnership between Chief Schwartz and Special Agent Combs, who

served as FBI agency representative to the Incident Commander, proved invaluable in

the days ahead. [3, pp. A-6]

Incident Command

When ACFD Chief Edward Plaugher arrived at the Pentagon shortly after the attack, he

chose not to assume Incident Command, but let it remain delegated to Chief Schwartz.

Chief Plaugher recognized he would be more valuable as a free agent, buffering the

command structure from outside distractions, such as the media, and directing his

attention to support requiring his personal intervention. This proved to be a fortuitous

decision. [3, pp. A-21]

A tiered command structure quickly evolved in the first hours of the incident. Chief

Schwartz directed fire and rescue operations from the Incident Command Post (ICP).

Around midday, he established an ICS Operations Section at the Pentagon heliport,

from which day-to-day firefighting and rescue efforts were planned and executed.

Chief Gray, a second-generation ACFD Firefighter, led the Operations Section

supported by Chief Cornwell and Captain Gibbs. Battalion Chief Tom Hurlihy, from the

District of Columbia, was later added to the operations team. [3, pp. A-21]

Away from the incident scene, Battalion Chief George Lyon designated Fire Station 1 as

a Field Operations Center. It was there that replacement personnel and equipment

were organized and dispatched to the Pentagon. [3, pp. A-21]

At about 1:00 p.m., Chief Schwartz learned that a task force led by Loudoun County

Chief Jack Brown had arrived at Fire Station 1. He asked Chief Brown, formerly with the

Fairfax County Fire and Rescue Department and a long-time colleague, to report to the

ICP and lead the Planning Section. When the Fairfax County Urban Search and Rescue

(US&R) Team deployed by the Federal Emergency Management Agency (FEMA) arrived

about 2:00 p.m., the Incident Commander recognized that these very special resources

would require considerable attention and asked Chief Brown to serve as their liaison. A

Logistics Section was added later that day. It ramped up and was fully operational on

the morning of September 12. Functional branches were established for fire

suppression at the impact area (River Division), the Center Courtyard (A-E Division),

and medical treatment (South Parking Lot). [3, pp. A-21]

A tiered command

structure quickly evolved

in the first hours of the

incident. Chief Schwartz

directed fire and rescue

operations from the

Incident Command Post

(ICP). Around midday,

he established an ICS

Operations Section at

the Pentagon heliport,

from which day-to-day

firefighting and rescue

efforts were planned

and executed.

78

Part I: Hard Lessons

The Incident Command also interfaced with the Arlington County Emergency

Operations Center (EOC), located in the county government complex. The EOC was

responsible for policy guidance and resource support. EOC personnel and equipment

were assembled by 10:30 a.m. and, at 12:30 p.m., County Manager Ron Carlee

convened the first Emergency Management Team meeting. [3, pp. A-22]

The FBI deployed both the Joint Terrorism Task Force (JTTF) and the National Capital

Response Squad. Special Agent Combs established the FBI initial command presence

with the ACFD Incident Command. The collaboration and cooperation between the FBI

and ACFD was remarkable. The FBI Evidence Recovery Team began arriving before

10:00 a.m. and set up in a grassy area a short distance from the heliport. Because of

the extremely congested traffic conditions, it took several hours for the entire FBI

contingent to negotiate the route from the District of Columbia to the Pentagon. [3,

pp. A-22]

The FBI had more than one role. It was responsible for the entire crime scene

operation, including evidence gathering and body recovery. That operation engaged

more than 700 FBI agents at the Pentagon, assisted by hundreds of people from other

organizations. It was also responsible for organizing and operating the Federal

interagency Joint Operations Center (JOC) as the Federal agency “coordination” center.

The FBI was also responsible for investigating the hijacking at Washington Dulles

International Airport. [3, pp. A-23]

Thus, the Pentagon attack required a fully coordinated response by the ACFD Incident

Commander, the FBI On-Scene Commander, and the Commanding General of the

MDW representing the DoD. From the moment Special Agent Combs reported to Chief

Schwartz as the FBI representative and initial FBI On-Scene Commander, the

collaboration and cooperation between the FBI and ACFD was under way. The FBI

carefully respected the command primacy of the ACFD while it retrieved evidence

during the 10-day fire and rescue phase. The FBI assumed command of the scene from

the ACFD on September 21. The foundation for this relationship had formed long

before the attack on the Pentagon. Special Agent Combs, a former New York

firefighter, had worked routinely with every Washington Metropolitan Area fire

department. He had taught classes at area fire academies and met regularly with the

fire community leadership. Similarly, Major General James Jackson of the MDW placed

his formidable resources in support of the ACFD Incident Command and the FBI until

control was returned to the DoD on September 28. [3, pp. A-20]

Thus, the Pentagon

attack required a fully

coordinated response by

the ACFD Incident

Commander, the FBI On-

Scene Commander, and

the Commanding

General of the MDW

representing the DoD.

From the moment

Special Agent Combs

reported to Chief

Schwartz as the FBI

representative and

initial FBI On-Scene

Commander, the

collaboration and

cooperation between

the FBI and ACFD was

under way.

79

Chapter 5: Not By Chance

Emergency Medical Services

ACFD Captain Edward Blunt also arrived at the Pentagon within minutes of the crash

and assumed control of Emergency Medical Services (EMS). Captain Blunt immediately

contacted the Arlington County Emergency Communications Center and requested and

immediately received a separate EMS operations channel. He also asked for 20 medic

units, 2 buses, and a command vehicle (EMS Supervisor Vehicle 112) to support the

EMS response. Captain Blunt designated the field adjacent to Washington Boulevard

(Route 27) as the treatment area, and asked the Arlington County Police Department

(ACPD) patrol units on-scene to clear Washington Boulevard to create north and south

access for emergency response traffic. Captain Alan Dorn arrived shortly after Captain

Blunt, and was assigned as Triage Officer. Together, Captains Blunt and Dorn began

working with military medical personnel who volunteered to help set up triage areas.

[3, pp. A-6 – A-7]

Initially, medical units staged in the Pentagon South Parking Lot, adjacent to Route

110, until called forward to the EMS sector on Route 27. By 9:50 a.m., six ACFD EMS

units had already arrived at the incident site (M-102, M-104, M-105, M-106, M-109,

and M-110). M-101, Engine 103, and an ACFD Reserve Medic Unit quickly joined them.

Two additional ACFD Reserve Medic Units (RM-111 and RM-112) arrived next and were

directed to provide EMS support at the Pentagon’s Center Courtyard. [3, pp. A-7]

At 9:50 a.m., the ECC advised Captain Blunt that Virginia Hospital Center – Arlington,

Inova Fairfax Hospital, and Washington Hospital Center were prepared to accept as

many victims as needed. [3, pp. A-7]

Figure 5-2: ACFD Incident Command on 9/11 [3, pp. A-23]

At 9:50 a.m., the ECC

advised Captain Blunt

that Virginia Hospital

Center – Arlington, Inova

Fairfax Hospital, and

Washington Hospital

Center were prepared to

accept as many victims

as needed.

80

Part I: Hard Lessons

Sizing Up

The massive size of the Pentagon and the complexity of its various rings, corridors, and

floors compounded the challenge of the response force. First of all, it distorted the

perception of the task at hand. It is true that fire damage was contained to a relatively

small area, but it was a relatively small area in one of the largest business complexes in

the world. This was office space built to accommodate a substantial workforce, with all

the accompanying common space, meeting and conference rooms, and other support

facilities. [3, pp. A-7]

To those watching on television, or even from the Pentagon’s South Parking Lot, the

gash created by the Boeing 757 airliner was large, but it affected a specific area of only

two of the Pentagon’s five Wedges. Neither the depth of the incursion nor the massive

devastation inside the building was readily apparent as flames burned behind blast-

proof windows. Huge heaps of rubble and burning debris littered with the bodies and

body parts of 188 victims covered an area the size of a modern shopping mall. Flight

#77 penetrated the outer wall of the Pentagon’s E Ring and the damage extended all

the way through the inner wall of the C Ring, a distance of approximately 285 feet. [3,

pp. A-8]

Furthermore, the unique design of the Pentagon hid from view activities at the Center

Courtyard in the middle of the complex. Battalion Chief Jerome Smith was assigned

responsibility for fire suppression from the Center Courtyard, with units from the

District of Columbia and ACFD. His mission was to prevent the fire from breaching the

B Ring. Upon reaching the Center Courtyard, Battalion Chief Smith found the area in

turmoil. More than 400 building occupants crowded the Center Courtyard. Others

leapt from the upper floors, as colleagues armed with fire extinguishers attempted to

extinguish the flames consuming burning comrades. [3, pp. A-10 – A-11]

Dispatching Units

Although self-dispatching quickened the arrival of a substantial number of fire, rescue,

and medical units, many arrived haphazardly. The occupants of those vehicles were

singularly intent on saving victims and attacking the fire. Police engaged in area traffic

control were understandably reluctant to delay emergency vehicles descending on the

scene with lights flashing and sirens blaring. [3, pp. A-10]

Deploying EMS units from other jurisdictions, particularly self-dispatched units, found

it easy to bypass the staging area and proceed directly to the response site. Some

victims flagged down EMS units before they reached the staging area. The crew from

one Alexandria unit reported that it independently performed triage and treatment in

the Pentagon South Parking Lot to assist five severely burned victims. [3, pp. A-10]

The gash created by the

Boeing 757 airliner was

large, but it affected a

specific area of only two

of the Pentagon’s five

Wedges. Neither the

depth of the incursion

nor the massive

devastation inside the

building was readily

apparent as flames

burned behind blast-

proof windows. Huge

heaps of rubble and

burning debris littered

with the bodies and

body parts of 188

victims covered an area

the size of a modern

shopping mall.

81

Chapter 5: Not By Chance

As a result, although the ACFD instituted Incident Command procedures very early on,

they still faced the monumental challenge of gaining control of the resources already

onsite and those arriving minute-by-minute. [3, pp. A-10]

Unit Accountability

Captain Jeff Liebold, working at the Incident Command Post, was tasked to determine

what units were onsite and where they were working. Because radio communications

were overloaded and ineffective, Captain Liebold sent two firefighters on foot to

record the identification number and location of every piece of equipment on the

Pentagon grounds. In the first few hours, foot messengers at times proved to be the

most reliable means of communicating. [3, pp. A-10]

The uncontrolled influx of fire and rescue personnel had important accountability

implications. had there been a second attack, as occurred at the World Trade Center, it

would have been virtually impossible for the Incident Commander to assess the impact

to response operations. [3, pp. A-10]

As it was, at 10:15 a.m., Chief Schwartz ordered the immediate evacuation of the

incident site. The FBI had warned him that a second hijacked airliner was flying on a

course toward the Pentagon and was 20 minutes away. [3, pp. A-13]

Triage

At approximately 9:55 a.m., Assistant Chief John White arrived and was directed by

Chief Schwartz to command the EMS Branch. Chief Schwartz advised him that Captains

Dorn and Blunt were assessing and establishing mass triage sites at the traffic circle

area of Washington Boulevard and westbound Columbia Pike. Captain Dorn organized

responders and military volunteers, while Captain Blunt performed forward

assessment. [3, pp. A-12]

Chief White instructed Captain Dorn to continue making preparations for casualties in

the designated triage and treatment areas and to use the EMS units located along

Route 27. ACFD triage and treatment sectors were established using ACFD assets,

mutual-aid responders and military emergency medical technicians, nurses, and

physicians. The military participants were receptive to direction and readily deferred to

EMS officers. A military nurse equipped with a radio was able to communicate with the

Defense Protective Service and aid stations in the Pentagon. [3, pp. A-13]

At 10:15 a.m., Chief

Schwartz ordered the

immediate evacuation

of the incident site. The

FBI had warned him that

a second hijacked

airliner was flying on a

course toward the

Pentagon and was 20

minutes away.

82

Part I: Hard Lessons

Chief White then met with Captain Blunt along Route 27 adjacent to the Pentagon

heliport for a forward assessment report. Chief White asked him for a count of the

casualties in his area by triage designators: red (IMMEDIATE: Life Threatening Injury);

yellow (DELAYED: Serious, Not Life Threatening); and green (MINOR: Ambulatory). [3,

pp. A-13]

After Chief Schwartz issued the 10:15 a.m. evacuation order, Chief White instructed

Captain Blunt to ”load and go,” transporting as many patients as possible out of the

area. The first wave of patients was enroute to area hospitals within 10 minutes of the

evacuation notice and all other personnel were relocated to the Columbia Pike

underpass at the South Parking Lot. Medivac helicopters that had responded to the

Pentagon incident scene were relocated to a safer place. [3, pp. A-13]

At the underpass, Chief White, in coordination with EMS officers and military medical

volunteers, made plans to reestablish triage in that area. He designated Captain Dorn

as Triage Officer, Captain Blunt as Forward Triage Officer, Chief Glen Butler from the

MWAA as Treatment Officer, and Firefighter Paramedic David Hehr as Transportation

and Disposition Officer. [3, pp. A-14]

Dr. James Vafier, the Alexandria EMS Medical Director, accompanied an EMS unit to

the incident site and was assigned a forward assessment role with a position on the

sidewalk between Corridors 3 and 4. The plan was for military stretcher bearers to

carry victims extracted by firefighters to Dr. Vafier’s position for preliminary

assessment. He would then assign them to the appropriate triage and treatment area.

[3, pp. A-14]

After the all clear was sounded and site evacuation ended, EMS and military

responders implemented Chief White’s operations plan. [3, pp. A-14]

Fire Suppression

During the first 24 hours, it was necessary to evacuate the Pentagon on four separate

occasions because of the risk of structural collapse or the threat of additional terrorist

attacks. It is difficult to measure the full impact of repeated building evacuations, but it

was clearly negative and significant. Each time an evacuation was ordered, firefighters

interrupted operations, abandoned equipment, shut off hoses, and ran several

hundred yards to protected areas. From there, they had to watch as flames reclaimed

the parts of the Pentagon they had just evacuated. [3, pp. A-16] Firefighting was also

hampered by unique aspects of the Pentagon itself.

83

Chapter 5: Not By Chance

Teams of firefighters assigned suppression work on the Pentagon roof had difficulty

finding access points from the fifth floor. Neither building engineers nor detailed

structural drawings were available to assist them at that location. Captain Robert

Swarthout, Incident Safety Officer at the ICP, was in contact with a Pentagon engineer,

but that resource was not accessible at the point of fire attack. Firefighters eventually

climbed onto a ledge from a fifth-floor window then hoisted themselves onto the roof.

[3, pp. A-16]

Attacking the fire on the roof was particularly difficult. The thick wood-plank inner

layer burned out of control, protected by a layer of concrete below and a thick slate

roof above. Firefighters cut trenches across the slate roof. It was physically demanding

and involved a certain degree of guesswork to breach the roof ahead of a fire that

could not be seen. On the second day, September 12, a military representative pointed

out to Battalion Chief Randy Gray, the Incident Command Operations Section Chief, the

locations of two key communications and operations facilities threatened by the roof

fire. The fire was stopped short of those facilities. [3, pp. A-16]

Height restrictions limited equipment access along A-E Drive into the Center Courtyard.

Eventually, the tiller cab had to be cut off of an ACFD ladder truck so it could support

the fire attack from inside the Center Courtyard. [3, pp. A-16]

Despite these difficulties, fire suppression in the first 12 hours was able to contain the

damage without interrupting critical worldwide military command and control during a

major national security emergency. Despite the magnitude, complexity, and duration

of operations, there were no fatalities or serious injuries among fire and rescue

personnel. This can be attributed in large part to the skill level in core competencies,

professionalism, training, and teamwork of ACFD personnel and their counterparts in

supporting jurisdictions. [3, pp. A-17]

Communications

Communication at the scene was challenging. Radio traffic overwhelmed the system to

the extent that foot messengers became the most reliable means of communicating.

Fortunately, there was a growing surplus of people onsite and available to serve in that

capacity. [3, pp. A-36]

Radio communications inside the Pentagon were, for the most part, impossible. Where

line of sight could be achieved, “talk around” was minimally effective. Initially, as calls

jammed local towers, cellular telephones were not useful. No priority was assigned to

emergency services. Nextel telephones with the 2-way radio capability were somewhat

more reliable. [3, pp. A-36]

84

Part I: Hard Lessons

There was not a clearinghouse hospital designated. Thus, EMS Control did not have a

single communications point of contact among hospitals and clinics. [3, pp. A-36]

Some mutual-aid jurisdictions arrived without handheld radios. Others used

equipment incompatible with the ACFD or preprogrammed in ways that limited

communications. [3, pp. A-37]

Beginning on September 12, the Incident Command Operations Section organized the

fire suppression units into four divisions, each led by a chief officer from the

preeminent jurisdiction (Division A – Arlington, Division B – the District of Columbia,

Division C – Alexandria, and Division D – Fairfax). They were instructed to use the

assigned home jurisdiction radio channel for communicating. This facilitated “talk

around” within each division. However, in one instance, a DCFD replacement crew

worked on one portion of the roof of the Pentagon while an ACFD team worked on a

different portion. The two units had no way to communicate with each other in case

either team needed help. [3, pp. A-37]

Crime Scene Investigation

The FBI began collecting evidence immediately after arriving at the Pentagon incident

site on September 11. As fire and rescue efforts proceeded, FBI activity involving

evidence recovery and removal of bodies and body parts became a 24-hour operation.

Special Agent Adams directed this phase of the criminal investigation during the day

shift, with Special Agent Thomas O’Connor taking over at night. The FBI worked closely

with FEMA US&R teams and the fire department Technical Rescue Teams (TRTs).

Special Agent Adams and Special Agent O’Connor attended the preshift briefings by the

US&R Incident Support Team (IST) coordinator. US&R and TRT members would first

shore up an area to ensure it was reasonably safe, then begin hunting through the

debris, searching primarily for surviving victims buried in the rubble. [3, pp. C-54]

As they encountered bodies, parts of bodies, and other evidence linked to the crime,

they called forward the FBI contingent assigned to each team. Each item was

photographed, numbered, and tagged. This information, along with a diagram showing

where the evidence was found, was given to one of the soldiers from the Army’s Old

Guard, the 3rd Infantry Regiment from Fort Myer, VA, who transported the human

remains to the FBI’s temporary morgue at the North Parking Lot loading dock. Sixty

soldiers supported the FBI on each 12-hour shift. [3, pp. C-54]

The FBI began collecting

evidence immediately

after arriving at the

Pentagon incident site

on September 11. As fire

and rescue efforts

proceeded, FBI activity

involving evidence

recovery and removal of

bodies and body parts

became a 24-hour

operation.

85

Chapter 5: Not By Chance

SSA Jim Rice assigned Special Agent Tara Bloesch to set up and manage the temporary

morgue. Special Agent Bloesch had previous experience establishing morgue

operations during FBI overseas operations in Kosovo and other overseas locations. She

determined that the North Parking Lot loading dock was a suitable site. The doors

remained closed except when receiving remains, and a large tarp was hung to

safeguard the privacy of the morgue. The DPS, the FBI Critical Incident Response Group

(CIRG), the ACPD SWAT team, the U.S. Marshals Service, and military police from MDW

provided security at different times throughout the operation. [3, pp. C-55]

Summary

The first ACFD personnel arrived at the Pentagon within 2 minutes of the attack. ACFD

and mutual-aid medical personnel began aiding victims immediately. Within 4 minutes

of the attack, the ACFD had established its command presence. MWAA fire and

medical units were on the scene and the first contingent of the FBI’s NCRS had arrived

within 5 minutes of impact. Three major Washington Metropolitan Area hospitals were

ready to receive injured victims 12 minutes after the attack. By 10:00 a.m. on

September 11, most of the ACFD duty shift was engaged at the Pentagon. [3, pp. A-7]

All 64 aboard Flight #77 were killed when the Boeing 757 crashed into the Pentagon.

Damage and debris penetrated halfway into the five-story building, about 285 feet,

killing an additional 125 personnel including 70 civilians and 55 service members.

Approximately 110 people were seriously injured and transported to area hospitals. [1,

pp. 4-5] Only 42 injured victims received on-site medical care. An estimated 100

additional victims were treated for minor injuries. [3, pp. A-14] Because of the quick

response and triage of ACFD EMS and supporting units, all of them survived. [3, pp. A-

8]

By September 13, all surviving victims had been treated or transported from the

Pentagon, and the EMS branch stood down. Eight days later, ten days after arriving on

scene, the Arlington County Fire Department also stood down, and on September 21

turned over Incident Command to the FBI. [3, pp. A-27]

The first ACFD personnel

arrived at the Pentagon

within 2 minutes of the

attack. ACFD and

mutual-aid medical

personnel began aiding

victims immediately.

Within 4 minutes of the

attack, the ACFD had

established its

command presence.

86

Conclusion

To be sure, several factors facilitated the response to the Pentagon and distinguish it

from the response to the World Trade Center: 1) there was a single incident; 2) the

incident site was relatively easy to secure and contain; 3) there were no other buildings

in the immediate area; and 4) there was no collateral damage beyond the Pentagon.

[1, p. 5] To be fair, the Pentagon response encountered problems similar to those at

the WTC, including 1) difficulties accounting for self-dispatched units, and 2)

overwhelmed and incompatible radio communications. [1, pp. 9-10] Even so, while no

emergency response is flawless, the response to the 9/11 terrorist attack on the

Pentagon was mainly a success for three reasons: 1) strong professional relationships

and trust established among emergency responders; 2) the pursuit of a regional

approach to response, and 3) the adoption of the Incident Command System. [1, p. 5]

As a result, following 9/11 a consensus emerged among the First Responder

community that a clear Incident Command System should be required of all response

agencies. [1, p. 6]

Part I: Hard Lessons

87

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. List the response agencies having jurisdictional authority at the Pentagon on 9/11.

2. How did Incident Command facilitate emergency operations at the Pentagon on 9/11?

3. What was the advantage of having a single Incident Command Post at the Pentagon on 9/11?

4. Describe the circumstances behind the order to evacuate first responders from the Pentagon.

5. How was the order to evacuate first responders from the Pentagon different from the order to evacuate first

responder from the South Tower on 9/11?

6. Why was it important for Incident Command to notify area hospitals of pending casualties?

7. Why is it important for Incident Command to maintain accountability of first responders on scene of an incident?

8. At what point, as Incident Commander, do you let crime scene investigators take control of the site?

9. Explain how emergency operations at the Pentagon were similar to emergency operations at the World Trade

Center on 9/11.

10. Explain how emergency operations at the Pentagon were different to emergency operations at the World Trade

Center on 9/11.

Chapter 5: Not By Chance

88

Part I: Hard Lessons

89

Surpassing Disproportion

Careful study of this chapter will help a student do the following:

 Explain the distinguishing characteristic of the 9/11 attacks.

 Explain how critical infrastructure makes the nation vulnerable to domestic catastrophic attack.

 Describe the relationship between critical infrastructure protection and cyber security.

 Separate motive from action; differentiate terrorism from domestic catastrophic attack.

Chapter 6

Learning Outcomes

Chapter 6: Surpassing Disproportion

90

“The 9/11 attack was an event of surpassing disproportion.”

– 2004 9/11 Commission Report

Introduction

The 9/11 attacks killed 2,973 people and caused more than $41.5B in damages. [1, pp.

CRS-2 – CRS-3] On September 11th, 2001, nineteen hijackers inflicted more damage on

the United States than the Imperial Japanese Navy on December 7th, 1941. [2, p. 2]

According to the 9/11 Commission, the attacks were distinguished by their “surpassing

disproportion”. They were carried out by a tiny group of people dispatched from one

of the poorest, most remote, and least industrialized countries on earth. Measured on

a governmental scale, the resources behind it were trivial. [3, pp. 339-340] Altogether,

the attacks cost no more than $500,000 to execute. [3, p. 172] The hijackers were able

to achieve this level of destruction not by employing weapons of mass destruction, but

by subverting the nation’s transportation infrastructure, turning passenger jets into

guided missiles. This chapter will explore the new, unprecedented threat unveiled by

9/11: the threat of domestic catastrophic attack by non-state actors preying on the

nation’s critical infrastructure.

Critical Infrastructure

According to Title 42, Section 5195c of United States Code, “critical infrastructure” is

“systems and assets, whether physical or virtual, so vital to the United States that the

incapacity or destruction of such systems and assets would have a debilitating impact

on security, national economic security, national public health or safety, or any

combination of those matters.” The nation’s health, wealth, and security rely on the

production and distribution of certain goods and services. The array of physical assets,

functions, and systems across which these goods and services move is called critical

infrastructure. [4, p. 2] Critical infrastructure is a network of independent, mostly

privately-owned, man-made systems and processes that function collaboratively and

synergistically to produce and distribute a continuous flow of essential goods and

services. [5, p. 3]

The transportation infrastructure moves goods and people within and beyond our

borders, and makes it possible for the United States to play a leading role in the global

economy. [5, p. 3]

The oil and gas production and storage infrastructure fuels transportation services,

manufacturing operations, and home utilities. [5, p. 3]

Part I: Hard Lessons

According to the 9/11

Commission, the attacks

were distinguished by

their “surpassing

disproportion”.

91

The water supply infrastructure assures a steady flow of water for agriculture, industry

(including various manufacturing processes, power generation, and cooling), business,

firefighting, and our homes. [5, p. 4]

The emergency services infrastructure in communities across the country responds to

urgent police, fire, and medical needs, saving lives and preserving property. [5, p. 4]

The government services infrastructure consists of federal, state, and local agencies

that provide essential services to the public, promoting the general welfare. [5, p. 4]

The banking and finance infrastructure manages trillions of dollars, from deposit of our

individual paychecks to the transfer of huge amounts in support of major global

enterprises. [5, p. 4]

The electrical power infrastructure consists of generation, transmission, and

distribution systems that are essential to all other infrastructures and every aspect of

our economy. Without electricity, our factories would cease production, our televisions

would fade to black, and our radios would fall silent (even a battery-powered receiver

depends on an electric-powered transmitter). Our street intersections would suddenly

be dangerous. Our homes and businesses would go dark. Our computers and our

telecommunications would no longer operate. [5, p. 4]

The telecommunications infrastructure has been revolutionized by advances in

information technology to form an information and communications infrastructure,

consisting of the Public Telecommunications Network (PTN), the Internet, and the

many millions of computers in home, commercial, academic, and government use.

Taking advantage of the speed, efficiency and effectiveness of computers and digital

communications, all the critical infrastructures are increasingly connected to networks,

particularly the Internet. Thus, they are connected to one another. Networking enables

the electronic transfer of funds, the distribution of electrical power, and the control of

gas and oil pipeline systems. Networking is essential to a service economy as well as to

competitive manufacturing and efficient delivery of raw materials and finished goods.

The information and communications infrastructure is basic to responsive emergency

services. It is the backbone of our military command and control system. And it is

becoming the core of our educational system. [5, p. 4]

Chapter 6: Surpassing Disproportion

The hijackers were able

to achieve this level of

destruction not by

employing weapons of

mass destruction, but by

subverting the nation’s

transportation

infrastructure, turning

passenger jets into

guided missiles.

92

Disruption of any infrastructure is always inconvenient and can be costly and even life

threatening. Major disruptions could lead to major losses and affect national security,

the economy, and the public good. Mutual dependence and the interconnectedness

made possible by the information and communications infrastructure lead to the

possibility that our infrastructures may be vulnerable in ways they never have been

before. Intentional exploitation of these new vulnerabilities could have severe

consequences for our economy, security, and way of life. [5, p. 4]

Domestic Catastrophic Attack

In terms of fatalities, 9/11 ranks fourth among the top ten disasters in the United

States. [6] Suppose you are a member of a small militant group and you want to

surpass this record, how do you do it? You can’t do it with traditional firearms. The

Virginia Tech shooting on April 16, 2007, the single deadliest U.S. incident by a lone

gunman killed 32 people and wounded 17 others. [7] What about multiple shooters?

Unlikely. In November 2008, 10 members of Lashkar-e Taiba mounted coordinated

attacks on six separate locations in Mumbai India. They killed 164 people and

wounded at least 308. [8] Since the 1999 shooting at Columbine High School in

Colorado, U.S. police are trained to respond to active shooters as quickly as possible,

making it unlikely that a similar attack would last four days as it did in Mumbai. [9, pp.

1-2] So what about explosives? On April 19, 1995, Timothy McVeigh detonated a truck

bomb that killed 168 people and injured more than 680 others in the Alfred P. Murrah

Federal Building in Oklahoma City. It would be difficult to replicate this attack since

ammonium nitrate, which comprised the main component of the bomb, is much more

closely controlled. [10] Furthermore, a similar bomb failed to topple the World Trade

Center in 1993. [11] Conventional weapons might suit conventional crime, but they are

unsuited to domestic catastrophic attack.

The single largest incident of manmade destruction was the atomic bombing of

Hiroshima Japan on August 6, 1945. The estimated toll from the blast was 70,000

casualties, plus the utter destruction of the city. [12] However, creating mass-casualty

weapons capable of killing thousands or even tens of thousands of people requires

advanced knowledge, significant financial resources, and access to unique equipment.

Stealing one presents equally challenging options as the materials and weapons are

kept under the tightest security. Even if one could be acquired, it would still entail

tremendous difficulties in transportation and deployment. [13, pp. 20-38] Just as the

1995 Tokyo subway attacks demonstrate the feasibility of employing WMD, they also

demonstrate the difficulty of employing WMD.

Unlike WMD which are sequestered under lock-and-key, critical infrastructure is

inherently accessible to the public. Millions depend on it to sustain their lives, and

millions are at risk should it go wrong. On April 26, 1986, the meltdown of the

Chernobyl Nuclear Power Plant in Ukraine killed 31 personnel, forced the evacuation

Part I: Hard Lessons

Mutual dependence and

the interconnectedness

made possible by the

information and

communications

infrastructure lead to

the possibility that our

infrastructures may be

vulnerable in ways they

never have been before.

Intentional exploitation

of these new

vulnerabilities could

have severe

consequences for our

economy, security, and

way of life.

93

and resettlement of 350,400 residents, and exposed an estimated 530,000 recovery

workers to higher levels of radiation. While experts debate how this exposure might

affect future cancer rates, they have taken the precaution of establishing a “zone of

alienation” 19 miles in all directions from the plant (187 mi2). Ukrainian officials

estimate the area will not be safe for human life again for another 20,000 years. [14]

Most infrastructure failure is the result of accident, not only Chernobyl, but also

Bhopal India, where in December 1984, 2,259 people were killed overnight when

methyl isocyanate accidentally vented from a nearby Union Carbide pesticide plant.

[15]

But as demonstrated on 9/11, infrastructure may also be purposely subverted. The

essential vulnerability of today’s critical infrastructure is that little of it was centrally

planned or designed, and virtually none of it was built to withstand deliberate attack.

The result is that millions of lives depend on networks that are not fully understood,

riddled with weaknesses, and susceptible to malicious tampering. And while physical

exploitation of physical vulnerabilities, such as happened on 9/11, remain worrisome,

the greater concern is virtual exploitation of cyber vulnerabilities through the Internet.

[5, p. 5]

Cyber Vulnerability

The information technology revolution of the 1990s-2000s changed the way U.S.

business and government operate. Without a great deal of thought about security, the

nation shifted control of essential processes in manufacturing, utilities, banking, and

communications to networked computers. As a result, the cost of doing business

dropped and productivity skyrocketed. [16, p. 5] But at the same time, the proliferation

of networks blurred ownership boundaries diffusing accountability, decreasing “end-to

-end” or system-wide analysis and responsibility, reducing investment in research and

development, and reserve capacity. Today’s processes are more efficient, but they lack

the redundant characteristics that gave their predecessors more resilience. They are

also susceptible to cyber attack. [5, pp. 8-10]

Technologies and techniques that have fueled major improvements in the

performance of our infrastructures can also be used to disrupt them. The United

States, where close to half of all computer capacity and 60 percent of Internet assets

reside, is at once the world’s most advanced and most dependent user of information

technology. More than any other country, we rely on a set of increasingly accessible

and technologically reliable infrastructures, which in turn have a growing collective

dependence on domestic and global networks. This provides great opportunity, but it

also presents new vulnerabilities that can be exploited. It heightens risk of cascading

technological failure, and therefore of cascading disruption in the flow of essential

goods and services. [5, pp. 4-5] A cyber attack against the national electric grid is a

particularly unsettling prospect.

Chapter 6: Surpassing Disproportion

Without a great deal of

thought about security,

the nation shifted

control of essential

processes in

manufacturing, utilities,

banking, and

communications to

networked computers.

Today’s processes are

more efficient, but they

lack the redundant

characteristics that gave

their predecessors more

resilience. They are also

susceptible to cyber

attack.

94

Electric utilities rely on supervisory control and data acquisition (SCADA) systems to

manage the nation’s power generation, transmission, and distribution networks.

While generally protected from intrusion, SCADA systems operate over the Internet.

The move to SCADA boosts efficiency at utilities because it allows workers to operate

equipment remotely. But this access to the Internet exposes these once-closed

systems to cyber attacks. Project Aurora in 2006 demonstrated how a generator could

be remotely commanded over the Internet to physically self-destruct [11, p. 21].

Physical damage to generators and other critical components on a large scale could

result in a prolonged outage as procurement for these components range from months

to years [12, p. 12]. Of potential concern is a cyber attack causing an extended outage

across a significant portion of the North American Grid. In August 2003, an extended

blackout affected 50 million people in the northeastern United States and Canada,

causing an estimated $4-$10 billion in economic losses. Though it lasted only a week,

the outage resulted in a 0.7% drop in Canada’s gross domestic product [9, p. 2]. A John

Hopkins study determined that New York City experienced a 122% increase in

accidental deaths and 25% increase in disease-related deaths, and that ninety people

died as a direct result of the power outage [10]. Depending on the timing of the

attack, the death toll could be significant. In 1995, 739 people died from heat

exhaustion in Chicago. Most of the victims were elderly poor residents who could not

afford air conditioning. [17] In 2003, 14,802 French citizens died from heat-related

ailments because most homes did not have air conditioning. [18] An attack on the

North American Grid knocking out electricity over an extended region for an extended

period in summer could potentially dwarf the damage suffered on 9/11.

Cyber attacks against SCADA systems controlling oil refineries, or oil and gas pipeline

networks could be equally devastating, depriving large metropolitan areas of critical

fuel for extended periods. A cyber attack disrupting the Federal Reserve system would

have profound implications for the U.S. economy. [5, p. 12]

9/11 was a “wake-up call” to the catastrophic potential of critical infrastructure. [19, p.

5] The rapid assimilation of the Internet, originally designed to facilitate collaboration

among trusted colleagues, makes that same infrastructure vulnerable to hostile agents.

[16, p. viii] Together, the expansion and integration of the Internet with infrastructure

has fundamentally changed national security.

Changing Geography

Few enemies of the United States have ever had the means to seriously threaten our

heartland. Even in the darkest early days of World War II, just after Pearl Harbor, no

enemy had the shipping, landing craft, or forces to invade the continental U.S., or

aircraft with the range to reach the mainland and return. For most of our history we

never had to worry much about being attacked at home; broad oceans east and west

and peaceable neighbors north and south gave us all the protection needed. [5, p. 7]

Part I: Hard Lessons

9/11 was a “wake-up

call” to the catastrophic

potential of critical

infrastructure.. The

rapid assimilation of the

Internet, originally

designed to facilitate

collaboration among

trusted colleagues,

makes that same

infrastructure

vulnerable to hostile

agents. Together, the

expansion and

integration of the

Internet with

infrastructure has

fundamentally changed

national security.

95

In the early 1950s, the geography that kept us safe was overcome by Soviet long-range

bombers and intercontinental ballistic missiles aimed not only at our military

capabilities, but also at the industries and institutions that give our nation its character.

We had to learn to think differently about our safety and security. We built backyard

bomb shelters, and whole generations practiced diving beneath their school desks at

the sound of a siren. The fear of surprise nuclear attack slowly faded as we developed

satellites and other early warning capabilities that enabled us to overcome geography

and detect a Soviet missile launch in time to launch our own missiles— thus ensuring

the credibility of the deterrent policy of Mutual Assured Destruction. [5, p. 7]

The demise of the Soviet Union, “detargeting” of nuclear missiles, and strategic arms

reductions appeared to leave America once more relatively invulnerable to physical

attack by foreign nations. However, as the threat of a nuclear war has diminished, new

technologies have appeared that render physical geography less relevant and our

domestic sanctuary less secure. Today, a computer can cause switches or valves to

open and close, move funds from one account to another, or convey a military order

almost as quickly over thousands of miles as it can from next door, and just as easily

from an unauthorized computer as an authorized one. A false or malicious computer

message can traverse multiple national borders, leaping from jurisdiction to

jurisdiction to avoid identification, complicate lawful pursuit, or escape retribution. [5,

p. 7]

In short, the global reach of the Internet coupled with the catastrophic potential of

critical infrastructure, eliminates the protective advantage the U.S. has enjoyed most

of its history. The Internet makes it possible for an enemy to attack us from a distance,

using cyber tools, without first confronting our military power and with a good chance

of going undetected. The new geography is a borderless cyber geography whose major

topographical features are technology and change. [5, p. 7] Taking advantage of this

new geography is a new threat, that of the non-state actor.

Changing Threat

A threat is traditionally defined as a capability linked to hostile intent. Linking capability

to intent works well when malefactors are clearly discernible and U.S. intelligence

agencies can focus collection efforts to determine what capabilities they possess or are

trying to acquire. During the Cold War, for example, weapons with potential to

threaten the United States took years to develop, involved huge industrial complexes,

and were on frequent display in large military exercises. Today, however, malefactors

are no longer necessarily nation-states, and expensive weapons of war are joined by

means that are easier to acquire, harder to detect, and have legitimate peacetime

applications. [5, p. 14] The ability of non-state actors to wield destruction on a scale

previously reserved to nation-states represents an historic shift in national security

affairs.

Chapter 6: Surpassing Disproportion

In short, the global

reach of the Internet

coupled with the

catastrophic potential of

critical infrastructure,

eliminates the

protective advantage

the U.S. has enjoyed

most of its history.

96

Previously, national security entailed protecting U.S. interests from other nations.

Among the community of nations where each state is a sovereign entity unbound by

the laws of another nation, relations are maintained by diplomacy, commerce, and

when necessary, military force. Thus, for example, after a string of attacks in the early

1980s were linked to the Libyan government of Muammar Gaddafi, the U.S. applied

diplomacy, economic sanctions, and eventually military force to put an end to the

country’s malfeasance. [20] Al Qaeda, on the other hand, was not a sovereign entity,

nor bin Laden a head of state. Though they operated from Afghanistan they were not

Afghan, nor did they conduct their attacks at the behest of the Taliban government. In

fact, bin Laden could claim no country for his own, having had his Saudi citizenship

revoked in 1994. [3, p. 63] As private individuals, bin Laden and members of al Qaeda

were subject to law. Following the 1998 attack on the U.S. embassies in Tanzania and

Kenya, bin Laden was placed on the FBI’s list of Ten Most Wanted Fugitives. [21]

Following 9/11, bin Laden was indicted for terrorism and placed on the FBI’s list of

Most Wanted Terrorists. [22]

Title 18, Section 2331 of United States Code defines terrorism as “acts dangerous to

human life that are a violation of the criminal laws of the United States or any State

intended to i) intimidate or coerce a civilian population; ii) influence the policy of a

government by intimidation or coercion; or iii) affect the conduct of a government by

mass destruction, assassination, or kidnapping within the territorial jurisdiction of the

United States.” Without doubt, the 9/11 attacks were terrorist acts, motivated as they

were by bin Laden’s 1998 fatwa declaring war on America. [3, p. 47] However, in

protecting the nation from future such attacks, focusing on “terrorism” as a motive for

hostile intent is very limiting. Narcotics trafficking and economic crime may also serve

as motivating factors for hostile intent in attacking the nation’s infrastructure. [5, p. 8]

In fact, the potential number of motives that might stoke hostile intent are

innumerable, making threat identification problematic at best.

Since 9/11, much attention has been devoted to the foreign terrorist threat. While

certainly a concern, it is only one possibility among an infinite variety. The inherent

vulnerability of critical infrastructure to physical and cyber attack means that the

perpetrator need not be foreign, and the motive need not be terrorism. Whatever the

motive, assault of any size is a crime under U.S. law. Together with motive, means and

opportunity are required to commit a crime. While infrastructure remains vulnerable

to various means of attack, and motives are impossible to count, perhaps the best

means of preventing another 9/11-type attack is to reduce the window of opportunity

by protecting critical infrastructure. This is precisely what was decided in the months

following 9/11, and why critical infrastructure protection became a cornerstone of

subsequent homeland security policy.

Part I: Hard Lessons

Since 9/11, much

attention has been

devoted to the foreign

terrorist threat. While

certainly a concern, it is

only one possibility

among an infinite

variety. The inherent

vulnerability of critical

infrastructure to

physical and cyber

attack means that the

perpetrator need not be

foreign, and the motive

need not be terrorism.

Whatever the motive,

assault of any size is a

crime under U.S. law.

97

Conclusion

9/11 exposed the vulnerability of critical infrastructure for abetting domestic

catastrophic attack by small groups or individuals. Overnight, the historical protection

afforded by vast oceans and friendly neighbors vanished. The instruments of

destruction were woven into the fabric of our society. Non-state actors had usurped a

power of devastation that was once reserved to nation-states. Our national security

posture was shattered. Whereas before we could count and specifically identify our

enemies and deter their actions, our enemies were now uncountable and more

difficult to identify. Though terrorism remains a likely threat indicator, it is but one of

an unlimited number of potential motives. Given a vast array of means and motives,

restricting a criminal’s opportunity seems the most efficient strategy for preventing a

similar crime. Thus, critical infrastructure protection became a cornerstone of the

nation’s homeland security policy.

Chapter 6: Surpassing Disproportion

98

Part I: Hard Lessons

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. According to the 9/11 Commission, what was the distinguishing characteristic of the 9/11 attacks?

2. How did the 9/11 hijackers achieve WMD effects without using WMD?

3. Why is critical infrastructure critical?

4. Why is critical infrastructure vulnerable?

5. What is the relationship between critical infrastructure protection and cyber security?

6. Was 9/11 an act of terrorism? Explain your answer.

7. Was the Oklahoma City bombing an act of terrorism? Explain your answer.

8. Is terrorism the only motive that might precipitate catastrophic attack? Explain your answer.

9. Was 9/11 a criminal act or an act of war? Explain your answer.

10. Can we prevent another domestic catastrophic attack? Explain your answer.

99

Chapter 7: Failure of Imagination

Failure of Imagination

Careful study of this chapter will help a student do the following:

 Explain the respective failures that precipitated the 9/11 tragedy.

 Describe what changes might have prevented 9/11.

 Discuss the need to improve post-attack emergency response.

 Explain the need to undertake the largest reorganization of U.S. government since the end of World War II.

Chapter 7

Learning Outcomes

100

“We believe the 9/11 attacks revealed four kinds of failures: in imagination, policy,

capabilities, and management.”

– 2004 9/11 Commission Report

Introduction

While the 9/11 attacks ushered in a new threat to the nation’s security, they also

tested those institutions that were established at the end of World War II to prevent

another “Pearl Harbor”. The 9/11 Commission found those institutions sorely lacking,

and enumerated their failures of imagination, policy, capabilities, and management.

And despite the heroic efforts of First Responders at the World Trade Center, the 9/11

Commission could not help but wonder if better coordination might have kept more of

them alive. This chapter presents those findings from the 9/11 Commission Report

that would result in profound changes to American institutions and significantly shape

subsequent homeland security policy.

Failure of Imagination

Before 9/11, al Qaeda and its affiliates had killed fewer than 50 Americans, including

the East Africa embassy bombings and the Cole attack. The U.S. government took the

threat seriously, but not in the sense of mustering anything like the kind of effort that

would be gathered to confront an enemy of the first, second, or even third rank. The

modest national effort exerted to contain Serbia and its depredations in the Balkans

between 1995 and 1999, for example, was orders of magnitude larger than that

devoted to al Qaeda. [1, p. 340]

Beneath the acknowledgment that Bin Laden and al Qaeda presented serious dangers,

there was uncertainty among senior officials about whether this was just a new and

especially venomous version of the ordinary terrorist threat America had lived with for

decades, or was radically new, posing a threat beyond any yet experienced. [1, p. 343]

Both Presidents Bill Clinton and George Bush and their top advisers understood Bin

Laden was a danger. But given the character and pace of their policy efforts, it is not

clear they fully understood just how many people al Qaeda might kill, and how soon it

might do it. [1, pp. 342-343]

In late 1998, reports came in of a possible al Qaeda plan to hijack a plane. One, a

December 4 Presidential Daily Briefing for President Clinton, brought the focus back to

more traditional hostage taking; it reported Bin Laden’s involvement in planning a

hijack operation to free prisoners such as the “Blind Sheikh,” Omar Abdel Rahman,

convicted in the 1993 World Trade Center bombing. Threat reports also mentioned the

Part I: Hard Lessons

Before 9/11, al Qaeda

and its affiliates had

killed fewer than 50

Americans, including the

East Africa embassy

bombings and the Cole

attack. The U.S.

government took the

threat seriously, but not

in the sense of

mustering anything like

the kind of effort that

would be gathered to

confront an enemy of

the first, second, or even

third rank.

101

possibility of using an aircraft filled with explosives. The most prominent of these

mentioned a possible plot to fly an explosives-laden aircraft into a U.S. city. [1, p. 344]

The possibility of a suicide hijacking emerged following the crash of a Boeing 767 off

the coast of Massachusetts, EgyptAir Flight 990 on October 31, 1999. The most

plausible explanation was that one of the pilots had gone berserk, seized the controls,

and flown the aircraft into the sea. President Clinton’s counter-terrorism advisor,

Richard Clarke, later testified he thought that warning about the possibility of a suicide

hijacking would have been just one more speculative theory among a thousand others,

probably hundreds of thousands. Yet the possibility was imaginable, and had been

imagined. [1, p. 345]

In early August 1999, the Federal Aviation Administration’s (FAA’s) Civil Aviation

Security intelligence office summarized the Bin Laden hijacking threat. After a solid

recitation of all the information available on the topic, the paper identified a few

principal scenarios, one of which was a “suicide hijacking operation.” The FAA analysts

judged such an operation unlikely, because “it does not offer an opportunity for

dialogue to achieve the key goal of obtaining Rahman and other key captive

extremists. . . . A suicide hijacking is assessed to be an option of last resort.” [1, p. 345]

The North American Aerospace Defense Command (NORAD) imagined the possible use

of aircraft as weapons, too, and developed exercises to counter such a threat—from

planes coming to the United States from overseas, perhaps carrying a weapon of mass

destruction. None of this speculation was based on actual intelligence of such a threat.

One idea, intended to test command and control plans and NORAD’s readiness,

postulated a hijacked airliner coming from overseas and crashing into the Pentagon.

The idea was put aside in the early planning of the exercise as too much of a

distraction from the main focus (war in Korea), and as too unrealistic. [1, p. 346]

In citing a “failure of imagination”, the 9/11 Commission Report draws parallels

between the 9/11 attacks and the 1941 attack on Pearl Harbor. In both cases, the

evidence leading up to the attacks was clear and obvious in hindsight. The 9/11

Commission Report makes the argument, though, that the “clear signal” that emerges

in hindsight might have been equally evident in foresight had those responsible given

stronger consideration to scenarios they dismissed as implausible. The failure of

imagination was the failure to consider not only what had been, but also what could

be. If more concerted attention had been given to the suicide hijacking scenario

conceived by some agencies, then indicators and warnings could have been devised,

emerging evidence matched against them, and counteraction prepared in advance.

This was nothing new. Such procedures had been painstakingly developed by the

Intelligence Community in the decades after Pearl Harbor. In this case, they were not

employed to analyze an enemy that, as the twentieth century closed, was most likely

to launch a surprise attack directly against the United States. [1, pp. 344-348]

Chapter 7: Failure of Imagination

In citing a “failure of

imagination”, the 9/11

Commission Report

draws parallels between

the 9/11 attacks and the

1941 attack on Pearl

Harbor. In both cases,

the evidence leading up

to the attacks was clear

and obvious in

hindsight. The 9/11

Commission Report

makes the argument,

though, that the “clear

signal” that emerges in

hindsight might have

been equally evident in

foresight had those

responsible given

stronger consideration

to scenarios they

dismissed as

implausible.

102

Failure of Policy

The road to 9/11 again illustrates how the large, unwieldy U.S. government tended to

underestimate a threat that grew ever greater. The terrorism fostered by Bin Laden

and al Qaeda was different from anything the government had faced before. The

existing mechanisms for handling terrorist acts had been trial and punishment for acts

committed by individuals; sanction, reprisal, deterrence, or war for acts by hostile

governments. The actions of al Qaeda fit neither category. Its crimes were on a scale

approaching acts of war, but they were committed by a loose, far-flung, nebulous

conspiracy with no territories or citizens or assets that could be readily threatened,

overwhelmed, or destroyed. [1, p. 348]

The U.S. policy response to al Qaeda before 9/11 was essentially defined following the

embassy bombings of August 1998. The tragedy of the embassy bombings provided an

opportunity for a full examination, across the government, of the national security

threat that bin Laden posed. Such an examination could have made clear to all that

issues were at stake that were much larger than the domestic politics of the moment.

But the major policy agencies of the government did not meet the threat. [1, p. 349]

The diplomatic efforts of the Department of State were largely ineffective. Al Qaeda

and terrorism was just one more priority added to already-crowded agendas with

countries like Pakistan and Saudi Arabia. After 9/11 that changed. [1, p. 349]

Policymakers turned principally to the CIA and covert action to implement policy.

Before 9/11, no agency had more responsibility—or did more—to attack al Qaeda,

working day and night, than the CIA. But there were limits to what the CIA was able to

achieve in its energetic worldwide efforts to disrupt terrorist activities or use proxies to

try to capture or kill bin Laden and his lieutenants. As early as mid-1997, one CIA

officer wrote to his supervisor: “All we’re doing is holding the ring until the cavalry gets

here.” [1, p. 349]

Military measures failed or were not applied. Before 9/11 the Department of Defense

was not given the mission of ending al Qaeda’s sanctuary in Afghanistan. Officials in

both the Clinton and Bush administrations regarded a full U.S. invasion of Afghanistan

as practically inconceivable before 9/11. It was never the subject of formal interagency

deliberation. [1, p. 349]

Lesser forms of intervention could also have been considered. One would have been

the deployment of U.S. military or intelligence personnel, or special strike forces, to

Afghanistan itself or nearby—openly, clandestinely (secretly), or covertly (with their

connection to the United States hidden). Then the United States would no longer have

Part I: Hard Lessons

The road to 9/11 again

illustrates how the

large, unwieldy U.S.

government tended to

underestimate a threat

that grew ever greater.

103

been dependent on proxies to gather actionable intelligence. However, it would have

needed to secure basing and overflight support from neighboring countries. A

significant political, military, and intelligence effort would have been required,

extending over months and perhaps years, with associated costs and risks. Given how

hard it later proved to locate bin Laden even with substantial ground forces in

Afghanistan, the odds of success before 9/11 are hard to calculate. There is no

indication that President Clinton was offered such an intermediate choice, or that this

option was given any more consideration than the idea of invasion. [1, p. 349]

These policy challenges are linked to the problem of imagination. Since both President

Clinton and President Bush were genuinely concerned about the danger posed by al

Qaeda, approaches involving more direct intervention against the sanctuary in

Afghanistan apparently must have seemed—if they were considered at all—to be

disproportionate to the threat. [1, p. 349]

Failures in Capability

Before 9/11, the United States tried to solve the al Qaeda problem with the same

government institutions and capabilities it had used in the last stages of the Cold War

and its immediate aftermath. These capabilities were insufficient, but little was done to

expand or reform them. [1, pp. 350-351]

For covert action, of course, the White House depended on the Counterterrorist

Center and the CIA’s Directorate of Operations. Though some officers, particularly in

the bin Laden unit, were eager for the mission, most were not. The higher

management of the directorate was unenthusiastic. The CIA’s capacity to conduct

paramilitary operations with its own personnel was not large, and the Agency did not

seek a large-scale general expansion of these capabilities before 9/11. James Pavitt, the

head of this directorate, remembered that covert action, promoted by the White

House, had gotten the Clandestine Service into trouble in the past. He had no desire to

see this happen again. He thought, not unreasonably, that a truly serious

counterterrorism campaign against an enemy of this magnitude would be business

primarily for the military, not the Clandestine Service. [1, p. 351]

At no point before 9/11 was the Department of Defense fully engaged in the mission of

countering al Qaeda, though this was perhaps the most dangerous foreign enemy then

threatening the United States. The Clinton administration effectively relied on the CIA

to take the lead in preparing long-term offensive plans against an enemy sanctuary.

The Bush administration adopted this approach, although its emerging new strategy

envisioned some yet further role for the military in addressing the problem.

Within Defense, both Secretary Cohen and Secretary Donald Rumsfeld gave their

principal attention to other challenges. [1, pp. 351-352]

Chapter 7: Failure of Imagination

Before 9/11, the United

States tried to solve the

al Qaeda problem with

the same government

institutions and

capabilities it had used

in the last stages of the

Cold War and its

immediate aftermath.

These capabilities were

insufficient, but little

was done to expand or

reform them.

104

America’s homeland defenders faced outward. NORAD itself was barely able to retain

any alert bases. Its planning scenarios occasionally considered the danger of hijacked

aircraft being guided to American targets, but only aircraft that were coming from

overseas. It would have been a tough sell to make a costly change in NORAD’s defense

posture to deal with the danger of suicide hijackers before such a threat had ever

actually been realized. But NORAD did not canvass available intelligence and try to

make the case. [1, p. 352]

The most serious weaknesses in agency capabilities were in the domestic arena. [1, p.

352]

The FBI did not have the capability to link the collective knowledge of agents in the

field to national priorities. The acting director of the FBI did not learn of his Bureau’s

hunt for two possible al Qaeda operatives in the United States or about his Bureau’s

arrest of an Islamic extremist taking flight training until September 11. The director of

central intelligence knew about the FBI’s Moussaoui investigation weeks before word

of it made its way even to the FBI’s own assistant director for counterterrorism. [1, p.

352]

The FAA’s capabilities to take aggressive, anticipatory security measures were

especially weak. Any serious policy examination of a suicide hijacking scenario,

critiquing each of the layers of the security system, could have suggested changes to fix

glaring vulnerabilities—expanding no-fly lists, searching passengers identified by the

CAPPS screening system, deploying Federal Air Marshals domestically, hardening

cockpit doors, alerting air crew to a different kind of hijacking than what they had been

trained to expect, or adjusting the training of controllers and managers in the FAA and

NORAD. [1, p. 352]

Furthermore, the FAA set and enforced aviation security rules, which airlines and

airports were required to implement. The rules were supposed to produce a “layered”

system of defense. This meant that the failure of any one layer of security would not

be fatal, because additional layers would provide backup security. But each layer

relevant to hijackings—intelligence, passenger prescreening, checkpoint screening, and

onboard security—was seriously flawed prior to 9/11.Taken together, they did not stop

any of the 9/11 hijackers from getting on board four different aircraft at three different

airports. [1, p. 83]

Part I: Hard Lessons

The most serious

weaknesses in agency

capabilities were in the

domestic arena.

America’s homeland

defenders faced

outward.

105

In 2001, the Immigration and Naturalization Service (INS) was overwhelmed by the

challenges posed by illegal entry over the southwest border, criminal aliens, and a

growing backlog of applications for naturalizing immigrants. [1, p. 80] The immigration

system as a whole was widely viewed as increasingly dysfunctional and badly in need

of reform. [1, p. 384] The system was in such poor state that the 9/11 hijackers had

little trouble exploiting it to their advantage. Beginning in 1997, the 19 hijackers

submitted 24 applications and received 23 visas. They entered the United States a total

of 33 times. They arrived through ten different airports, though more than half came in

through Miami, JFK, or Newark. When applying for a visa, the application was checked

against a “consular lookout” database called CLASS, which included a substantial

watchlist of known and suspected terrorists called TIPOFF. Upon entering the country,

passports were again checked against terrorist watchlists and criminal databases.

Despite these measures, known al Qaeda operatives were able to secure U.S. visas

using detectable false statements, and enter the country with passports manipulated

in a fraudulent manner. Those operatives who were flagged for secondary screening

were still able to gain entry by making false statements to INS officials. Moreover, six

of the 9/11 hijackers violated immigration laws after arriving in country. None of these

violations were detected or acted upon by INS inspectors or agents. [2] The 9/11

Commission found that closer examination of the operatives’ travel documents and

more effective use of the watchlists might have exposed 15 of the 19 hijackers. The

central problems were 1) lack of well-developed counterterrorism measures, and 2)

the inability of the system to deliver on its basic commitments. [1, p. 384]

Failures in Management

In the events leading up to 9/11, many opportunities were lost to thwart the plot.

Information was not shared, sometimes inadvertently or because of legal

misunderstandings. Analysis was not pooled. Effective operations were not launched.

Often the handoffs of information were lost across the divide separating the foreign

and domestic agencies of the government. [1, p. 353]

However the specific problems are labeled, they appear to be symptoms of the

government’s broader inability to adapt how it manages problems to the new

challenges of the twenty-first century. The agencies are like a set of specialists in a

hospital, each ordering tests, looking for symptoms, and prescribing medications. What

is missing is the attending physician who makes sure they work as a team. [1, p. 353]

One missing element was effective management of transnational operations. Action

officers should have drawn on all available knowledge in the government. This

management should have ensured that information was shared and duties were

clearly assigned across agencies, and across the foreign-domestic divide. [1, p. 353]

Chapter 7: Failure of Imagination

In the events leading up

to 9/11, many

opportunities were lost

to thwart the plot.

Information was not

shared, sometimes

inadvertently or because

of legal

misunderstandings.

Analysis was not pooled.

Effective operations

were not launched.

Often the handoffs of

information were lost

across the divide

separating the foreign

and domestic agencies

of the government.

106

Consider, for example, the case of Khalid al Mihdhar and Nawaf al Hazmi, and their

January 2000 trip to Kuala Lumpur. In late 1999, the National Security Agency (NSA)

analyzed communications associated with a man named Khalid, a man named Nawaf,

and a man named Salem. They correctly concluded that “Nawaf” and “Khalid” might be

part of “an operational cadre” and that “something nefarious might be afoot.” The NSA

did not pursue these leads however. It saw itself as an agency to support intelligence

consumers, such as CIA. It did not initiate actions, but it waited to be asked. Since

nobody asked, nobody was informed. If this information had been made available to

the CIA al Qaeda unit, a case officer might have checked with the State Department

and learned that U.S. visas had been issued to two gentlemen with the same names on

the same day in Jeddah, Saudi Arabia. Armed with this information, the CIA could have

notified the Immigration and Naturalization Service (INS) and FBI to be on the look for

the two suspects when they entered the country. As it was, no such contact was made

and the two entered the country without notice. [1, pp. 353-354]

Even if watchlisting had prevented or at least alerted U.S. officials to the entry of Hazmi

and Mihdhar, it is unlikely that watchlisting, by itself, would have prevented the 9/11

attacks. Al Qaeda adapted to the failure of some of its operatives to gain entry into the

United States. None of these future hijackers was a pilot. Alternatively, had they been

permitted entry and monitored, some larger results might have been possible had the

FBI been watching. [1, p. 354]

The details of this case illuminate real management challenges, past and future. The

U.S. government must find a way of pooling intelligence and using it to guide the

planning of and assignment of responsibilities for joint operations involving

organizations as disparate as the CIA, the FBI, the State Department, the military, and

the agencies involved in homeland security. [1, p. 357]

Beyond those day-to-day tasks of bridging the foreign-domestic divide and matching

intelligence with plans, the challenges include broader management issues pertaining

to how the top leaders of the government set priorities and allocate resources. [1, p.

357]

On December 4, 1998, DCI Tenet issued a directive to several CIA officials and his

deputy for community management, stating: “We are at war. I want no resources or

people spared in this effort, either inside CIA or the Community.”38 The memorandum

had little overall effect on mobilizing the CIA or the intelligence community. [1, p. 357]

Part I: Hard Lessons

107

The episode indicates some of the limitations of the DCI’s authority over the direction

and priorities of the intelligence community, especially its elements within the

Department of Defense. The DCI had to direct agencies without controlling them. He

did not receive an appropriation for their activities, and therefore did not control their

purse strings. He had little insight into how they spent their resources. U.S. intelligence

was not a coordinated effort. [1, p. 357]

Failure to Coordinate

The National Institute of Standards and Technology estimates that between 16,400

and 18,800 civilians were in the World Trade Center complex when American Airlines

Flight 11 slammed into the North Tower at 8:46 am, September 11. At most, 2,152

individuals died at the WTC who were not on the aircraft or were not First Responders.

Some 1,942 are thought to have worked or were attending meetings above the

respective impact zones in the Twin Towers. Only 110, or 5.36% of those who died

worked below the impact zone. It is impossible to measure how many more civilians

would have died without the assistance of the FDNY, PAPD, and NYPD. It is impossible

to measure the calming influence that ascending firefighters had on descending

civilians that might otherwise have turned into a panicked and dangerous mob. But

the positive impact of the First Responders on the evacuation came at a tremendous

cost in lives. [1, pp. 316-317] Given the contrast to the Pentagon response, it is not

unreasonable to speculate whether more First Responders would have been spared if

there had been better coordination between agencies.

To some degree, on 9/11 First Responders followed Mayor Giuliani’s directive for

incident command issued in July. It was clear that the lead response agency was the

FDNY, and that the other responding agencies acted in a supporting role. There was a

tacit understanding that FDNY personnel would have primary responsibility for

evacuating civilians who were above the ground floors of the Twin Towers, while NYPD

and PAPD personnel would be in charge of evacuating civilians from the WTC complex

once they reached ground level. The NYPD also greatly assisted responding FDNY units

by clearing emergency lanes to the WTC. In addition, coordination occurred at high

levels of command. For example, the Mayor and Police Commissioner consulted with

the Chief of the Department of the FDNY at approximately 9:20. There were other

instances of coordination at operational levels, and information was shared on an ad

hoc basis. For example, an NYPD Emergency Service Unit passed the news of their

evacuation order to firefighters in the North Tower. It is also clear, however, that the

response operations lacked the kind of integrated communications and unified

command contemplated in the directive. These problems existed both within and

among individual responding agencies. [1, p. 319]

Chapter 7: Failure of Imagination

It is impossible to

measure how many

more civilians would

have died without the

assistance of the FDNY,

PAPD, and NYPD. But

the positive impact of

the First Responders on

the evacuation came at

a tremendous cost in

lives. It is also clear,

however, that the

response operations

lacked the kind of

integrated

communications of a

unified command .

108

For a unified incident management system to succeed, each participant must have

command and control of its own units and adequate internal communications. This

was not always the case at the WTC on 9/11. FDNY was lacking command and control

as it proved incapable of coordinating the number of units dispatched to different

points within the 16-acre complex. As a result, numerous units were congregating in

the undamaged Marriott Hotel and at the overall command post on West Street by

9:30, while chiefs in charge of the South Tower still were in desperate need of units.

With better understanding of the resources already available, additional units might

not have been dispatched to the South Tower at 9:37. The situation was rendered even

more difficult by internal communications breakdowns resulting from the limited

capabilities of radios in the high-rise environment of the WTC, and from confusion over

which personnel were assigned to which frequency. Furthermore, when the South

Tower collapsed the overall FDNY command post ceased to operate, which

compromised the FDNY’s ability to understand the situation; an FDNY marine unit’s

immediate radio communication to FDNY dispatch that the South Tower had fully

collapsed was not conveyed to chiefs at the scene. The FDNY’s inability to coordinate

and account for the different radio channels that would be used in an emergency of

this scale contributed to the early lack of units in the South Tower, whose lobby chief

initially could not communicate with anyone outside that tower. Though almost no one

at 9:50 on September 11 was contemplating an imminent total collapse of the Twin

Towers, many First Responders and civilians were contemplating the possibility of

imminent additional terrorist attacks throughout New York City. Had any such attacks

occurred, the FDNY’s response would have been severely compromised by the

concentration of so many of its off-duty personnel, particularly its elite personnel, at

the WTC. [1, pp. 319-320]

Any attempt to establish a unified command on 9/11 would have been further

frustrated by the lack of communication and coordination among responding agencies.

Certainly, the FDNY was not positioned to be “responsible for the management of the

City’s response to the emergency,” as the Mayor’s directive would have required.

Agency command posts were in different locations, and OEM headquarters, which

could have served as a focal point for information sharing, did not play an integrating

role in ensuring that information was shared among agencies on 9/11, even prior to its

evacuation. There was a lack of comprehensive coordination between FDNY, NYPD,

and PAPD personnel climbing above the ground floors in the Twin Towers. Information

that was critical to informed decision making was not shared among agencies. FDNY

chiefs in leadership roles that morning were hampered by a lack of information from

NYPD aviation. At 9:51 A.M., a helicopter pilot cautioned that “large pieces” of the

South Tower appeared to be about to fall and could pose a danger to those below.

Immediately after the tower’s collapse, a helicopter pilot radioed that news. This

transmission was followed by communications at 10:08, 10:15, and 10:22 that called

into question the condition of the North Tower. The FDNY chiefs would have benefited

greatly had they been able to communicate with personnel in a helicopter. Moreover,

FDNY, PAPD, and NYPD did not coordinate their units that were searching the WTC

Part I: Hard Lessons

109

complex for civilians. In many cases, redundant searches of specific floors and areas

were conducted. It is unclear whether fewer first responders in the aggregate would

have been in the Twin Towers if there had been an integrated response, or what

impact, if any, redundant searches had on the total number of first responder

fatalities. [1, p. 320]

Whether the lack of coordination between the FDNY and NYPD on September 11 had a

catastrophic effect has been the subject of controversy. It is clear, however, that the

Incident Command System did not function to integrate awareness among agencies or

to facilitate interagency response [1, p. 320]

Conclusion

The 9/11 attacks were the culmination of many failures on the part of America’s

national security apparatus; too many failures for the 9/11 Commission to assess

specific blame, but sufficient to suggest that 9/11 might have been thwarted at any

number of opportunities if things had gone only slightly different. Emphasizing a

“failure of imagination” was the Commission’s way of pointing out a systemic problem

that stifled innovation and agility, and was absent accountability. Accordingly, the

appropriate solution was a systemic change to America’s national security apparatus,

adding justification to establishing a new Department of Homeland Security. The new

Department would bridge the gaps and provide accountability against this new threat

to national security. While attention was focused against these new manmade threats,

the nation was blindsided by a catastrophic natural hazard.

Chapter 7: Failure of Imagination

110

Part I: Hard Lessons

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. List three different attacks on U.S. service members overseas in the years before the attack on the USS Cole.

2. Identify three differences and three similarities between the attacks you listed and the attack on the USS Cole.

3. Compared to the other three attacks, would you have thought al Qaeda a major threat in December 2000? Explain.

4. Describe the failed efforts by the CIA and DoD to capture or kill Osama bin Laden before 9/11.

5. Explain why the FBI failed to arrest known al Qaeda operatives in the U.S. as they trained for the 9/11 attacks.

6. Explain how FAA regulations abetted the 9/11 hijackers even after they were flagged by CAPPS.

7. Describe the U.S. air defense posture on 9/11.

8. Explain what the 9/11 Commission meant by a “failure of imagination”.

9. Even if the CIA and FBI had coordinated better, how might they have still failed to prevent 9/11? Explain.

10. Discuss the possible repercussions if NORAD had shot down the hijacked aircraft before they crashed into the

South Tower and Pentagon on 9/11.

111

Chapter 8: Failure of Initiative

Failure of Initiative

Careful study of this chapter will help a student do the following:

 Describe events that contributed to the deaths of 1,464 New Orleans residents.

 Discuss breakdowns between City, State, and Federal officials that frustrated emergency response.

 Assess the consequences and difficulties of evacuating a major U.S. city.

Chapter 8

Learning Outcomes

112

“If 9/11 was a failure of imagination, then Katrina was a failure of initiative. It was a

failure of leadership.”

– 2005 House Committee Report

Introduction

No matter how secure the country is made from malicious acts, it will remain

susceptible to acts of nature. When a natural disaster overwhelms local emergency

management, an intricate choreography is required to engage State and Federal

support, and efficiently coordinate the combined response to maximize lifesaving

efforts within the first critical 72 hours of a disaster. The deaths and breakdown of civil

order in New Orleans as a result of Hurricane Katrina are a cautionary tale of what

happens when this choreography breaks down, and emergency aid is neither swift nor

efficient because of a leadership failure of initiative.

Local Disaster Response

First responders — local fire, police, and emergency medical personnel who respond to

all manner of incidents such as earthquakes, storms, and floods — have the lead

responsibility for carrying out emergency management efforts. Their role is to prevent,

protect against, respond to, and assist in the recovery from emergencies, including

natural disasters. Typically, first responders are trained and equipped to arrive first at

the scene of an incident and take action immediately, including entering the scene,

setting up a command center, evacuating those at the scene, tending to the injured,

redirecting traffic, and removing debris. [1, p. 45]

Local governments — cities, towns, counties or parishes — and the officials who lead

them are responsible for developing the emergency operations and response plans by

which their communities respond to disasters and other emergencies, including

terrorist attacks. Local emergency management directors are also generally

responsible for providing training to prepare for disaster response and seek assistance

from their state emergency management agencies when the situation exceeds or

exhausts local capabilities. In many states, they may also negotiate and enter into

Mutual Aid Agreements (MAAs) with other jurisdictions to share resources when, for

example, nearby jurisdictions are unaffected by the emergency and are able to provide

some assistance. [1, p. 46]

Part I: Hard Lessons

First responders — local

fire, police, and

emergency medical

personnel who respond

to all manner of

incidents such as

earthquakes, storms,

and floods — have the

lead responsibility for

carrying out emergency

management efforts.

Their role is to prevent,

protect against, respond

to, and assist in the

recovery from

emergencies, including

natural disasters.

113

State Disaster Response

As the state’s chief executive, the Governor is responsible for the public safety and

welfare of the state’s citizens and generally has wide-ranging emergency management

responsibilities. Governors are responsible for coordinating state resources to address

the full range of actions necessary to prevent, prepare for, and respond to incidents

such as natural disasters. [1, p. 46]

Upon their declaration of an emergency or disaster, governors typically assume a

variety of emergency powers, including authority to control access to an affected area

and provide temporary shelter. Also, in most cases, states generally authorize their

governors to order and enforce the evacuation of residents in disaster and emergency

situations. [1, p. 46]

Governors also serve as the commanders-in-chief of their state military forces,

specifically, the National Guard when in state active duty or Title 32 status. In state

active duty — to which governors can call the Guard in response to disasters and other

emergencies — National Guard personnel operate under the control of the governor,

are paid according to state law, and can perform typical disaster relief tasks, such as

search and rescue, debris removal, and law enforcement. Most governors have the

authority to implement mutual aid agreements with other states to share resources

with one another during disasters or emergencies when, for example, others

(particularly nearby states) are unaffected by the emergency and able to provide

assistance. Most states request and provide this assistance through the Emergency

Management Assistance Compact (EMAC). If all these resources are not fast enough or

sufficient, then the Governor may petition the President for support. [1, p. 46]

Federal Disaster Support

When an incident overwhelms, or is likely to overwhelm, state and local resources, the

Stafford Act (Title 42 USC Ch. 68) authorizes the President, in response to a request

from the Governor of the affected state, to issue two types of declarations—

emergency or major disaster. An emergency is “any occasion or instance for which, in

the determination of the President, federal assistance is needed to supplement state

and local efforts and capabilities to save lives and to protect property and public health

and safety, or to lessen or avert the threat of a catastrophe in any part of the United

Chapter 8: Failure of Initiative

As the state’s chief

executive, the Governor

is responsible for the

public safety and

welfare of the state’s

citizens and generally

has wide-ranging

emergency

management

responsibilities.

114

States.” A major disaster is “any natural catastrophe (including any hurricane, tornado,

storm, high water, wind-driven water, tidal wave, tsunami, earthquake, volcanic

eruption, landslide, mudslide, snowstorm, or drought), or, regardless of cause, any fire,

flood, or explosion, in any part of the United States, which in the determination of the

President causes damage of sufficient severity and magnitude to warrant major

disaster assistance under this chapter to supplement the efforts and available

resources of States, local governments, and disaster relief organizations in alleviating

the damage, loss, hardship, or suffering caused thereby.” [1, p. 31]

If the President approves an emergency or major disaster declaration, then the Federal

Emergency Management Agency (FEMA) will setup a Joint Field Office (JFO) in

proximity to the State Emergency Operations Center (SEOC), and a FEMA Federal

Coordinating Officer (FCO) will begin working with the designated State Coordinating

Officer (SCO) to deliver requested federal assistance. [1, p. 38]

The federal government typically responds to most natural disasters after the affected

states request support. In practice, states may make these requests before disasters

strike because of the near certainty that federal assistance will be necessary after such

an event (e.g., with hurricanes) or, afterwards, once they have conducted preliminary

damage assessments and determined that their response capabilities are

overwhelmed. In either case, the resources the federal government provides in any

disaster response are intended to supplement state and local government resources

devoted to the ongoing disaster relief and recovery effort. This system in use for most

disasters — providing federal assistance in response to requests of the states (or local

governments via the states) — is often referred to as a “pull” system in that it relies on

states to know what they need and to be able to request it from the federal

government. [1, pp. 30-31]

In certain instances, however, the federal response may also be considered a “push”

system, in which federal assistance is provided and/or moved into the affected area

prior to a disaster or without waiting for specific requests from the state or local

governments. [1, p. 31] The “push” system can be risky, especially if resulting damages

are less than expected and the expended federal resources are not needed by the

State. The “push” system has the distinct advantage, though, of reducing delays and

expediting delivery of federal aid to the disaster. Much of the criticism leveled at the

federal government was that it relied on a “pull” system when it should have initiated

a “push” system in response to Hurricane Katrina.

Part I: Hard Lessons

Figure 8-1: Track of Hurricane Katrina [2]

If the President

approves an emergency

or major disaster

declaration, then the

Federal Emergency

Management Agency

(FEMA) will setup a Joint

Field Office (JFO) in

proximity to the State

Emergency Operations

Center (SEOC), and a

FEMA Federal

Coordinating Officer

(FCO) will begin working

with the designated

State Coordinating

Officer (SCO) to deliver

requested federal

assistance.

115

Hurricane Katrina

Hurricane Katrina was the costliest natural disaster, as well as one of the five deadliest

hurricanes in the history of the United States. The storm ranks third behind the 1935

Labor Day hurricane and Hurricane Camille in 1969. Overall, at least 1,500 people died

in the hurricane and subsequent floods, making it the deadliest United States

hurricane since the 1928 Okeechobee hurricane. Total property damage was estimated

at $108 billion. [2]

The tropical depression that became Hurricane Katrina formed over the Bahamas on

August 23, 2005. Early the following day, the new depression intensified into Tropical

Storm Katrina. The cyclone headed generally westward toward Florida and

strengthened into a hurricane only two hours before making landfall between

Hallandale Beach and Aventura on Thursday morning, August 25. The storm weakened

as it crossed over Florida, but regained hurricane strength shortly after emerging into

the Gulf of Mexico on Friday, August 26. The storm strengthened to a Category 5

hurricane over the warm waters of the Gulf of Mexico, but weakened before making

its second landfall as a Category 3 hurricane in southeast Louisiana in the early

morning hours of Monday, August 29. [2]

Katrina caused severe destruction along the Gulf coast from central Florida to Texas,

much of it due to high winds and flooding. Florida suffered twice, first when the storm

crossed over South Florida August 25, and a second time August 29 when Katrina

drove ashore in Louisiana, grazing the Florida Panhandle. Twelve deaths were blamed

on the storm in South Florida. It also left 1.45 million people without power and

caused $523 million in damages, most of it to crops. Two more deaths were attributed

to the storm as it grazed the Florida Panhandle, leaving another 77,000 people without

power, and causing an additional $100 million in damages. Overall, the hurricane

killed 14 people and caused $623 million in damages to Florida. Alabama was also hit

by winds and floods as Katrina made landfall. Sustained winds of 67 mph left 600,000

Chapter 8: Failure of Initiative

Figure 8-1: Track of Hurricane Katrina [2]

Hurricane Katrina was

the costliest natural

disaster, as well as one

of the five deadliest

hurricanes in the history

of the United States. The

storm ranks third behind

the 1935 Labor Day

hurricane and Hurricane

Camille in 1969.

116

people without power. A 12-foot storm surge caused significant flooding several miles

inland along Mobile Bay. The combined winds and high waters washed ships, oil rigs,

boats, and fishing piers ashore along Mobile Bay. Four tornadoes were spawned

inland. Two deaths were attributed to the storm. Twenty-two Alabama counties were

declared disaster areas. In its second landfall, Katrina’s powerful right-front quadrant

passed over the west and central Mississippi coast, causing a 27-foot storm surge to

penetrate 6 miles inland, and up to 12 miles along bays and rivers. Together with the

storm surge, the state was battered by heavy winds and torrential rains. The

combination proved devastating, destroying 90% of all structures within a half mile of

the coastline. The storm destroyed bridges, barges, boats, piers, houses, and cars.

Eighty-two counties were declared disaster areas. Some 900,000 people were left

without power; 238 people were left dead. Mississippi might have been the center of

national attention, except for what happened in New Orleans. [2]

New Orleans

New Orleans was at particular risk. Though about half the city actually lies above sea

level, its average elevation is about six feet below sea level–and it is completely

surrounded by water. Over the course of the 20th century, the Army Corps of

Engineers had built a system of levees and seawalls to keep the city from flooding. The

levees along the Mississippi River were strong and sturdy, but the ones built to hold

back Lake Pontchartrain, Lake Borgne and the waterlogged swamps and marshes to

the city’s east and west were much less reliable. Even before the storm, officials

worried that those levees, jerry-built atop sandy, porous, erodible soil, might not

withstand a massive storm surge. Neighborhoods that sat below sea level, many of

which housed the city’s poorest and most vulnerable people, were at great risk of

flooding. [3]

The day before Katrina hit, New Orleans Mayor Ray Nagin issued the city’s first-ever

mandatory evacuation order. [3] Between 80 and 90 percent of the residents of New

Orleans were evacuated safely in time before the hurricane struck. Despite this, about

100,000 remained in the city, mainly those who did not have access to personal

vehicles. [2] To assist those left behind, Mayor Nagin opened the Superdome as a

“shelter of last resort”. The stadium was situated on relatively high ground near

downtown. It had been used as a shelter during previous storms, including Hurricane

Georges in 1998. The Superdome had been estimated to withstand winds up to 200

miles per hour, and water levels of 35 feet. By the evening of August 28, the night

before Hurricane Katrina hit, some 20,000 people had taken shelter in the Superdome

under the care of 300 Louisiana National Guard. [4]

Part I: Hard Lessons

New Orleans was at

particular risk. Though

about half the city

actually lies above sea

level, its average

elevation is about six

feet below sea level–and

it is completely

surrounded by water.

117

At 3 a.m. on August 29, Hurricane Katrina made landfall near Buras-Triumph, Louisiana

as a strong Category 3 storm with 125 mph winds. It brought a 14-foot storm surge

and 8-10 inches of rain. These raised the level of Lake Pontchartrain causing significant

flooding along its northeastern shore. Several bridges were destroyed, including the I-

10 Twin Span Bridge connecting New Orleans to Slidell. Most of the roads traveling

into and out of the city were damaged. The only routes out of the city were the

westbound Crescent City Connection and Lake Pontchartrain Causeway, which was

restricted to emergency traffic. Power went out. High winds blew out the windows of

many high-rise buildings, and peeled back the waterproof membrane of the

Superdome. However, by mid-day as the eye of the hurricane passed east of the city, it

seemed New Orleans had been spared the worst of the storm. Despite the heavy

winds and rain, most buildings appeared to be structurally intact. But then the levees

began to break. [4]

Katrina’s storm surge overwhelmed the city’s levees and drainage canals. The

Mississippi River Gulf Outlet breached its levees in 20 places, flooding much of east

New Orleans, most of Saint Bernard Parish, and the East Bank of Plaquemines Parish.

The federally built levee system protecting metro New Orleans breached in 53 places,

including the 17th Street Canal, London Avenue Canal, and the Industrial Canal. By

August 31, 2005, 80% of New Orleans was flooded, with some parts under 15 feet of

water. [4]

The extensive flooding stranded many residents in their homes. Many chopped their

way onto their roofs with hatchets and sledge hammers, which residents had been

urged to store in their attics in case of such events. House tops across the city were

dotted with survivors. Some were trapped inside their attics, unable to escape.

Trapped in their homes, many families awaited rescue, without power, without water,

without food. [4]

The first deaths were reported shortly before midnight on August 28, as three nursing

home patients died during an evacuation to Baton Rouge. By 11:00 pm on August 29,

Mayor Nagin described the loss of life as “significant” with reports of bodies floating on

the water throughout the city, though primarily in the eastern portions. The National

Guard began setting up temporary morgues in select locations. [4]

After the storm passed, on August 30, as flood waters continued to rise, the media

reported rampant arson and looting across the city. Atrocities were reported at the

Superdome. Later investigations proved most of the reports greatly exaggerated. Still,

there was a breakdown in civil order, spurred, in part, by desertions within the New

Orleans Police Department. On August 31, Mayor Nagin imposed a curfew and

ordered the NOPD to abandon search and rescue missions in order to restore civil

Chapter 8: Failure of Initiative

Katrina’s storm surge

overwhelmed the city’s

levees and drainage

canals. The Mississippi

River Gulf Outlet

breached its levees in 20

places, flooding much of

east New Orleans, most

of Saint Bernard Parish,

and the East Bank of

Plaquemines Parish.

The federally built levee

system protecting metro

New Orleans breached

in 53 places

118

order. The same day, Governor Blanco ordered in 6500 National Guard. Relief efforts

were disrupted by violence. Charity Hospital was forced to halt patient evacuations

after coming under gunfire. On September 2, Governor Blanco requested an additional

40,000 National Guard for assistance in evacuation and security. [4]

The situation was indeed miserable at the Superdome. On August 29, as Katrina

passed over New Orleans it ripped two holes into the roof. The scene inside the

building was described as chaotic; reports of rampant drug use, fights, rape, and filthy

living conditions were widespread. Despite increasingly squalid conditions, the

population inside continued to grow as many more arrived hoping to find food, water,

and maybe transportation out of town. On August 31, Governor Blanco ordered the

Superdome evacuated, and sent in 68 school buses to relocate civilians to the Houston

Astrodome. By September 4, the Superdome was completely evacuated. [4]

As rescue operations commenced on August 29, rescuers began dropping people off

outside the Convention Center. It was meant to be a transit point to shelter. The

problem was, no transportation was sent. By the afternoon of the 29th, a crowd of

about 1,000 people had begun to gather outside the Convention Center. After being

told the facility had no food, water, or services, the crowd nonetheless broke in and

took refuge. The next day, a contingent of 250 National Guard engineers arrived and

began working from the facility. The engineers were never given orders to control the

crowd, nor were they prepared for the task. Still, the number of people at the

Convention Center continued to grow over the next three days; some sent there from

the Superdome, some dropped off after being rescued from their roof, and some

arriving of their own volition. There was nobody in charge; nobody to provide for the

evacuees’ care and safety. Reports of robberies, murder, and rape began to surface. A

large cache of alcohol was stolen. People died, and their bodies left where they passed.

Finally, on September 2, a sizable contingent of National Guard arrived to establish

order and provide essential provisions. On September 3, buses began arriving and

refugees evacuated. By September 4, the Convention Center was completely

evacuated. [4]

Final reports indicate that the official death toll, according to the Louisiana Department

of Health, was 1,464 people. [4] Investigations following the hurricane decried many of

the deaths as “preventable”. [1, p. 2] Furthermore, they determined that the suffering

in the days and weeks after the storm was unnecessarily prolonged, and even

exacerbated by the failure of government at all levels to plan, prepare, and respond

aggressively to the storm. [5, p. 2]

Part I: Hard Lessons

Final reports indicate

that the official death

toll, according to the

Louisiana Department of

Health, was 1,464

people. Investigations

following the hurricane

decried many of the

deaths as “preventable”.

Furthermore, they

determined that the

suffering in the days and

weeks after the storm

was unnecessarily

prolonged.

119

Chapter 8: Failure of Initiative

Table 8-1: Hurricane Katrina New Orleans Timeline

Date Description
Wed.
24 Aug 05

 First alerts of a tropical storm stirring in Caribbean

Fri.
26 Aug 05

 Most residents work a full day and take “wait and see” approach

 5 pm warnings from National Weather Service show Hurricane Katrina turning

 New Orleans potentially within range
Sat.
27 Aug 05

 Saturday morning most residents learn that Katrina’s path is set for New Orleans

 Metro-area evacuations begin en masse clogging all outbound arteries of the city for 48 hours

 St. Tammany, St. Charles, Plaquemines Parishes announce mandatory evacuations

 Orleans and Jefferson Parish both announce voluntary evacuations

 Governor Blanco sends “State of Emergency” letter to President Bush

 Louisiana State University scientists issue a projected storm surge map
Sun.
28 Aug 05

 At 9:30 am Orleans Parish issues first-ever mandatory evacuation

 At 10 am Katrina becomes a Category 5 storm with winds of 175 mph

 At 11:30 am, President Bush vows to help those affected by the storm

 State puts contra-flow plan into effect on interstates

 Superdome designated city’s “refuge of last resort”

 Director of the National Hurricane Center warns Times-Picayune of a “worst-case scenario”

 Tropical storm-force winds close down emergency services in metro area

 At 9 pm, Times-Picayune building loses power, generators power up
Mon.
29 Aug 05

 At 3 am, Katrina makes landfall as a Category 3 hurricane

 Metro-area emergency officials hold status meeting

 At 6 am, 317,000 households are without power

 At 7 am, water reported coming over the levee in the 9th Ward

 At 8:45 am, six to eight-foot flood waters reported in Lower 9th Ward

 At 9 am, winds rip hole in roof of Superdome

 At 9 am, eye of the storm passes to the east of New Orleans central business district.

 Windows in high-rise buildings blow out

 11 am, National Weather Service reports a breach in the Industrial Canal levee, emptying Lake Pontchartrain
into the neighborhoods of Eastern New Orleans, the Lower Ninth Ward in Orleans Parish and all of St. Bernard
Parish

 2 pm, breach in the 17th Street Canal is confirmed; Lakeview, Mid-City, Broodmoor, Gentilly flooded over next
48 hours.

 2 pm, flood waters in the Lower Ninth Ward reach 12 feet in some areas

 Flood waters continue to rise and it becomes apparent that it is a worst-case scenario
Tue.
30 Aug 05

 9 am, Times-Picayune employees evacuate building in delivery trucks as water rises a foot an hour

 Local media reports that Martial Law is declared in Orleans, Jefferson and Plaquemines Parish

 Looting reports go national presenting

 Flood waters continue to rise throughout city
Wed.
31 Aug 05

 Flood waters reach an equilibrium as the “bowl” of the city is now even with Lake Ponchartrain

 Some neighborhoods under as much as 20 feet of water

 Hellish scenes reported from those stranded in the Superdome: assaults, rape and suicide reported though later
most dismissed

 Estimates of 30 days before city can be pumped out

 Thousands stranded in houses, on roofs

 Approximately one million people without power in metro area

 Media reports that thousands are stranded in the New Orleans Convention Center without food or water as a
steady stream of people, many from the flooded Central City neighborhood, trickled first toward Lee Circle and
then to the Convention Center, hoping to be saved from increasingly desperate straits

120

Failure Analysis

According to the Senate investigation of Hurricane Katrina, government failure was

pervasive in that 1) long-term warnings went unheeded and government officials

neglected their duties to prepare for a forewarned catastrophe; 2) government officials

took insufficient actions or made poor decisions in the days immediately before and

after landfall; 3) systems on which officials relied on to support their response efforts

failed, and 4) government officials at all levels failed to provide effective leadership.

The results were tragic loss of life and human suffering on a massive scale, and an

undermining of confidence in the governments’ ability to plan, prepare for, and

respond to national catastrophes. [5, p. 2]

Unheeded Warnings

The potentially devastating threat of a catastrophic hurricane to the Gulf region has

been known for forty years: New Orleans experienced flooding in some areas of

remarkably similar proportions from Hurricane Betsy in 1965, and Hurricane Camille

devastated the Gulf Coast in 1969. More recently, numerous experts and

governmental officials had been anticipating an increase in violent hurricanes, and

Part I: Hard Lessons

Date Description
Thu.
1 Sep 05

 Corps of Engineers begins to build dam to stop levee breach at the 17th Street Canal

 More than 10,000 people have been rescued in St. Bernard Parish

 Times-Picayune asks, “Where is the Cavalry?”; No federal help arrived

 Governor Blanco demands “no less than 40,000 troops”

 Mayor Nagin lambasts federal officials in a tirade for their lack of effective response

 First 5,000 of approximately 23,000 evacuees arrive at Houston Astrodome by bus

 Bush seeks $10.5 billion storm-relief package
Fri.
2 Sep 05

 7,000 soldiers move in on the Convention Center; they confront 15,000 angry refugees and a boulevard littered
with putrefying corpses

 Fires break out in various warehouses across the city

 Bush tours area, says what is wrong “we’re going to make right”

 Mayor Nagin predicts electricity to be out in city for three months

 Airport becomes way station for refugees

 Thousands of refugees still in Superdome, Convention Center and I-10
Sat.
3 Sep 05

 FEMA says storm overwhelmed agency; outrage grows in Washington

 Authorities begin to regain grip on city with military’s aid

 President Bush orders 7,200 additional active duty troops to the region, for a total of 30,000

 Rape, gunfire reported at Convention Center

 Law enforcement agencies fielded about 1,000 distress 911 calls Saturday

 St. Bernard rescuers find 31 dead in nursing home

 Death toll expected to be in thousands, though nothing official yet

 Last of evacuees taken from Superdome and Convention Center

 Jefferson Parish President Aaron Broussard breaks down on “Meet the Press” and tells how a colleague’s elderly
mother died in her home Friday after waiting four days for rescuers that never arrived

 Rescuers continue to pluck residents from hellish waters
Sun.
4 Sep 05

 Estimated 2,000 people, many of them with serious medical problems, were still housed inside Louis Armstrong
International Airport

Mon.
5 Sep 05

 16,000 National Guard troops dedicated to search and rescue mission

 Jefferson Parish residents allowed home to survey damage

 Agencies begin trying to save stranded pets

 Corps of Engineers shifts work to damning London Avenue Canal

 Mayor Nagin says more than 10,000 could be dead

 Makeshift morgue set up in St. Gabriel, La. to handle 140 bodies per day [6]

121

New Orleans’ special and growing vulnerability to catastrophic flooding due to

changing geological and other conditions was widely described in both technical and

popular media. [5, p. 4]

Hurricane Georges hit the Gulf in 1998, spurring the state of Louisiana to ask FEMA for

assistance with catastrophic hurricane planning. Little was accomplished for the next

six years. Between 2000 and 2003, state authorities, an emergency-preparedness

contractor, and FEMA’s own regional staff repeatedly advised FEMA headquarters in

Washington that planning for evacuation and shelter for the “New Orleans scenario”

was incomplete and inadequate, but FEMA failed to approach other federal agencies

for help with transportation and shelter or to ensure that the City and State had the

matters in hand. [5, p. 4]

Then, in 2004, after a White House aide received a briefing on the catastrophic

consequences of a Category 3 hurricane hitting New Orleans, the federal government

sponsored a planning exercise, with participation from federal, state, and local officials,

based on a scenario whose characteristics foreshadowed most of Katrina’s impacts.

While this hypothetical “Hurricane Pam” exercise resulted in draft plans beginning in

early 2005, they were incomplete when Katrina hit. Nonetheless, some officials took

the initiative to use concepts developed in the drafts, with mixed success in the critical

aspects of the Katrina response. However, many of its admonitory lessons were either

ignored or inadequately applied. [5, p. 4]

During the Pam exercise, officials determined that massive flooding from a

catastrophic storm in New Orleans could threaten the lives of 60,000 people and trap

hundreds of thousands more, while incapacitating local resources for weeks to

months. The Pam exercise gave all levels of government a reminder that the “New

Orleans scenario” required more forethought, preparation, and investment than a

“typical” storm. Also, it reinforced the importance of coordination both within and

among federal, state, and local governments for an effective response. [5, p. 5]

The specific danger that Katrina posed to the Gulf Coast became clear on the afternoon

of Friday, August 26, when forecasters at the National Hurricane Center and the

National Weather Service saw that the storm was turning west. First in phone calls to

Louisiana emergency management officials and then in their 5 p.m. EDT Katrina

forecast and accompanying briefings, they alerted both Louisiana and Mississippi that

the track of the storm was now expected to shift significantly to the west of its original

track to the Florida panhandle. The National Hurricane Center warned that Katrina

could be a Category 4 or even a 5 by landfall. By the next morning, Weather Service

Officials directly confirmed to the Governor of Louisiana and other state and local

officials that New Orleans was squarely at risk. [5, p. 5]

Chapter 8: Failure of Initiative

According to the Senate

investigation of

Hurricane Katrina,

government failure was

pervasive in that 1) long

-term warnings went

unheeded ; 2)

government officials

took insufficient actions;

3) systems on which

officials relied on to

support their response

efforts failed, and 4)

government officials at

all levels failed to

provide effective

leadership.

122

Over the weekend, there was a drumbeat of warnings: FEMA held video-

teleconferences on both days, where the danger of Katrina and the particular risks to

New Orleans were discussed; Max Mayfield of the Hurricane Center called the

governors of the affected states, something he had only done once before in his 33

year career; President Bush took the unusual step of declaring in advance an

emergency for the states in the impact zone; numerous media reports noted that New

Orleans was a “bowl” and could be left submerged by the storm; the Department of

Homeland Security’s Simulation and Analysis group generated a report stating that the

levees protecting New Orleans were at risk of breaching and overtopping; internal

FEMA slides stated that the projected impacts of Katrina could be worse than those in

the Hurricane Pam exercise. The warnings were as widespread as they were dire. [5, p.

5]

Insufficient Preparation

While the State of Louisiana and the City of New Orleans undertook unprecedented

measures to prepare ahead of the storm, ineffective leadership, poor advance planning

and an unwillingness to devote sufficient resources to emergency management over

the long term doomed them to fail when Katrina struck. Despite the understanding of

the Gulf Coast’s particular vulnerability to hurricane devastation, officials braced for

Katrina with full awareness of critical deficiencies in their plans and gaping holes in

their resources. While Katrina’s destructive force could not be denied, state and local

officials did not marshal enough of the resources at their disposal. [5, p. 6]

For example, while Governor Blanco stated in a letter to President Bush two days

before landfall that she anticipated the resources of the state would be overwhelmed,

she made no specific request for assistance in evacuating the known tens of thousands

of people without means of transportation, and a senior state official identified no

unmet needs in response to a federal offer of assistance the following day. The state’s

transportation secretary also ignored his responsibilities under the state’s emergency

operations plan, leaving no arm of the state government prepared to obtain and

deliver additional transportation to those in New Orleans who lacked it, when Katrina

struck. In view of the long-standing role of requests as a trigger for action by higher

levels of government, the state bears responsibility for not signaling its needs to the

federal government more clearly. [5, p. 6]

Compounded by leadership failures of its own, the federal government bears

responsibility for not preparing effectively for its role in the post storm response. [5, p.

6]

Part I: Hard Lessons

While Katrina’s

destructive force could

not be denied, state and

local officials did not

marshal enough of the

resources at their

disposal.

123

FEMA was unprepared for a catastrophic event of the scale of Katrina. Established in

1979 to consolidate emergency management functions previously dispersed

throughout federal government, FEMA had not developed – nor had it been designed

to develop – response capabilities sufficient for a catastrophe the size of Katrina. Nor

had it developed the capacity to mobilize sufficient resources from other federal

agencies, and the private and nonprofit sectors. [5, p. 6]

Moreover, FEMA’s Director, Michael Brown, lacked the leadership skills that were

needed. Before landfall, Brown did not direct the adequate pre-positioning of critical

personnel and equipment, and willfully failed to communicate with his boss, Secretary

Chertoff. Earlier in the hurricane season, FEMA had pre-positioned an unprecedented

amount of relief supplies in the region. But the supplies were not enough. Similarly,

while both FEMA and the Department of Health and Human Services made efforts to

activate the federal emergency health capabilities of the National Disaster Medical

System (NDMS) and the U.S. Public Health Service, only a limited number of federal

medical teams were actually in position prior to landfall to deploy into the affected

area. Only one such team was in a position to provide immediate medical care in the

aftermath of the storm. [5, p. 7]

More broadly, the newly created Department of Homeland Security, charged with

preparing for and responding to domestic incidents, failed to effectively lead the

federal response to Hurricane Katrina. DHS leadership failed to bring a sense of

urgency to the federal government’s preparation for Hurricane Katrina, and Secretary

Chertoff himself should have been more engaged in preparations over the weekend

before landfall. Secretary Chertoff made only top-level inquiries into the state of

preparations, and accepted uncritically the reassurances he received. He did not

appear to reach out to the other Cabinet Secretaries to make sure that they were

readying their departments to provide whatever assistance DHS – and the people of

the Gulf – might need. [5, p. 7]

Similarly, had he invoked the Catastrophic Incident Annex (CIA) of the NRP, Secretary

Chertoff could have helped remove uncertainty about the federal government’s need

and authority to take initiative before landfall and signaled that all federal government

agencies were expected to think – and act – proactively in preparing for and

responding to Katrina. The Secretary’s activation of the National Response Plan (NRP)

CIA could have increased the urgency of the federal response and led the federal

government to respond more proactively rather than waiting for formal requests from

Chapter 8: Failure of Initiative

More broadly, the newly

created Department of

Homeland Security,

charged with preparing

for and responding to

domestic incidents,

failed to effectively lead

the federal response to

Hurricane Katrina.

124

overwhelmed state and local officials. Understanding that delay may preclude

meaningful assistance and that state and local resources could be quickly

overwhelmed and incapacitated, the NRP CIA directed federal agencies to pre-position

resources without awaiting requests from the state and local governments. Even then,

the NRP CIA held these resources at mobilization sites until requested by state and

local officials, except in certain prescribed circumstances. [5, p. 7]

The military also had a role to play, and ultimately, the National Guard and active duty

military troops and assets deployed during Katrina constituted the largest domestic

deployment of military forces since the Civil War. And while the Department of

Defense took additional steps to prepare for Katrina beyond those it had taken for

prior civil support missions, its preparations were not sufficient for a storm of Katrina’s

magnitude. Individual commanders took actions that later helped improve the

response, but these actions were not coordinated by the Department. The

Department’s preparations were consistent with how DOD interpreted its role under

the National Response Plan, which was to provide support in response to requests for

assistance from FEMA. However, additional preparations in advance of specific

requests for support could have enabled a more rapid response. [5, pp. 7-8]

In addition, the White House shared responsibility for the inadequate pre-landfall

preparations. To be sure, President Bush, at the request of FEMA Director Michael

Brown, did take the initiative to personally call Governor Blanco to urge a mandatory

evacuation. He also took the unusual step of declaring an emergency in the Gulf States

prior to Katrina making landfall. On the other hand, the President did not leave his

Texas ranch to return to Washington until two days after landfall, and only then

convened his Cabinet as well as a White House task force to oversee federal response

efforts. [5, p. 8]

The effect of the long-term failures at every level of government to plan and prepare

adequately for a catastrophic hurricane in the Gulf was evident in the inadequate

preparations before Katrina’s landfall and then again in the initial response to the

storm. [5, p. 8]

Inadequate Response

Flooding in New Orleans drove thousands of survivors to attics and rooftops to await

rescue. Infrastructure damage complicated the organization and conduct of search-and

-rescue missions. Destruction of communications towers and equipment in particular

limited the ability of crews to communicate with one another, undermining

coordination and efficiency. Rescuers also had to contend with weapons fire, debris,

and polluted water. [5, p. 8]

Part I: Hard Lessons

The military also had

a role to play, and

ultimately, the

National Guard and

active duty military

troops and assets

deployed during

Katrina constituted

the largest domestic

deployment of

military forces since

the Civil War.

125

Planning for search and rescue was also insufficient. FEMA, for instance, failed to

provide boats for its search and rescue teams even though flooding had been

confirmed by Tuesday. Moreover, interagency coordination was inadequate at both

the state and federal levels. While the Louisiana Department of Fisheries and Wildlife

and FEMA are responsible for interagency search and rescue coordination at the state

and federal levels respectively, neither developed adequate plans for this mission.

Staggeringly, the City of New Orleans Fire Department owned no boats, and the New

Orleans Police Department owned five. Meanwhile, widespread communications

failures in Louisiana and Mississippi were so bad that many officers reverted to either

physically running messages from one person to another, or passing messages along a

daisy chain of officers using radios with limited range. [5, p. 9]

While authorities recognized the need to begin search-and-rescue missions even

before the hurricane winds fully subsided, other aspects of the response were

hindered by a failure to quickly recognize the dimensions of the disaster. On the day

after landfall, DHS officials were still struggling to determine the “ground truth” about

the extent of the flooding despite the many reports it had received about the

catastrophe; key officials did not grasp the need to act on the less-than-complete

information that is to be expected in a disaster. DHS leaders did not become fully

engaged in recovery efforts until Thursday, September 1, two days after Hurricane

Katrina hit New Orleans. But this effort should have begun sooner. [5, p. 9]

FEMA Director Michael Brown, then in Louisiana, contributed to the problem by

refusing to communicate with Secretary Chertoff opting instead to pass information

directly to White House staff. Moreover, even though senior DHS officials did receive

on the day of landfall numerous reports that should have led to an understanding of

the increasingly dire situation in New Orleans, many indicated they were not aware of

the crisis until sometime Tuesday morning, August 30, the day after landfall. [5, p. 9]

The Department of Defense also was slow to acquire information regarding the extent

of the storm’s devastation. DOD officials relied primarily on media reports for their

information. Many senior DOD officials did not learn that the levees had breached until

Tuesday; some did not learn until Wednesday, August 31, two days after Katrina made

landfall. As DOD waited for DHS to provide information about the scope of the

damage, it also waited for the lead federal agency, FEMA, to identify the support

needed from DOD. The lack of situational awareness during this phase appears to have

been a major reason for DOD’s belated adoption of the forward-looking posture

necessary in a catastrophic incident. [5, p. 10]

Chapter 8: Failure of Initiative

The Department of

Defense also was slow

to acquire information

regarding the extent of

the storm’s devastation.

DOD officials relied

primarily on media

reports for their

information.

126

While large numbers of active-duty troops did not arrive until the end of the first week

following landfall, the Department of Defense contributed in other important ways

during that period. Early in the week, DOD ordered its military commanders to push

available assets to the Gulf Coast. They also streamlined their ordinarily bureaucratic

processes for handling FEMA requests for assistance and emphasized movement based

on vocal commands with the paperwork to follow, though some FEMA officials believe

that DOD’s approval process continued to take too long. They provided significant

support to search-and-rescue missions, evacuee airlifts, logistics management of buses

arriving in the State for evacuation, and other matters. [5, p. 11]

Toward the end of the week, with its own resources stretched thin, FEMA turned to

DOD to take over logistics for all commodity movements. The Department of Defense

acceded to the request, and provided some logistics assistance to FEMA. However, it

did not undertake the complete logistical take-over initially requested by FEMA

because that was not needed. [5, p. 12] On Wednesday, August 31, the National Guard

Bureau began calling on state Adjutants General to deploy National Guard forces. This

process quickly resulted in the largest National Guard deployment in U.S. history, with

50,000 troops and supporting equipment arriving from 49 states and four territories

within two weeks. [5, p. 11] These forces brought in relief supplies provided by FEMA,

established law and order, and assisted with evacuations. [5, p. 12]

Law Enforcement

Law enforcement outside the Superdome and the Convention Center was a problem,

and was fueled by several contributing factors, including erroneous statements by top

city officials inflaming the public’s perception of the lawlessness in New Orleans. [5, p.

12]

Without effective law enforcement, real or imagined safety threats interrupted

virtually every aspect of the response. Fearing for their personal safety, medical and

search and rescue teams withdrew from their missions. FEMA and commercial vendors

of critical supplies often refused to make deliveries until military escorts could be

arranged. In fact, there was some lawlessness, yet for every actual act there were

rumors of dozens more, leading to widespread and inaccurate reporting that severely

complicated a desperate situation. Unfortunately, local, state, and federal officials did

little to stanch this rumor flow. Police presence on the streets was inadequate, in part

because in a matter of hours Katrina turned the New Orleans police department from

protectors of the public to victims of the storm. Nonetheless, most New Orleans police

officers appear to have reported for duty, many setting aside fears about the safety of

their families or the status of their homes. [5, p. 12]

Part I: Hard Lessons

Without effective law

enforcement, real or

imagined safety threats

interrupted virtually

every aspect of the

response.

127

Even so, the ability of the officers who remained to perform their duties was

significantly hampered by the lack of basic supplies. While supplies such as weapons

and ammunition were lost to flooding, the NOPD leadership did not provide its officers

with basic necessities such as food; nor did the department have logistics in place to

handle supplies. Members of the NOPD also identified the lack of a unified command

for this incident as a major problem; eight members of the Command Staff were

extremely critical of the lack of leadership from the city’s Office of Emergency

Preparedness (OEP). The department’s rank and file were unfamiliar with both the

department’s and the city’s emergency-operations manuals and other hurricane

emergency procedures. Deficiencies in the NOPD’s manual, lack of training on this

manual, lack of familiarity with it, or a combination of the three resulted in inadequate

protection of department resources. [5, p. 13]

Federal law-enforcement assistance was too slow in coming, in large part because the

two federal departments charged with providing such assistance – DHS and the

Department of Justice (DOJ) – had done almost no pre-storm planning. In fact, they

failed to determine even well into the post-landfall period which of the two

departments would assume the lead for federal law enforcement. As a result, later in

the week, as federal law-enforcement officers did arrive, some were distracted by a

pointless “turf war” between DHS and DOJ over which agency was in the lead. In the

end, federal assistance was crucial, but should have arrived much sooner. [5, p. 13]

Health Care

Medical teams had to triage more than 70,000 evacuees and provide acute care to the

sick and wounded. While officials used plans developed in Hurricane Pam as a helpful

framework for managing this process, existing emergency-room facilities were

overwhelmed by the volume of patients. Local and state officials quickly set up

temporary field hospitals at a sports arena and a K-mart in Baton Rouge to supplement

hospital capacity. [5, p. 14]

New Orleans had a large population of “special needs patients,” individuals living at

home who required ongoing medical assistance. Before Katrina struck, the City Health

Department activated a plan to establish a care facility for this population within the

Superdome and provided transportation to evacuate several hundred patients and

their caregivers to Baton Rouge. While Superdome facilities proved useful in treating

special needs patients who remained behind, they had to contend with shortages of

supplies, physical damage to the facility necessitating a post-landfall relocation of

patients and equipment to an area adjacent to the Dome, and a population of more

than 20,000 people using the Superdome as a refuge of last resort. Also, FEMA’s

Chapter 8: Failure of Initiative

Federal law-

enforcement assistance

was too slow in coming,

in large part because

the two federal

departments charged

with providing such

assistance – DHS and

the Department of

Justice (DOJ) – had done

almost no pre-storm

planning.

128

Disaster Medical Assistance Teams which provide the invaluable resources of

pharmacies and hospital equipment, arrived at the Superdome on the night following

landfall, but left temporarily on Thursday, before the evacuation of the Superdome’s

special needs population was completed, because of security concerns. [5, p. 14]

In Louisiana, hospitals had to evacuate after landfall on short notice principally due to

loss of electrical power. While hospitals had evacuated some of their patients before

landfall, they had retained others thought to be too frail for transport, and believed by

staying open they would be available to serve hurricane victims. Their strategy became

untenable after landfall when power was lost, and their backup generators were

rendered inoperable by flooding and fuel shortages. The Louisiana Department of

Health and Hospitals stepped in to arrange for their evacuation; while successful, it had

to compete with search and rescue teams for helicopters and other needed resources.

[5, p. 14]

Many nursing homes in and around New Orleans lacked adequate evacuation plans.

While they were required to have plans on file with local government, there was no

process to ensure that there were sufficient resources to evacuate all the nursing

homes at once, and dozens of patients who were not evacuated died. When

evacuation became necessary, some sent their patients to the Superdome, where

officials struggling to handle the volume of patients already there were obliged to

accept still more. [5, p. 14]

Evacuations

The City of New Orleans, with primary responsibility for evacuation of its citizens, had

language in its plan stating the city’s intent to assist those who needed transportation

for pre-storm evacuation, but had no actual plan provisions to implement that intent.

In late 2004 and 2005, city officials negotiated contracts with Amtrak, riverboat owners

and others to pre-arrange transportation alternatives, but received inadequate

support from the city’s Director of Homeland Security and Emergency Preparedness,

and contracts were not in place when Katrina struck. As Katrina approached,

notwithstanding the city’s evacuation plans on paper, the best solution New Orleans

had for people without transportation was a private-citizen volunteer carpool initiative

called Operation Brothers’ Keepers and transit buses taking people – not out of the

city, but to the Superdome. [5, p. 16]

Part I: Hard Lessons

The City of New Orleans,

with primary

responsibility for

evacuation of its

citizens, had language in

its plan stating the city’s

intent to assist those

who needed

transportation for pre-

storm evacuation, but

had no actual plan

provisions to implement

that intent.

129

The Louisiana Department of Transportation and Development, whose Secretary had

personally accepted departmental responsibility under the state’s emergency

operations plan to arrange for transportation for evacuation in emergencies, had done

nothing to prepare for that responsibility prior to Katrina. Had his department

identified available buses or other means of transport for evacuation within the state

in the months before the hurricane, at a minimum the State would have been

prepared to evacuate people stranded in New Orleans after landfall more quickly than

it did. [5, p. 16]

While the Superdome provided shelter from the devastating winds and water,

conditions there deteriorated quickly. Katrina’s “near miss” ripped the covering off the

roof, caused leaking, and knocked out the power, rendering the plumbing, air

conditioning, and public announcement system totally useless. [5, p. 16] By Tuesday

afternoon, the New Orleans Superdome had become overcrowded, leading officials to

turn additional refugees away. Mayor Nagin directed evacuees be sent to the

Convention Center, but communicated his decision to state and federal officials poorly,

if at all. That failure, in addition to the delay of shipments due to security concerns and

DHS’s own independent lack of awareness of the situation, contributed to the paucity

of food, water, security or medical care at the Convention Center, as a population of

approximately 19,000 gathered there. [5, p. 12]

On Monday, August 29, as Katrina passed over New Orleans, Governor Blanco asked

FEMA Director Michael Brown for buses. Brown assured the state the same day that

500 buses were enroute to assist in the evacuation of New Orleans and would arrive

within hours. In spite of Brown’s assurances and the state’s continued requests over

the course of the next two days, FEMA did not direct the U.S. Department of

Transportation to send buses until very early on Wednesday, August 31, two days after

landfall. Still, the buses did not begin to arrive until Wednesday evening and not in

significant numbers until the next day, four days after landfall. Concerned over FEMA’s

delay in providing buses – and handicapped by the Louisiana Department of

Transportation and Development’s utter failure to make any preparation to carry out

its lead role for evacuation under the state’s emergency plan – Governor Blanco

directed members of her office to begin locating buses on Tuesday and approved an

effort to commandeer school buses for evacuation on Wednesday. But these efforts

were too little, too late. Tens of thousands of people were forced to wait in

unspeakably horrible conditions until as late as Saturday, September 4, to be

evacuated. [5, p. 13]

Chapter 8: Failure of Initiative

The Louisiana

Department of

Transportation and

Development, whose

Secretary had personally

accepted departmental

responsibility under the

state’s emergency

operations plan to

arrange for

transportation for

evacuation in

emergencies, had done

nothing to prepare for

that responsibility prior

to Katrina.

130

Conclusion

Effective response to mass emergencies is a critical role of every level of government.

It is a role that requires a substantial amount of planning, coordination and dispatch

among governments’ diverse units. Following the terrorist attacks of 9/11, the nation

underwent one of the most sweeping reorganizations of federal government in history.

While driven primarily by concerns of terrorism, the reorganization was designed to

strengthen our nation’s ability to address the consequences of both natural and man-

made disasters. In its first major test, this reorganized system failed. [5, p. 2]

Part I: Hard Lessons

131

Chapter 8: Failure of Initiative

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. Why wasn’t New Orleans completely evacuated in advance of the storm?

2. How did City and State emergency managers fail to assist the evacuation?

3. How did City and State emergency managers fail to provide adequate shelter?

4. How did the breakdown in local law enforcement contribute to the disaster?

5. Describe the breakdown in communications between the Governor and President.

6. Describe the breakdown in communications within the new Department of Homeland Security.

7. Describe the breakdown in communications between the responding military forces.

8. Explain why the House Report characterized the response to Hurricane Katrina as a “failure of initiative”.

9. If you were mayor of New Orleans, why would you wait to evacuate your city?

10. If you were mayor of New Orleans, how would you expedite your city’s evacuation?

132

133

Part II:

HS, DHS, & HS Enterprise

This section examines the purpose, formation, evolution, and performance of the Department of Homeland Security,

and its role within the Homeland Security Enterprise. We begin by examining the definition of homeland security.

Unfortunately, the official definition as listed in the 2010 Quadrennial Homeland Security Review, and affirmed in the

2014 QHSR, is completely inadequate. If terrorism and natural disasters are indeed the primary homeland security

concerns as indicated, then a Department of Homeland Security would’ve been created decades earlier following any

number of terrorist incidents or natural disasters. In order to cut through the confusion we offer our own working

definition of homeland security: “To safeguard the United States from domestic catastrophic destruction.” This

definition makes clear that the homeland security concern is domestic catastrophic destruction, no matter what the

motive or cause. And because there are no guaranteed safeguards, homeland security must encompass missions

across the spectrum of prevent, protect, mitigate, respond, and recover. In the prevent and protect mission areas,

DHS is nationally responsible for aviation security, maritime security, surface transportation security, border security,

and immigration enforcement. In the mitigation mission area, DHS works together in partnership with public and

private agencies to reduce critical infrastructure vulnerability to attack, especially cyber attack. And in the respond

and recover mission areas, DHS leads national efforts to enhance interoperability and capability within the First

Responder community. Under authorities provided in the Homeland Security Act, and at the explicit direction of

Congress, DHS has evolved since it was established to better meet its mission requirements. In 2010, at the direction

of Congress, DHS instituted the QHSR process to continuously and systematically review their mission and organization

to ensure they continue to do the right thing, and that they continue to do it right. And while DHS has filled important

gaps exposed by 9/11, homeland security remains a team sport, requiring cooperation not just among Federal

agencies, but also among State, Local, and Tribal governments as part of the Homeland Security Enterprise. For some

missions, like critical infrastructure protection, DHS is the primary agency and leads efforts with help from many

supporting agencies, including infrastructure owners and operators. For other missions, like counterterrorism, DHS is a

supporting agency to the FBI, forwarding actionable leads developed by its many components and partners. Though

DHS’ progress has not been without significant challenges, and they still have substantial ground to gain, it can be

confidently stated that the nation is better prepared to deal with catastrophic destruction than at any time before 9/11

or Hurricane Katrina.

134

Part II: HS, DHS, & HS Enterprise

135

Homeland Security

Careful study of this chapter will help a student do the following:

 Discuss the evolving definition of “homeland security”.

 Evaluate the various definitions of “homeland security”.

 Explain why the U.S. invaded Afghanistan in October 2001.

Chapter 9

Learning Outcomes

Chapter 9: Homeland Security

136

Con·flate /kənˈflāt/ Verb. To combine two or more ideas into one.

– Dictionary.com

Introduction

The 1995 Tokyo subway attack was a turning point in American national security policy

when non-state actors bearing weapons of mass destruction became a credible threat

to the United States. [1] After the 1993 World Trade Center bombing and 1995

Oklahoma City bombing, two terrorist-motivated attacks on U.S. soil, three separate

government commissions were established to investigate terrorist attacks employing

WMD in the United States. As 9/11 would prove, the commissions found the nation

unprepared to respond let alone thwart a catastrophic attack, and ultimately

recommended the establishment of a homeland security agency to address such

threats. [2, p. vi] In the process, they also conflated the concepts of “terrorism” and

“domestic catastrophic attack”, consequently confusing the concept of “homeland

security”. The purpose of this chapter is to examine the definition of “homeland

security”, and make a clear understanding of what it is, and what it is not.

Pre-9/11

The Hart-Rudman Commission was chartered by Secretary of Defense William Cohen in

1998 to provide a comprehensive review of U.S. national security requirements for the

21st century. The U.S. Commission on National Security/21st Century was tasked “to

analyze the emerging international security environment; to develop a U.S. national

security strategy appropriate to that environment; and to assess the various security

institutions for their current relevance to the effective and efficient implementation of

that strategy, and to recommend adjustments as necessary”. [3] Phase I concluded in

September 1999 with the publication of “New World Coming: American Security in the

21st Century”. Phase II produced the April 2000 publication, “Seeking a National

Strategy: A Concert for Preserving Security and Promoting Freedom”. Phase III,

presented in February 2001 was titled “Road Map for National Security: Imperative for

Change”. [2, pp. v-vi]

Six months before 9/11, the Hart-Rudman Commission summarized its previous

findings with this chilling prediction:

“The combination of unconventional weapons proliferation with the

persistence of international terrorism will end the relative invulnerability of

the U.S. homeland to catastrophic attack. A direct attack against American

citizens on American soil is likely over the next quarter century. The risk is not

only death and destruction but also a demoralization that could undermine

U.S. global leadership. In the face of this threat, our nation has no coherent or

integrated governmental structures.” [2, p. viii]

Part II: HS, DHS, & HS Enterprise

“A direct attack against

American citizens on

American soil is likely

over the next quarter

century.”

– Hart-Rudman

Commission, February

2001

137

In recognition of this perceived threat, the Commission Phase III report recommended

establishing an independent National Homeland Security Agency “with responsibility

for planning, coordinating, and integrating various U.S. government activities involved

in homeland security.” The report went on to recommend building the proposed new

agency on the foundation of the Federal Emergency Management Agency and

incorporating the Coast Guard, Customs Service, and Border Patrol. Additionally, the

agency would have responsibility for protecting the nation’s critical infrastructure. [2,

p. viii]

The Phase III report is interesting for what it does: 1) it accurately predicts a

catastrophic attack on the U.S., 2) it proposes a cabinet-level agency foreshadowing

establishment of the Department of Homeland Security, and 3) it anticipates the

composition and functions of the future DHS. The report is also interesting for what it

does not do: it doesn’t define “homeland security”. The Hart-Rudman Commission

first makes reference to homeland security in its Phase II report, yet does not define it

there either. [4, p. 14] While the Commission fails to give an outright definition of

“homeland security”, it does make it clear that it is about domestic catastrophic attack

involving weapons of mass destruction or disruption employed by non-state actors.

Because the expected target was U.S. territory, the Commission saw homeland security

as central to national security, not peripheral to it. [2, p. 10] It also saw that homeland

security was a mission too broad for any single agency, but requiring the coordination

of many agencies at the Federal, State, and Local levels. [2, pp. 11-22]

Post-9/11

The first definition of “homeland security” appeared after 9/11. On October 8, 2001,

only weeks after the 9/11 attacks, President Bush issued Executive Order 13228

establishing an Office of Homeland Security (OHS) within the White House. The

purpose of OHS was to coordinate the executive branch’s efforts to “detect, prepare

for, prevent, protect against, respond to, and recover from terrorist attacks within the

United States.” One of OHS’ first priorities was to develop “a comprehensive national

strategy to secure the United States from terrorist attacks.” [5] It is in this document

that the first definition of homeland security was published:

“Homeland security is a concerted national effort to prevent terrorist attacks within

the United States, reduce America’s vulnerability to terrorism, and minimize the

damage and recover from attacks that do occur.”

– 2002 National Strategy for Homeland Security

Chapter 9: Homeland Security

The first definition of

homeland security is

found in the 2002

National Strategy for

Homeland Security.

138

Terrorism is defined in 18 USC S2331, as ““Acts dangerous to human life that are a

violation of the criminal laws of the United States or of any State, that appear to be

intended to intimidate or coerce a civilian population; influence the policy of a

government by intimidation or coercion; or to affect the conduct of a government by

mass destruction, assassination, or kidnapping.” Terrorism is a specific crime

distinguished by a specific motive, that of intimidating or coercing the U.S.

government. Though it may not be the only motive that might prompt domestic

catastrophic attack, it was certainly the motive behind the 9/11 attacks. Thus, given its

directive, OHS defined homeland security in terms of terrorism. This definition was

retained in the 2007 update to homeland security strategy, [6, p. 3] but was changed in

2010 as a result of Hurricane Katrina.

In recognition that homeland security is an integral part of national security, in 2010

the Obama Administration merged homeland security strategy with national security

strategy. Unlike the previous homeland security strategies, the 2010 National Security

Strategy did not define homeland security but described its functions instead. [7, p. 15]

Similarly, the 2015 National Security Strategy did not define homeland security either.

[8] The task of defining homeland security had been removed by Congress from

strategy formulation to mission formulation. In August 2007, Congress passed Public

Law 110-53, “Implementing Recommendations of the 9/11 Commission Act”. Among

its provisions, the law required DHS to conduct a comprehensive examination of the

nation’s homeland security strategy every four years starting in fiscal year 2009. In

February 2010, DHS released its first Quadrennial Homeland Security Review (QHSR)

defining homeland security. [9, p. 13] The same definition was not included, but

affirmed in the 2014 QHSR. [10, p. 94]

“Homeland security is a concerted national effort to ensure a homeland that is safe,

secure, and resilient against terrorism and other hazards where American interests,

aspirations, and way of life can thrive.”

– 2010 Quadrennial Homeland Security Review

Analysis

While the focus on “terrorism” is understandable, it is also dangerously misleading

because it is peripheral to the problem that launched three separate government

commission investigations: domestic catastrophic destruction. The Gilmore

Commission was established to investigate the potential for “mass destruction” or

“mass casualties” as the result of domestic employment of WMD. [1, pp. i-xi] The Hart-

Rudman Commission independently came to this conclusion when it determined that

“America will become increasingly vulnerable to hostile attack on our homeland, and

our military superiority will not entirely protect us.” [11, p. 4] The Bremer Commission

was also motivated by concerns of “mass casualties”. [12, p. iv] Yet, the three

Part II: HS, DHS, & HS Enterprise

The second and reigning

definition of homeland

security was advanced

in the 2010 QHSR, and

affirmed (though not

stated) in the 2014

QHSR.

139

commissions investigated domestic catastrophic destruction in connection with

terrorism, which is how the two concepts became conflated. As defined in 18 USC

S2331, terrorism is a crime distinguished by a specific motive to affect change in U.S.

government actions. In the universe of potential motives for causing domestic

catastrophic destruction, terrorism is but one possibility among countless others. In

fact, the destruction caused by Hurricane Katrina proved that no motive is necessary at

all.

The current definition of homeland security is also incomplete. The current definition

is focused on initiators of catastrophic destruction related to terrorist motive, natural

means, and accidental opportunity. It does not address other motives, cyber means,

or infrastructure opportunities. Certainly they could be included, but this would be

cumbersome and also incomplete. Instead of trying to enumerate all possible

“initiators” of the problem, why not focus on the problem itself? Why not make the

definition about the effect, regardless of the cause? Why not make a more clear and

concise definition of homeland security?

Working Definition

It is good to know the official definition of homeland security as promulgated by the

U.S. government. Unfortunately, knowing this definition is not helpful to

understanding homeland security. As such, the following working definition is offered

to help guide study in this textbook:

“Safeguard the United States from domestic catastrophic destruction.”

The stated working definition is as insightful as it is direct. It is direct because it

directly identifies “domestic catastrophic destruction” as the central concern of

homeland security. Yet, it is not restricted by specifying either the cause or scale of

destruction. Because it’s unspecified, the destruction may be measured either in terms

of deaths or damages, or a combination of both. Moreover, the destruction is not

confined to first-order effects, but may include second- or third-order effects resulting

from mass disruption. The ultimate determinant is the impact on society, which is

clearly “catastrophic”, distinguishing the destruction from other incidents by its

magnitude. Similarly, because the cause of destruction is not specified, it can

encompass all means, motives, and opportunities that might result in catastrophic

destruction. These include both natural and manmade means, as well as terrorist and

other motives, and accidental as well as intentional opportunities.

Chapter 9: Homeland Security

The current definition

confuses causes with

effects. Consequently,

we offer a working

definition of homeland

security focusing on

effect to eliminate such

confusion: “Safeguard

the U.S. from domestic

catastrophic

destruction.”

140

Regarding manmade means, the working definition is insightful as to the relationship

between homeland security and national security. If the threat is a sovereign state,

then the homeland security concern is addressed by national security measures. If the

threat is a non-state actor, then the homeland security concern is addressed by legal

measures under U.S. law. In both circumstances, the threat remains a homeland

security concern.

The word “safeguard” was also carefully chosen. It was chosen in recognition of the

fact that no defense is invulnerable to a determined attacker, and you can’t stop

natural disasters. Consequently, the word “safeguard” encompasses actions during

the four phases of any catastrophe: 1) prevent, 2) protect, 3) respond, and 4) recover.

Prevention measures necessarily include detection, and deterrence and interception in

the case of manmade threats, and mitigation and sheltering in the case of natural

hazards. Protection measures may be similar for both manmade threats and natural

hazards, including isolation, hardening, redundancy, and a host of other actions.

Prevention and protection measures are typically implemented before an incident.

Response and recovery measures are typically implemented after an incident.

Response measures include resources and actions necessary to save lives and protect

property. Recovery measures include resources and actions necessary to restore living

conditions to their pre-incident status or better. Most importantly, the word

“safeguard” means that nothing is ever completely safe. Everything is a matter of risk,

and all measures taken before and after an incident are about risk management.

Understanding the working definition provides a lens through which you can gain

insight and perspective on homeland security. We will now use this lens to examine

events following 9/11.

Ultimatum

By late in the evening of September 11, the President had addressed the nation on the

terrible events of the day. The long day was not yet over. When the larger meeting that

included his domestic department heads broke up, President Bush chaired a smaller

meeting of top advisers, a group he would later call his “war council.” This group

usually included Vice President Cheney, Secretary of State Powell, Secretary of Defense

Donald Rumsfeld, General Hugh Shelton, Vice Chairman of the Joint Chiefs (later to

become chairman) General Myers, Director of Central Intelligence (DCI) George Tenet,

Attorney General Ashcroft, and FBI Director Robert Mueller. From the White House

staff, National Security Advisor Condoleezza Rice and Chief of Staff Card were part of

the core group, often joined by their deputies, Stephen Hadley and Joshua Bolten. In

this restricted National Security Council meeting, the President said it was a time for

self-defense. The United States would punish not just the perpetrators of the attacks,

but also those who harbored them. [13, p. 330]

Part II: HS, DHS, & HS Enterprise

The word “safeguard”

was chosen in

recognition of the fact

that no defense is

invulnerable, and you

can’t stop natural

disasters.

141

A cross check of the 9/11 flight manifests implicated al Qaeda in the attacks. On

September 13, The State Department proposed delivering an ultimatum to the Taliban:

produce bin Laden and his deputies and shut down al Qaeda camps within 24 to 48

hours, or the United States will use all necessary means to destroy the terrorist

infrastructure. The State Department did not expect the Taliban to comply. President

Bush recalled that he quickly realized that the administration would have to invade

Afghanistan with ground troops. [13, p. 332]

The State and Defense departments would have to build an international coalition to

go into Afghanistan. Both departments would consult with NATO and other allies and

request intelligence, basing, and other support from countries, according to their

capabilities and resources. All these diplomatic and military plans were reviewed over

the weekend of September 15–16, as President Bush convened his war council at

Camp David. After hearing from his senior advisers, President Bush discussed with Rice

the contents of the directives he would issue to set all the plans into motion. Rice

prepared a paper that President Bush then considered with principals on Monday

morning, September 17. “The purpose of this meeting,” he recalled saying,“ is to assign

tasks for the first wave of the war against terrorism. It starts today.” [13, p. 333]

In a speech before Congress on September 21, President Bush delivered the U.S.

ultimatum to the Taliban: “Deliver to U.S. authorities all the leaders of al Qaeda… or

share in their fate.” He said: “Either you are with us, or you are with the terrorists.”

The terms were non-negotiable. [14] That same day, the Taliban ambassador to

Pakistan, Abdul Salam Zaeef, insisted his country would not hand over Osama bin

Laden. He told a news conference in the capital, Islamabad: “Our position on this is

that if America has proof, we are ready for the trial of Osama bin Laden in light of the

evidence.” Asked if he was ready to hand Bin Laden over, he replied: “No.” [15]

On September 22, the United Arab Emirates, and later Saudi Arabia, withdrew

recognition of the Taliban as Afghanistan’s legal government, leaving neighboring

Pakistan as the only remaining country with diplomatic ties. On October 4, the Taliban

agreed to turn bin Laden over to Pakistan for trial in an international tribunal that

operated according to Islamic Sharia law, but Pakistan blocked the offer as it was not

possible to guarantee his safety. On October 7, the Taliban ambassador to Pakistan

offered to detain bin Laden and try him under Islamic law if the U.S. made a formal

request and presented the Taliban with evidence. The offer was rejected on grounds

there would be no negotiating. Plus, the U.S. had begun military operations in

Afghanistan. [16]

Chapter 9: Homeland Security

9/11 was a criminal act.

Any assault against U.S.

citizens or territory is a

crime, no matter what

the nationality of the

perpetrator. Osama bin

Laden was guilty of

planning and

committing murder on

U.S. soil.

142

Enduring Freedom

President Bush approved military plans to attack Afghanistan in meetings with Central

Command’s General Tommy Franks and other advisers on September 21 and October

2. Originally titled “Infinite Justice,” the operation’s code word was changed—to avoid

the sensibilities of Muslims who associate the power of infinite justice with God

alone—to “Enduring Freedom.” [13, p. 337]

On October 7, less than one month after the September 11 attacks, the U.S., aided by

the United Kingdom, Canada, and other countries including several from the NATO

alliance, initiated military action, bombing Taliban and Al-Qaeda-related camps. The

stated intent of military operations was to remove the Taliban from power, and

prevent the use of Afghanistan as a terrorist base of operations. [16]

The CIA’s elite Special Activities Division (SAD) units were the first U.S. forces to enter

Afghanistan. They joined with the Afghan United Front, also known as the Northern

Alliance, to prepare for the subsequent arrival of U.S. Special Operations forces. [16]

The CIA provided intelligence, experience, cash, covert action capabilities, and liaison

with tribal allies. In turn, the U.S. military offered combat expertise, firepower,

logistics, and communications. [13, p. 338] Together, the Northern Alliance and SAD

and Special Forces combined to overthrow the Taliban with minimal coalition

casualties, and without the use of international conventional ground forces. [16]

On October 14, the Taliban offered to discuss handing over Osama bin Laden to a

neutral country in return for a bombing halt, but only if the Taliban were given

evidence of bin Laden’s involvement. The U.S. rejected this offer, and continued

military operations. Mazar-i-Sharif fell to United Front troops of Ustad Atta

Mohammad Noor and Abdul Rashid Dostum on November 9, triggering a cascade of

provinces falling with minimal resistance. [16]

On the night of November 12, the Taliban retreated south from Kabul. On November

15, they released eight Western aid workers after three months in captivity. By

November 13, the Taliban had withdrawn from both Kabul and Jalalabad. Finally, in

early December, the Taliban gave up Kandahar, their last stronghold, dispersing

without surrendering. [16]

Part II: HS, DHS, & HS Enterprise

When the Taliban

government of

Afghanistan refused to

extradite Osama bin

Laden and turn him over

to the FBI, President

Bush sent in the U.S.

military to take down

the Taliban government

for abetting terrorism,

and capture or kill

Osama bin Laden.

143

Within about two months of the start of combat operations, several hundred CIA

operatives and Special Forces soldiers, backed by the striking power of U.S. aircraft and

a much larger infrastructure of intelligence and support efforts, had combined with

Afghan militias and a small number of other coalition soldiers to destroy the Taliban

regime and disrupt al Qaeda. They had killed or captured about a quarter of the

enemy’s known leaders. Mohammed Atef, al Qaeda’s military commander and a

principal figure in the 9/11 plot, had been killed by a U.S. air strike. [13, p. 338]

At the Bonn Conference in December 2001, Hamid Karzai was selected to head the

Afghan Interim Administration, which after a 2002 loya jirga in Kabul became the

Afghan Transitional Administration. In the popular elections of 2004, Karzai was

elected president of the country, now named the Islamic Republic of Afghanistan. [17]

Escape

The U.S. and its allies drove the Taliban from power and built military bases near major

cities across the country. Most al-Qaeda and Taliban, however, were not captured,

escaping to neighboring Pakistan or retreating to rural or remote mountainous regions.

[17] Among the escapees was Osama bin Laden.

In December 2001, Afghan forces, with limited U.S. support, engaged al Qaeda

elements in a cave complex called Tora Bora. It was later determined that bin Laden

was present, and the failure by the United States to commit enough ground troops

allowed him to escape. [18]

In March 2002, the largest engagement of the war was fought, in the mountainous

Shah-i-Kot area south of Gardez, against a large force of al Qaeda jihadists. Almost all

remaining al Qaeda forces fled across the border and took refuge in Pakistan’s equally

mountainous and lightly governed frontier provinces. [13, p. 338]

As the U.S. turned its attention to Iraq, the Taliban began to reorganize under their

former leader Mohammed Omar, and in 2003 launched an insurgency against the

newly established Afghan government and its supporting allies. The insurgency drew

the United States into its longest lasting military engagement in history. After 13 years,

the United States officially ended combat operations in Afghanistan on October 26,

2014. Despite Mohammed Omar’s death in April 2013, the insurgency continued. As of

2015, U.S. forces still maintained a presence in Afghanistan and supported the Afghan

military with air strikes and Special Operations raids. [17]

Chapter 9: Homeland Security

In less than two months,

the U.S. military

succeeded in toppling

the Taliban. However,

in the midst of action,

both the Taliban leader,

Mohammed Omar, and

Osama bin Laden

managed to escape and

evade capture.

144

Captured or Killed

Beginning on September 11, Immigration and Naturalization Service agents working in

cooperation with the FBI began arresting individuals for immigration violations.

Eventually, 768 aliens were arrested as “special interest” detainees. Some, such as

Zacarias Moussaoui, were already in INS custody before 9/11. [13, p. 327] Moussaoui

had been arrested by the FBI for immigration violation in August 2001 after arousing

suspicion over his flight training courses in Eagan, Minnesota. On December 11, 2001,

Moussaoui was indicted by a federal grand jury in United States District Court for the

Eastern District of Virginia on six felony charges: conspiracy to commit acts of terrorism

transcending national boundaries, conspiracy to commit aircraft piracy, conspiracy to

destroy aircraft, conspiracy to use weapons of mass destruction, conspiracy to murder

United States employees, and conspiracy to destroy property. Moussaoui was alleged

by federal prosecutors to have been a replacement for the “first” 20th hijacker,

possibly Ramzi bin al-Shibh who was denied a visa. Moussaoui pleaded guilty in federal

court for which he was found guilty in May 2006. As a result of his conviction, he is

serving six life sentences without parole at the Federal Supermax prison in Florence,

Colorado. [19]

On March 1, 2003, Khalid Sheikh Mohammed, the mastermind behind the 9/11 plot,

was captured in hiding in Rawalpindi, Pakistan, by a combined force from the CIA and

Pakistan Inter-Services Intelligence (ISI) agency. Over the next several years, KSM was

interrogated by the CIA in secret prison camps located in Europe. In 2006 he was

transferred to military custody and Guantanamo Bay detention camp in Cuba. In

February 2008, KSM was charged with war crimes and murder by a U.S. military

commission. He remains in Guantanamo awaiting trial. [20]

After bin Laden fled Tora Bora in 2001, numerous speculative press reports were

issued about his whereabouts or even death. Some placed bin Laden in different

locations during overlapping time periods. None were ever definitively proven. After

military offensives in Afghanistan failed to uncover his whereabouts, Pakistan was

regularly identified as his suspected hiding place. [18]

In April 2011, various intelligence outlets pinpointed bin Laden’s suspected location

near Abbottabad, Pakistan. It was previously believed that bin Laden was hiding near

the border between Afghanistan and Pakistan’s Federally Administered Tribal Areas,

but he was found 100 miles away in a three-story mansion in Abbottabad, less than a

mile from the Pakistan Military Academy. [18]

Part II: HS, DHS, & HS Enterprise

After bin Laden fled Tora

Bora in 2001, numerous

speculative press reports

were issued about his

whereabouts or even

death. In April 2011,

various intelligence

outlets pinpointed bin

Laden’s suspected

location near

Abbottabad, Pakistan.

145

On April 29, 2011, President Obama authorized a team of Navy SEALs to raid the

compound in Abbottabad. On May 2, 2011, Operation NEPTUNE SPEAR launched from

Afghanistan into Pakistan aboard specially modified stealth helicopters. They were

supported by multiple additional aircraft, including Air Force fighters and drones. As

the helicopters maneuvered to discharge the SEALs, one lost lift and crash landed

inside the compound. None of the team was seriously injured, and they quickly

regained their composure. The other helicopter landed outside the compound and the

SEALs scaled the walls to get inside. The SEALs then advanced into the house,

breaching walls and doors with explosives. The interior was pitch dark because CIA

operatives had cut the power to the neighborhood. However, the SEALs wore night

vision goggles. They made their way to the third floor where bin Laden lived with his

family. Bin Laden peered through his bedroom door at the Americans advancing up

the stairs, and then retreated into the room as the lead SEAL fired a shot at him, which

either missed or hit him in the side. Bounding into the room, they found bin Laden with

one of his wives. Bin Laden was shot twice in the forehead, and once more as he

crumpled to the floor. He was dead. The SEAL team leader radioed, “For God and

country—Geronimo, Geronimo, Geronimo”, using a call sign to confirm they had found

bin Laden. After being prompted for confirmation, the SEAL team leader announced

“Geronimo E.K.I.A.”, military-speak for “enemy killed in action”. Watching the

operation in the White House Situation Room, Obama said, “We got him.” [18]

From entry to exit, the SEALS spent no more than 38 minutes in the Abbottabad

compound. The helicopter damaged in the crash was destroyed to safeguard its

classified equipment. A standby Chinook was sent in to pick up the SEALS together

with bin Laden’s body and evidence gathered in the raid. The team flew back to

Afghanistan where bin Laden’s body was transferred to a waiting V-22 Osprey and

flown out to the aircraft carrier Carl Vinson. Muslim religious rites were performed

and the body wrapped in a white sheet and placed in a weighted plastic bag. At

approximately 11:00 am, bin Laden’s body was buried at sea, to be gone forever. [18]

But the threat did not end with him.

Chapter 9: Homeland Security

“For God and country—

Geronimo, Geronimo,

Geronimo.”

146

Conclusion

Homeland security is about safeguarding the United States from domestic catastrophic

destruction. Osama bin Laden was indicted by the FBI for capital crimes related to the

1998 embassy bombings and 9/11 attacks. When the Taliban government of

Afghanistan refused to extradite him, the United States initiated military action to

remove the Taliban and capture bin Laden. In the confusion of battle, both bin Laden

and Mohammed Omar managed to escape and become fugitives. Mohammed Omar

instigated the Taliban insurgency which continued after his death in 2013. Osama bin

Laden was eventually located inside Pakistan, and killed in a special operations raid in

2011. The U.S. remains engaged in Afghanistan as part of U.S. national security

strategy to prevent that country from again harboring agents who would pose a

homeland security threat. By the same token, the U.S. federal government undertook

sweeping changes to close the gaps exposed by 9/11, and establish homeland security

as an essential component of national security.

Part II: HS, DHS, & HS Enterprise

147

Chapter 9: Homeland Security

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. When and where did the term “homeland security” originate?

2. What was the first definition of “homeland security”?

3. What was the second definition of “homeland security”?

4. What are the basic differences between the first and second definitions?

5. What precipitated the change in definitions?

6. Which of the following incidents would be considered a homeland security concern by the first definition? Explain.

a. 9/11 Attacks

b. Hurricane Katrina

c. 2003 Northeast Blackout

7. Which of the previous incidents would be considered a homeland security concern by the second definition? Explain.

8. Which of the previous incidents would be considered a homeland security concern by the working definition? Explain.

9. Why are the 9/11 attacks considered a crime, but not the 1941 attacks on Pearl Harbor?

10. What is the relationship between Osama bin Laden and the U.S. invasion of Afghanistan in October 2001?

148

Part II: HS, DHS, & HS Enterprise

149

DHS Formation

Careful study of this chapter will help a student do the following:

 Explain why Congress was already considering homeland security legislation before 9/11.

 Describe measures taken by the White House to coordinate homeland security immediately after 9/11.

 Explain why the White House advocated an executive department for homeland security after 9/11.

 Assess the organization and mission of the new Department of Homeland Security.

Chapter 10

Learning Outcomes

Chapter 10: DHS Formation

150

“The combination of unconventional weapons proliferation with the persistence of

international terrorism will end the relative invulnerability of the U.S. homeland to

catastrophic attack. We therefore recommend the creation of an independent National

Homeland Security Agency with responsibility for planning, coordinating, and

integrating various U.S. government activities involved in homeland security.”

– Phase III Report of the Hart-Rudman Commission, February 15, 2001

Introduction

The United States Department of Homeland Security (DHS) is a Cabinet department of

the Federal government of the United States that is concerned with protecting the

American homeland and the safety of American citizens. The department was created

from a conglomeration of twenty-two existing federal agencies in response to the

terrorist attacks of September 11th, 2001. It was established on November 25th, 2002,

by the Homeland Security Act and officially began operation on January 24th, 2003.

The formation of the Department of Homeland Security was the largest government

reorganization in 50 years since the establishment of the Department of Defense in

1947.

Organizing for Homeland Security

In the immediate aftermath of 9/11, White House Deputy chief of Staff, Joshua Bolten,

chaired a temporary “domestic consequences” group to address problems of how to

help victims and stanch the flowing losses to the American economy stemming from

the closure of American airspace and the stock market. The very process of reviewing

these issues underscored the absence of an effective government organization

dedicated to assessing vulnerabilities and handling problems of protection and

preparedness. Though a number of agencies had some part of the task, none had

security as its primary mission. [1, p. 327]

By September 14, Vice President Cheney had decided to recommend, at least as a first

step, a new White House entity to coordinate all the relevant agencies rather than

tackle the challenge of combining them in a new department. This new White House

entity would be a homeland security adviser and Homeland Security Council—

paralleling the National Security Council system. Vice President Cheney reviewed the

proposal with President Bush and other advisers. President Bush announced the new

post and its first occupant— Pennsylvania governor Tom Ridge—in his address to a

joint session of Congress on September 20. [1, p. 327]

Part II: HS, DHS, & HS Enterprise

151

Office of Homeland Security

On October 8, 2001, President Bush issued Executive Order 13228 establishing both an

Office of Homeland Security and Homeland Security Council. Both would be headed by

the Assistant to the President for Homeland Security. The mission of the Office was to

develop and implement a comprehensive national strategy to secure the United States

from terrorist attacks. To fulfill its mission, OHS was assigned functions necessary to

detect, prepare for, prevent, protect against, respond to, and recovery from terrorist

attacks within the United States. [2]

Detection. The Homeland Security Advisor was to work with the National Security

Advisor in setting priorities for collection of intelligence outside the United States

regarding threats of terrorism inside the United States. Furthermore, the Homeland

Security Advisor was to facilitate collection from State and Local government of

information pertaining to terrorist threats or activities within the United States, and

ensure that such information was legally disseminated among all appropriate and

necessary law enforcement agencies. [2]

Preparedness. The Office of Homeland Security was to coordinate national efforts to

prepare for and mitigate the consequences of terrorist attacks within the United

States. This meant updating federal emergency response plans, developing a national

exercise program, reviewing vaccination policies (for biological attack), and lending

federal assistance to State and Local governments to help them prepare for and

respond to terrorist attacks. [2]

Prevention. The Office of Homeland Security was to coordinate national efforts to

prevent terrorist attacks within the United States. To facilitate this, the Homeland

Security Advisor was to strengthen border security to prevent entry of terrorists and

terrorist materials and supplies into the United States. All suspected terrorists already

in the United States were to be removed, and monitoring and surveillance increased

along the land, air, and sea approaches. [2]

Protection. Office of Homeland Security was to coordinate efforts to protect the

United States and its critical infrastructure from terrorist attack. This included

strengthening measures for protecting high-value assets, services, and events;

developing plans for protecting critical infrastructure; and preventing unauthorized

access to, development of, and unlawful importation into the United States, of

chemical, biological, radiological, nuclear, explosive, or other related materials that

have the potential to be used in terrorist attacks. [2]

Chapter 10: DHS Formation

On October 8, 2001,

President Bush issued

Executive Order 13228

establishing both an

Office of Homeland

Security and Homeland

Security Council.

152

Response and Recovery. The Office of Homeland Security was to coordinate efforts to

respond to and recover from terrorist attacks within the United States. This included

working with Federal, State, and Local governments, and private entities as

appropriate to rapidly restore essential services following an attack. The Office was to

develop plans and programs to provide medical, financial, and other assistance to

victims and their families. The Office was also to coordinate the containment and

removal of chemical, biological, radiological, explosive, or other hazardous materials

resulting from a terrorist attack. [2]

Additionally, EO 13228 designated the Homeland Security Advisor the primary official

responsible for coordinating the federal response to domestic attack, and ensuring

continuity of the Federal government following an attack. [2]

The Office of Homeland Security was formed as a matter of expediency to assist the

President with the urgent task of securing the nation immediately following 9/11.

Congress, in the meantime, began debating the necessity of fundamentally

restructuring the Federal government to assure a more permanent solution.

Department of Homeland Security

Congress’s deliberations on reorganizing the government’s homeland security

functions were largely built on the recommendations of the U.S. Commission on

National Security for the 21st Century (Hart-Rudman Commission), which submitted its

last report to Congress in February 2001. This commission proposed creating a new

federal agency by consolidating the Coast Guard, the Customs Service, the Immigration

and Naturalization Service (INS), and FEMA into a new National Homeland Security

Agency. [3]

In April 2001, Representative William (Mac) Thornberry (R-TX) introduced H.R. 1158 to

create that agency. Shortly after September 11, Senator Joseph Lieberman (D-CT)

proposed similar legislation (S. 1534) to create a National Homeland Security

Department (NHSD). Other Members, such as Representative Alcee Hastings (D-FL) and

Senator Bob Graham (D-FL), promoted the findings of the Advisory Panel to Assess

Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction

(Gilmore Commission) in H.R. 3078. The Gilmore Commission had concluded that a

White House office with detailed statutory authority, modeled after the Office of

National Drug Control Policy (ONDCP), would be best situated to solve the federal

government’s coordination problems. [3]

Part II: HS, DHS, & HS Enterprise

The Office of Homeland

Security was formed as

a matter of expediency

to assist the President

with the urgent task of

securing the nation

immediately following

9/11. Congress, in the

meantime, began

debating the necessity

of fundamentally

restructuring the

Federal government to

assure a more

permanent solution.

153

After the introduction of H.R. 1158 and S. 1534, Representative Thornberry and

Senator Lieberman refined their proposals to gain the support of more Members of

Congress, and in May 2002 introduced the National Homeland Security and Combating

Terrorism Act of 2002 (H.R. 4660). Before debate could proceed much further, on June

6, 2002, the White House issued a presidential proposal for a new cabinet-level

Department of Homeland Security. [3]

In the eight months after its creation, the Office of Homeland Security was hindered by

the fragmentation of responsibilities among federal agencies, as well overlapping

authorities and insufficient resources within agencies. [3] According to the White

House, responsibilities for homeland security were dispersed among more than 100

different government organizations. No one single government agency had homeland

security as its primary mission. [4] The President’s initiative called for consolidating

most federal agencies with homeland security missions in one department to focus the

government’s resources more efficiently and effectively on domestic security. The

President’s plan built on the recommendations of various national commissions as well

as some of the legislative proposals placed before Congress. Creating a Department of

Homeland Security would solve such organizational problems and facilitate the OHS’

coordination role. [3]

The President’s proposal combined existing federal agencies and offices with homeland

security responsibilities under one authority. For example, the proposal transferred

Transportation Security Administration and the Coast Guard to the DHS, removing all

direct homeland security duties from the U.S. Department of Transportation. The

proposal also folded the Federal Emergency Management Agency (FEMA) and the

Department of Agriculture’s Animal and Plant Health Inspection Service (APHIS) into

DHS. The functions of the offices relocated to the DHS would be distributed among

four major divisions:

1. Border and Transportation Security;

2. Emergency Preparedness and Response;

3. Chemical, Biological, Radiological and Nuclear Countermeasures; and

4. Information Analysis and Infrastructure Protection. [3]

Acting on the President’s proposal, on June 24, 2002, Representative Richard Armey (R

-TX) submitted House Resolution 5005 (H.R. 5005) calling for the establishment of a

Department of Homeland Security. HR 5005 incorporated most of the provisions set

forth in H.R. 4660. H.R. 5005 passed the House July 26, 2002, and was handed over to

the Senate on July 30th. [5] H.R. 5005 wasn’t without its detractors, and stalled in the

Senate.

Chapter 10: DHS Formation

On June 24, 2002,

Representative Richard

Armey (R-TX) submitted

House Resolution 5005

(H.R. 5005) calling for

the establishment of a

Department of

Homeland Security.

154

Controversy centered on whether the Federal Bureau of Investigation and the Central

Intelligence Agency should be incorporated in part or in whole (neither were included).

The bill itself was also controversial for the presence of unrelated “riders”, as well as

for eliminating standard civil service and labor protections for department employees.

Without these protections, employees could be expeditiously reassigned or dismissed

on grounds of security, incompetence or insubordination. [6]

The impasse was broken when both the House and Senate agreed to a compromise

resolution, H.R. 5710 incorporating provisions by Senator Joseph Lieberman

authorizing the President to bypass traditional civil service procedures provided he first

consult with Congress and mediate with the federal employees union. [7]

On November 20, 2002, the Senate passed H.R. 5005 by a vote of 90-9 authorizing the

creation of a Department of Homeland Security consolidating twenty-two federal

agencies under a single executive department. President Bush signed the bill into law,

Public Law 107-296, the Homeland Security Act, on November 25, 2002. Tom Ridge

was made secretary of the new department.

Pulling It Together

Pursuant to section 1502 of the of the Homeland Security Act, on November 25, 2002,

the White House submitted to the House of Representatives a Reorganization Plan for

the Department of Homeland Security. The plan identified what agencies would be

transferred to the new Department, and how and when they would be transferred. [8]

According to the plan, all transfers were to be completed no later than March 1, 2003.

[9] Approximately 169,000 personnel were transferred to the Department of

Homeland Security from the organizations shown in Table 1. [10]

Organizing Concept

The organization of the Department of Homeland Security was designed to realign the

previous patchwork of government activities into a single department with the primary

mission to protect the homeland. [11, p. 1] The Department of Homeland Security

would make the country safer because the nation would have:

 One department whose primary mission is to protect the American homeland;

 One department to secure borders, the transportation sector, ports, and critical

infrastructure;

 One department to synthesize and analyze homeland security intelligence from

multiple sources;

 One department to coordinate communications with state and local governments,

private industry, and the American people about threats and preparedness;

Part II: HS, DHS, & HS Enterprise

On November 25, 2002,

President Bush signed

into law the Homeland

Security Act establishing

the Department of

Homeland Security.

Tom Ridge, the former

governor of

Pennsylvania, was

appointed the first

Secretary of Homeland

Security.

155

 One department to coordinate efforts to protect the American people against

bioterrorism and other weapons of mass destruction;

 One department to help train and equip for first responders;

 One department to manage federal emergency response activities; and

 More security officers in the field working to stop terrorists and fewer resources in

Washington managing duplicative and redundant activities that drain critical

homeland security resources. [11, p. 1]

DHS Organization

In the final version of H.R. 5005 signed into law as the Homeland Security Act, the

Department of Homeland Security would be comprised of five directorates:

1. Border and Transportation Security;

2. Emergency Preparedness and Response;

3. Information Analysis and Infrastructure Protection;

4. Science and Technology; and

5. Management [12]

Chapter 10: DHS Formation

Table 10-1: Organizations Transferred to DHS [10]

DHS Directorate Transferred Organization Transferring
Agency

1 Border & Transportation Security U.S. Customs Service Treasury

2 Immigration and Naturalization Service Justice

3 Federal Protective Service

4 Transportation Security Administration Transportation

5 Federal Law Enforcement Training Center Treasury

6 Animal and Plant Health Inspection Service Agriculture

7 Office for Domestic Preparedness Justice

8 Emergency Preparedness &
Response

FEMA FEMA

9 Strategic National Stockpile & National Disaster
Medical System

HHS

10 Nuclear Incident Response Team Energy

11 Domestic Emergency Support Teams Justice

12 National Domestic Preparedness Office FBI

13 Science & Technology Directorate CBRN Countermeasures Programs Energy

14 Environmental Measurements Laboratory Energy

15 National BW Defense Analysis Center Defense

16 Plum Island Animal Disease Center Agriculture

17 Information Analysis & Infrastructure
Protection

Federal Computer Incident Response Center GSA

18 National Communications System Defense

19 National Infrastructure Protection Center FBI

20 Energy Security and Assurance Program Energy

21 U.S. Secret Service U.S. Secret Service Treasury

22 U.S. Coast Guard U.S. Coast Guard Transportation

156

Border and Transportation Security Directorate. BTS was designed to ensure the

security of the nation’s borders and transportation systems. Its first priority was to

prevent the entry of terrorists and the instruments of terrorism while simultaneously

ensuring the efficient flow of lawful traffic and commerce. BTS managed and

coordinated port of entry activities and led efforts to create borders that feature

greater security through better intelligence, coordinated national efforts and

international cooperation against terrorists and the instruments of terrorism and other

international threats. BTS was comprised of the Customs and Border Protection (CBP),

Immigration and Customs Enforcement (ICE), the Transportation Security

Administration (TSA), Federal Law Enforcement Training Center (FLETC), and the Office

of Domestic Preparedness (ODP). [8, p. 8]

U.S. Customs and Border Protection provided security at the borders and ports of entry

as well as extending the zone of security beyond physical borders so that they are the

last line of defense, not the first. CBP was also responsible for apprehending individuals

attempting to enter the United States illegally, stemming the flow of illegal drugs and

other contraband; protecting the nation’s agricultural and economic interests from

harmful pests and diseases; protecting American businesses from theft of intellectual

property; regulating and facilitating international trade; collecting import duties; and

enforcing United States trade laws. [8, p. 8]

U.S. Immigration and Customs Enforcement enforced federal immigration, customs

and air security laws. ICE’s primary mission was to detect vulnerabilities and prevent

violations that threatened national security. ICE was the largest investigative arm of

the new department. ICE deterred, interdicted and investigated threats arising from

the movement of people and goods into and out of the United States; and by policing

and securing federal government facilities across the Nation. [8, p. 8]

The Transportation Security Administration was a new government agency created in

the wake of 9/11 because airline security screeners had failed to spot weapons carried

by the hijackers. Congress moved quickly to pass the Aviation and Transportation

Security Act in November 2001 creating the Transportation Security Administration

mandating a federalized workforce of security screeners to inspect airline passengers

and their baggage. The act gave the TSA broad authority to assess vulnerabilities in

aviation security and take steps to mitigate these risks. [8, p. 8] [13, p. iii]

Federal Law Enforcement Training Center (FLETC) was the Federal Government’s

leader for law enforcement training. FLETC prepared new and experienced law

enforcement professionals to fulfill their responsibilities safely and at the highest level

of proficiency. [8, p. 9]

Part II: HS, DHS, & HS Enterprise

The same day President

Bush signed the

Homeland Security Act,

he submitted a

Reorganization Plan for

the Department of

Homeland Security,

identifying what

agencies would be

transferred to the new

Department, and how

and when they would be

transferred. All transfers

were to be completed

no later than March 1,

2003.

157

Office of Domestic Preparedness ensured the United States was prepared for acts of

terrorism by providing training and funds for the purchase of equipment, support for

the planning and execution of exercises, and technical assistance and other support to

assist State and Local jurisdictions in preventing, planning for, and responding to acts

of terrorism. [8, p. 9]

Emergency Preparedness and Response. EP&R was designed to ensure that the nation

was prepared for, and able to recover from terrorist attacks and natural disasters.

EP&R provided domestic disaster preparedness training and coordinated government

disaster response. The core of emergency preparedness was the Federal Emergency

Management Agency, responsible for reducing the loss of life and property and

protecting our nation’s institutions from all types of hazards through a comprehensive,

emergency management program of preparedness, prevention, response and

recovery. [8, p. 9]

Information Analysis and Infrastructure Protection. IAIP was designed to identify and

assesses a broad range of intelligence information concerning threats to the homeland,

issue timely warnings and take appropriate preventive and protective action.

Information Analysis was meant to provide actionable intelligence for preventing acts

of terrorism and, with timely and thorough analysis and dissemination of information

about terrorists and their activities, improve the government’s ability to disrupt and

prevent terrorist acts and to provide useful warning to state and local government, the

private sector and citizens. Infrastructure Protection was meant to coordinate national

efforts to secure America’s critical infrastructure, including vulnerability assessments,

strategic planning efforts and exercises. Protecting America’s critical infrastructure was

the shared responsibility of federal, state and local governments, in active partnership

with the private sector, the owners and operators of the majority of the nation’s

critical infrastructure. [8, p. 8]

Science and Technology Directorate. S&T provided federal, state and local operators

with the technology and capabilities needed to protect the nation from catastrophic

terrorist attacks, including threats from weapons of mass destruction. The S&T

Directorate would develop and deploy state-of-the-art, high performance, low

operating cost systems to detect and rapidly mitigate the consequences of terrorist

attacks, including those that may use chemical, biological, radiological and nuclear

materials. [8, p. 9]

Chapter 10: DHS Formation

The Department of

Homeland Security was

formed from the

consolidation of twenty-

two Federal agencies

and transfer of

approximately 169,000

personnel.

158

The Management Directorate oversaw the budget; appropriations; expenditure of

funds; accounting and finance; procurement; human resources and personnel;

information technology systems; facilities, property, equipment and other material

resources; and identification and tracking of performance measures aligned with the

mission of the Department. The Chief Financial Officer, Chief Information Officer, Chief

Human Capital Officer, Chief Procurement Officer and the Chief of Administrative

Services reported to the Undersecretary for Management as allowed by the Homeland

Security Act of 2002. [8, p. 9]

In addition to the five major directorates, the Department of Homeland Security was in

charge of the United States Coast Guard (USCG), United States Secret Service (USSS),

and U.S. Citizenship and Immigration Services (USCIS). [8, p. 9]

The United States Coast Guard ensured maritime safety, mobility and security and

protected natural marine resources. Its mission was to protect the public, the

environment and the United States economic interests in the nation’s ports and

waterways, along the coast, on international waters, or in any maritime region as

required to support national security. The Coast Guard also prevented maritime

terrorist attacks; halted the flow of illegal drugs and contraband; prevented individuals

from entering the United States illegally; and prevented illegal incursion into exclusive

economic zones. The Coast Guard had dual responsibility. Upon declaration of war, or

when the President so directed, the USCG would operate as an element of the

Department of Defense. [8, p. 9]

The United States Secret Service protected the President and Vice President, their

families, heads of state and other designated individuals; investigated threats against

these protectees; protected designated buildings within Washington, D.C.; and

planned and implemented security for designated National Special Security Events. The

USSS also investigated violations of laws relating to counterfeiting and financial crimes,

including computer fraud and computer-based attacks on the nation’s financial,

banking, and telecommunications infrastructure. [8, p. 9]

The U.S. Citizenship and Immigration Services directed the nation’s immigration system

and promoted citizenship values by providing immigration services such as immigrant

and nonimmigrant sponsorship; adjustment of status; work authorization and other

permits; naturalization of qualified applicants for United States citizenship; and asylum

or refugee processing. USCIS made certain that America continues to welcome visitors

and those who seek opportunity while excluding terrorists and their supporters. [8, p.

9]

Part II: HS, DHS, & HS Enterprise

The establishment of the

Department of

Homeland Security was

the largest

reorganization of

Federal government

since the 1947 National

Security Act created the

National Security

Council, Department of

Defense, and Central

Intelligence Agency.

159

Chapter 10: DHS Formation

Figure 10-1: DHS Organization [8, p. 10]

Where is the Department of Homeland Security Located?

DHS personnel are currently located in 50 different offices across the Washington DC metropolitan area.

Headquarters is located at 3801 Nebraska Avenue, NW, Washington, DC. The Nebraska Avenue Complex (NAC)

is a 37-acre site with 30 buildings and 653,400 square feet of office space. The campus is a secure facility with an

established security perimeter and on-site generators. Unfortunately, the NAC only accommodates about 2,390

of the 28,000 employees in the DC region. [7, p. i] It also wastes millions of dollars in leased office space and

transportation costs. According to former DHS Secretary Michael Chertoff, the attendant logistical difficulties of a

dispersed workforce slowed the government response to Hurricane Katrina in 2005, and a terrorist plot to blow

up transatlantic airliners with liquid explosives in 2006. Chertoff recalled “People were shuttling back and forth

in those critical days after the plot was exposed, and that just made it much more difficult and time-consuming,”

he said. Calling it urgent, Chertoff released a plan in 2006 to begin construction of a new centralized

headquarters to be completed by 2015. The new headquarters would cost about $3 billion and accommodate

14,000 DHS employees. With the exception of the new Coast Guard building, little progress has been made,

while cost estimates have risen to $4.5 billion and completion pushed out to 2026. One of the main reasons for

the cost overruns and schedule delays is that the chosen site for DHS headquarters is the former St. Elizabeth’s

Hospital, a national historic landmark. Built in 1852 on a 176-acre hilltop site east of the Anacostia River, St.

Elizabeth’s was the first federal psychiatric institution. Its grounds were once home to patients like Ezra Pound,

the poet, and John Hinckley Jr., the attempted assassin of President Reagan. St. Elizabeth’s was among 14

possibilities because it was the only location that met size and security requirements. More than 50 historic

buildings would need to be renovated and new ones erected for DHS’ new home. Even before costs began to

soar, planners were aware they would face millions of dollars in outlays for historic preservation and

rehabilitation of antiquated utilities and infrastructure. A decade after work began, St. Elizabeth’s venture – the

capital region’s largest planned construction project since the Pentagon – has become a monumental example of

Washington inefficiency and drift. [8]

160

Conclusion

In the immediate aftermath of 9/11, on October 8, 2001, President Bush issued E.O.

13228 establishing an Office of Homeland Security and Homeland Security Council

under the direction of a new Assistant to the President for Homeland Security. Former

Pennsylvania Governor, Tom Ridge, was appointed the first Homeland Security

Advisor. OHS was responsible for developing and coordinating the implementation of

a comprehensive national strategy to secure the United States from terrorist attacks.

HSC was responsible for advising and assisting the President with respect to all aspects

of homeland security. In his June 2002 proposal for a Department of Homeland

Security, President Bush appeared to anticipate the continued operation of both OHS

and HSC. When the Homeland Security Act was signed into law November 25, 2002, it

created the Department of Homeland Security and rechartered the HSC as an agency

within the Executive Office of the President [14, pp. CRS-1] Tom Ridge was appointed

the new Secretary of Homeland Security. Many of the functions of the Office of

Homeland Security transferred to the new Department together with the new

Secretary. [15, p. 9] OHS was closed and the remnants transferred to HSC. [14, pp. CRS-

3] The Department of Homeland Security was formed by realigning the previous

patchwork of twenty-two government activities into a single department with the

primary mission to protect the homeland. President Bush signed Executive Order

13284 activating the Department of Homeland Security effective January 23rd, 2003.

Part II: HS, DHS, & HS Enterprise

161

Chapter 10: DHS Formation

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. What findings from the Hart-Rudman Commission report prompted a bill to be submitted before Congress in April

2001 to form a National Homeland Security Department?

2. List and describe the two organizations created immediately after 9/11 to assist the President with developing and

managing homeland security policy.

3. Why did the White House feel the need to propose an executive department for homeland security?

4. List and describe two arguments for, and two arguments against creating a Department of Homeland Security.

5. What was the primary mission proposed by the White House for the Department of Homeland Security?

6. How was the new Department of Homeland Security going to improve domestic security?

7. Do you think it would’ve been a good idea to integrate either or both the CIA and FBI within DHS? Explain.

8. What do you notice when you compare DHS’ original organization to the Critical Mission Areas listed in the 2002

National Strategy for Homeland Security (written before DHS was formed)?

9. Which DHS directorate do you think had the most important mission? Explain your answer.

10. Where did FEMA fit into the new Department of Homeland Security?

162

Part II: HS, DHS, & HS Enterprise

163

DHS Evolution

Careful study of this chapter will help a student do the following:

 Explain how and why the DHS mission and organization were oriented when it was created in 2003.

 Explain how and why the DHS mission and organization significantly changed after Hurricane Katrina.

 Describe both internal and external initiatives that re-oriented DHS’ mission between 2005 and 2007.

 Evaluate the evolution of the DHS cybersecurity mission between 2003 and 2010.

 Debate the merits of merging homeland security strategy and national security strategy.

 Discuss the purpose and value of the Quadrennial Homeland Security Review.

Chapter 11

Learning Outcomes

Chapter 11: DHS Evolution

164

“The most serious mistakes are not being made as a result of wrong answers. The true

dangerous thing is asking the wrong question.”

– Peter F. Drucker

Introduction

Peter Drucker is hailed as “the man who invented management”. His writings are

highly regarded for predicting major business trends and influencing successful

corporations through much of the 20th century. [1] Among his key insights was the

need to continually reassess core assumptions and ensure that an organization’s

missions are properly aligned with their objectives. Accordingly, the Department of

Homeland Security’s mission and organization have evolved since it first became

operational, January 23, 2003. This chapter examines the evolution of DHS’ mission

and organization, and the factors that influenced that change.

2002 Homeland Security Strategy

On October 8, 2001, President Bush issued Executive Order 13228 establishing the

Office of Homeland Security within the Executive Office of the President. The mission

of the office was to develop and implement a comprehensive national strategy to

secure the United States from terrorist attacks. [2]

In July 2002, the Office of Homeland Security released the first National Strategy for

Homeland Security. The 2002 Strategy set the stage by defining homeland security,

and explaining its terms:

“Homeland security is a concerted national effort to prevent terrorist attacks within

the United States, reduce America’s vulnerability to terrorism, and minimize the

damage and recover from attacks that do occur.”

– 2002 National Strategy for Homeland Security [3, p. 2]

The 2002 Strategy explained that a “concerted national effort” meant that homeland

security was not just the job of the anticipated new Department of Homeland Security,

but the shared responsibility of all branches at all levels of government, and the private

sector. The fact that DHS could not accomplish the mission alone would lead to the

concept of a “homeland security enterprise” presented later in this book. The 2002

Strategy explained that “prevention” is the first priority, obviously to avoid the

consequences of a domestic catastrophic attack. It noted that “detection” is an

essential precondition for “prevention”, suggesting the need for intelligence

Part II: HS, DHS, & HS Enterprise

The 2002 National

Strategy for Homeland

Security defined

homeland security as “a

concerted national

effort to prevent

terrorist attacks within

the United States,

reduce America’s

vulnerability to

terrorism, and minimize

the damage and recover

from attacks that do

occur.”

165

surveillance both at home and abroad. In explaining the definition of homeland

security, the 2002 Strategy made it clear that the central risk was “mass casualties,

massive property loss, and immense social disruption.” It further identified the

potential means for inflicting domestic catastrophic destruction in the form of

“weapons of mass destruction, strategic information warfare, attacks on critical

infrastructure, and attacks on the highest leadership of government.” These are the

types of attacks homeland security seeks to prevent by terrorists. Additionally, the

2002 Strategy defined “terrorist attacks” as “any premeditated, unlawful act

dangerous to human life or public welfare that is intended to intimidate or coerce

civilian populations or governments.” According to the 2002 Strategy, this definition

covered kidnappings; hijackings; shootings; conventional bombings; attacks involving

chemical, biological, radiological, or nuclear weapons; cyber attacks; and any number

of other forms of malicious violence. The 2002 Strategy also noted that terrorists could

be U.S. citizens or foreigners, acting in concert with others, on their own, or on behalf

of a hostile state. Detection was again singled out as a method of reducing the nation’s

vulnerability to terrorist attack. But the 2002 Strategy also noted the specific

vulnerability of critical infrastructure, as exposed by 9/11, and prescribed the need for

the government to work with the private sector to identify and protect it. The difficulty

of reducing vulnerabilities, as noted in the 2002 Strategy, is that it requires an

imprecise and constant adjusting of the balance between safety and security, and cost

and liberty. The 2002 Strategy was also insightful, noting that as defenses are shored

up in one area, terrorists might exploit vulnerabilities in others. By this observation

the 2002 Strategy tacitly acknowledged the impossibility of preventing all terrorist

attacks. Thus, the definition also addressed minimizing damages and quickly

recovering from attacks that do occur. To minimize damages, the 2002 Strategy

proposed improving coordination and helping prepare First Responders for

catastrophic incidents. Similarly, rapid recovery was deemed necessary to restoring

economic growth and public confidence. [3, pp. 2-3]

The 2002 Strategy further explained that homeland security is an exceedingly complex

mission. It involves efforts both at home and abroad, and demands a range of

government and private sector capabilities. It also calls for coordinated and focused

effort from many agencies who are not otherwise required to work together and for

whom security is not always a primary mission. In order to provide clear direction

amidst this confusion, the 2002 Strategy recast the definition of homeland security into

a set of three objectives to help prioritize actions:

1. Prevent terrorist attacks within the United States;

2. Reduce America’s vulnerability to terrorism; and

3. Minimize the damage and recover from attacks that do occur. [3, p. 3]

Chapter 11: DHS Evolution

The corresponding

objectives from the 2002

National Strategy for

Homeland Security

were:

1. Prevent terrorist

attacks within the

U.S.;

2. Reduce America’s

Vulnerability to

terrorism; and

3. Minimize the

damage and

recovery from

attacks that do

occur.

166

From the preceding definition of homeland security, the 2002 Strategy also derived six

critical mission areas for aligning and focusing homeland security functions: this is

what the new Department was expected to do:

1. Intelligence & Warning

2. Border & Transportation Security

3. Domestic Counterterrorism

4. Protecting Critical Infrastructure

5. Defending Against Catastrophic Terrorism

6. Emergency Preparedness and Response [3, p. viii]

The first three mission areas focus primarily on preventing terrorist attacks (objective

#1); the next two on reducing the nation’s vulnerabilities (objective #2); and the final

one on minimizing the damage and recovering from attacks that do occur (objective

#3).

Intelligence & Warning. The essential function of I&W is to detect terrorist activity

before it manifests itself into an attack so that proper preemptive, preventative, and

protective action can be taken. The 2002 Strategy identified five major initiatives in

this area:

1. Enhance the analytic capabilities of the FBI for domestic intelligence;

2. Conduct vulnerability assessments and risk analysis of critical infrastructure;

3. Implement a Homeland Security Advisory System;

4. Cross reference and correlate terrorist activity with “dual-use” items;

5. Employ “red team” techniques. [3, p. viii]

Border & Transportation Security. The essential function of BTS is to promote the

efficient and reliable flow of people, goods, and services across borders while keeping

out terrorists and terrorist weapons. The 2002 Strategy identified six major initiatives

in this area:

1. Ensure accountability in border and transportation security;

2. Create “smart borders” through better intelligence and coordination;

3. Increase security of international shipping containers;

4. Implement the Aviation and Transportation Security Act of 2001;

5. Recapitalize the U.S. Coast Guard; and

6. Reform immigration services. . [3, p. viii]

Part II: HS, DHS, & HS Enterprise

From the 2002 definition

and objectives for

homeland security were

derived six critical

mission areas:

1. Intelligence &

Warning

2. Border &

Transportation

Security

3. Domestic

Counterterrorism

4. Protecting Critical

Infrastructure

5. Defending Against

Catastrophic

Terrorism

6. Emergency

Preparedness &

Response

167

Domestic Counterterrorism. While law enforcement agencies will continue to

investigate and prosecute criminal activity, they should now assign priority to

preventing and interdicting terrorist activity within the United States. All legal means—

both traditional and nontraditional—will be used to identify, halt, and, prosecute

terrorists in the United States. The 2002 Strategy identified six major initiatives under

this area:

1. Improve intergovernmental law enforcement coordination;

2. Facilitate apprehension of potential terrorists;

3. Continue ongoing investigations and prosecutions;

4. Complete FBI restructuring to emphasize prevention of terrorist attacks;

5. Target and attack terrorist financing; and

6. Track foreign terrorists and bring them to justice. [3, p. ix]

Protecting Critical Infrastructure. This function seeks to improve protection of the

individual pieces and interconnecting systems that make up our critical infrastructure.

The 2002 Strategy identified eight major initiatives under this area:

1. Unify America’s infrastructure protection effort in the Department of Homeland

Security;

2. Build and maintain a complete and accurate assessment of America’s critical

infrastructure and key assets;

3. Enable effective partnership with state and local governments and the private

sector;

4. Develop a national infrastructure protection plan;

5. Secure cyberspace;

6. Harness the best analytic and modeling tools to develop effective protective

solutions;

7. Guard America’s critical infrastructure and key assets against “inside” threats; and

8. Partner with the international community to protect our transnational

infrastructure. [3, p. ix]

Chapter 11: DHS Evolution

168

Defending Against Catastrophic Threats. This function seeks a unified approach to

preventing, preparing, responding, and recovering from the deployment of chemical,

biological, radiological, or nuclear weapons in the United States. The 2002 Strategy

identified six major initiatives in this area:

1. Prevent terrorist use of nuclear weapons through better sensors and procedures;

2. Detect chemical and biological materials and attacks;

3. Improve chemical sensors and decontamination techniques;

4. Develop broad spectrum vaccines, antimicrobials, and antidotes;

5. Harness the scientific knowledge and tools to counter terrorism; and

6. Maintain the Select Agent Program regulating the shipment of hazardous biological

organisms and toxins. [3, p. ix]

Emergency Preparedness and Response. The EP&R function seeks to build a

comprehensive national system to bring together and coordinate all necessary

response assets quickly and effectively. This function also includes planning,

equipping, training, and exercising First Responders to mobilize without warning for

any emergency. The 2002 Strategy identified twelve major initiatives in this area:

1. Integrate separate federal response plans into a single all-discipline incident

management plan;

2. Create a national incident management system;

3. Improve tactical counterterrorist capabilities;

4. Enable seamless communication among all responders;

5. Prepare health care providers for catastrophic terrorism;

6. Augment America’s pharmaceutical and vaccine stockpiles;

7. Prepare for chemical, biological, radiological, and nuclear decontamination;

8. Plan for military support to civil authorities;

9. Build the Citizen Corps;

10. Implement the First Responder Initiative of the Fiscal Year 2003 Budget;

11. Build a national training and evaluation system; and

12. Enhance the victim support system.

Part II: HS, DHS, & HS Enterprise

169

DHS Formation

The Department of Homeland Security was established by the Homeland Security Act,

signed by President Bush November 25, 2002. Former Pennsylvania Governor Tom

Ridge relinquished his position as Homeland Security Advisor to become the first

Secretary of Homeland Security. Between November 2002 and January 2003,

Secretary Ridge consolidated 180,000 personnel from twenty-two federal agencies to

form the new Department of Homeland Security. On January 23, 2003, President Bush

issued Executive Order 13284 activating the new Department. [4, p. 7]

When it began operations, DHS was largely organized like a hand — the palm being the

office of the Secretary/Deputy Secretary with the thumb and fingers being individual

directorates for (1) Management, (2) Science and technology, (3) information Analysis

and Infrastructure protection, (4) Border and Transportation Security, and (5)

Emergency preparedness and response. In addition, however, approximately two

dozen other units within the department, but not located within one of the

directorates, reported directly to the Secretary. These included program entities, such

as the United States Coast Guard and United States Secret Service, and units within the

office of the Secretary, such as the Office of International Affairs and Office of State

and Local Government Coordination, as well as some Assistant Secretaries. At the time

of its creation, only 18,000 DHS employees worked in the Washington, DC, area,

indicating that the new department had a considerable field organization. [5, pp. CRS-

2]

As the former director of the Office of Homeland Security responsible for developing

the 2002 National Strategy for Homeland Security, Secretary Ridge strove to

implement the critical mission initiatives within the new Department. But the 2002

Strategy was based on the President’s proposed organization for DHS, and the actual

organization as stipulated in the 2002 Homeland Security Act was slightly different as

shown in Table 1.

Chapter 11: DHS Evolution

Table 11-1: DHS Initial Operating Organization

President’s Proposal, June 24, 2002 [6, p. 2] Homeland Security Act, November 25, 2002

1. Border & Transportation Security Border & Transportation Security

2. Emergency Preparedness & Response Emergency Preparedness & Response

3. CBRN Countermeasures Science & Technology

4. Information Analysis & Infrastructure Protection Information Analysis & Infrastructure Protection

5. U.S. Coast Guard U.S. Coast Guard

6. U.S. Secret Service U.S. Secret Service

7. Office of State & Local Coordination Office of State & Local Coordination

8. U.S. Citizenship & Immigration Services

On January 23, 2003,

President Bush issued

Executive Order 13284

activating the new

Department.

170

The most significant difference between the President’s proposed structure for DHS

and the organization resulting from the Homeland Security Act was replacement of the

CBRN Countermeasures Directorate with the Science and Technology Directorate. The

President’s proposed CBRN Countermeasures Directorate would have led the federal

government’s efforts in preparing for and responding to the full range of threats

involving weapons of mass destruction. According to the President’s proposal, this

would have required setting national policy and establishing guidelines for State and

Local governments. It would direct exercises and drills for Federal, State, and Local

CBRN response teams and plans. [6, p. 2] The Homeland Security Act conceived a

greater role for the Science & Technology Directorate. In addition to formulating

national policy and plans to prepare and respond to WMD, S&T would also develop

countermeasures for CBRN agents. Moreover, it would support basic and applied

research to develop, demonstrate, test, and evaluate activities relevant to any or all

elements of the Department. [4]

The Department of Homeland Security, as initially established, was designed to have a

clear and efficient relationship between its organization and function. [6, p. 2]

2003 Reorganization Plan

Although Section 442 of the Homeland Security Act established a Bureau of Border

Security within the Border and Transportation Security Directorate, it did not fully

delineate its responsibilities. On January 30, 2003, President Bush submitted a

modification to the November 2002 reorganization plan that established and described

new organizational units in the Border and Transportation Security Directorate. [9, p.

12]

Part II: HS, DHS, & HS Enterprise

Table 11-2: Mapping DHS Organization & Critical Mission Areas

DHS Agency Assigned Critical Mission Areas

1. Border & Transportation Security Border & Transportation Security

2. Emergency Preparedness & Response Emergency Preparedness & Response

3. Science & Technology Defending Against Catastrophic Threats

4. Information Analysis & Infrastructure Protection Intelligence & Warning
Domestic Counterterrorism
Protecting Critical Infrastructure

5. U.S. Coast Guard Border & Transportation Security
Protecting Critical Infrastructure

6. U.S. Secret Service Domestic Counterterrorism
Protecting Critical Infrastructure

7. Office of State & Local Coordination Domestic Counterterrorism
Emergency Preparedness & Response

8. U.S. Citizenship & Immigration Services Border & Transportation Security

The most significant

difference between the

President’s proposed

structure for DHS and

the organization

resulting from the

Homeland Security Act

was replacement of the

CBRN Countermeasures

Directorate with the

Science and Technology

Directorate.

171

The January 2003 Plan renamed the Bureau of Border Security as the Bureau of

Immigration and Customs Enforcement, incorporating parts of the Immigration and

Naturalization Service (INS), the Customs Service, and the Federal Protective Service

(FPS) and outlined its functions: to enforce immigration and customs laws within the

interior of the United States and to protect specified federal buildings. [9, p. 12]

The January 2003 plan also renamed the U.S. Customs Service as the Bureau of

Customs and Border Protection (now known as U.S. Customs and Border Protection, or

CBP). The new Bureau incorporated the border and ports of entry functions of the

Customs Service, inspection responsibilities and the Border Patrol from INS, and

agricultural inspection functions from the Department of Agriculture. [9, p. 12]

These changes were made after the Department became operational, but before

marking its official inception date of March 1, 2003. On that date, the majority of the

previously existing agencies, such as the Federal Emergency Management Agency, the

Transportation Security Administration, the Coast Guard, the Customs Service, and the

United States Secret Service transferred to the new Department. [9, p. 12]

Chapter 11: DHS Evolution

Table 11-2: Mapping DHS Organization & Critical Mission Areas

DHS Agency Assigned Critical Mission Areas

1. Border & Transportation Security Border & Transportation Security

2. Emergency Preparedness & Response Emergency Preparedness & Response

3. Science & Technology Defending Against Catastrophic Threats

4. Information Analysis & Infrastructure Protection Intelligence & Warning
Domestic Counterterrorism
Protecting Critical Infrastructure

5. U.S. Coast Guard Border & Transportation Security
Protecting Critical Infrastructure

6. U.S. Secret Service Domestic Counterterrorism
Protecting Critical Infrastructure

7. Office of State & Local Coordination Domestic Counterterrorism
Emergency Preparedness & Response

8. U.S. Citizenship & Immigration Services Border & Transportation Security

Figure 11-1: 2003 DHS Organization [4, p. 10]

The Department of

Homeland Security, as

initially established,

maintained clear

alignment between its

missions and

organization.

172

2004 Adjustments

In 2004, Secretary Ridge exercised his authority under Section 872 of the 2002

Homeland Security Act to adjust the Department’s organization [10], adding two new

reports to the Secretary: The Headquarters Operational Integration Staff (I-Staff) and

the Office of State and Local Government Coordination and Preparedness (SGLCP). [9,

p. 14]

On March 26, 2004, the Department consolidated the Office for Domestic

Preparedness and the Office of State and Local Government Coordination to form the

Office of State and Local Government Coordination and Preparedness, reporting

directly to the Secretary. [9, p. 14]

On January 15, 2004, the I-Staff was formed to assist DHS leadership with coordinating

and Department missions and operational activities, including threat response and

preparedness, within DHS Headquarters. I-Staff also took the lead on drafting the

National Response Plan (NRP) and National Incident Management System (NIMS) and

implementing coordination between Headquarters and field offices as part of the

Regions plan. I-Staff activities were discontinued with the implementation of the

Second Stage Review (2SR) reorganization in October 2005. [9, p. 14]

2005 Second Stage Review

Tom Ridge was Secretary of Homeland Security for two years before resigning on

November 30, 2004. [11] In January 2005, President Bush nominated Michael Chertoff

to replace Tom Ridge as Secretary of Homeland Security. Michael Chertoff was a

distinguished attorney who was serving as a Judge on the U.S. Court of Appeals when

Secretary Ridge resigned. [12] Secretary Chertoff took office on February 15, 2005, and

launched the Second Stage Review, or 2SR, a systematic evaluation of the

department’s operations, policies, and structures. [9, p. 16]

More than 250 members of the department, formed into 18 action teams,

participated. The teams also consulted with public and private partners at the federal,

state, local, tribal, and international levels. Based on the findings, on July 13, 2005,

Secretary Chertoff proposed to Congress the following six point agenda: [9, p. 16]

1. Increase preparedness, with particular focus on catastrophic events.

2. Strengthen border security and interior enforcement and reform immigration

processes.

3. Harden transportation security without sacrificing mobility.

Part II: HS, DHS, & HS Enterprise

Within provisions

authorized in the 2002

Homeland Security Act,

Secretary Ridge

continued until the end

of his term to make

minor adjustments to

the Department’s

organization.

173

4. Enhance information sharing with our partners, particularly with state, local and

tribal governments and the private sector.

5. Improve DHS stewardship, particularly with stronger financial, human resource,

procurement and information technology management.

6. Re-align the DHS organization to maximize mission performance. [5, pp. CRS-3]

Spurred in part by the flawed response to Hurricane Katrina, Congress formally

approved the 2SR recommendations October 18, 2005. [13, p. 259] The subsequent

reorganization abolished the Directorates for Border and Transportation Security,

Information Analysis and Infrastructure Protection, and Emergency Response and

Preparedness. With the abolition of these Directorates, the Director of the Federal

Emergency Management Agency (FEMA), the Commissioner of Customs and Border

Protection, the Assistant Secretary for the Transportation Security Administration,

Director of Operations Coordination, Assistant Secretary for Intelligence and Analysis

and the Assistant Secretary for Immigration and Customs Enforcement now reported

directly to the Secretary. [9, p. 16]

The reorganization created two new directorates. The Policy Directorate took on most

of the policy responsibilities from the former Assistant Secretary for Policy and

Planning in the Border and Transportation Security Directorate, as well as newly

created Assistant Secretaries for Legislative and Intergovernmental Affairs, Strategic

Plans, the Private Sector, and International Affairs. The Preparedness Directorate

consisted of preparedness functions transferred from FEMA and also included the U.S.

Fire Administration, the Office of National Capitol Region, the Office of Infrastructure

Preparedness, functions of the Office of State and Local Government Coordination, and

the new offices of the Assistant Secretary for Grants and Training and the Chief

Medical Officer. [9, p. 16]

The reorganization also created four new offices. The Office of Policy was created to

serve as the primary Department-wide coordinator for policies, regulations, and other

initiatives. These functions were previously performed under the Border and

Transportation Security Directorate. The Office of Intelligence and Analysis was created

to gather, analyze, and report information from relevant field operations and

information from other parts of the intelligence community. These functions were

previously performed, in part, under the Information Analysis and Infrastructure

Protection Directorate. The Office of Operations Coordination was established to

Chapter 11: DHS Evolution

Shortly after assuming

office in February 2005,

Secretary Chertoff

announced his intention

to reorganize DHS

according to a plan he

called the Second Stage

Review (2SR).

174

conduct joint operations across the Department, coordinate incident management and

the management of the Homeland Security Operations Center. The Office of Legislative

and Intergovernmental Affairs was created to merge similar functions previously

provided by the Office of Legislative Affairs and the Office of State and Local

Government Coordination. [13, p. 259]

2006 Post-Katrina Reform Act

Hurricane Katrina struck Florida and the Gulf Coast states in the last days of August

2005, followed within weeks by Hurricanes Rita and Wilma. These disasters will long be

remembered for disrupting families, changing and ending lives, and forcing Americans

to rethink vulnerability and risk assumptions. In addition to these impacts, the

hurricanes served as catalysts for significant changes in federal policy and the

organization of responsible federal entities, notably within the Department of

Homeland Security. [14, p. 1]

Reports issued by committees of the 109th Congress, the White House, federal offices

of Inspector General, and the Government Accountability Office (GAO), among others,

concluded that the losses caused by Hurricane Katrina were due, in part, to

deficiencies such as questionable leadership decisions and capabilities, organizational

failures, overwhelmed preparation and communication systems, and inadequate

statutory authorities. As a result, the 109th Congress revised federal emergency

management policies vested in the President; reorganized the Federal Emergency

Management Agency; and enhanced and clarified the mission, functions, and

authorities of the agency, as well as those of its parent, the Department of Homeland

Security. [14, p. i]

After FEMA was established in 1979, it was charged with carrying out activities to

enable Federal, State, and Local governments to address a broad spectrum of

emergency management functions. In carrying out its mission, FEMA 1) funded and

coordinated emergency preparedness activities, 2) provided and coordinated

immediate federal response to save lives and property, 3) funded the reconstruction of

damaged homes and infrastructure to help stricken families and communities recover,

and 4) supported hazard mitigation activities to ensure that future disasters do not

recur, or are less destructive in the future. These four elements of preparedness,

response, recovery, and hazard mitigation constitute what has been generally referred

to as the Comprehensive Emergency Management (CEM) system. [14, p. 3]

Part II: HS, DHS, & HS Enterprise

As a result of the flawed

response to Hurricane

Katrina, Congress

approved the 2SR

reorganization and

added its own

adjustments with the

2006 Post-Katrina

Emergency Reform Act.

175

When the Homeland Security Act transferred FEMA to DHS in 2003, some CEM

responsibilities were transferred to the Border and Transportation Security

Directorate. As part of the Second Stage Review, CEM functions were further divided

between FEMA and the new Preparedness Directorate. As part of its investigation into

Hurricane Katrina, Congress concluded that these mission and organizational shifts

deteriorated FEMA’s capabilities as functions, resources, and responsibilities moved to

other DHS units. Others argued that an emphasis on terrorist-caused incidents within

DHS dominated planning and allocation decisions and contributed to FEMA’s

diminished capabilities for all hazards. These findings led to congressional enactment

of significant revisions to FEMA’s structure and mission in the Post-Katrina Act. [14, pp.

3-4]

On October 4, 2006, as part of the Homeland Security FY2007 Appropriations Bill

(Public Law 109-295), the President signed into law the Post-Katrina Emergency

Reform Act. The Act established new leadership positions within the Department,

brought additional functions into the Federal Emergency Management Agency (FEMA),

and created and reallocated functions within the Department. [9, p. 25]

The Post-Katrina Emergency Management Reform Act of 2006 established new

leadership positions and position requirements within the Federal Emergency

Management Agency, brought new missions into FEMA and restored some that had

previously been removed, and enhanced the agency’s authority by directing the FEMA

Administrator to undertake a broad range of activities before and after disasters occur.

The Post-Katrina Act contained provisions that set out new law, amended the

Homeland Security Act, and modified the Robert T. Stafford Disaster Relief and

Emergency Assistance Act (the Stafford Act). [14, p. 1]

Specifically, the Act renamed the Under Secretary for Federal Emergency Management

as the Administrator of FEMA and elevated the position to the deputy secretary level.

The Administrator was designated the principal advisor to the President, the Homeland

Security Council, and the Secretary for all matters relating to emergency management

and can be designated by the President to serve as a member of the Cabinet in the

event of disasters. FEMA was legislatively protected as a distinct entity in the

Department and is subject to reorganization only by statute. [9, p. 25]

Chapter 11: DHS Evolution

One of the most

significant changes

brought about by the

Post-Katrina Reform Act

was that it expanded

and elevated FEMA as a

distinct entity within the

Department of

Homeland Security.

176

The Post-Katrina Emergency Management Reform Act transferred to FEMA all

functions of the Preparedness Directorate, including the Office of Grants and Training,

the United States Fire Administration (USFA), and the Office of National Capital Region

Coordination. The Office of Infrastructure Protection, the National Communications

System, the National Cybersecurity Division, and the Office of the Chief Medical Officer

remained in the Preparedness Directorate. [9, p. 25]

The Post-Katrina Act reorganized DHS with a reconfigured FEMA with consolidated

emergency management functions, elevated status within the department, and

enhanced organizational autonomy. Effective March 31, 2007, the Post-Katrina Act

restored to FEMA the responsibility to lead and support efforts to reduce the loss of

life and property and protect the nation from all hazards through a risk-based system

that focuses on expanded CEM components. The statute also added a fifth

component—protection—to the four CEM components, but did not define the term.

[14, pp. 5-6]

2006 SAFE Port Act

On October 13, 2006, Congress passed the Security Accountability for Every Port Act,

or SAFE Port Act of 2006 (Public Law 109-347). The act authorized the Domestic

Nuclear Detection Office (DNDO) and completed the reorganization of FEMA,

transferring the Radiological Preparedness Program and the Chemical Stockpile

Emergency Preparedness Program to FEMA. [9, p. 25]

To implement and complement the changes in FEMA mandated by the Post-Katrina

Management Reform Act of 2006 and the SAFE Port Act of 2006, the Department

reorganized FEMA and made other organizational changes. [9, p. 25]

After the Post-Katrina Emergency Reform Act transferred many functions to FEMA, the

Preparedness Directorate was renamed the National Protection and Programs

Directorate (NPPD) and retained some Preparedness elements not transferred to

FEMA, including the Office of Infrastructure Protection; the Office of Cyber Security

and Telecommunications combined with National Communications System and new

Office of Emergency Communications and renamed the Office of Cyber Security and

Communications; and the Office for State and Local Government Coordination,

renamed the Office of Intergovernmental Programs. Additionally the new Directorate

contained US-VISIT and the Office of Risk Management and Analysis, formerly a part of

the Office of Infrastructure Protection. An Office of Health Affairs was also established

within NPPD, led by an Assistant Secretary/Chief Medical Officer. These changes

became effective March 21, 2007. [9, pp. 25-26]

Part II: HS, DHS, & HS Enterprise

The 2006 SAFE Port Act

completed the

reorganization of FEMA,

and authorized the

creation of a Domestic

Nuclear Detection

Office. After the Post-

Katrina Emergency

Reform Act transferred

many functions to

FEMA, the Preparedness

Directorate was

renamed the National

Protection and

Programs Directorate

(NPPD).

177

2007 National Strategy for Homeland Security

Hurricane Katrina resulted in a fundamental change to homeland security strategy,

adding natural disasters to the list of domestic catastrophic threats together with

manmade disasters. This change was reflected in the 2007 National Strategy for

Homeland Security. In addition to hurricanes, the 2007 Strategy identified

earthquakes, floods, tornadoes, wildfires, and infectious disease as significant hazards.

[15, p. 10] While this recognition did not change the definition of homeland security

according to the 2007 Strategy, [15, p. 3] it did lead to the introduction of a new term,

that of “all-hazards”. [15, p. 32] FEMA defines “all-hazards” as: “Any incident or event,

natural or human caused, that requires an organized response… in order to protect

life, public health, and safety… and to minimize any disruption to governmental, social,

and economic services.” [16] Accordingly, to accommodate this expanded mission set,

the 2007 Strategy identifies four primary goals of homeland security:

1. Prevent and disrupt terrorist attacks;

2. Protect the American people, our critical infrastructure, and key resources;

3. Respond and recover from incidents that do occur;

4. Continue to strengthen the foundation to ensure our long-term success. [15, p. 1]

As shown in Table 3, the 2007 Strategy Objectives compare very similar to the 2002

Strategy Objectives. The primary difference is subtle word changes that shift the focus

away from the exclusive concern over terrorism. Objective #2 in the 2007 Strategy is

still concerned with reducing vulnerability, but it replaces the threat to vulnerability

with the targets of vulnerability, allowing broader interpretation beyond just terrorism.

Objective #3 replaces “attacks” with “incidents” so it too can encompass a broader

range of threats and hazards besides terrorism.

Chapter 11: DHS Evolution

Table 11-3: Comparison of Strategy Objectives

2007 Strategy 2002 Strategy

1. Prevent and disrupt terrorist attacks Prevent terrorist attacks within the U.S.

2. Protect the American people, & CI/KR Reduce America’s vulnerability to terrorism

3. Respond and recover from incidents that do occur Minimize the damage and recover from attacks
that do occur

4. Continue to strengthen the foundation to ensure our long-
term success

The second National

Strategy for Homeland

Security released in

2007 adjusted its

homeland security

objectives, now called

“goals”, to

accommodate lessons

learned from Hurricane

Katrina and encompass

“all hazards”, not just

terrorist threats.

178

Similar to the 2002 Strategy Objectives, the first three objectives of the 2007 Strategy

were designed to organize and prioritize national efforts. Objective #4 of the 2007

Strategy was different in that it was aimed at creating and transforming homeland

security principles, systems, structures, and institutions. This included applying a

comprehensive approach to risk management, building a culture of preparedness,

improving incident management, better utilizing science and technology, and

leveraging all instruments of national power and influence. [15, p. 1] In short, Objective

#4 was meant to put the Department on a path of continuous and systematic

improvement. That objective was met when Congress passed and the President signed

the Implementing Recommendations of the 9/11 Commission Act of 2007.

Implementing Recommendations of the 9/11 Commission Act of 2007

Months after the 9/11 Commission had officially issued its seminal report and ceased

its functions, Chairman Kean and other commissioners toured the country to draw

attention to the recommendations of the commission for reducing the terror risk,

claiming that some of their recommendations were being ignored. Co-chairs Kean and

Hamilton wrote a book about the constraints they faced as commissioners titled

Without Precedent: The Inside Story of the 9/11 Commission. The book was released

August 15, 2006 and chronicled the work of Kean (Commission Chairman) and

Hamilton (Commission Vice-Chairman) of the 9/11 Commission. [17] Congress

responded in January 2007 by introducing a bill titled “Implementing

Recommendations of the 9/11 Commission Act”. The bill was finally approved and

signed into law (PL 110-53) on August 3, 2007. [18] The Act built on the Post-Katrina

Emergency Management Reform Act of 2006, focusing on the reorganization of the

grant process as administered by FEMA. The Act also reorganized intelligence

operations at the Department, elevating the Assistant Secretary for Intelligence and

Analysis to the Under Secretary level, requiring Senate confirmation. [9, p. 30] Among

the many provisions impacting DHS programs and organization, Section 707 required

the Department to conduct a comprehensive examination of its mission and

organization every four years starting in 2009. These periodic introspectives were

designated the Quadrennial Homeland Security Review (QHSR). [19]

Part II: HS, DHS, & HS Enterprise

The Implementing

Recommendations of

the 9/11 Commission

Act of 2007 further

empowered FEMA,

elevated Intelligence

and Analysis within the

Department, and

directed the Secretary

to systematically

examine its mission and

organization in a

Quadrennial Homeland

Security Review (QHSR).

179

Quadrennial Homeland Security Review

In 2009, DHS conducted its first Quadrennial Homeland Security Review under the

auspices of its new Secretary, Janet Napolitano. Former Governor of Arizona, Janet

Napolitano was appointed by the incoming Obama Administration and later confirmed

by Congress as Secretary of Homeland Security on January 20, 2009. [21] The first

QHSR was released in February 2010. The QHSR was a comprehensive examination of

the homeland security strategy of the nation and included recommendations regarding

the long-term strategy and priorities of the nation for homeland security. The QHSR

Report included the results of the QHSR, a national homeland security strategy, a

description of the critical homeland security missions of the nation, and an explanation

of the underlying assumptions used in conducting the review. [22, p. v]

The 2010 QHSR revised the definition of homeland security first established in the

2002 National Strategy for Homeland Security. The new definition of homeland

security according to the 2010 QHSR:

“Homeland security is a concerted national effort to ensure a homeland that is

safe, secure, and resilient against terrorism and other hazards where American

interests, aspirations, and way of life can thrive.”

– 2010 Quadrennial Homeland Security Review [23, p. 13]

Chapter 11: DHS Evolution

Figure 11-2: 2008 DHS Organization [20]

180

From this new definition, the 2010 QHSR derived five homeland security missions and

associated goals listed in Table 4.

The most notable difference between the QHSR and 2002 and 2007 homeland security

strategy mission sets was the elevation of Cybersecurity. Cybersecurity is defined as

“The activity or process, ability or capability, or state whereby information and

communications systems and the information contained therein are protected from

and/or defended against damage, unauthorized use or modification, or

exploitation.” [24] The potential for using the Internet as an avenue for attacking the

nation’s critical infrastructure was first raised by the President’s Commission on Critical

Infrastructure Protection in October 1997. [25] This concern was not forgotten even

though the 9/11 attacks were precipitated through physical subversion of the nation’s

critical infrastructure. Even so, cybersecurity was subordinated as a function of critical

infrastructure protection in both the 2002 and 2007 Strategies, [3, p. ix] [15, p. 27]

although a separate National Strategy to Secure Cyberspace was issued in February

2003. [26] By the time the QHSR was conducted in 2009, the U.S. had been subject to

cyber attacks of increasing frequency and severity [27]. Because much of the nation’s

critical infrastructure was interconnected through the Internet, safeguarding and

securing it became one of homeland security’s most important missions. [23, p. 29]

The elevation of the cybersecurity mission in the 2010 QHSR was preceded by the

establishment of the National Cyber Security Center (NCSC) in DHS. On January 8,

2008, President Bush issued Homeland Security Presidential Directive 23 (HSPD-23),

creating NCSC, making it responsible for coordinating cybersecurity efforts and

improving situational awareness and information sharing across the Federal

government. [9, p. 32]

Part II: HS, DHS, & HS Enterprise

Table 11-4: QHSR Missions & Goals [23, p. x]

Mission 1: Preventing Terrorism and Enhancing Security

Goal 1.1: Prevent Terrorist Attacks

Goal 1.2: Prevent the Unauthorized Acquisition or Use of CBRN Materials and Capabilities

Goal 1.3: Manage Risks to Critical Infrastructure, Key Leadership, and Events

Mission 2: Securing and Managing Our Borders

Goal 2.1: Effectively Control U.S. Air, Land, and Sea Borders

Goal 2.2: Safeguard Lawful Trade and Travel

Goal 2.3: Disrupt and Dismantle Transnational Criminal Organizations

Mission 3: Enforcing and Administering Our Immigration Laws

Goal 3.1: Strengthen and Effectively Administer the Immigration System

Goal 3.2: Prevent Unlawful Immigration

Mission 4: Safeguarding and Securing Cyberspace

Goal 4.1: Create a Safe, Secure, and Resilient Cyber Environment

Goal 4.2: Promote Cybersecurity Knowledge and Innovation

Mission 5: Ensuring Resilience to Disasters

Goal 5.1: Mitigate Hazards

Goal 5.2: Enhance Preparedness

Goal 5.3: Ensure Effective Emergency Response

Goal 5.4: Rapidly Recover

The first QHSR

conducted in 2010 under

Secretary Napolitano

provided a new

definition of homeland

security and

reformulation of

missions. The most

notable difference

between the QHSR and

2002 and 2007

homeland security

strategy mission sets

was the elevation of

Cybersecurity.

181

As a result of the findings from the QHSR, DHS initiated a bottom-up review (BUR) in

November 2009. The BUR included an assessment of the organizational alignment of

the Department with the homeland security missions set forth in the QHSR, including

the Department’s organizational structure, management systems, procurement

systems, and physical and technical infrastructure. The BUR also included a review and

assessment of the effectiveness of the mechanisms of the Department for turning the

requirements developed in the QHSR into an acquisition strategy and expenditure plan

within the Department. [22, p. v]

The BUR resulted in a comprehensive catalogue of DHS activities across the homeland

security missions, as well as a list of over 300 potential initiatives and enhancements.

The resulting report detailed the results of the analysis, describing the alignment of the

Department with the homeland security missions, and setting forth the Department’s

priority initiatives and enhancements to increase mission performance, improve

Departmental management, and increase accountability over the next four years. The

BUR Report also included recommendations for improving the organizational

alignment of the Department and enhancing its business processes. DHS subsequently

included these recommended changes in its FY 2012 budget request to Congress. [22,

p. v]

In 2014, DHS conducted its second QHSR under the auspices of its fourth Secretary Jeh

Charles Johnson. Jeh Johnson was serving as General Counsel for the Department of

Defense when he was nominated by President Obama to replace Secretary Napolitano

after she resigned in August 2013. Secretary Johnson was confirmed by the Senate on

December 16, 2013. [28] The 2014 QHSR built upon the 2010 QHSR to provide an

updated view of the nation’s homeland security mission goals and objectives. While

the missions remained unchanged, the 2014 QHSR introduced five strategic priorities

impacting them:

1. An updated posture to address the increasingly decentralized terrorist threat;

2. A strengthened path forward for cybersecurity that acknowledges the increasing

interdependencies among critical systems and networks;

3. A homeland security strategy to manage the urgent and growing risk of biological

threats and hazards;

4. A risk segmentation approach to securing and managing flows of people and goods

into and out of the United States; and

5. A new framework for improving the efficiency and effectiveness of DHS mission

execution through public-private partnerships. [29, p. 16]

Chapter 11: DHS Evolution

Table 11-4: QHSR Missions & Goals [23, p. x]

Mission 1: Preventing Terrorism and Enhancing Security

Goal 1.1: Prevent Terrorist Attacks

Goal 1.2: Prevent the Unauthorized Acquisition or Use of CBRN Materials and Capabilities

Goal 1.3: Manage Risks to Critical Infrastructure, Key Leadership, and Events

Mission 2: Securing and Managing Our Borders

Goal 2.1: Effectively Control U.S. Air, Land, and Sea Borders

Goal 2.2: Safeguard Lawful Trade and Travel

Goal 2.3: Disrupt and Dismantle Transnational Criminal Organizations

Mission 3: Enforcing and Administering Our Immigration Laws

Goal 3.1: Strengthen and Effectively Administer the Immigration System

Goal 3.2: Prevent Unlawful Immigration

Mission 4: Safeguarding and Securing Cyberspace

Goal 4.1: Create a Safe, Secure, and Resilient Cyber Environment

Goal 4.2: Promote Cybersecurity Knowledge and Innovation

Mission 5: Ensuring Resilience to Disasters

Goal 5.1: Mitigate Hazards

Goal 5.2: Enhance Preparedness

Goal 5.3: Ensure Effective Emergency Response

Goal 5.4: Rapidly Recover

As a result of the

findings from the QHSR,

DHS initiated a bottom-

up review (BUR) in

November 2009. The

BUR included an

assessment of the

organizational

alignment of the

Department with the

homeland security

missions set forth in the

QHSR.

182

Beyond these strategic priorities, the 2014 QHSR also highlighted ongoing areas of

priority and renewed areas of emphasis based on risk and other considerations—

countering nuclear threats, strengthening the immigration system, and enhancing

national resilience. [29, p. 16] The Department’s current organization is depicted in

Figure 3.

Homeland Security Strategy

In order to be effective, an organization must not only be aligned internally, but

externally as well. In the case of the Department of Homeland Security, its missions

and organization must align with nationally promulgated homeland security strategy.

Strategy, in general, is defined as a plan of action design to achieve a particular aim.

[31] The 2002 National Strategy for Homeland Security articulated five critical mission

areas to attain the strategic objectives of 1) Prevent terrorist attacks within the United

States; 2) Reduce America’s vulnerability to terrorism; and 3) Minimize the damage

and recover from attacks that do occur. [3, p. vii] Following Hurricane Katrina in 2005,

homeland security strategy was adjusted to account for natural as well as manmade

disasters. The 2007 National Strategy for Homeland Security revised the previous

strategy objectives to 1) Prevent and disrupt terrorist attacks; 2) Protect the American

People, critical infrastructure, and key resources; and 3) Respond to and recover from

incidents that do occur. [15, p. 13]

Part II: HS, DHS, & HS Enterprise

Figure 11-3: 2015 DHS Organization [30]

The second QHSR,

conducted under

Secretary Johnson in

2014, introduced

“strategic priorities”

giving precedence to the

missions and goals

formulated under the

2010 QHSR.

183

Both the 2002 and 2007 homeland security strategies were crafted separate from

national security strategy. The 2002 Strategy was written by the Office of Homeland

Security before the Department of Homeland Security was established. The 2007

Strategy was written by the Homeland Security Council after the Department was

established. The Homeland Security Council was established shortly after 9/11 to

advise the President and coordinate homeland security actions among Federal

agencies. While homeland security was always recognized as a part of national

security, [3, p. 5] the split in staff raised concerns about effective coordination. Shortly

after assuming office, on February 23, 2009 President Obama launched a 60-day

organizational review of White House staff. Based on this review, on May 26, 2009,

President Obama announced the merging of the Homeland Security Council with the

National Security Council. [32] As a result, homeland security strategy was

incorporated into the Obama Administration’s 2010 National Security Strategy.

Section 603 of the 1986 Goldwater-Nichols Act (P.L. 99-433) requires the President to

submit a report of national security strategy annually to Congress. [33] The 2010

National Security Strategy recast homeland security strategy objectives as shared

efforts to 1) identify and interdict threats; 2) deny hostile actors the ability to operate

within our borders; 3) maintain effective control of our physical borders; 4) safeguard

lawful trade and travel into and out of the United States; 5) disrupt and dismantle

transnational terrorist, and criminal organizations; and 6) ensure national resilience in

the face of the threat and hazards. [34, p. 15]

In February 2015, the Obama Administration issued a revised National Security

Strategy. In a highly abbreviated form, the 2015 National Security Strategy essentially

affirmed the strategic objectives enumerated in the 2010 National Security Strategy.

[35, p. 8] Perhaps most notably, the 2015 National Security Strategy addressed the

threat of catastrophic terrorist attack, [35, p. 9] spread and use of Weapons of Mass

Destruction, [35, p. 11] and cybersecurity [35, p. 12] outside the confines of homeland

security, together with more traditional national security objectives. The changes mark

the most intensive attempt yet to integrate homeland security strategy and national

security strategy.

Chapter 11: DHS Evolution

After 9/11, President

Bush created a separate

Homeland Security

Council and separate

homeland security

strategy to ensure

dedicated treatment to

the mission. In 2009

President Obama re-

integrated the HSC into

the NSC, and in 2010 he

merged homeland

security into national

security strategy to

ensure both missions

were interlocked and

aligned.

184

Conclusion

According to the management guru Peter Drucker, the hallmark of an effective

organization is when its people and policies are aligned with its mission. The mission

of the Department of Homeland Security has evolved since it was first founded in

January 2003. The original mission set was founded on a definition of which, in turn,

was shaped by the events of 9/11. Thus, when it was first founded DHS was primarily

focused on the threat of domestic catastrophic damage resulting from manmade

actions associated with terrorist motives. The Department’s flawed response to

Hurricane Katrina in August 2005 prompted a fundamental change in its focus, adding

natural disasters to the list of threats that could create domestic catastrophic damage.

Between 2005 and 2007, DHS underwent a number changes, initiated both internally

and externally to re-align its mission sets accordingly. Included in these changes was a

mandate by Congress for the Department to periodically review its missions and

organization. The first Quadrennial Homeland Security Review in 2010 revised the

definition of homeland security to include both natural and manmade threats. Both

the Department’s organization and mission support the nation’s overall homeland

security strategy. Initially, homeland security strategy was devised by the Homeland

Security Council established after 9/11. In 2009, the Homeland Security Council was

absorbed into the National Security Council. Since 2010, homeland security strategy

has been combined and published as part of National Security Strategy. In one sense,

the effectiveness of the Department of Homeland Security may be measured by

alignment of its organization to mission, strategy, and definition of homeland security.

Another measure of the Department’s effectiveness is by what is has accomplished.

Part II: HS, DHS, & HS Enterprise

185

Chapter 11: DHS Evolution

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. How did the 2002 National Strategy for Homeland Security influence the organization and missions of DHS?

2. Identify three significant changes the Second Stage Review made to the Department of Homeland Security.

3. Identify the single most significant change the 2006 Post-Katrina Reform Act made to DHS.

4. Identify the single most significant change the 2006 Safe Port Act made to DHS.

5. Describe the motivation behind the 2007 Implementing Recommendations of the 9/11 Commission Act.

6. What was the major difference between the 2002 and 2007 homeland security strategies?

7. Summarize the Department’s change in mission and organization between 2003 and 2008.

8. What is the purpose of the Quadrennial Homeland Security Review?

9. Why was homeland security strategy merged into national security strategy in 2009?

10. Summarize how the cybersecurity mission evolved from 2003 to 2010.

186

Part II: HS, DHS, & HS Enterprise

187

DHS Progress

Careful study of this chapter will help a student do the following:

 Describe the findings from the 2007 GAO Assessment of DHS performance.

 Describe the findings from the 2011 GAO Assessment of DHS performance.

 Evaluate the collective findings from the 2007 and 2011 GAO assessments.

 Assess for yourself whether you think DHS has made the nation safer.

Chapter 12

Learning Outcomes

Chapter 12: DHS Progress

188

“Measurement is the first step that leads to control and eventually to improvement. If

you can’t measure something, you can’t understand it. If you can’t understand it, you

can’t control it. If you can’t control it, you can’t improve it.”

– H. James Harrington

Introduction

The Department of Homeland Security was formed from 22 different federal agencies

to consolidate many separate homeland security activities under a single agency. Since

DHS began operations in March 2003, it has implemented various policies and

programs to meet its mission requirements and taken actions to integrate its

management functions and to transform its component agencies into an effective

cabinet department. [1, p. 2] Often it takes years for the consolidated functions in new

organizations to effectively build on their combined strengths, and it is not uncommon

for management challenges to remain for decades. For example, the 1947 legislation

creating the Department of Defense was amended by Congress in 1949, 1953, 1958,

and 1986 to improve the department’s structural effectiveness. Despite these and

other changes made by DOD, sixty years after its establishment, DOD continues to face

a number of serious management challenges. [1, p. 1] Thus the Government

Accountability Office (GAO) designated the implementation and transformation of DHS

as high-risk because it represented an enormous undertaking that would require time

to achieve in an effective and efficient manner. Additionally, the components merged

into DHS already faced a wide array of existing challenges, and any DHS failure to

effectively carry out its mission would expose the nation to potentially serious

consequences. Accordingly, DHS has remained on GAO’s high-risk list since 2003. [1, p.

2] In the meantime, GAO has conducted periodic assessments of DHS’ progress. This

chapter examines DHS’ progress in performing assigned homeland security missions by

way of reviewing findings from GAO’s assessments.

2007 GAO Assessment

In November 2002, the Homeland Security Act of 2002 was enacted into law, creating

DHS. This act defined the department’s missions to include preventing terrorist attacks

within the United States; reducing U.S. vulnerability to terrorism; and minimizing the

damages, and assisting in the recovery from, attacks that occur within the United

States. The act also specified major responsibilities for the department, including

analyzing information and protecting infrastructure; developing countermeasures

against chemical, biological, radiological, and nuclear, and other emerging terrorist

threats; securing U.S. borders and transportation systems; and organizing emergency

preparedness and response efforts. DHS officially began operations on March 1, 2003.

[1, pp. 6-7]

Part II: HS, DHS, & HS Enterprise

189

Based on the notion it takes 5 to 7 years to complete a successful merger, GAO

performed a comprehensive assessment of DHS’ progress four years after the

Department was activated. [1, p. ii] The 2007 GAO investigation examined DHS

progress across 14 areas:

For each mission and management area, GAO identified performance expectations and

vetted them with DHS officials. Performance expectations were a composite of the

responsibilities or functions—derived from legislation, homeland security presidential

directives and executive orders, DHS planning documents, and other sources—that the

department was to achieve. GAO analysts and subject matter experts reviewed prior

GAO work, DHS Inspector General work, and evidence DHS provided between March

and July 2007, including DHS officials’ assertions when supported by documentation.

On the basis of this analysis and expert judgment, GAO then assessed the extent to

which DHS had achieved each of the expectations identified. If DHS generally achieved

more than 75 percent of the identified performance expectations, GAO identified its

overall progress as substantial. When the number achieved was more than 50 percent

but 75 percent or less, GAO identified its overall progress as moderate. If DHS generally

achieved more than 25 percent but 50 percent or less, GAO identified its overall

progress as modest. For mission and management areas in which DHS generally

achieved 25 percent or less of the performance expectations, GAO identified overall

progress as limited. [1, pp. 9-10]

Chapter 12: DHS Progress

1. Border Security

2. Immigration Enforcement

3. Immigration Services

4. Aviation Security

5. Surface Transportation Security

6. Maritime Security

7. Emergency Preparedness and Response

8. Critical Infrastructure Protection

9. Science and Technology

10. Acquisition Management

11. Financial Management

12. Human Capital Management

13. Information Technology Management

14. Real Property Management [1, p. 8]

For each mission and

management area, GAO

identified performance

expectations and vetted

them with DHS officials.

GAO then assessed the

extent to which DHS had

achieved each of the

expectations identified.

190

Border Security. This mission includes detecting and preventing terrorists and terrorist

weapons from entering the United States; facilitating the orderly and efficient flow of

legitimate trade and travel; interdicting illegal drugs and other contraband;

apprehending individuals who are attempting to enter the United States illegally;

inspecting inbound and outbound people, vehicles, and cargo; and enforcing laws of

the United States at the border. GAO identified 12 performance expectations for DHS

in the area of border security and found that DHS generally achieved 5 of them and

generally did not achieve 7 others. [1, p. 12]

Part II: HS, DHS, & HS Enterprise

Table 12-1: 2007 GAO Assessment of Border Security [1, p. 12]

191

Immigration Enforcement. This mission includes apprehending, detaining, and

removing criminal and illegal aliens; disrupting and dismantling organized smuggling of

humans and contraband as well as human trafficking; investigating and prosecuting

those who engage in benefit and document fraud; blocking and removing employers’

access to undocumented workers; and enforcing compliance with programs to monitor

visitors. GAO identified 16 performance expectations for DHS in the area of

immigration enforcement and found that DHS has generally achieved 8 of them and

generally did not achieve 4 others. For performance expectations, GAO could not make

an assessment. [1, pp. 12-13]

Chapter 12: DHS Progress

Table 12-2: 2007 GAO Assessment of Immigration Enforcement [1, p. 13]

192

Immigration Services. This mission includes administering immigration benefits and

working to reduce immigration benefit fraud. GAO identified 14 performance

expectations for DHS in the area of immigration services and found that DHS generally

achieved 5 of them and generally did not achieve 9 others. [1, p. 13]

Part II: HS, DHS, & HS Enterprise

Table 12-3: 2007 GAO Assessment of Immigration Services [1, p. 14]

193

Aviation Security. This mission includes strengthening airport security; providing and

training a screening workforce; prescreening passengers against terrorist watch lists;

and screening passengers, baggage, and cargo. GAO identified 24 performance

expectations for DHS in the area of aviation security and found that DHS generally

achieved 17 of them and generally did not achieve 7 others. [1, p. 14]

Chapter 12: DHS Progress

Table 12-4: 2007 GAO Assessment of Aviation Security [1, p. 15]

194

Surface Transportation Security. This mission includes establishing security standards

and conducting assessments and inspections of surface transportation modes, which

include passenger and freight rail; mass transit; highways, including commercial

vehicles; and pipelines. GAO identified 5 performance expectations for DHS in the area

of surface transportation security and found that DHS generally achieved 3 of them

and generally did not achieve 2. [1, pp. 15-16]

Part II: HS, DHS, & HS Enterprise

Table 12-5: 2007 GAO Assessment of Surface Transportation Security [1, p. 16]

195

Maritime Security. This mission includes port and vessel security, maritime intelligence,

and maritime supply chain security. GAO identified 23 performance expectations for

DHS in the area of maritime security and found that DHS generally achieved 17 of them

and generally did not achieve 4 others. For 2 performance expectations, GAO could not

make an assessment. [1, p. 16]

Chapter 12: DHS Progress

Table 12-6: 2007 GAO Assessment of Maritime Security [1, p. 17]

196

Emergency Preparedness and Response. This mission includes preparing to minimize

the damage and recover from terrorist attacks and disasters; helping to plan, equip,

train, and practice needed skills of first responders; and consolidating federal response

plans and activities to build a national, coordinated system for incident management.

GAO identified 24 performance expectations for DHS in the area of emergency

preparedness and response and found that DHS generally achieved 5 of them and

generally did not achieve 18 others. For 1 performance expectation, GAO could not

make an assessment. [1, pp. 17-18]

Part II: HS, DHS, & HS Enterprise

Table 12-7: 2007 GAO Assessment of Emergency Preparedness & Response [1, p. 18]

197

Critical Infrastructure Protection. This mission includes developing and coordinating

implementation of a comprehensive national plan for critical infrastructure protection,

developing partnerships with stakeholders and information sharing and warning

capabilities, and identifying and reducing threats and vulnerabilities. GAO identified 7

performance expectations for DHS in the area of critical infrastructure and key

resources protection and found that DHS generally achieved 4 of them and generally

did not achieve 3 others. [1, p. 19]

Chapter 12: DHS Progress

Table 12-8: 2007 GAO Assessment of Critical Infrastructure Protection [1, p. 19]

198

Science and Technology. This mission includes coordinating the federal government’s

civilian efforts to identify and develop countermeasures to chemical, biological,

radiological, nuclear, and other emerging terrorist threats. GAO identified 6

performance expectations for DHS in the area of science and technology and found

that DHS generally achieved 1 of them and generally did not achieve 5 others. [1, p. 19]

Overall, the 2007 GAO report determined that DHS made more progress in its mission

areas than in its management areas, reflecting an understandable focus on

implementing efforts to secure the nation. Even so, GAO concluded that while DHS

made progress in developing plans and programs, it faced difficulties in implementing

them. [1, p. 2] GAO acknowledged that DHS had to undertake its missions while also

working to transform itself into a fully functioning cabinet department—a difficult task

for any organization. Still, GAO noted the importance for the Department to continue

to develop more measurable goals to guide implementation efforts and to enable

better accountability. GAO also urged DHS to continually reassess its mission and

management goals, measures, and milestones to evaluate progress made, identify past

and emerging obstacles, and examine alternatives to effectively address those

obstacles.

Part II: HS, DHS, & HS Enterprise

Table 12-9: 2007 GAO Assessment of Science and Technology [1, p. 20]

Table 12-10: Comparison of 2011 & 2007 GAO Mission Area Assessments

2010 GAO Mission Area Assessments 2007 GAO Mission Area Assessments

1. Aviation Security 4. Aviation Security

2. CBRN Threats

3. Critical Infrastructure Protection – Physical 8. Critical Infrastructure Protection

4. Surface Transportation Security 5. Surface Transportation Security

5. Border Security 1. Border Security

6. Maritime Security 6. Maritime Security

7. Immigration Enforcement 2. Immigration Enforcement

8. Immigration Services 3. Immigration Services

9. Critical Infrastructure Protection – Cyber Assets

10. Emergency Preparedness and Response 7. Emergency Preparedness & Response

9. Science and Technology

Overall, the 2007 GAO

report determined that

DHS made more

progress in its mission

areas than in its

management areas,

reflecting an

understandable focus on

implementing efforts to

secure the nation.

199

2011 GAO Assessment

Ten years after 9/11, GAO took another look at DHS’ progress. By 2011, DHS had

grown to become the third-largest Federal department, with more than 200,000

employees and an annual budget of more than $50 billion. [2, p. 2] In February 2010,

DHS issued its first Quadrennial Homeland Security Review (QHSR). The report

identified five homeland security missions—Preventing Terrorism and Enhancing

Security; Securing and Managing Our Borders; Enforcing and Administering Our

Immigration Laws; Safeguarding and Securing Cyberspace; and Ensuring Resilience to

Disasters—and goals and objectives to be achieved within each mission. The ensuing

Bottom-Up Review (BUR) made recommendations to align DHS’s programs and

organization with missions and goals identified in the QHSR. [2, pp. 4-5]

Since the 2007 GAO assessment, DHS continued to take action to strengthen its

operations and the management of the department, including enhancing its

performance measurement efforts. In 2011, GAO was again asked to review the

progress made by DHS in implementing its homeland security missions since its

creation. Accordingly, the 2011 assessment was based on past GAO reviews plus DHS

Inspector General reports, but with an emphasis on work completed since 2008. GAO

drew their 2011 mission areas from the 2010 QHSR. With the exception of Science and

Technology, the 2011 assessment addresses all the mission areas from the 2007

assessment, plus CBRN Threats and Cybersecurity. [2, pp. 6-7]

Chapter 12: DHS Progress

Table 12-10: Comparison of 2011 & 2007 GAO Mission Area Assessments

2010 GAO Mission Area Assessments 2007 GAO Mission Area Assessments

1. Aviation Security 4. Aviation Security

2. CBRN Threats

3. Critical Infrastructure Protection – Physical 8. Critical Infrastructure Protection

4. Surface Transportation Security 5. Surface Transportation Security

5. Border Security 1. Border Security

6. Maritime Security 6. Maritime Security

7. Immigration Enforcement 2. Immigration Enforcement

8. Immigration Services 3. Immigration Services

9. Critical Infrastructure Protection – Cyber Assets

10. Emergency Preparedness and Response 7. Emergency Preparedness & Response

9. Science and Technology

The 2011 assessment

was based on past GAO

reviews plus DHS

Inspector General

reports, but with an

emphasis on work

completed since 2008.

200

For the 2011 assessment, GAO began with the expectations identified in the August

2007 report, and updated or added to them by analyzing requirements and plans set

forth in homeland security-related laws, presidential directives and executive orders,

national strategies related to homeland security, and DHS’s and components’ strategic

plans and documents. The 2011 assessment further grouped the expectations into

“sub areas” to account for criteria that pertained to more than one mission area.

Otherwise, the analysis was conducted similar to the 2007 assessment, from April to

September 2011. Unlike the 2007 assessment, however, the 2011 assessment does not

assign a measure of progress, such as “substantial”, “moderate”, “modest”, or

“limited”. Instead, the 2011 assessment provides a narrative description of what

progress DHS made in implementing a given mission function since operations began,

together with a narrative description of what work, if any, remains. [2, pp. 7-9]

Consequently, it is difficult to compare progress between the 2007 and 2011

assessments. Perhaps a direct comparison between the two assessments would be

fruitless, given that DHS mission and performance have always been subject to change

by external influencing factors. Figure 1 identifies some of the significant influencing

factors affecting DHS in the first ten years following 9/11.

Part II: HS, DHS, & HS Enterprise

Figure 12-1: Selected Factors Influencing DHS Mission and Performance Ten Years Following 9/11 [2, p. 15]

The 2011 GAO

Assessment began with

the expectations

identified in the 2007

GAO Assessment.

Unlike the 2007 GAO

Assessment, however,

the 2011 GAO

Assessment does not

assign a measure of

progress.

201

Aviation Security. DHS developed and implemented Secure Flight, a program for

screening airline passengers against terrorist watchlist records. DHS also developed

new programs and technologies to screen passengers, checked baggage, and air cargo.

However, DHS does not yet have a plan for deploying checked baggage screening

technologies to meet recently enhanced explosive detection requirements, a

mechanism to verify the accuracy of data to help ensure that air cargo screening is

being conducted at reported levels, or approved technology to screen cargo once it is

loaded onto a pallet or container. [2, p. ii]

Key Progress: DHS has enhanced aviation security in key areas related to the aviation

security workforce, passenger prescreening, passenger checkpoint screening, checked

baggage security, air cargo screening, and security of airports. For example, DHS

developed and implemented Secure Flight, a passenger prescreening program through

which the federal government now screens all passengers on all domestic and

international commercial flights to, from, and within the United States. DHS also

deployed technology to screen passengers and checked baggage at airports. For

example, in response to the December 25, 2009, attempted attack on Northwest flight

253, DHS revised the advanced imaging technology procurement and deployment

strategy, increasing the planned deployment of advanced imaging technology from 878

to between 1,350 and 1,800 units. Further, DHS is screening passengers using staff

trained in behavior detection principles and has deployed about 3,000 Behavior

Detection Officers to 161 airports as part of its Screening of Passengers by Observation

Techniques program. Moreover, DHS reported, as of August 2010, that it had

established a system to screen 100 percent of domestic air cargo (cargo transported

within and outbound from the United States) transported on passenger aircraft by,

among other things, creating a voluntary program to facilitate screening throughout

the air cargo supply chain and taking steps to test technologies for screening air cargo.

[2, p. 19]

Remaining Work: DHS should take additional action to strengthen its aviation security

efforts. For example, a risk-based strategy and a cost/benefit analysis of airport

checkpoint technologies would improve passenger checkpoint screening. TSA’s

strategic plan to guide research, development, and deployment of passenger

checkpoint screening technologies was not risk-based and did not reflect some of the

key risk management principles, such as conducting a risk assessment based on the

three elements of risk— threat, vulnerability, and consequence—and including a cost-

benefit analysis and performance measures. Further, in March 2010, GAO reported

that it was unclear whether the advanced imaging technology would have detected the

weapon used in the December 25, 2009, attempted terrorist attack based on the

preliminary testing information received. DHS also had not validated the science

supporting its Screening of Passengers by Observation Techniques program, or

determined if behavior detection techniques could be successfully used across the

aviation system to detect threats before deploying the program. DHS completed a

Chapter 12: DHS Progress

202

program validation study in April 2011 which found that the program was more

effective than random screening, but that more work was needed to determine

whether the science could be used for counterterrorism purposes in the aviation

environment. Moreover, DHS does not yet have a plan and schedule for deploying

checked baggage screening technologies to meet recently enhanced explosive

detection requirements. In addition, DHS does not yet have a mechanism to verify the

accuracy of domestic and inbound air cargo screening data to help ensure that

screening is being conducted at reported levels, and DHS does not yet have approved

technology to screen cargo once it is loaded onto a pallet or container—both of which

are common means of transporting air cargo on passenger aircraft, thus requiring that

screening occur before incorporation into pallets and containers. [2, p. 19]

Part II: HS, DHS, & HS Enterprise

Table 12-11: 2011 GAO Expectations for Aviation Security [2, pp. 40-41]

203

CBRN Threats. DHS assessed risks posed by CBRN threats and deployed capabilities to

detect CBRN threats. However, DHS should work to improve its coordination of CBRN

risk assessments, and identify monitoring mechanisms for determining progress made

in implementing the global nuclear detection strategy. [2, p. iii]

Key Progress: DHS made progress in assessing risks posed by CBRN threats, developing

CBRN detection capabilities, and planning for nuclear detection. For example, DHS

develops risk assessments of CBRN threats and has issued seven classified CBRN risk

assessments since 2006.b DHS also assessed the threat posed by specific CBRN agents

in order to determine which of those agents pose a material threat to the United

States, known as material threat assessments. With regard to CBRN detection

capabilities, DHS implemented the BioWatch program in more than 30 metropolitan

areas to detect specific airborne biological threat agents. Further, DHS established the

National Biosurveillance Integration Center to enhance the federal government’s

capability to identify and track biological events of national concern. In addition, DHS

coordinated the development of a strategic plan for the global nuclear detection

architecture—a multidepartment effort to protect against terrorist attacks using

nuclear and radiological materials through coordinated activities—and has deployed

radiation detection equipment. [2, p. 20]

Remaining Work: More work remains for DHS to strengthen its CBRN assessment,

detection, and mitigation capabilities. For example, DHS should better coordinate with

the Department of Health and Human Services in conducting CBRN risk assessments by

developing written policies and procedures governing development of the

assessments. Moreover, the National Biosurveillance Integration Center lacks

resources necessary for operations, such as data and personnel from its partner

agencies. Additionally, work remains for DHS in its implementation of the global

nuclear detection architecture. Specifically, the strategic plan for the architecture did

not include some key components, such as funding needed to achieve the strategic

plan’s objectives, or monitoring mechanisms for determining programmatic progress

and identifying needed improvements. DHS officials told us that they will address these

missing elements in an implementation plan, which they plan to issue by the end of

2011. [2, p. 20]

Chapter 12: DHS Progress

Table 12-12: 2011 GAO Expectations for CBRN Threats [2, p. 41]

204

Critical Infrastructure Protection of Physical Assets.

Key Progress: DHS expanded its efforts to conduct risk assessments and planning,

provide for protection and resiliency, and implement partnerships and coordination

mechanisms for physical critical assets. For example, DHS updated the National

Infrastructure Protection Plan to include an emphasis on resiliency (the capacity to

resist, absorb, or successfully adapt, respond to, or recover from disasters), and an

enhanced discussion about DHS risk management. Moreover, DHS components with

responsibility for critical infrastructure sectors, such as transportation security, have

begun to use risk based assessments in their critical infrastructure related planning and

protection efforts. Further, DHS has various voluntary programs in place to conduct

vulnerability assessments and security surveys at and across facilities from the 18

critical infrastructure sectors, and uses these assessments to develop and disseminate

information on steps asset owners and operators can take to protect their facilities. In

addition, DHS coordinated with critical infrastructure stakeholders, including other

federal regulatory authorities to identify overlaps and gaps in critical infrastructure

security activities. [2, p. 20]

Remaining Work: Additional actions are needed for DHS to strengthen its critical

infrastructure protection programs and efforts. For example, DHS has not fully

implemented an approach to measure its effectiveness in working with critical asset

owners and operators in their efforts to take actions to mitigate resiliency gaps

identified during various vulnerability assessments. Moreover, DHS components have

faced difficulties in incorporating risk-based assessments in critical infrastructure

planning and protection efforts, such as in planning for security in surface

transportation modes like highway infrastructure. Further, DHS should determine the

feasibility of developing an approach to disseminating information on resiliency

practices to its critical infrastructure partners to better position itself to help asset

owners and operators consider and adopt resiliency strategies, and provide them with

information on potential security investments. [2, p. 21]

Part II: HS, DHS, & HS Enterprise

Table 12-13: 2011 GAO Expectations for CIP of Physical Assets [2, p. 41]

205

Surface Transportation Security.

Key Progress: DHS expanded its efforts in key surface transportation security areas,

such as risk assessments and strategic planning; the surface transportation inspector

workforce; and information sharing. For example, DHS conducted risk assessments of

surface transportation modes and developed a transportation sector security risk

assessment that assessed risk within and across the various modes. Further, DHS more

than doubled its surface transportation inspector workforce and, as of July 2011,

reported that its surface inspectors had conducted over 1,300 site visits to mass transit

and passenger rail stations to complete station profiles, among other things.

Moreover, DHS allocates transit grant funding based on risk assessments and has taken

steps to measure performance of its Transit Security Grant Program, which provides

funds to owners and operators of mass transit and passenger rail systems. In addition,

DHS expanded its sharing of surface transportation security information by, among

other things, establishing information networks. [2, p. 21]

Remaining Work: DHS should take further action to strengthen its surface

transportation security programs and operations. For example, DHS’s efforts to

improve elements of risk assessments of surface transportation modes are in the early

stages of implementation. Moreover, DHS noted limitations in its transportation sector

security risk assessment—such as the exclusion of threats from lone wolf operators—

that could limit its usefulness in guiding investment decisions across the transportation

sector as a whole. Further, DHS has not yet completed a long-term workforce plan that

identifies future needs for its surface transportation inspector workforce. It also has

not yet issued regulations for a training program for mass transit, rail, and bus

employees, as required by the Implementing Recommendations of the 9/11

Commission Act of 2007. Additionally, DHS’s information sharing efforts would benefit

from improved streamlining, coordination, and assessment of the effectiveness of

information sharing mechanisms. [2, p. 21]

Chapter 12: DHS Progress

Table 12-14: 2011 GAO Expectations for Surface Transportation Security [2, pp. 41-42]

206

Border Security. DHS implemented the U.S. Visitor and Immigrant Status Indicator

Technology program to verify the identities of foreign visitors entering and exiting the

country by processing biometric and biographic information. However, DHS has not yet

determined how to implement a biometric exit capability and has taken action to

address a small portion of the estimated overstay population in the United States

(individuals who legally entered the country but then overstayed their authorized

periods of admission). DHS also deployed infrastructure to secure the border between

ports of entry, including more than 600 miles of fencing. However, DHS experienced

schedule delays and performance problems with the Secure Border Initiative Network,

which led to the cancellation of this information technology program. [2, p. ii]

Key Progress: DHS expanded its efforts in key border security areas, such as inspection

of travelers and cargo at ports of entry, security of the border between ports of entry,

visa adjudication security, and collaboration with stakeholders. Specifically, DHS has

undertaken efforts to keep terrorists and other dangerous people from entering the

country. For example, DHS implemented the US-VISIT program to verify the identities

of foreign visitors entering and exiting the United States by storing and processing

biometric and biographic information. DHS established plans for, and had begun to

interact with and involve stakeholders in, developing an exit capability. DHS deployed

technologies and other infrastructure to secure the border between ports of entry,

including more than 600 miles of tactical infrastructure, such as fencing, along the

border. DHS also improved programs designed to enhance the security of documents

used to enter the United States. For example, DHS deployed the Visa Security Program,

in which DHS personnel review visa applications to help prevent individuals who pose a

threat from entering the United States, to 19 posts in 15 countries, and developed a 5-

year expansion plan for the program. In addition, DHS improved collaboration with

federal, state, local, tribal, and international partners on northern border security

efforts through, among other things, the establishment of interagency forums. [2, p.

22]

Part II: HS, DHS, & HS Enterprise

207

Remaining Work: More work remains for DHS to strengthen its border security

programs and operations. For example, although it has developed a plan, DHS has not

yet adopted an integrated approach to scheduling, executing, and tracking the work

needed to deliver a comprehensive biometric exit solution as part of the US-VISIT

program. Further, DHS experienced schedule delays and performance problems with

its information technology program for securing the border between ports of entry—

the Secure Border Initiative Network—which led to its cancellation. Because of the

program’s decreased scope, uncertain timing, unclear costs, and limited life cycle

management, it was unclear whether DHS’s pursuit of the program was cost-effective.

DHS is transitioning to a new approach for border technology, which GAO is assessing.

With regard to the Visa Security Program, DHS did not fully follow or update its 5-year

expansion plan. For instance, it did not establish 9 posts identified for expansion in

2009 and 2010, and had not taken steps to address visa risk at posts that did not have

a Visa Security Program presence. Additionally, DHS should strengthen its oversight of

interagency forums operating along the northern border. [2, p. 22]

Chapter 12: DHS Progress

Table 12-15: 2011 GAO Expectations for Border Security [2, p. 42]

208

Maritime Security.

Key Progress: DHS expanded its efforts in key maritime security areas, such as port

facility and vessel security, maritime security domain awareness and information

sharing, and international supply chain security. For example, DHS strengthened risk

management through the development of a risk assessment model, and addressed

risks to port facilities through annual inspections in which DHS identified and corrected

deficiencies, such as facilities failing to follow security plans for access control. Further,

DHS took action to address risks posed by foreign seafarers entering U.S. seaports by,

for example, conducting advance screening before the arrival of vessels at U.S. ports,

inspections, and enforcement operations. DHS developed the Transportation Worker

Identification Credential program to manage the access of unescorted maritime

workers to secure areas of regulated maritime facilities. DHS also implemented

measures to help secure passenger vessels including cruise ships, ferries, and energy

commodity vessels such as tankers, including assessing risks to these types of vessels.

Moreover, for tracking vessels at sea, the Coast Guard uses a long-range identification

and tracking system, and a commercially provided long-range automatic identification

system. For tracking vessels in U.S. coastal areas, inland waterways, and ports, the

Coast Guard operates a land-based automatic identification system, and also either

operates, or has access to, radar and cameras in some ports. DHS also developed a

layered security strategy for cargo container security, including deploying screening

technologies and partnering with foreign governments. [2, p. 23]

Remaining Work: DHS should take additional action to strengthen its maritime security

efforts. For example, because of a lack of technology capability, DHS does not

electronically verify identity and immigration status of foreign seafarers, as part of its

onboard admissibility inspections of cargo vessels, thus limiting the assurance that

fraud could be identified among documents presented by them. In addition, the

Transportation Worker Identification Credential program’s controls were not designed

to provide reasonable assurance that only qualified applicants acquire credentials. For

example, during covert tests of the Transportation Worker Identification Credential at

several selected ports, their investigators were successful in accessing ports using

counterfeit credentials and authentic credentials acquired through fraudulent means.

Moreover, DHS has not assessed the costs and benefits of requiring cruise lines to

provide passenger reservation data for screening, which could help improve

identification and targeting of potential terrorists. Further, the vessel tracking systems

used in U.S. coastal areas, inland waterways, and ports had more difficulty tracking

Part II: HS, DHS, & HS Enterprise

209

smaller and noncommercial vessels because these vessels were not generally required

to carry automatic identification system equipment, and because of the technical

limitations of radar and cameras. In addition, DHS has made limited progress in

scanning containers at the initial ports participating in the Secure Freight Initiative, a

program at selected ports with the intent of scanning 100 percent of U.S.-bound

container cargo for nuclear and radiological materials overseas, leaving the feasibility

of 100 percent scanning largely unproven. CBP has not yet developed a plan for full

implementation of a statutory requirement that 100 percent of U.S.-bound container

cargo be scanned by 2012. [2, p. 23]

Chapter 12: DHS Progress

Table 12-16: 2011 GAO Expectations for Maritime Security [2, pp. 42-43]

210

Immigration Enforcement.

Key Progress. DHS expanded its immigration and customs enforcement programs and

activities in key areas such as overstay enforcement, compliance with workplace

immigration laws, alien smuggling, and firearms trafficking. For example, DHS

increased its resources for investigating overstays (unauthorized immigrants who

entered the United States legally on a temporary basis then overstayed their

authorized periods of admission) and alien smuggling operations, and deployed border

enforcement task forces to investigate illicit smuggling of people and goods, including

firearms. In addition, DHS took action to improve the E-Verify program, which provides

employers a voluntary tool for verifying an employee’s authorization to work in the

United States, by, for example, increasing the program’s accuracy by expanding the

number of databases it can query. Further, DHS expanded its programs and activities

to identify and remove criminal aliens in federal, state, and local custody who are

eligible for removal from the United States by, for example, entering into agreements

with state and local law enforcement agencies to train officers to assist in identifying

those individuals who are in the United States illegally. [2, p. 24]

Remaining Work: Key weaknesses remain in DHS’s immigration and customs

enforcement efforts. For example, DHS took action to address a small portion of the

estimated overstay population in the United States, and lacks measures for assessing

its progress in addressing overstays. In particular, DHS field offices had closed about

34,700 overstay investigations assigned to them from fiscal year 2004 through 2010, as

of October 2010; these cases resulted in approximately 8,100 arrests, relative to a total

estimated overstay population of 4 million to 5.5 million. Additionally, GAO reported

that since fiscal year 2006, U.S. Immigration and Customs Enforcement within DHS

allocated about 3 percent of its investigative work hours to overstay investigations.

Moreover, DHS should better leverage opportunities to strengthen its alien smuggling

enforcement efforts by assessing the possible use of various investigative techniques,

such as those that follow cash transactions flowing through money transmitters that

serve as the primary method of payment to those individuals responsible for smuggling

aliens. Further, weaknesses with the E-Verify program, including challenges in

accurately estimating E-Verify costs, put DHS at an increased risk of not making

informed investment decisions. [2, p. 24]

Part II: HS, DHS, & HS Enterprise

211

Chapter 12: DHS Progress

Table 12-17: 2011 GAO Expectations for Immigration Enforcement [2, pp. 43-44]

212

Immigration Services.

Key Progress: DHS improved the quality and efficiency of the immigration benefit

administration process, and expanded its efforts to detect and deter immigration

fraud. For example, DHS initiated efforts to modernize its immigration benefit

administration infrastructure; improve the efficiency and timeliness of its application

intake process; and ensure quality in its benefit adjudication processes. Further, DHS

designed training programs and quality reviews to help ensure the integrity of asylum

adjudications. Moreover, in 2004 DHS established the Office of Fraud Detection and

National Security, now a directorate, to lead immigration fraud detection and

deterrence efforts, and this directorate has since developed and implemented

strategies for this purpose. [2, p. 24]

Remaining Work: More work remains in DHS’s efforts to improve its administration of

immigration benefits. For example, DHS’s program for transforming its immigration

benefit processing infrastructure and business practices from paper-based to digital

systems missed its planned milestones by more than 2 years, and has been hampered

by management challenges, such as insufficient planning and not adhering to DHS

acquisition guidance before selecting a contractor to assist with implementation of the

transformation program. Additionally, while the Fraud Detection and National Security

Directorate put in place strategies for detecting and deterring immigration fraud, DHS

should take additional action to address vulnerabilities identified in its assessments

intended to determine the extent and nature of fraud in certain applications. Further,

despite mechanisms DHS had designed to help asylum officers assess the authenticity

of asylum claims, such as identity and security checks and fraud prevention teams,

asylum officers surveyed cited challenges in identifying fraud as a key factor affecting

their adjudications. For example, 73 percent of asylum officer survey respondents

reported it was moderately or very difficult to identify document fraud. [2, p. 25]

Part II: HS, DHS, & HS Enterprise

213

Chapter 12: DHS Progress

Table 12-18: 2011 GAO Expectations for Immigration Services [2, p. 44]

214

Critical Infrastructure Protection of Cyber Assets.

Key Progress: DHS expanded its efforts to conduct cybersecurity risk assessments and

planning, provide for the protection and resilience of cyber assets, and implement

cybersecurity partnerships and coordination mechanisms. For example, DHS developed

the first National Cyber Incident Response Plan in September 2010 to coordinate the

response of multiple federal agencies, state and local governments, and hundreds of

private firms, to incidents at all levels. DHS also took steps to secure external network

connections in use by the federal government by establishing the National

Cybersecurity Protection System, operationally known as Einstein, to analyze computer

network traffic information to and from agencies. In 2008, DHS developed Einstein 2,

which incorporated network intrusion detection technology into the capabilities of the

initial version of the system. Additionally, the department made progress in enhancing

its cyber analysis and incident warning capabilities through the establishment of the

U.S. Computer Emergency Readiness Team, which, among other things, coordinates

the nation’s efforts to prepare for, prevent, and respond to cyber threats to systems

and communications networks. Moreover, since conducting a major cyber attack

exercise, called Cyber Storm, DHS demonstrated progress in addressing lessons it had

learned from this exercise to strengthen public and private incident response

capabilities. [2, p. 25]

Remaining Work: Key challenges remain in DHS’s cybersecurity efforts. For example, to

expand its protection and resiliency efforts, DHS needs to lead a concerted effort to

consolidate and better secure Internet connections at federal agencies. Further, DHS

faced challenges regarding deploying Einstein 2, including understanding the extent to

which its objective was being met because the department lacked performance

measures that addressed whether agencies report whether the alerts represent actual

incidents. DHS also faces challenges in fully establishing a comprehensive national

cyber analysis and warning capability. For example, the U.S. Computer Emergency

Readiness Team did not fully address 15 key attributes of cyber analysis and warning

capabilities. These attributes are related to (1) monitoring network activity to detect

anomalies, (2) analyzing information and investigating anomalies to determine

whether they are threats, (3) warning appropriate officials with timely and actionable

threat and mitigation information, and (4) responding to the threat. For instance, the

U.S. Computer Emergency Readiness Team provided warnings by developing and

distributing a wide array of notifications; however, these notifications were not

consistently actionable or timely. Additionally, expectations of private sector

stakeholders are not being met by their federal partners in areas related to sharing

information about cyber-based threats to critical infrastructure. [2, p. 26]

Part II: HS, DHS, & HS Enterprise

215

Chapter 12: DHS Progress

Table 12-19: 2011 GAO Expectations for CIP of Cyber Assets [2, p. 44]

216

Emergency Preparedness and Response. DHS issued the National Preparedness

Guidelines that describe a national framework for capabilities- based preparedness,

and a Target Capabilities List to provide a national-level generic model of capabilities

defining all-hazards preparedness. DHS is also finalizing a National Disaster Recovery

Framework, and awards preparedness grants based on a reasonable risk methodology.

However, DHS needs to strengthen its efforts to assess capabilities for all-hazards

preparedness, and develop a long-term recovery structure to better align timing and

involvement with state and local governments’ capacity. DHS should also improve the

efficacy of the grant application process by mitigating duplication or redundancy within

the various preparedness grant programs. [2, pp. ii-iii]

Key Progress: DHS expanded its efforts to improve national emergency preparedness

and response planning; improved its emergency assistance services; and enhanced

emergency communications. For example, DHS developed various plans for disaster

preparedness and response. In particular, in 2004 DHS issued the National Response

Plan and subsequently made revisions to it, culminating in the issuance of the National

Response Framework in January 2008, which outlines the guiding principles and major

roles and responsibilities of government, nongovernmental organizations, and private

sector entities for response to disasters of all sizes and causes. Further, DHS issued the

National Preparedness Guidelines that describe a national framework for capabilities-

based preparedness, and a Target Capabilities List, designed to provide a national-level

generic model of capabilities defining all-hazards preparedness. DHS also assisted local

communities with developing long-term disaster recovery plans as part of its post-

disaster assistance. For example, DHS assisted Iowa City’s recovery from major floods

in 2008 by, among other things, identifying possible federal funding sources for specific

projects in the city’s recovery plan, and advising the city on how to prepare effective

project proposals. DHS is also finalizing a National Disaster Recovery Framework,

intended to provide a model to identify and address challenges that arise during the

disaster recovery process. Moreover, DHS issued the National Emergency

Communications Plan—the first strategic document for improving emergency

communications nationwide. [2, p. 26]

Remaining Work: More work remains in DHS’s efforts to assess capabilities for all-

hazards preparedness and provide long-term disaster recovery assistance. For

example, DHS has not yet developed national preparedness capability requirements

based on established metrics to provide a framework for assessing preparedness.

Further, the data DHS collected to measure national preparedness were limited by

reliability and measurement issues related to the lack of standardization. Until a

framework for assessing preparedness is in place, DHS will not have a basis on which to

operationalize and implement its conceptual approach for assessing local, state, and

federal preparedness capabilities against capability requirements and identify

capability gaps for prioritizing investments in national preparedness. Moreover, with

regard to long-term disaster recovery assistance, DHS’s criteria for when to provide the

Part II: HS, DHS, & HS Enterprise

217

assistance were vague, and, in some cases, DHS provided assistance before state and

local governments had the capacity to work effectively with DHS. Additionally, DHS

should improve the efficacy of the grant application and review process by mitigating

duplication or redundancy within the various preparedness grant programs. Until DHS

evaluates grant applications across grant programs, DHS cannot ascertain whether or

to what extent multiple funding requests are being submitted for similar purposes. [2,

p. 27]

Chapter 12: DHS Progress

Table 12-20: 2011 GAO Expectations for Emergency Preparedness and Response [2, pp. 45-46]

218

Overall, the 2011 GAO assessment found that since it began operations in 2003, DHS

has implemented key homeland security operations and achieved important goals and

milestones in many areas to create and strengthen a foundation to reach its potential.

As it continues to mature, however, more work remains for DHS to address gaps and

weaknesses in its current operational and implementation efforts, and to strengthen

the efficiency and effectiveness of those efforts to achieve its full potential. DHS’s

accomplishments include developing strategic and operational plans; deploying

workforces; and establishing new, or expanding existing, offices and programs. Such

accomplishments are noteworthy given that DHS has had to work to transform itself

into a fully functioning department while implementing its missions—a difficult

undertaking that can take years to achieve. While DHS has made progress, its

transformation remains high risk due to its management challenges. [2, p. ii]

2015 GAO Assessment

By 2015, DHS had grown to 240,000 employees and approximately $60 billion in

budget authority. [3, p. 1] In 2003, GAO designated implementing and transforming

DHS as high risk because DHS had to transform 22 agencies into one department, and

failure to address associated risks could have serious consequences for U.S. national

and economic security. As a result, in its 2013 high-risk update, GAO narrowed the

scope of the high-risk area to focus on strengthening and integrating DHS management

functions (human capital, acquisition, financial, and information technology). At the

request of Congress, in February 2015 GAO took another look at DHS’s progress and

actions remaining in strengthening and integrating its management functions. [3, p. ii]

Key to addressing the department’s management challenges is DHS demonstrating the

ability to achieve sustained progress across 30 actions and outcomes that GAO

identified and DHS agreed were needed to address the high-risk area. GAO found in its

2015 high-risk update report that DHS fully addressed 9 of these actions and

outcomes, while work remains to fully address the remaining 21. Of the 9 actions and

outcomes that DHS has addressed, 5 have been sustained as fully implemented for at

least 2 years. For example, DHS fully met 1 outcome for the first time by obtaining a

clean opinion on its financial statements for 2 consecutive years. DHS has also mostly

addressed an additional 5 actions and outcomes, meaning that a small amount of work

remains to fully address them. However, DHS has partially addressed 12 and initiated 4

of the remaining actions and outcomes. For example, DHS does not have modernized

financial management systems, a fact that affects its ability to have ready access to

reliable information for informed decision making. Addressing some of these actions

and outcomes, such as modernizing the department’s financial management systems

Part II: HS, DHS, & HS Enterprise

Overall, the 2011 GAO

Assessment found that

since it began

operations in 2003, DHS

has implemented key

homeland security

operations and achieved

important goals and

milestones in many

areas to create and

strengthen a foundation

to reach its potential.

219

and improving employee morale, are significant undertakings that will likely require

multiyear efforts. In GAO’s 2015 high-risk update report, GAO concluded that in the

coming years, DHS needs to continue to show measurable, sustainable progress in

implementing its key management initiatives and achieving the remaining 21 actions

and outcomes. [3, p. ii]

While challenges remain for DHS across its range of missions, it has made considerable

progress. DHS efforts to strengthen and integrate its management functions have

resulted in the Department meeting two and partially meeting three of GAO’s criteria

for removal from the high-risk list. [3, p. ii]

Chapter 12: DHS Progress

Table 12-21: 2015 GAO Assessment of DHS Management Functions [3, p. ii]

220

Conclusion

Since DHS’ activation in March 2003, the General Accountability Office, the “watch

dog” arm of U.S. government, has made approximately 2,200 recommendations to

DHS to strengthen program management, performance measurement efforts, and

management processes, among other things. DHS has implemented more than 69

percent of these recommendations and has actions under way to address others. [3, p.

1] As generally acknowledged, DHS remains a “work in progress”. The key question,

“are we safer” is undoubtedly a resounding “yes”. Unfortunately, the nature of the

threat makes it impossible to ever be completely safe, leading to the ultimate question

about homeland security: “how safe at what cost?” The answer at present is

unknown, and likely will never be answered conclusively.

Part II: HS, DHS, & HS Enterprise

221

Chapter 12: DHS Progress

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. What was the focus of the 2007 GAO Assessment?

2. According to the 2007 GAO Assessment, which DHS mission demonstrated the most progress?

3. According to the 2007 GAO Assessment, which DHS mission demonstrated the least progress?

4. Given the broad changes in organization and mission between 2003and 2007, do you think the GAO Assessment

was accurate? Explain your answer.

5. How did the 2011 GAO Assessment differ from the 2007 GAO Assessment?

6. How did the highest performing mission in the 2007 GAO Assessment compare in the 2011 GAO Assessment?

7. How did the lowest performing mission in the 2007 GAO Assessment compare in the 2011 GAO Assessment?

8. Given the less expansive changes in organization and mission between 2007 and 2011, do you think the GAO

Assessment was accurate? Explain your answer.

9. Do you think a member of Congress, trying to assess the return on taxpayer investment, would find the GAO

assessments useful? Explain your answer.

10. Do you think yourself that the GAO assessments answer the question, “are we safer?”

222

Part II: HS, DHS, & HS Enterprise

223

HS Enterprise

Careful study of this chapter will help a student do the following:

 Explain the purpose of the homeland security enterprise.

 Describe the role of DHS with respect to the homeland security enterprise.

 Identify the roles and responsibilities of different members of the homeland security enterprise.

Chapter 13

Learning Outcomes

Chapter 13: HS Enterprise

224

“This Nation can protect itself. But we must all play a role—and in the commitment of

each, we will secure the homeland for all.”

– 2010 Quadrennial Homeland Security Review

Introduction

9/11 marked a watershed in national security. 9/11 demonstrated the ability of small

groups to wreak destructive power on a scale once only wielded by the military might

of nations. Whereas national security was focused on protecting United States

sovereignty among the community of nations, homeland security became necessary to

protect United States citizens from the catastrophic designs of non-state actors, both

foreign and domestic. This required an unprecedented level of cooperation between

Federal, State, and Local law enforcement and the national security apparatus. With

the addition of natural disasters to the list of catastrophic agents following Hurricane

Katrina, it also required an unprecedented level of integration with the emergency

response community. In order to safeguard the nation from domestic catastrophic

incidents, the Department of Homeland Security must work together in close

coordination with other Federal, State, and Local public and private agencies

comprising the Homeland Security Enterprise.

Homeland Security Enterprise

The Department of Homeland Security is one among many components of the

Homeland Security Enterprise. In some areas, like securing borders or managing the

immigration system, the Department possesses unique capabilities and, hence,

responsibilities. In other areas, such as critical infrastructure protection or emergency

management, the Department’s role is largely one of leadership and stewardship on

behalf of those who have the capabilities to get the job done. In still other areas, such

as counterterrorism, defense, and diplomacy, other Federal departments and agencies

have critical roles and responsibilities, including the Departments of Justice, Defense,

and State, the Federal Bureau of Investigation, and the National Counterterrorism

Center. Homeland security can only be optimized when the distributed and

decentralized nature of the enterprise is oriented in pursuit of common goals. [1, p. iii]

The term “enterprise” refers to the collective efforts and shared responsibilities of

Federal, State, Local, Tribal, Territorial, nongovernmental, and private-sector

partners—as well as individuals, families, and communities—to maintain critical

homeland security capabilities. It connotes a broad-based community with a common

interest in the public safety and well-being of America and American society and is

Part II: HS, DHS, & HS Enterprise

Whereas national

security was focused on

protecting United States

sovereignty among the

community of nations,

homeland security

became necessary to

protect United States

citizens from the

catastrophic designs of

non-state actors, both

foreign and domestic.

225

composed of multiple partners and stakeholders whose roles and responsibilities are

distributed and shared. Yet it is important to remember that these partners and

stakeholders face diverse risks, needs, and priorities. The challenge for the enterprise,

then, is to balance these diverse needs and priorities, while focusing on shared

interests and responsibilities to collectively secure the homeland. [1, p. 12]

With the establishment of homeland security, and the linking of domestic security

concerns to broader national security interests and institutions, there is a temptation

to view homeland security so broadly as to encompass all national security and

domestic policy activities. This is not the case. Homeland security is deeply rooted in

the security and resilience of the nation, and facilitating lawful interchange with the

world. As such, it intersects with many other functions of government. Homeland

security is built upon critical law enforcement functions, but is not about preventing all

crimes or administering our Nation’s judicial system. It is deeply embedded in trade

activities, but is neither trade nor economic policy. It requires international

engagement, but is not responsible for foreign affairs. Rather, homeland security is

meant to connote a concerted, shared effort to ensure a homeland that is safe, secure,

and resilient against terrorism and other hazards where American interests,

aspirations, and way of life can thrive. [1, p. 13]

Homeland security spans the authorities and responsibilities of Federal departments

and agencies, State, Local, Tribal and Territorial governments, the private sector, as

well as private citizens and communities. For this reason, coordination and cooperation

are essential to successfully carrying out and accomplishing the homeland security

missions. Documents such as the National Infrastructure Protection Plan (NIPP) and

National Response Framework (NRF), as well as documents produced by the National

Counterterrorism Center, spell out roles and responsibilities for various aspects of

homeland security. The following discussion highlights key current roles and

responsibilities of the many actors across the Homeland Security Enterprise. They are

derived largely from statutes, Presidential directives, and other authorities, as well as

from the NIPP and NRF. [1, pp. A-1]

President of the United States

The President of the United States is the Commander in Chief and the leader of the

Executive Branch of the Federal Government. The President, through the National

Security Council and the National Security Staff, provides overall homeland security

policy direction and coordination. [1, pp. A-1]

Chapter 13: HS Enterprise

Homeland security

spans the authorities

and responsibilities of

Federal departments

and agencies, State,

Local, Tribal and

Territorial governments,

the private sector, as

well as private citizens

and communities. For

this reason,

coordination and

cooperation are

essential to successfully

carrying out and

accomplishing the

homeland security

missions.

226

Secretary of Homeland Security

The Secretary of Homeland Security leads the Federal agency as defined by statute

charged with homeland security: preventing terrorism and managing risks to critical

infrastructure; securing and managing the border; enforcing and administering

immigration laws; safeguarding and securing cyberspace; and ensuring resilience to

disasters. [1, pp. A-1]

United States Attorney General

The Attorney General has lead responsibility for criminal investigations of terrorist acts

or terrorist threats by individuals or groups inside the United States, or directed at

United States citizens or institutions abroad, as well as for related intelligence

collection activities within the United States. Following a terrorist threat or an actual

incident that falls within the criminal jurisdiction of the United States, the Attorney

General identifies the perpetrators and brings them to justice. The Attorney General

leads the Department of Justice, which also includes the Federal Bureau of

Investigation, Drug Enforcement Administration, and Bureau of Alcohol, Tobacco,

Firearms, and Explosives, each of which has key homeland security responsibilities. [1,

pp. A-1]

Secretary of State

The Secretary of State has the responsibility to coordinate activities with foreign

governments and international organizations related to the prevention, preparation,

response, and recovery from a domestic incident, and for the protection of U.S.

citizens and U.S. interests overseas. The Department of State also adjudicates and

screens visa applications abroad. [1, pp. A-1]

Secretary of Defense

The Secretary of Defense leads the Department of Defense, whose military services,

defense agencies, and geographic and functional commands defend the United States

from direct attack, deter potential adversaries, foster regional stability, secure and

assure access to sea, air, space, and cyberspace, and build the security capacity of key

partners. DOD also provides a wide range of support to civil authorities at the direction

of the Secretary of Defense or the President when the capabilities of State and Local

authorities to respond effectively to an event are overwhelmed. [1, pp. A-2]

Part II: HS, DHS, & HS Enterprise

227

Secretary of Health and Human Services

The Secretary of Health and Human Services leads the coordination of all functions

relevant to Public Health Emergency Preparedness and Disaster Medical Response.

Additionally, the Department of Health and Human Services (HHS) incorporates steady-

state and incident-specific activities as described in the National Health Security

Strategy. HHS is the coordinator and primary agency for Emergency Support Function

(ESF) #8 – Public Health and Medical Services, providing the mechanism for

coordinated Federal assistance to supplement State, local, tribal, and territorial

resources in response to a public health and medical disaster, potential or actual

incident requiring a coordinated Federal response, and/or during a developing

potential health and medical emergency. HHS is also the Sector-Specific Agency for the

Healthcare and Public Health Sector. [1, pp. A-2]

Secretary of the Treasury

The Secretary of the Treasury works to safeguard the U.S. financial system, combat

financial crimes, and cut off financial support to terrorists, WMD proliferators, drug

traffickers, and other national security threats. [1, pp. A-2]

Secretary of Agriculture

The Secretary of Agriculture provides leadership on food, agriculture, natural

resources, rural development, and related issues based on sound public policy, the

best available science, and efficient management. The Department of Agriculture

(USDA) is the Sector-Specific Agency for the Food and Agriculture Sector, a

responsibility shared with the Food and Drug Administration with respect to food

safety and defense. In addition, USDA is the coordinator and primary agency for two

Emergency Support Functions: ESF #4 – Firefighting and ESF #11 – Agriculture and

Natural Resources. USDA, together with the Department of the Interior, also operates

the National Interagency Fire Center. [1, pp. A-2]

Director of National Intelligence

The Director of National Intelligence serves as the head of the Intelligence Community

(IC), acts as the principal advisor to the President and National Security Council for

intelligence matters relating to national security, and oversees and directs

implementation of the National Intelligence Program. The IC, composed of 16

elements across the U.S. Government, functions consistent with law, Executive order,

regulations, and policy to support the national security-related missions of the U.S.

Government. It provides a range of analytic products that assess threats to the

homeland and inform planning, capability development, and operational activities of

homeland security enterprise partners and stakeholders. In addition to IC elements

with specific homeland security missions, the Office of the Director of National

Intelligence maintains a number of mission and support centers that provide unique

Chapter 13: HS Enterprise

228

Part II: HS, DHS, & HS

capabilities for homeland security partners, including the National Counterterrorism

Center (NCTC), National Counterproliferation Center, and National Counterintelligence

Executive. NCTC serves as the primary U.S. government organization for analyzing and

integrating all intelligence pertaining to terrorism and counterterrorism, and conducts

strategic operational planning for integrated counterterrorism activities. [1, pp. A-3]

Secretary of Commerce

The Secretary of Commerce, supportive of national economic security interests and

responsive to Public Law and Executive direction, is responsible for promulgating

Federal information technology and cybersecurity standards; regulating export of

security technologies; representing U.S. industry on international trade policy and

commercial data flow matters; security and privacy policies that apply to the Internet’s

domain name system; protecting intellectual property; conducting cybersecurity

research and development; and assuring timely availability of industrial products,

materials, and services to meet homeland security requirements. [1, pp. A-3]

Secretary of Education

The Secretary of Education oversees discretionary grants and technical assistance to

help schools plan for and respond to emergencies that disrupt teaching and learning.

The Department of Education is a supporting Federal agency in the response and

management of emergencies under the National Response Framework. [1, pp. A-3]

Secretary of Energy

The Secretary of Energy maintains stewardship of vital national security capabilities,

from nuclear weapons to leading edge research and development programs. The

Department of Energy (DOE) is the designated Federal agency to provide a unifying

structure for the integration of Federal critical infrastructure and key resources

protection efforts specifically for the Energy Sector. It is also responsible for

maintaining continuous and reliable energy supplies for the United States through

preventive measures and restoration and recovery actions. DOE is the coordinator and

primary agency for ESF #12 – Energy when incidents require a coordinated Federal

response to facilitate the restoration of damaged energy systems and components. [1,

pp. A-3]

Environmental Protection Agency

The Administrator of the Environmental Protection Agency (EPA) leads the EPA, which

is charged with protecting human health and the environment. For certain incidents,

EPA is the coordinator and primary agency for ESF #10 – Oil and Hazardous Materials

Response, in response to an actual or potential discharge and/or uncontrolled release

of oil or hazardous materials. EPA is the Sector-Specific Agency for securing the Water

Sector. [1, pp. A-4]

229

Secretary of Housing and Urban Development

The Secretary of Housing and Urban Development is the coordinator and primary

agency for ESF #14 – Long-Term Community Recovery, which provides a mechanism

for coordinating Federal support to State, tribal, regional, and local governments,

nongovernmental organizations (NGOs), and the private sector to enable community

recovery from the long-term consequences of extraordinary disasters.

Secretary of the Interior

The Secretary of the Interior develops policies and procedures for all types of hazards

and emergencies that impact Federal lands, facilities, infrastructure, and resources;

tribal lands; and insular areas. The Department of the Interior (DOI) is also a primary

agency for ESF #9 – Search and Rescue, providing specialized lifesaving assistance to

State, tribal, and local authorities when activated for incidents or potential incidents

requiring a coordinated Federal response. DOI, together with the Department of

Agriculture, also operates the National Interagency Fire Center. [1, pp. A-4]

Secretary of Transportation

The Secretary of Transportation collaborates with DHS on all matters relating to

transportation security and transportation infrastructure protection and in regulating

the transportation of hazardous materials by all modes (including pipelines). The

Secretary of Transportation is responsible for operating the national airspace system.

[1, pp. A-4]

Other Federal Agencies

Other Federal Agencies are also part of the homeland security enterprise and

contribute to the homeland security mission in a variety of ways. This includes

agencies with responsibilities for regulating elements of the Nation’s critical

infrastructure to assure public health, safety, and the common defense, developing

and implementing pertinent public policy, supporting efforts to assure a resilient

homeland, and collaborating with those departments and agencies noted above in

their efforts to secure the homeland. [1, pp. A-4]

Critical Infrastructure Owners and Operators

Critical Infrastructure and Key Resource (CIKR) Owners and Operators develop

protective programs and measures to ensure that systems and assets, whether

physical or virtual, are secure from and resilient to cascading, disruptive impacts.

Protection includes actions to mitigate the overall risk to CIKR assets, systems,

networks, functions, or their interconnecting links, including actions to deter the

threat, mitigate vulnerabilities, or minimize the consequences associated with a

Chapter 13: HS Enterprise

230

terrorist attack or other incident. CIKR owners and operators also prepare business

continuity plans and ensure their own ability to sustain essential services and

functions. [1, pp. A-5]

Major and Multinational Corporations

Major and Multinational Corporations operate in all sectors of trade and commerce

that foster the American way of life and support the operation, security, and resilience

of global movement systems. They take action to support risk management planning

and investments in security as a necessary component of prudent business planning

and operations. They contribute to developing the ideas, science, and technology that

underlie innovation in homeland security. During times of disaster, they provide

response resources (donated or compensated)—including specialized teams, essential

service providers, equipment, and advanced technologies—through public-private

emergency plans/partnerships or mutual aid and assistance agreements, or in

response to requests from government and nongovernmental-volunteer initiatives. [1,

pp. A-5]

Small Business

Small Businesses contribute to all aspects of homeland security and employ more than

half of all private-sector workers. They support response efforts by developing

contingency plans and working with local planners to ensure that their plans are

consistent with pertinent response procedures. When small businesses can survive and

quickly recover from disasters, the Nation and economy are more secure and more

resilient. They perform research and development, catalyze new thinking, and serve as

engines of innovation for development of new solutions to key challenges in homeland

security. [1, pp. A-5]

Governors

Governors are responsible for overseeing their State’s threat prevention activities as

well the State’s response to any emergency or disaster, and take an active role in

ensuring that other State officials and agencies address the range of homeland security

threats, hazards, and challenges. During an emergency, Governors will play a number

of roles, including the State’s chief communicator Critical Infrastructure and Key

Resource (CIKR) Owners and Operators develop protective programs and measures to

ensure that systems and assets, whether physical or virtual, are secure from and

resilient to cascading, disruptive impacts. Protection includes actions to mitigate the

overall risk to CIKR assets, systems, networks, functions, or their interconnecting links,

including actions to deter the threat, mitigate vulnerabilities, or minimize the

consequences associated with a terrorist attack or other incident. CIKR owners and

operators also prepare business continuity plans and ensure their own ability to

sustain essential services and functions. [1, pp. A-5]

Part II: HS, DHS, & HS Enterprise

231

State and Territorial Governments

State and Territorial Governments coordinate the activity of cities, counties, and

intrastate regions. States administer Federal homeland security grants to local and

tribal (in certain grant programs) governments, allocating key resources to bolster their

prevention and preparedness capabilities. State agencies conduct law enforcement

and security activities, protect the Governor and other executive leadership, and

administer State programs that address the range of homeland security threats,

hazards, and challenges. States government officials lead statewide disaster and

mitigation planning. During response, States coordinate resources and capabilities

throughout the State and are responsible for requesting and obtaining resources and

capabilities from surrounding States. States often mobilize these substantive resources

and capabilities to supplement the local efforts before, during, and after incidents. [1,

pp. A-6]

Tribal Leaders

Tribal Leaders are responsible for the public safety and welfare of their membership.

They can serve as both key decision makers and trusted sources of public information

during incidents. [1, pp. A-6]

Tribal Governments

Tribal Governments, which have a special status under Federal laws and treaties,

ensure the provision of essential services to members within their communities, and

are responsible for developing emergency response and mitigation plans. Tribal

governments may coordinate resources and capabilities with neighboring jurisdictions,

and establish mutual aid agreements with other tribal governments, local jurisdictions,

and State governments. Depending on location, land base, and resources, tribal

governments provide law enforcement, fire, and emergency services as well as public

safety to their members. [1, pp. A-6]

Mayors and Other Elected Officials

Mayors and other local elected and appointed officials (such as city managers) are

responsible for ensuring the public safety and welfare of their residents, serving as

their jurisdiction’s chief communicator and a primary source of information for

homeland security-related information, and ensuring their governments are able to

carry out emergency response activities. They serve as both key decision makers and

trusted sources of public information during incidents. [1, pp. A-6]

Chapter 13: HS Enterprise

232

Local Governments

Local Governments provide front-line leadership for local law enforcement, fire, public

safety, environmental response, public health, and emergency medical services for all

manner of hazards and emergencies. Through the Urban Areas Security Initiative

(UASI) program, cities (along with counties in many cases) address multijurisdictional

planning and operations, equipment support and purchasing, and training and

exercises in support of high-threat, high-density urban areas. UASI grants assist local

governments in building and sustaining homeland security capabilities. Local

governments coordinate resources and capabilities during disasters with neighboring

jurisdictions, NGOs, the State, and the private sector. [1, pp. A-7]

County Leaders

County Leaders serve as chief operating officers of county governments, both rural and

urban. This includes supporting and enabling the county governments to fulfill their

responsibilities to constituents, including public safety and security. In some States,

elected county officials such as sheriffs or judges also serve as emergency managers,

search and rescue officials, and chief law enforcement officers. [1, pp. A-7]

County Governments

County Governments provide front-line leadership for local law enforcement, fire,

public safety, environmental response, public health, and emergency medical services

for all manner of hazards and emergencies. In many cases, county government officials

participate in UASIs with other urban jurisdictions to assist local governments in

building and sustaining capabilities to prevent, protect against, respond to, and recover

from threats or acts of terrorism. County governments coordinate resources and

capabilities during disasters with neighboring jurisdictions, NGOs, the State, and the

private sector. [1, pp. A-7]

American Red Cross

The American Red Cross is a supporting agency to the mass care functions of ESF #6 –

Mass Care, Emergency Assistance, Housing, and Human Services under the NRF. As the

Nation’s largest mass care service provider, the American Red Cross provides

sheltering, feeding, bulk distribution of needed items, basic first aid, welfare

information, and casework, among other services, at the local level as needed. In its

role as a service provider, the American Red Cross works closely with local, tribal, and

State governments to provide mass care services to victims of every disaster, large and

small, in an affected area. [1, pp. A-7]

Part II: HS, DHS, & HS Enterprise

233

Voluntary Organizations Active in Disaster

National Voluntary Organizations Active in Disaster (National VOAD) is a consortium of

approximately 50 national organizations and 55 State and territory equivalents that

typically send representatives to the Federal Emergency Management Agency’s

National Response Coordination Center to represent the voluntary organizations and

assist in response coordination. Members of National VOAD form a coalition of

nonprofit organizations that respond to disasters as part of their overall mission. [1,

pp. A-8]

Nongovernmental Organizations

Nongovernmental Organizations (NGOs) provide sheltering, emergency food supplies,

counseling services, and other vital support services to support response and promote

the recovery of disaster victims. They often provide specialized services that help

individuals with special needs, including those with disabilities, and provide

resettlement assistance and services to arriving refugees. NGOs also play key roles in

engaging communities to integrate lawful immigrants into American society and

reduce the marginalization or radicalization of these groups. [1, pp. A-8]

Community Organizations

Communities and community organizations foster the development of organizations

and organizational capacity that act toward a common goal (such as Neighborhood

Watch, Community Emergency Response Teams, or providing emergency food or

shelter). These groups may possess the knowledge and understanding of the threats,

local response capabilities, and special needs within their jurisdictions and have the

capacity necessary to alert authorities of those threats, capabilities, or needs.

Additionally, during an incident these groups may be critical in passing along vital

incident communications to individuals and families, and to supporting critical

response activities in the initial stages of a crisis. [1, pp. A-8]

Individuals and Families

Individuals and Families take the basic steps to prepare themselves for emergencies,

including understanding the threats and hazards that they may face, reducing hazards

in and around their homes, preparing an emergency supply kit and household

emergency plans (that include care for pets and service animals), monitoring

emergency communications carefully, volunteering with established organizations,

mobilizing or helping to ensure community preparedness, enrolling in training courses,

and practicing what to do in an emergency. These individual and family preparedness

activities strengthen community resilience and mitigate the impact of disasters. In

addition, individual vigilance and awareness can help communities remain safer and

bolster prevention efforts. [1, pp. A-8]

Chapter 13: HS Enterprise

234

Conclusion

In order to safeguard the nation from domestic catastrophic incidents requires the

collective and coordinated efforts of many agencies, organizations, and individuals.

While the nation looks to the Department of Homeland Security to lead the way,

homeland security is an enterprise. Each of us—government, business, and individual

alike—has a role to play in contributing to the collective strength of this country. [1, p.

78]

Part II: HS, DHS, & HS Enterprise

235

Chapter 13: HS Enterprise

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. Why is a homeland security “enterprise” necessary?

2. What are the essential elements required to make the homeland security enterprise work?

3. Which member of the enterprise is responsible for overseeing their State’s threat prevention activities as well the State’s

response to any emergency or disaster?

4. Which member of the enterprise serves as the head of the Intelligence Community, acts as the principal advisor to the

President and National Security Council for intelligence matters relating to national security?

5. Which member of the enterprise provides sheltering, emergency food supplies, counseling services, and other vital services to

support response and promote the recovery of disaster victims?

6. Which member of the enterprise provides front-line leadership for local law enforcement, fire, public safety, environmental

response, public health, and emergency medical services for all manner of hazards and emergencies?

7. Which member of the enterprise is responsible for criminal investigations of terrorist acts inside the United States, or directed

at United States citizens or institutions abroad, as well as for related intelligence collection activities within the United States?

8. Which member of the enterprise defends the United States from direct attack, deters potential adversaries, fosters regional

stability, secures and assures access to sea, air, space, and cyberspace?

9. Which member of the enterprise is responsible for taking basic steps to prepare themselves for emergencies and

understanding the threats and hazards that they may face?

10. Which member of the enterprise is the coordinator and primary agency in response to an actual or potential discharge and/or

uncontrolled release of oil or hazardous materials?

236

237

Part III:

Mission Areas

In this section we will examine the missions performed by the Department of Homeland Security to safeguard the U.S.

from domestic catastrophic destruction. These missions are defined in the 2014 Quadrennial Homeland Security

Review and are re-evaluated every four years under the QHSR process. As was seen in Chapter 11, these missions have

evolved since DHS’ activation in 2003. Still, they remain grounded in the strategic implications and tactical lessons

learned from 9/11. From a strategic standpoint, they address the means for committing domestic catastrophic

destruction by protecting critical infrastructure, countering weapons of mass destruction, and securing cyberspace.

From a tactical perspective, they seek to plug the holes exposed on 9/11, and subsequent attacks in Madrid (2004) and

London (2007), by rooting out those with malicious intent, preventing them from entering the country or otherwise

smuggling in WMD, and tightening security within our mass transit systems. However, because no defense is

invulnerable and we cannot stop the destructive forces of nature, the ability to mount a coordinated response and

recovery remains critical to saving lives and alleviating suffering. In order to facilitate understanding, each chapter is

organized to 1) describe the problem, 2) explain what’s being done to address it, 3) what has been accomplished and,

4) what remains to be done.

238

Part III: Mission Areas

239

Chapter 14: Critical Infrastructure Protection

Critical Infrastructure

Protection

Careful study of this chapter will help a student do the following:

 Explain how the importance of critical infrastructure protection was realized before 9/11.

 Describe how critical infrastructure protection has been shaped and evolved since PDD-63.

 Explain the role of the Federal government in critical infrastructure protection.

 Assess the importance of various steps in the Risk Management Framework.

Chapter 14

Learning Outcomes

240

“We did find widespread capability to exploit infrastructure vulnerabilities. The

capability to do harm—particularly through information networks—is real; it is growing

at an alarming rate; and we have little defense against it.”

– 1997 President’s Commission on Critical Infrastructure Protection

Introduction

9/11 thrust critical infrastructure protection to the forefront of US security concerns.

Previously, in July 1996 President Clinton appointed a Commission on Critical

Infrastructure Protection to report the scope and nature of vulnerabilities and threats

to the nation’s critical infrastructure, and recommend a comprehensive national plan

for protecting them including any necessary regulatory changes. The Commission was

chartered in response to growing concerns stemming from the 1993 attack on the

World Trade Center in New York City, 1995 bombing of the Murrah Federal Building in

Oklahoma City, and 1996 bombing of the Khobar Towers US military barracks in

Dhahran Saudi Arabia. Examining both the physical and cyber vulnerabilities, the

Commission found no immediate crisis threatening the nation’s infrastructures.

However, it did find reason to take action, especially in the area of cybersecurity. The

rapid growth of a computer-literate population (implying a greater pool of potential

hackers), the inherent vulnerabilities of common protocols in computer networks, the

easy availability of hacker “tools” (available on many websites), and the fact that the

basic tools of the hacker (computer, modem, telephone line) were the same essential

technologies used by the general population indicated to the Commission that both

threat and vulnerability exist. The Commission Report, released in October 1997, led to

Presidential Decision Directive No. 63 (PDD-63) issued in May 1998. PDD-63 set as a

national goal the ability to protect the nation’s critical infrastructure from intentional

attacks (both physical and cyber) by the year 2003. According to the PDD, any

interruptions in the ability of these infrastructures to provide their goods and services

must be “brief, infrequent, manageable, geographically isolated, and minimally

detrimental to the welfare of the United States”. [1, p. 4]

PDD-63

PDD-63 identified a set of twelve infrastructure “sectors” whose assets should be

protected: information and communications; banking and finance; water supply;

aviation, highways, mass transit, pipelines, rail, and waterborne commerce; emergency

and law enforcement services; emergency, fire, and continuity of government services;

public health services; electric power, oil and gas production, and storage. A federal

Lead Agency (LA) was assigned to each of these “sectors”. Each Lead Agency was

directed to appoint a Sector Liaison Official to interact with appropriate private sector

organizations. The private sector was encouraged to select a Sector Coordinator to

work with the agency’s sector liaison official. Together, the liaison official, sector

coordinator, and all affected parties were to contribute to a Sector Security Plan (SSP)

which was to be integrated into a National Infrastructure Assurance Plan. [1, p. 4]

Part III: Mission Areas

In July 1996, President

Clinton appointed a

Commission on Critical

Infrastructure Protection

to report on the scope

and nature of

vulnerabilities and

threats to the nation’s

critical infrastructure.

The Commission found

concern for cyber attack.

As a result, in May 1998,

President Clinton issued

PDD-63 setting a

national goal to protect

the nation’s critical

infrastructure from

intentional attack.

241

Following the attacks of September 11, 2001, critical infrastructure protection became

a high priority. On October 16, 2001, President Bush signed Executive Order (EO)

13231 stating that it is US policy “to protect against the disruption of the operation of

information systems for critical infrastructure … and to ensure that any disruptions

that occur are infrequent, of minimal duration, and manageable, and cause the least

damage possible.” On October 26, 2001, President Bush signed into law the USA

PATRIOT Act, defining critical infrastructure as “systems and assets, whether physical

or virtual, so vital to the United States that the incapacity or destruction of such

systems and assets would have a debilitating impact on security, national economic

security, national public health or safety, or any combination of those matters”. In July

2002, the Office of Homeland Security released the first National Strategy for

Homeland Security. It identified protecting the nation’s critical infrastructures and key

assets as one of six critical mission areas. The Strategy also expanded upon the list of

sectors considered to comprise critical infrastructure to include public health, the

chemical industry and hazardous materials, postal and shipping, the defense industrial

base, and agriculture and food. Key assets were defined later to include national

monuments and other historic attractions, dams, nuclear facilities, and large

commercial centers, including office buildings and sport stadiums, where large

numbers of people congregate to conduct business, personal transactions, or enjoy

recreational activities. Then on December 17, 2003, the Bush Administration released

Homeland Security Presidential Directive No. 7 (HSPD-7). HSPD-7 essentially updated

the policy of the United States and the roles and responsibilities of various agencies in

regard to critical infrastructure protection as outlined in previous documents, national

strategies, and the Homeland Security Act of 2002. For example, the Directive

reiterated the Secretary of Homeland Security’s role in coordinating the overall

national effort to protect critical infrastructure. It also reiterated the role of Sector-

Specific Agencies (formerly “Lead Agencies”) to work with their sectors to identify,

prioritize, and coordinate protective measures. The Directive captured the expanded

set of critical infrastructures and key assets and Sector-Specific Agencies assignments

made in the National Strategy for Homeland Security. One major difference between

PDD-63 and the Bush Administration’s efforts was a shift in focus. PDD-63 focused on

cybersecurity. While the post-September 11 effort was still concerned with

cybersecurity, its focus on physical threats, especially those that might cause mass

casualties, was greater than the pre-September 11 effort. [1, p. 12]

HSPD-7

HSPD-7 directed development of a National Plan for Critical Infrastructure and Key

Resources Protection to outline national goals, objectives, milestones, and key

initiatives. Previously, PDD-63 had called for development of a National Infrastructure

Assurance Plan. The corresponding focus on cybersecurity resulted in the National

Plan for Information Systems Protection released in January 2000. While this plan

formed the basis for the 2003 National Strategy to Secure Cyberspace, it did not

support the revised focus on physical security stemming from 9/11. After two furtive

Chapter 14: Critical Infrastructure Protection

In December 2003,

President Bush issued

HSPD-7 updating

national policy on

critical infrastructure

protection, following the

same pattern

established in PDD-63.

Because 9/11 had

succeeded in subverting

critical infrastructure in

a physical attack, HSPD-

7 gave greater emphasis

to physical protection

compared to PDD-63’s

emphasis on

cybersecurity.

242

attempts in 2005, the Department of Homeland Security (DHS) released the National

Infrastructure Protection Plan (NIPP) in June 2006. The NIPP identified and integrated

specific processes to guide an integrated national risk management effort. It defined

and standardized, across all sectors, a Risk Management Framework (RMF) process for

identifying and selecting assets for further analysis, identifying threats and conducting

threat assessments, assessing vulnerabilities to those threats, analyzing consequences,

determining risks, identifying potential risk mitigation activities, and prioritizing those

activities based on cost effectiveness. The NIPP also called for implementation plans

for these risk reduction activities, with timelines and responsibilities identified, and

tied to resources. Each Sector-Specific Agency (SSA) was to work with its sector to

generate Sector Specific Plans, utilizing the processes outlined in the NIPP. DHS was to

use these same processes to integrate the sector specific plans into a national plan

identifying those assets and risk reduction plans that require national level attention

because of the risk the incapacitation of those assets pose to the nation as a whole.

The NIPP was updated in 2009 to adopt an “all-hazards” approach to risk management,

and again in 2013 to emphasize the importance of resilience. [1, p. 24]

PPD-21

In February 2013, the Obama Administration issued Presidential Policy Directive No. 21

(PPD-21), Critical Infrastructure Security and Resilience, superseding HSPD-7. PPD-21

made no major changes in policy, roles and responsibilities, or programs, but did order

an evaluation of the existing public-private partnership model, the identification of

baseline data and system requirements for efficient information exchange, and the

development of a situational awareness capability (a continuous policy objective since

President Clinton’s PDD- 63). PPD-21 reflected an increased interest in resilience and

all-hazard approach that has evolved in critical infrastructure policy over the years. It

also updated sector designations, but made no major changes in Sector-Specific

Agency designations. However, PPD-21 did give the energy and communications

sectors a higher profile, due to the Administration’s assessment of their importance to

the operations of the other infrastructures. To date, the Obama Administration has

kept or slowly evolved the policies, organizational structures, and programs governing

physical security of critical infrastructure assets. It has focused much more effort to

expand upon the cybersecurity policies and programs associated with critical

infrastructure protection. [1, pp. 13-14]

Part III: Mission Areas

Table 14-1: CIP Directives, Strategies, & Plans

HS Law HS Directives HS Strategies CIP Plans

2002 HSA 1998 PDD-63 2002 NSHS 2005 Interim NIPP

2003 HSPD-7 2007 NSHS 2005 Draft NIPP

2013 PPD-21 2010 NSS 2006 NIPP

2015 NSS 2009 NIPP

2013 NIPP

In February 2013,

President Obama issue

PPD-21 again updating

national policy on

critical infrastructure

protection. PPD-21

restored emphasis on

cybersecurity, and

introduced the concept

of resilience.

243

Risk Management Framework

The Risk Management Framework has evolved since it was first introduced in the 2005

Interim National Infrastructure Protection Plan. [2, p. 8] Yet it remains, as currently

prescribed in the 2013 National Infrastructure Protection Plan, a continuous process

for incrementally reducing vulnerability within critical infrastructure. The Risk

Management Framework is conducted in voluntary cooperation between the

Department of Homeland Security and public and private partners organized into

Sector Coordinating Councils representing the sixteen infrastructure sectors listed in

Table 2. [3, pp. 10-11] The Risk Management Framework is conducted in five steps

comprised of 1) Set Goals and Objectives, 2) Identify Infrastructure, 3) Assess and

Analyze Risks, 4) Implement Risk Management Activities, and 5) Measure Effectiveness.

[3, p. 15]

Chapter 14: Critical Infrastructure Protection

Table 14-1: CIP Directives, Strategies, & Plans

HS Law HS Directives HS Strategies CIP Plans

2002 HSA 1998 PDD-63 2002 NSHS 2005 Interim NIPP

2003 HSPD-7 2007 NSHS 2005 Draft NIPP

2013 PPD-21 2010 NSS 2006 NIPP

2015 NSS 2009 NIPP

2013 NIPP

Table 14-2: Infrastructure Sectors and Lead/Sector-Specific Agencies

1998
PDD-63

2003
HSPD-7

2013
PPD-21

# Sector LA # Sector SSA # Sector SSA

1. Intelligence CIA 1. Chemical DHS 1. Chemical DHS

2. Information &
Communications

DOC 2. Commercial
Facilities

DHS 2. Commercial
Facilities

DHS

3. National Defense DOD 3. Communications DHS 3. Communications DHS

4. Electric, Power,
Gas, & Oil

DOE 4. Critical
Manufacturing

DHS 4. Critical
Manufacturing

DHS

5. Emergency Law
Enforcement

DOJ 5. Dams DHS 5. Dams DHS

6. Law Enforcement &
Internal Security

DOJ 6. Emergency
Services

DHS 6. Emergency
Services

DHS

7. Foreign Affairs DOS 7. Government
Facilities

DHS 7. Information
Technology

DHS

8. Transportation DOT 8. Information
Technology

DHS 8. Nuclear Reactors,
Materials, & Waste

DHS

9. Water EPA 9. Nuclear Reactors,
Materials, & Waste

DHS 9. Transportation
Systems

DHS &
DOT

10. Emergency Fire
Service

FEMA 10. Postal & Shipping DHS 10. Government
Facilities

DHS &
GSA

11. Emergency
Medicine

HHS 11. Defense Industrial
Base

DOD 11. Defense Industrial
Base

DOD

12. Banking & Finance TREAS 12. Energy DOE 12. Energy DOE

13. National
Monuments & Icons

DOI 13. Water &
Wastewater
Systems

EPA

14. Transportation
Systems

DHS &
DOT

14. Healthcare & Public
Health

HHS

15. Water EPA 15. Financial Services TREAS

16. Healthcare & Public
Health

HHS 16. Food & Agriculture USDA

17. Banking & Finance TREAS

18. Agriculture & Food USDA

244

RMF Step 1: Set Goals and Objectives. The risk reduction priorities for each sector are

established in Sector Specific Plans (SSPs). [3, p. 16] The first SSPs were released in

May 2007, after the first official National Infrastructure Protection Plan was issued in

2006. Of the 17 plans drafted, 7 were made available to the public. The other 11 plans

were designated “For Official Use Only” and withheld from public release. A review by

the Government Accountability Office found that while all the plans complied, more or

less, with NIPP requirements, some were more developed and comprehensive than

others. The Sector Security Plans were revised in 2010 after the NIPP was revised in

2009. HSPD-7 stipulated that the SSPs should be updated annually. However, in 2010,

DHS and its sector partners decided that a four-year cycle was sufficient for updating

the SSPs. [1, pp. 23-24] As of 2015, the SSPs had yet to be updated and the most

recent versions were dated 2010.

RMF Step 2: Identify Infrastructure. Despite the definition in the USA PATRIOT Act,

critical infrastructure identification has been fraught with difficulties. While the

National Infrastructure Protection Plan was still under development, the Department

of Homeland Security undertook Operation Liberty Shield to catalog the nation’s

critical infrastructure in advance of the U.S. invasion of Iraq. Over the summer of 2003,

DHS personnel cataloged 160 assets across various sectors it determined needed

additional protection or mitigation against potential attack. Under pressure from

Congress, the list was expanded to 1,849 assets and called the Protected Measures

Target list (PMTL). At the same time it was conducting Operation Liberty Shield, DHS

issued a grant asking states to conduct a critical infrastructure self-assessment. The

resulting data call added another 26,359 assets to the PMTL, including zoos, festivals,

shopping centers, and other “out-of-place” assets. [4, p. 6] The dubious results were

attributed to “minimal guidance” given to the states. Accordingly, in July 2004 DHS

issued a second data call to correct the problems from the 2003 data call. The 2004

data call included more precise instructions in the form of separate Guidelines for

Identifying National Level Critical Infrastructure and Key Resources. States responded

by submitting 47,701 additional assets to the PMTL. Together, the combined data

from Operation Liberty Shield and 2003 and 2004 data calls comprised 77,069 assets of

what DHS called the National Asset Database (NADB). Still, the DHS Inspector General

noted that the list contained too many “out-of-place” assets, making subsequent

prioritization difficult. [4, pp. 8-10] Congress intervened with the Implementing

Recommendations of the 9/11 Commission Act which mandated the establishment of

Part III: Mission Areas

Figure 14-1: 2013 NIPP Risk Management Framework [3, p. 15]

The DHS Risk

Management

Framework is the

implementing procedure

of the National

Infrastructure Protection

Plan.

245

a second database containing a prioritized list of assets. [5] DHS complied with

Congress by initiating the National Critical Infrastructure Prioritization Program (NCIPP)

working with public and private partners to identify and classify critical infrastructure

as either Level 1 or Level 2 priority based on the consequences associated with the

asset’s disruption or destruction. [6, p. 4] In 2006, the NADB was replaced by the

Infrastructure Information Collection System (IICS) available from the DHS

Infrastructure Protection Gateway. [7] According to the 2013 NIPP, the National Critical

Infrastructure Prioritization Program remains the primary program for prioritizing

critical infrastructure at the national level. [6, p. 17] The number and identity of assets

collected by NCIPP is protected information unavailable to the public.

RMF Step 3: Assess and Analyze Risks. DHS Protective Security Advisors (PSAs) located

in all fifty States and Puerto Rico conduct Security Surveys and Resilience Assessments

under the Enhanced Critical Infrastructure Protection (ECIP) and Regional Resiliency

Assessment Program (RRAP). [8] According to DHS guidance, PSAs are to conduct Site

Assistance Visits (SAVs) with infrastructure owners and operators within their districts

giving priority to Level 1 assets. PSAs use an Infrastructure Survey Tool to gather

information on 1,500 variables covering six major components and forty-two

subcomponents. The results are compiled by Argonne National Laboratory into a

“dashboard” indicating the asset’s overall protective measure score and compare it

with the scores of similar assets that have previously undergone a Security Survey. The

interactive dashboard allows owners to consider alternative security upgrades and see

how they affect the overall security of the asset as shown in Figure 2. PSA Security

Surveys are done in voluntary cooperation with infrastructure owner/operators. [9, pp.

9-10] Out of 2,195 Security Surveys and 655 Vulnerability Assessments conducted

during fiscal years 2009 through 2011, GAO identified a total of 135 Security Surveys

and 44 Vulnerability Assessments that matched assets on the NCIPP list of high-priority

assets. GAO also identified an additional 106 Security Surveys and 23 Vulnerability

Assessments that were potential matches with assets on the NCIPP lists of priority

assets, but could not be certain that the assets were the same because of

inconsistencies in the way the data were recorded in the two different databases. All

told, GAO determined that in two years DHS had conducted 241 Security Surveys and

67 Vulnerability Assessments on high-priority assets listed in the NCIPP database. [9,

pp. 15-17]

Chapter 14: Critical Infrastructure Protection

The Risk Management

Framework is a risk-

based methodology for

prioritizing allocation of

scarce national

resources to reducing

vulnerabilities among

critical infrastructure.

246

The Infrastructure Survey Tool is but one method for performing risk analysis on critical

infrastructure. Over the years, each sector has developed its own set of risk analysis

tools. The 2010 Sector Security Plan for Water identifies three assessment tools: 1)

Risk Assessment Methodology-Water (RAM-W), 2) Security and Environmental

Management System (SEMS); and 3) Vulnerability Self-Assessment Tool (VSAT). [10, p.

27] Similarly, the 2010 Transportation Systems Sector Specific Plan cites the use of the

Aviation Modal Risk Assessment (AMRA) as part of a broader Transportation Systems

Sector Security Risk Assessment (TSSRA) program. [11, pp. 135-136] The PSA Site

Assistance Visit is listed as the method for conducting risk assessments in the 2010

Sector Specific Plan for Energy. [12, p. 32] Originally, DHS intended for every sector to

use the same risk analysis tool in order to facilitate risk comparison across not only

Part III: Mission Areas

Figure 14-2: PSA Security Survey Example “Dashboard” Results

247

infrastructure assets, but also across infrastructure sectors. In the 2006 National

Infrastructure Protection Plan DHS announced it was sponsoring development of a

suite of tools based on the Risk Analysis and Management for Critical Asset Protection

(RAMCAP). [13, p. 36] RAMCAP was developed at the request of the White House by

the American Society of Mechanical Engineers (ASME). [14, p. xiii] The 2006 NIPP

deemed RAMCAP to satisfy the “baseline criteria for risk assessment”. This “baseline

criteria” assessed risk as a function of consequence, vulnerability, and threat,

expressed as R=f(C,V,T). [13, pp. 35-36] The 2013 NIPP affirmed this formulation as

part of Step 3 in the Risk Management Framework, [3, p. 17] but RAMCAP was no

longer the preferred method. It was not mentioned in either the 2009 or 2013

National Infrastructure Protection Plans. It did survive, however, as the American

Water Works Association (AWWA) J100-10 standard for Risk and Resilience

Management of Water and Wastewater Systems. [14]

RMF Step 4: Implement Risk Management Activities. As a result of risk analysis,

owners/operators are expected to take actions to increase resilience and reduce their

vulnerability to potential consequences. [3, p. 18] However, infrastructure owner/

operators are very sensitive to costs, in many instances regulated, and cannot afford to

take all measures on their own. Accordingly, DHS may lend assistance through the

FEMA Grants Program Directorate State and Local Grant Programs. Specific grant

programs include the State Homeland Security Formula-based Grants, the Urban Area

Security Initiative (UASI) Grants (both of which primarily support first responder needs,

but include certain infrastructure protection expenditures), Port Security Grants, Rail

and Transit Security Grants, Intercity Bus Security Grants, and Highway (Trucking)

Security Grants, and Buffer Zone Protection Plan. [1, pp. 27-28] Ostensibly, the results

from risk analysis are included in a Critical Infrastructure National Annual Report [3, p.

26] submitted each year with the DHS budget to the Executive Office of the President.

[15, p. 2]

RMF Step 5: Measure Effectiveness. The 1993 Government Performance and Results

Act, as amended, requires all Federal programs to develop “outcome measures” and

report them annually to Congress to guide and assess effective investment of taxpayer

funds. [16] The Risk Management Framework incorporates this principle in Step 5,

before starting all over again with Step 1 in an incremental, continuous improvement

process. [3, p. 20]

Chapter 14: Critical Infrastructure Protection

The Risk Management

Framework has proven

problematic at every

step. DHS has yet to

make the system work

as envisioned. Until

these problems are

solved, the nation’s

critical infrastructure

will remain vulnerable

to malicious attack.

248

Conclusion

While supporting aspects of the National Infrastructure Protection Plan including

Information Sharing and Analysis Centers (ISACs) and Sector Coordinating Councils

have increased awareness and security among participating infrastructure sectors, the

core of the plan, the Risk Management Framework, has yet to live up to expectations.

Various GAO reports detail fundamental problems with each step of the process

including 1) inability to adequately identify infrastructure assets (mobile assets, such as

aircraft, are not included in NCIPP criteria), 2) matching PSA Site Assistance Visits with

priority assets listed on NCIPP, 3) deploying a standard formulation to uniformly assess

risk across all infrastructure sectors, 4) applying risk results to determine Federal grant

priorities, and 5) providing an objective risk measure to guide and assess taxpayer

investments. While these problems remain, the nation will remain vulnerable to the

potential catastrophic effects inherent in critical infrastructure as demonstrated on

9/11.

Part III: Mission Areas

249

Chapter 14: Critical Infrastructure Protection

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. What is the scope and authority of a presidential executive order or directive?

2. What was the finding by the Commission on Critical Infrastructure Protection that prompted President Clinton to

issue PDD-63?

3. How did HSPD-7 issued by President Bush change the emphasis on critical infrastructure protection from PDD-63?

4. How did PPD-21 issued by President Obama again change the emphasis on critical infrastructure protection from

HSPD-7?

5. Why can’t owners/operators protect their own infrastructure?

6. What is the purpose of the Risk Management Framework?

7. How does it affect the RMF if you can’t correctly identify critical infrastructure?

8. How does it affect the RMF if you can’t assess risk uniformly across different infrastructures?

9. As a member of Congress, what would be your priority in allocating funding to protect critical infrastructure?

10. What do you suppose might be a moral hazard of funding infrastructure protection programs?

250

Part III: Mission Areas

251

Chapter 15: Counter WMD Strategy

Counter WMD

Strategy

Careful study of this chapter will help a student do the following:

 Describe the various prohibitions against WMD agents.

 Explain how the 1995 Tokyo subway attack changed the WMD threat.

 Explain the different roles of agencies in national counter WMD strategy.

Chapter 15

Learning Outcomes

252

“The potential proliferation of weapons of mass destruction, particularly nuclear

weapons, poses a grave risk. Even as we have decimated al-Qa’ida’s core leadership,

more diffuse networks of al-Qa’ida, ISIL, and affiliated groups threaten U.S. citizens,

interests, allies, and partners.”

– 2015 National Security Strategy

Introduction

The history of human warfare may be characterized as an escalating development of

tactics and weapons designed to kill more people more quickly. As the industrial

revolution accelerated the production and refinement of weapons on an

unprecedented scale, the Geneva Conventions were begun in 1864 to contain the

carnage and bound the limits of warfare [1]. Similar attempts were made with the

Hague Conventions to place limits on the types of weapons that could be employed.

As early as 1899, the Hague Conventions sought to outlaw the use of chemical

weapons by warring nations. [2] After Germany breached this agreement in 1915, the

British retaliated in kind, and every major belligerent was guilty of employing chemical

weapons by the end of World War I. [3] After the war, nations continued to maintain

and expand their stocks of chemical weapons as a deterrent to their future use. It

wasn’t until the Chemical Weapons Convention of 1997 that nations agreed to destroy

their stocks, but the task is only 85% complete as nations remain wary of relinquishing

their deterrent capability against the possibility of hidden caches. [4] The prohibition

against chemical weapons came after a similar agreement prohibiting the

development, production, and stockpiling of biological weapons in the 1975 Biological

Weapons Convention. [5] This was preceded by the 1968 Non-Proliferation Treaty in

which nations agreed to prevent the spread of nuclear weapons and weapons

technology. [6] The most difficult problem with all these treaties is enforcement.

Despite monitoring and surveillance provisions written into them, the ultimate

guarantor of compliance is the threat of retaliation by similar means. While this threat

may work on nations, it does not work as well on individuals. The 1995 Tokyo subway

attacks demonstrated the ability of non-state actors to employ weapons of mass

destruction. And while Title 18 U.S. Code Section 2332a makes it illegal to use,

threaten, attempt, or conspire to use a weapon of mass destruction in the United

States, arresting the perpetrator after the fact is too little too late. Thus the nation’s

security today relies on an unprecedented cooperation between military, intelligence,

and law enforcement agencies, between Federal, State, and Local governments to

combat weapons of mass destruction (CWMD).

Part III: Mission Areas

WMD agents are

prohibited under Title 18

USC, S2332a, and

international

conventions, including

the 1968 (nuclear) Non-

Proliferation Treaty,

1975 Biological

Weapons Convention,

and 1997 Chemical

Weapons Convention.

253

Combating WMD

The Department of Homeland Security is member of the Counterproliferation Program

Review Committee (CPRC) together with the Department of Defense (DoD),

Department of Energy (DoE), Department of State (DoS), Office of the Director of

National Intelligence (ODNI), and Office of the Chairman of the Joint Chiefs of Staff

(CJCS). Together, they represent the primary Federal agencies responsible for

safeguarding the U.S. from WMD attack. In 1994, Congress commissioned the CPRC to

report on their combined efforts to combat WMD and its means of delivery. [7, p. 1]

The missions and objectives of CPRC members are guided by the 2002 National

Strategy to Combat Weapons of Mass Destruction. The 2002 Strategy prescribes three

primary mission areas: 1) Nonproliferation (NP), 2) Counterproliferation (CP), and 3)

Consequence Management (CM). [7, p. 3] Nonproliferation seeks to dissuade or

impede both state and non-state actors from acquiring chemical, biological,

radiological, and nuclear (CBRN) weapons. Counterproliferation seeks to develop both

active and passive measures to deter and defend against the employment of CBRN

weapons. Consequence management seeks to develop measures to quickly respond

and recover against a domestic CBRN attack. [8, p. 2] This basic strategy is further

refined by supplemental guidance listed in Table 1. These assist departments and

agencies with developing goals and objectives, identifying capability requirements, and

ultimately providing material and nonmaterial solutions for combating weapons of

mass destruction. [9, p. 2]

Department of Defense

DoDD 2060.2 establishes policy, assigns responsibilities, and formalizes relationships

among DoD components to combat weapons of mass destruction. [9, p. 15] DODD

2060.2 refers to CWMD mission areas described in the 2006 National Military Strategy

to Combat WMD. [10, p. 2] This was replaced in 2014 by the Defense Strategy to

Chapter 15: Counter WMD Strategy

Table 15-1: CWMD Guidance Documents [9, p. 2]

2012 Sustaining U.S. Global Leadership: Priorities for 21
st
Century Defense

2012 National Strategy for Biosurveillance

2011 National Strategy for Counterterrorism

2010 Nuclear Posture Review

2009 National Strategy for Countering Biological Threats

2006 National Strategy for Strategic Interdiction

2002 National Strategy to Combat Weapons of Mass Destruction

The Department of

Defense, Department of

Energy, Department of

State, and Office of the

Director of National

Intelligence together

represent the primary

Federal agencies

responsible for

safeguarding the U.S

from WMD attack.

254

Combat WMD. According to the 2014 Defense Strategy, DoD works towards three

CWMD end states: 1) no new WMD possession (NP), 2) no WMD use (CP), and 3)

minimization of WMD effects (CM). The end states are pursued through three main

lines of effort: 1) Prevent Acquisition, 2) Contain and Reduce Threats, and 3) Respond

to Crises. According to this strategy, DoD will seek to dissuade those who do not

possess WMD from acquiring them by promoting transparency, security, and

disarmament; convincing aspirants that their activities will be detected, attributed, and

mitigated; taking action to delay, disrupt, or complicate WMD acquisition; and when

necessary, undertake direct actions to prevent WMD acquisition. DoD will contain and

reduce threats by supporting arms control initiatives; working with partners to guard

against accidental or unintentional WMD employment; maintaining an effective

defense and retaliatory deterrent; and when necessary, undertaking operations to

secure, exploit, and destroy WMD. DoD will also remain prepared to locate, disrupt,

disable neutralize, or destroy an adversary’s WMD assets before they can be used;

however, if employed, DoD is prepared to support civil authorities with CBRN response

capabilities to mitigate consequences. [11, pp. 9-12] DoD capabilities supporting

CWMD policy reside with DoD agencies, commands, and components. The Defense

Threat Reduction Agency (DTRA) leads the Department’s nonproliferation efforts by

implementing provisions of the Nunn-Lugar Global Cooperation Program and

promoting arms control. United States Strategic Command directs the nation’s air,

land, and sea based nuclear forces. [9, pp. 15-17] United States Northern Command

maintains defense of the nation’s air, land, sea, and space approaches. United States

Special Operations Command is prepared to undertake precise missions around the

Part III: Mission Areas

Figure 15-1: DoD Geographic Combatant Commands [12]

According to the 2014

Defense Strategy, DoD

works to 1) prevent

acquisition of WMD

(nonproliferation), 2)

contain and reduce the

threat of WMD

employment

(counterproliferation),

and 3) respond to crises

(consequence

management).

255

world. The remaining geographic combatant commands, Southern Command, Central

Command, European Command, Pacific Command, and Africa Command, maintain

stabilizing relations within their areas of responsibility, but are prepared to conduct

military operations with assigned Army, Navy, Marine, and Air Force units when

directed by the President. [12] In the event WMD is employed within the U.S., the

National Guard maintains 10 regional Homeland Response Forces (HRFs) that may be

tasked to a State governor to assist with CBRN mitigation. [13]

Department of Energy

DOE contributes to national CWMD efforts by ensuring energy security, producing and

maintaining the nation’s nuclear stockpile, promoting nuclear nonproliferation,

providing specialized nuclear and radiological emergency response, assisting nuclear

and radiological counterterrorism and counterproliferation efforts, and fostering

fundamental science, advanced computing, and technological innovation. [14, pp. III-

10] DOE supports CWMD missions through its nuclear proliferation prevention and

counter-terrorism activities as well as through access to the many sites engaged by its

scientific cadre. DOE plays a critical role, through its core nuclear work, in addressing

inspection and monitoring activities of arms control agreements and regimes;

protection of WMD and WMD-related materials and components; detection and

tracking of these materials and components; removal of materials from compliant

nation states; export control activities; and responding to nuclear and radiological

emergencies in the United States and abroad. DOE works closely with DoD, DHS, DOS,

and the Intelligence Community to detect, characterize, and defeat WMD and WMD-

related facilities. [7, p. 18] Within DOE, the National Nuclear Security Administration

(NNSA) is responsible for performing these missions. The NNSA works together with

the Group of Eight (G8) Global Partnership and the International Atomic Energy Agency

to perform its missions abroad. Within the NNSA, responsibility for countering nuclear

terrorism resides principally with the Office of Counterterrorism and

Counterproliferation, designated NA-80. NA-80’s purpose is to advance government’s

technical understanding of the terrorist nuclear threat and advocate for technically

informed policies across Federal agencies. [9, p. 18] The NNSA also maintains Nuclear

Emergency Response Teams (NERTs) capable of 1) searching for radiological devices, 2)

rendering them safe, and 3) mapping radiological contamination that might be spread.

[15]

Department of State

Central to DOS’s responsibility for diplomatic engagement on international security,

DOS aims to build international consensus on arms control and nonproliferation based

on common concern and shared responsibility. The Under Secretary for Arms Control

and International Security leads interagency policy development on nonproliferation

and manages global US security policy, principally in the areas of nonproliferation,

arms control, regional security and defense relations, and arms transfers and security

Chapter 15: Counter WMD Strategy

DOE contributes to

national CWMD efforts

by ensuring energy

security, producing and

maintaining the nation’s

nuclear stockpile,

promoting nuclear

nonproliferation,

providing specialized

nuclear and radiological

emergency response,

assisting nuclear and

radiological

counterterrorism and

counterproliferation

efforts, and fostering

fundamental science,

advanced computing,

and technological

innovation.

256

assistance. This entails overseeing the negotiation, implementation, and verification of

international agreements in arms control and international security. Other specific

responsibilities include directing and coordinating export control policies and policies

to prevent missile, nuclear, chemical, biological, and conventional weapons

proliferation. All of these contribute to the DOS’s strategic goal of countering threats

to the US and the international order. DOS CWMD responsibilities are primarily

planned and executed via: the Bureau of Arms Control, Verification, and Compliance

(AVC); the Bureau of International Security and Nonproliferation (ISN); and the Bureau

of Political-Military Affairs (PM); all of which report to the Under Secretary for Arms

Control and International Security. [14, pp. III-7]

Office of the Director of National Intelligence

ODNI directs the activities of the Intelligence Community to provide high-value

intelligence supporting U.S. policies and actions to discourage, prevent, rollback, deter,

and mitigate the consequences of WMD. ODNI leads the nation’s CWMD intelligence

efforts through various interagency groups and centers: [9, p. 20]

CBRN Counterterrorism Group (CCTG). ODNI manages the CCTG formed by the merger

of the Central Intelligence Agency’s (CIA’s) Counterterrorism Center and National

Counterterrorism Center’s CBRN analysis group. The CCTG pools analytical experts

from CIA, NCTC, the Defense Intelligence Agency (DIA), FBI, and other U.S. Government

organizations to support a wide range of intelligence activities focused on CWMD. [9,

p. 20]

National Counterproliferation Center (NCPC). The NCPC helps the U.S counter threats

caused by the development and spread of WMD. NCPC works with the Intelligence

Community to identify critical gaps in WMD knowledge resulting from shortfalls in

collection, analysis, or exploitation and then develop solutions to reduce or close these

gaps. The NCPC does this by analyzing, integrating, and disseminating comprehensive

all-source WMD proliferation intelligence; providing all-source intelligence support

needed for the execution of counterproliferation plans or activities; and performing

independent WMD proliferation analyses. It may also play a role in the nuclear

attribution process by fusing law enforcement and intelligence information with

nuclear forensics conclusions provided by national technical nuclear forensics center.

The NCPC also provides WMD briefs and analyses to the President, Congress, and the

appropriate Federal departments and agencies, as required. The majority of the NCPC

staff are detailees from the intelligence community, as well as DoD and the DOE

national laboratories. [14, pp. III-6 – III-7]

Part III: Mission Areas

ODNI directs the

activities of the

Intelligence

Community to

provide high-value

intelligence

supporting U.S.

policies and actions to

discourage, prevent,

rollback, deter, and

mitigate the

consequences of

WMD.

257

National Counterterrorism Center (NCTC). The NCTC is the primary organization in the

U.S. Government that integrates and analyzes intelligence pertaining to terrorism and

counterterrorism, including all intelligence related to terrorist use of WMD. The CT

community lead for identifying critical intelligence problems, key knowledge gaps, and

major resource constraints is the NCTC. The NCTC combines intelligence, military, law

enforcement, and homeland security networks to facilitate information sharing across

government departments and agencies. In addition to its information sharing role, the

NCTC provides a strategic-level operational planning function for CT activities and is

responsible for integrating all elements of national power toward successful

implementation of the national CT strategy. [14, pp. III-6]

Department of Homeland Security

The 2010 Quadrennial Homeland Security Review identified three CWMD-related

mission areas: 1) Preventing Terrorism and Enhancing Security; 2) Securing and

Managing Borders; and 3) Ensuring Resilience to Disasters. [9, pp. 18-19] DHS also

maintains the National Response Framework (NRF) for guiding how U.S. Government

departments and agencies should work together to prepare for and respond to WMD

events. DHS agencies, along with the Federal Bureau of Investigation (FBI), DOE, the

Department of the Treasury (TREAS), the Department of Commerce (DOC), and the

intelligence community, play a vital role in supporting national CWMD efforts. Agencies

within the DHS that contribute to the CWMD mission include: [14, pp. III-8]

United States Coast Guard (USCG). The USCG may play an integral role in WMD

interdiction operations by protecting US economic and security interests in maritime

regions, including international waters, U.S. coastal regions, ports, and waterways.

USCG personnel can be used to enforce U.S. laws anywhere in the world, with certain

restrictions, and can participate in regular DoD-led interdiction operations under their

Title 14, USC authorities, even if assigned DoD forces. [14, pp. III-8]

Customs and Border Protection (CBP). To prevent WMD smuggling, the CBP works

through existing partnerships with customs and law enforcement agencies in partner

nations to protect U.S. borders, ports of entry, and screen admissibility of persons,

cargo, and vessels arriving into U.S. ports. CBP also supports a National Targeting

Center and operates the Container Security Initiative with the DOE. [14, pp. III-8]

Federal Emergency Management Agency. The Federal Emergency Management Agency

provides support to our nation’s critical infrastructure in response to CBRN hazards

through comprehensive emergency management programs including risk reduction,

preparedness, response, and recovery. [14, pp. III-8]

Chapter 15: Counter WMD Strategy

The Department of

Homeland Security also

plays a role in national

CWMD strategy by: 1)

Preventing Terrorism

and Enhancing Security;

2) Securing and

Managing Borders; and

3) Ensuring Resilience to

Disasters.

258

Domestic Nuclear Detection Office (DNDO). DNDO improves the Nation’s ability to

detect and report transportation of nuclear or radiological material. Additionally,

DNDO operates the National Technical Nuclear Forensics Center, which has two

primary missions. The first provides centralized planning, integration, assessment, and

stewardship of the nation’s nuclear forensics capabilities to ensure a ready, robust, and

enduring capability in coordination with other U.S. Government departments and

agencies who have assigned responsibilities for national technical nuclear forensics.

These include the Department of Justice and FBI, who is the lead federal agency

responsible for the criminal investigation of terrorist events and the nuclear forensic

investigation of planned or actual attack; DoD, DOE, DOS, ODNI, and DHS. The second

mission is to advance the capability to perform nuclear forensics on nuclear and

radiological materials in a pre-detonation (intact) state. [14, pp. III-8]

Immigration and Customs Enforcement (ICE). ICE enforces US immigration and customs

regulations. One of its highest priorities is to prevent illicit procurement networks,

terrorist groups, and hostile nations from illegally obtaining U.S. military products,

sensitive dual-use technology, WMD, or CBRN materials. The ICE homeland security

investigation’s counterproliferation investigations program oversees a broad range of

investigative activities related to such violations. The counterproliferation

investigations program enforces US laws involving the export of military items,

controlled dual-use goods, firearms, and ammunition, as well as exports to sanctioned

or embargoed countries. [14, pp. III-9]

Conclusion

The effects of U.S. CWMD policy range from the mundane to the profound. Patients of

nuclear medicine are routinely pulled aside after tripping Radiation Portal Monitors

installed in airports and other major U.S. ports of entry. [16] Citing the need to disarm

Iraq of suspected caches of WMD, President Bush in March 2003 launched the U.S.-led

invasion of Iraq. The invasion and subsequent eight-year occupation cost the nation

$1.7 trillion, 4,488 U.S. casualties, and 32,223 U.S. wounded. Iraq itself suffered an

estimated 189,000 casualties and counting as it continues to struggle with internal

strife. [17] No definitive caches of WMD were found.

Part III: Mission Areas

259 Chapter 15: Counter WMD Strategy

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. Which WMD agent was first used in warfare?

2. Which WMD agent emerged during World War One?

3. Which WMD agent emerged during World War Two?

4. How did the 1995 Tokyo subway attacks change the WMD threat?

5. What is DoD’s role in national counter WMD strategy?

6. What is DOS’s role in national counter WMD strategy?

7. What s DOE’s role in national counter WMD strategy?

8. What is ODNI’s role in national counter WMD strategy?

9. What is DHS’s role in national counter WMD strategy?

10. Which WMD agent do you think is easiest to obtain? Explain your answer.

260

Part III: Mission Areas

261

Chapter 16: Cybersecurity

Cybersecurity

Careful study of this chapter will help a student do the following:

 Explain the relationship between cybersecurity and critical infrastructure protections.

 Explain why cyber attack holds so much destructive potential.

 Describe Internet ownership and management relationships.

 Identify key components of the Internet.

 Discuss potential Internet vulnerabilities.

 Evaluate computer crime.

 Describe DHS’s cybersecurity roles and responsibilities.

Chapter 16

Learning Outcomes

262

“Because our economy is increasingly reliant upon interdependent cyber-supported

infrastructures, non-traditional attacks on our infrastructure and information systems

may be capable of significantly harming both our military power and our economy.”

– 1998 Presidential Decision Directive No. 63

Introduction

Cybersecurity goes hand-in-hand with critical infrastructure protection, because 1)

cyberspace provides an avenue for attacking critical infrastructure from anywhere

around the world; 2) cyber components make critical infrastructure susceptible to

subversion, disruption, or destruction; and 3) cyberspace itself is a critical

infrastructure on which many other critical infrastructures depend. What keeps the

experts awake at night is the knowledge that the potential consequences of a

coordinated cyber attack could dwarf any previous disaster in U.S. history, either

natural or manmade. This chapter will take a look at some of those nightmare

scenarios and examine what the Department of Homeland Security is doing to keep

them from becoming reality.

Worst Case Scenarios

The worst disaster in U.S. history was the 1900 hurricane that hit Galveston Texas; as

many as 12,000 people are thought to have perished in that disaster. The worst

manmade disaster in U.S. history was 9/11 in which 3,000 people lost their lives. [1]

Yet the death and damages resulting from these disasters might pale in comparison to

the destruction that could conceivably be wrought by a coordinated cyber attack on

selected infrastructure. We present just three plausible scenarios that have been

considered, at one time or another, at the highest levels of U.S. leadership.

Shutdown the North American Electric Grid.

In August 2003, an electricity blackout affected 50 million people in the northeastern

United States and Canada, causing an estimated $4-$10 billion in economic losses.

Though it lasted only a week, the outage resulted in a 0.7% drop in Canada’s gross

domestic product. [2, p. 2] A John Hopkins study determined that New York City

experienced a 122% increase in accidental deaths and 25% increase in disease-related

deaths, and that ninety people died as a direct result of the power outage. [3] Though

the 2003 outage was an accident, it raised concerns whether an even wider outage

could be induced deliberately. In 2006, DHS and the Department of Energy conducted

a joint experiment named Project Aurora. In this experiment, researchers proved that

a generator could be remotely commanded over the Internet to physically self-

destruct. [4, p. 21] The implications were shocking because the time necessary to

replace a generator can range from months to years. [5, p. 12] Of course the North

American electric grid is designed and monitored to sustain service in the event a given

component fails. It is not designed, however, to sustain large-scale damages that

Part III: Mission Areas

Cybersecurity Concerns:

1) cyberspace provides

an avenue for attacking

critical infrastructure

from anywhere around

the world; 2) cyber

components make

critical infrastructure

susceptible to

subversion, disruption,

or destruction; and 3)

cyberspace itself is a

critical infrastructure on

which many other

critical infrastructures

depend.

263

might result from a coordinated attack. If such an attack was successful, a significant

portion of the United States could lose power for periods lasting months, not weeks.

Unlike the aftermath of Hurricane Katrina, there would be no “islands of power” from

which to stage recovery or seek refuge. The affected regions would go dark, and their

supporting infrastructure would collapse. The cascading effects would be disastrous.

No doubt the nation would survive, but it would be deeply wounded as no other

experience since the Civil War.

Multiple Simultaneous Meltdowns.

In March 1979, a series of incidents almost resulted in a meltdown of reactor number

two at the Three Mile Island nuclear power plant in Dauphin County Pennsylvania.

Though a meltdown was averted, and only a slight amount of radiation released,

140,000 people were evacuated from a 20-mile radius before the situation was

contained. [6] By comparison, the residents of Pripyat in the Ukraine were not so lucky

when in April 1986, reactor number four at the Chernobyl Nuclear Power Plant

exploded. Though a different design than the plant at Three Mile Island, the Chernobyl

nuclear accident amply demonstrates the dangers of a nuclear meltdown: 350,400

people were permanently evacuated from a radius extending 19-miles in all directions

from the plant. Radiation from the fallout is so intense inside the “zone of alienation”

that it will remain unsafe for human habitation for another 20,000 years (though a

stalwart contingent of 300 residents refuse to leave and remain in the area). [7] Again,

these were accidents, but as the Stuxnet attack in 2010 proved, they could conceivably

become deliberate. In 2010, the Iranian nuclear program was set back due to

production losses at the Natanz uranium enrichment facility. The problem was

eventually traced to a piece of malware inserted in Siemens equipment controlling the

separation centrifuges. Later called Stuxnet, the malware was extraordinary not only

for the damage it caused, but also for how it was implanted. The equipment was not

connected to the Internet. The malware had been introduced in the supply chain,

somewhere between manufacture and delivery. [8] Stuxnet demonstrates how a

similar virus could be concealed inside critical components and timed to initiate a

simultaneous meltdown at multiple nuclear power plants. It certainly wouldn’t be

easy, but it’s certainly not improbable.

Shutting Down the Federal Reserve.

The Federal Reserve is the central banking system of the United States. The system is

comprised of a Board of Governors, a Federal Open Market Committee, and twelve

regional Federal Reserve Banks located in major cities throughout the nation. The

Federal Reserve was established in 1913 in response to the financial crisis of 1907 in

which payments were disrupted across the country because many banks refused to

clear checks drawn on other banks, eventually leading to their failure. To preclude

similar panics, the Federal Reserve was formed as a “banker’s bank” to facilitate

transactions between commercial institutions. Through its actions, the Federal

Chapter 16: Cybersecurity

The death and damages

resulting from past

national disasters might

pale in comparison to

the destruction that

could conceivably be

wrought by a

coordinated cyber

attack on selected

infrastructure.

264

Reserve influences the availability of money and credit, transacting trillions of dollars

underpinning the U.S. economy. [9] The vast majority of these transactions are

conducted electronically, between the Reserve Banks and their corporate clients. The

system is mostly closed and very well protected, but no defense is invulnerable.

Conceivably it could be compromised through a Stuxnet-like attack or by an “insider”

attack. An “insider” attack is perpetrated by someone with legitimate access

conducting unauthorized actions. Alternatively, a “phishing” attack might trick an

authorized user into divulging their access codes to a criminal agent. This last

approach is particularly disconcerting because it means system security is only as

strong as the weakest person in the chain (of course the computer system has internal

as well as external access controls, but accomplished hackers will use their initial

access to gain higher authorizations). The potential consequences of a hostile agent

shutting down the Federal Reserve are too broad to contemplate. Like electricity,

monetary transactions pervade every aspect of society, from ordering a latte to paying

the mortgage. What would happen if all forms of electronic payment halted? While

you might not be evicted for missing a mortgage payment, you also could not buy that

latte, or more importantly, buy gas for your car or groceries for your family. How long

would the Federal Reserve have to be down before panic ensued? Not long at all.

Again, it’s not easy, but it’s not impossible.

Cyberspace

As explained in the introduction, cyberspace serves as both an avenue of attack and a

means of support for other critical infrastructure. Understanding what it is, therefore,

is an important precondition to protecting it. According to the DHS Glossary of

Common Cybersecurity Terminology, cyberspace is “the interdependent network of

information technology infrastructures, that includes the Internet, telecommunications

networks, computer systems, and embedded processors and controllers.” [10]

Essentially “cyberspace” is a broad term encompassing the Internet and everything

connected to it. So what is the Internet? By definition the Internet is a “network of

networks”. The key enabling technologies are links, standards, protocols, and routers.

A link is a physical communications path between two points. A link may be wired

(copper or fiber) or wireless (light or radio), depending on required cost, distance, and

bandwidth. A link serves to transmit electronic data packets conforming to the Open

System Interconnection (OSI) standard. The source and destination of each data

packet are internally encoded in a globally unique Internet Protocol (IP) address. A link

may terminate at a router, which, in turn, may be connected to two or more links. A

router examines the destination address of each arriving packet and forwards it on to

another link to convey it closer or quicker to its final destination. It may require many

packets to transmit a single text, graphic, sound, or video object. The Transmission

Control Protocol (TCP) ensures that all packets are properly re-assembled into the

Part III: Mission Areas

The Internet is a

connected graph of links

and routers. What is

fundamentally

important to the

Internet is that each

component is

independently owned

and operated by

different public and

private agencies: the

Internet does not belong

to any single entity.

265

original object at their intended destination1. While greatly simplified and highly

abstract, the preceding description provides a physical conception of the Internet,

which may be schematically represented as shown in Figure 1.

As shown in Figure 1, the Internet is a connected graph of links and routers. What is

not shown, and what is fundamentally important to the Internet, is that each

component is independently owned and operated by different public and private

agencies: the Internet does not belong to any single entity. It is a collection of diverse

Chapter 16: Cybersecurity

1A “message” may be digitized text, graphics, sound, or video. Sound and video packets may be

transmitted using the User Datagram Protocol (UDP) which trades speed for reliability compared to TCP. A

few lost sound or video packets will not be discernable to the human ear or eye.

Figure 16-1: Schematic Representation of a Portion of the Internet

266

components conforming to an agreed set of engineering standards. The individual

owners are collectively called Internet Service Providers (ISPs). The Internet is built and

grows as ISPs join their networks with those of other ISPs.

ISPs are unofficially classified into “Tiers” based on the size of their networks and how

they connect with other ISPs. ISPs connect to each other through either a “peering” or

“transit” agreement. Peering is when a pair of ISPs establish a reciprocal agreement to

connect with each other and exchange traffic without charge. On the other hand, a

transit relationship requires some form of fee based on the amount of traffic shared

between the ISPs. [11] Accordingly, ISPs are classified as Tier 1, Tier 2, or Tier 3. Tier 1

ISPs are the largest, and peer with other Tier 1 ISPs to reach every other ISP on the

Internet without purchasing transit. Table 1 lists the seven U.S. Tier 1 ISPs. Tier 2 ISPs

peer with some ISPs, but purchase transit to reach at least some portion of the

Internet. Examples of Tier 2 ISPs are major cable, Digital Service Link (DSL), and mobile

providers. Tier 3 ISPs must purchase transit from other ISPs to access the Internet.

Examples of Tier 3 ISPs are small regional providers, small mobile providers, and

university networks. [12]

Part III: Mission Areas

Table 16-1: U.S. Tier 1 ISPs [13]

1. AT&T 5. Level 3

2. Verizon 6. NTT/Verio

3. Spring 7. Cogent

4. Century Link

Figure 16-2: Internet ISP Tiers

The individual owners

are collectively called

Internet Service

Providers (ISPs). The

Internet is built and

grows as ISPs join their

networks with those of

other ISPs.

267

Transiting and peering between ISPs is facilitated by Internet Exchange Points (IXPs).

The primary role of an IXP is to keep local traffic local and reduce the costs associated

with traffic exchange between Internet providers. IXPs are a vital part of the Internet.

Without them, the Internet would not function efficiently because the different

networks that make up the Internet would need to directly interconnect with every

other network in order to be able to exchange traffic with each other. [15]

The compelling benefits of IXPs spurred their rapid global growth. As of 2012, there

were 350 IXPs operational worldwide. The US has about 86 IXPs strategically located

across the country. Other countries with more than 10 IXPs are: Australia (11), Brazil

(19), France (15), Germany (14), Japan (16), Russia (14), Sweden (12), and United

Kingdom (12). [15]

As mentioned previously, the Internet is not owned by any single entity, however, it

does rely on central services to ensure unique Internet Protocol addresses for each

component connected to it. IP addresses are controlled by the Internet Corporation

for Assigned Names and Numbers (ICANN). ICANN is a global non-profit agency

operating out of Los Angeles California. IP addresses come in two forms: 1) human-

readable, i.e., “alias”, and 2) machine-readable, i.e., “numeric”. While the human-

readable address is easier for people to remember (e.g., facebook.com, Google.com,

Amazon.com), the machine-readable address is the form required by routers (e.g.,

173.252.120.6, 74.125.70.102, 72.21.215.232). Accordingly, the Internet relies on

Chapter 16: Cybersecurity

Figure 16-3: IXP Role in Today’s Internet [16]

Internet Exchange

Points (IXPs) are a vital

part of the Internet.

Without them, the

Internet would not

function efficiently

because the different

networks that make up

the Internet would need

to directly interconnect

with every other

network in order to be

able to exchange traffic

with each other.

268

Domain Name Services (DNS) to translate one form of IP address into another and help

route traffic along the Internet. DNS is maintained by a department of ICANN called

the Internet Assigned Numbers Authority (IANA). IANA operates and maintains DNS

services provided by hundreds of computers known as root servers located in many

countries in every region of the world. Root servers contain the IP addresses of all the

Top-Level Domain (TLD) registry name servers; e.g., “.com” and “.de”. Root servers

“translate” aliases into numbers. They perform a critical if somewhat “back-office”

role in ensuring the continuity and therefore reliability of the Internet. [17]

Cyber Attack

The 1984 Counterfeit Access Device and Computer Fraud & Abuse Act (18 USC S1030)

prohibits unauthorized access to computers used by the Federal government, banks,

and otherwise used for interstate or international commerce. Due to the inter-state

nature of the Internet, the law is interpreted to mean most all computers including cell

phones. A 1986 amendment further criminalized the distribution of malicious code,

trafficking in passwords, and denial of service attacks. [18] According to the U.S.

National Research Council, a cyber attack is any “deliberate action to alter, disrupt,

deceive, degrade, or destroy computer systems or networks or the information and /or

programs resident in or transiting these systems or networks.” [19, p. 9] There are

many different ways to mount a cyber attack as illustrated in Figure 4. According to a

2014 report by the Center for Strategic and International Studies, the two most

common attack methods are social engineering and vulnerability exploitation.

According to the Center, social engineering is where an attacker tricks a user into

granting access, and vulnerability exploitation is where an attacker takes advantage of

a programming or implementation failure to gain access. [20, p. 10] According to the

report, cybercrime is a growth industry because the returns are great and the risks are

low. The Center estimates that the annual cost to the global economy is more than

$400 billion, yet most cybercrime goes unreported, and few cybercriminals are caught

or even identified. [20, p. 2&4]

Cyber Security

The DHS Glossary of Common Cybersecurity Terminology defines cybersecurity as “the

activity or process, ability or capability, or state whereby information and

communications systems and the information contained therein are protected from

and/or defended against damage, unauthorized use or modification, or exploitation.

[10] Cybersecurity is also a growth industry. According to the Center for Strategic and

International Studies, the global market for cybersecurity products and services is $58

billion and growing annually. [20, p. 17] In concept, cybersecurity is very simple. All you

have to do is ensure the confidentiality, integrity, and availability of the computer

system and its data. Confidentiality ensures the system and data are not accessed by

an unauthorized agent. Integrity ensures that the system and data are not corrupted

by an unauthorized agent. Availability ensures that the system and data are always

Part III: Mission Areas

The 1984 Counterfeit

Access Device and

Computer Fraud &

Abuse Act (18 USC

S1030) prohibits

unauthorized access to

computers used by the

Federal government,

banks, and otherwise

used for interstate or

international commerce.

Due to the inter-state

nature of the Internet,

the law is interpreted to

mean most all

computers including cell

phones.

269

accessible when needed. [21, pp. 1-2] These seemingly simple goals, however, are

very difficult to attain because computers are inherently stupid and fragile. Computers

are stupid, because unlike humans, computers are incapable of making value

judgments regarding their actions and will perform as directed regardless of outcome,

even if the consequences are catastrophic. Computers are also fragile; a single wrong

character can disrupt millions of lines of code, compared to buildings which do not

collapse because one brick fails. Finding such flaws is impossible. Even a small 100-

line program with some nested paths and a single loop executing less than twenty

times may contain 100 trillion paths. Assuming each path could be evaluated in a

millisecond (one-thousandth of a second), testing would take 3170 years. [22] The

cumulative effect makes computers inherently vulnerable to diversion from their

intended purpose, either through oversight or tampering.

Chapter 16: Cybersecurity

Figure 16-4: AVOIDIT Cyber Attack Taxonomy [23]

270

Protecting Cyberspace

Section 103 of the Homeland Security Act made the Department of Homeland Security

responsible for cybersecurity at the same time it made it responsible for critical

infrastructure protection. [24] As an infrastructure, the Internet underpins the

functioning of most other infrastructures, making it essential to the economy and

security of the United States. [25, p. 1] Although the Internet is comprised of billions of

components globally, it depends on only a thousand to maintain proper functioning,

offering a relatively small set of lucrative targets capable of incapacitating the Internet.

These include the Internet Exchange Points and DNS Root Servers. Any number of

attacks could possibly be launched and some have already been attempted against

these high-value assets. In October 2002, a Distributed Denial of Service (DDoS) attack

succeeded in affecting 9 of 13 root servers, and at least two root servers “suffered

badly” from another attack in February 2007. [26] Because IXPs are designed to

manage large traffic loads, a specific type of DDoS attack called a Cross-Plane Session

Termination (CXPST) attack employing about 250,000 “bots” would be needed. It is

surmised that a well targeted and well timed attack could take down significant parts

of the Internet. [16, p. 48]

As an infrastructure, the Internet is included in the DHS National Infrastructure

Protection Plan (NIPP). The DHS National Cyber Security Division (NCSD) under the

Office of Cybersecurity and Communications (CS&C) is the Sector Specific Agency (SSA)

for the Information Technology (IT) Sector. DHS has no regulatory authority over the IT

sector. NCSD, therefore, works in voluntary cooperation with private partners in the

Sector Coordinating Council (SCC), including some Tier 1 Internet Service Providers

listed in Table 1. As part of the NIPP, DHS supports an IT Information Sharing and

Analysis Center (IT-ISAC) to promote the exchange of threat and security information

among SCC partners. Private organizations may also report cyber incidents to the DHS

National Incident Coordinating Center (NICC). In 2010, NCSD worked with sector

partners to produce the IT Sector Specific Plan (IT-SSP). The 2010 IT-SSP reported the

results of a 2008-2009 IT Sector Baseline Risk Assessment (ITSRA), noting concerns

about DNS root services. [27] ITSRA appears to be a one-off study, conducted as the

NIPP Risk Management Framework (RMF) was still gaining traction. In May 2013, DHS

noted the use of an NCSD-developed Cyber Assessment Risk Management Approach

(CARMA) for conducting risk assessment of cyber assets in conjunction with the NIPP

Risk Management Framework. [28]

The basic problem of the Internet is that it is a victim of its own success. Originally

designed as a research tool for a trusted community of researchers, the Internet has

expanded well beyond its original design specifications and must today operate in an

environment that cannot be trusted.

Part III: Mission Areas

Although the Internet is

comprised of billions of

components globally, it

depends on only a

thousand to maintain

proper functioning,

offering a relatively

small set of lucrative

targets capable of

incapacitating the

Internet. These include

the Internet Exchange

Points and DNS Root

Servers.

271

Protecting Infrastructure from Cyberspace

Many critical infrastructures including electricity transmission systems, gas pipelines,

and water distribution systems rely on Industrial Control Systems (ICSs) to monitor and

control physical objects and devices, such as switches and valves that are often located

in remote locations. Industrial Control Systems include Supervisory Control and Data

Acquisition (SCADA) systems, Distributed Control Systems (DCSs), Programmable Logic

Controllers (PLCs), and General-Purpose Controllers (GPCs). Most ICSs began as

proprietary, stand-alone systems that were separated from the rest of the world and

isolated from most external sources. Today, widely available software applications,

Internet-enabled devices and other nonproprietary information technology offerings

have been integrated into most ICSs. This connectivity has delivered many benefits,

but it also has increased the vulnerability of these systems to malicious attacks,

equipment failures, and other threats. ICS disruptions or failure can result in death or

injury, property damage, and loss of critical services. [29]

In 2004, the Department of Homeland Security’s National Cybersecurity Division

established the Control Systems Security Program (CSSP), which was chartered to work

with control systems security stakeholders through awareness and outreach programs

that encourage and support coordinated control systems security enhancement

efforts. In 2009, the CSSP established the Industrial Control System Joint Working

Group (ICSJWG) as a coordination body to facilitate the collaboration of control system

stakeholders and to encourage the design, development and deployment of enhanced

security for control systems. In 2011, the ICSJWG released a Cross-Sector Roadmap for

Cybersecurity. [29]

Industrial Control Systems present a particularly worrisome problem as a coordinated

attack might result in some form of worst case scenario examined at the beginning of

this chapter. Accordingly, in 2010 DHS released a National Cyber Incident Response

Plan (NCIRP) describing how it would prepare for, respond to, and begin to coordinate

recovery from a significant cyber incident. A significant cyber incident is classified as a

Level 2, “substantial” incident on the National Cyber Risk Alert Level (NCRAL) shown in

Table 2. Threat levels are monitored at the DHS National Cybersecurity and

Communications Integration Center (NCCIC), a 24-hour operations center ready to

coordinate a national cyber incident response. Among its assets, the NCCIC has access

to both the US-CERT and ICS-CERT. [30]

Chapter 16: Cybersecurity

Industrial Control

Systems present a

particularly worrisome

problem as a

coordinated attack

might result in some

form of worst case

scenario. Accordingly,

in 2010 DHS released a

National Cyber Incident

Response Plan (NCIRP)

describing how it would

prepare for, respond to,

and begin to coordinate

recovery from a

significant cyber

incident.

272

U.S. Computer Emergency Readiness Team (US-CERT). US-CERT is a partnership

between DHS and the public and private sectors. US-CERT is charged with providing

response support and defense against cyber attacks for the Federal Civil Executive

Branch (.gov) and information sharing and collaboration among State, Local, Tribal and

Territorial governments, industry, and international partners. US-CERT interacts with

Federal agencies, industry, the research community, State, Local, Tribal and Territorial

governments, and other entities to disseminate reasoned and actionable cybersecurity

information to the public. US-CERT also provides a way for citizens, businesses, and

other institutions to communicate and coordinate directly with the U.S. Government

about cybersecurity. [30, pp. N-2]

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). ICS-CERT

provides focused operational capabilities for defending control system environments

against emerging cyber threats. ICS-CERT provides efficient coordination of control

systems-related security incidents and information sharing with Federal, State, Local,

Tribal and Territorial agencies and organizations; the Intelligence Community (IC);

private sector constituents, including vendors, owners, and operators; and

international and private sector CERTs. ICS-CERT leads this effort by responding to and

analyzing control systems-related incidents, conducting vulnerability and malware

analysis, providing onsite support for forensic investigations, and providing situational

awareness in the form of actionable intelligence and reports. [30, pp. N-2]

Part III: Mission Areas

Table 16-2: DHS National Cyber Risk Alert Levels

Level Label Risk Response

1 Severe Highly disruptive levels of
consequences are occurring or
imminent

Response functions are overwhelmed, and top-level
national executive authorities and engagements are
essential. Exercise of mutual aid agreements and
Federal/non-Federal assistance is essential

2 Substantial Observed or imminent degradation
of critical functions with moderate to
significant level of consequences,
possibly coupled with indicators of
higher levels of consequences
impending

Surged posture becomes indefinitely necessary, rather
than only temporarily. The DHS Secretary is engaged,
and appropriate designation of authorities and
activation of Federal capabilities such as the Cyber
Unified Command Group take place. Other similar
non-Federal incident response mechanisms are
engaged

3 Elevated Early indications of, or the potential
for but no indicators of, moderate to
severe levels of consequences

Upward shift in precautionary measures occurs.
Responding entities are capable of managing
incidents/events within the parameters of normal, or
slight enhanced, operational posture

4 Guarded Baseline of risk acceptance Baseline operations, regular information sharing,
exercise of processes and procedures, reporting, and
mitigation strategy continue without undue disruption or
resource allocation

273

The DHS NCCIC primarily serves as a warning and alerting system. While the US-CERT

and ICS-CERT may provide analysis and recommendations, DHS does not have

deployable cyber units that will show up onsite and fix your cyber problems. The

closest such capability is being built by the Department of Defense (DoD) as part of

their National Cyber Mission Force (CMF) promulgated under the DoD’s Cyber

Strategy. The DoD Cyber Strategy has three missions: 1) defend DoD networks,

systems, and information; 2) defend the U.S. homeland and U.S. national interests

against cyber attacks of significant consequence; and 3) provide cyber support to

military operational and contingency plans. Towards this end, DoD will develop 68

Cyber Protection Teams (CPTs) to perform the first mission; 13 National Mission Teams

(NMTs) for the second mission; 27 Combat Mission Teams (CMTs) for the third mission;

and 25 National Support Teams (NSTs) to assist them all. [31]

The 13 National Mission Teams comprising the National Mission Force (NMF) will be

supported by 8 NSTs (also called Direct Support Teams), and will be designed to defend

the nation against strategic cyber attacks on U.S. interests. Reportedly, the NMTs will

employ counter-cyber force to stop cyber attacks and malicious cyber activity of

significant consequences against the nation. [32, p. 9]

While details remain sketchy, it appears the NMTs will only be employed in the case of

foreign cyber attack. Attribution is a thorny problem when it comes to cyber attack. As

was already mentioned, few cyber criminals are identified let alone caught. The

implication is that NMTs will have very limited domestic utility, and there will be no

cyber cavalry coming to the rescue in the event of a significant domestic cyber attack.

Ultimately, infrastructure owners/operators must rely on their own devices to protect

their assets.

Protecting Cyber Assets

In February 2013, President Obama signed EO 13636, Improving Critical Infrastructure

Cybersecurity, assigning the National Institute of Standards and Technology (NIST)

responsibility for developing a Cybersecurity Framework. The framework was to form

the basis for a Voluntary Critical Infrastructure Cybersecurity Program that would

encourage critical infrastructure owners and operators to improve the security of their

information networks. NIST released Version 1.0 of the Framework February 12, 2014.

[33, p. 13]

Chapter 16: Cybersecurity

The DHS National

Cybersecurity and

Communications

Integration Center

(NCCIC) primarily serves

as a warning and

alerting system. While

the US-CERT and ICS-

CERT may provide

analysis and

recommendations, DHS

does not have

deployable cyber units

that will show up onsite

and fix your cyber

problems.

274

EO 13636 also required those agencies with regulatory authority over certain critical

infrastructure owner and operators to evaluate whether “the agency has clear

authority to establish requirements… to sufficiently address current and project cyber

risks to critical infrastructure.” Although DHS has no regulatory authority over Internet

Service Providers, as the Sector Specific Agency DHS recommended voluntary

application of cybersecurity measures for the Information Technology sector. [34]

The NIST Cybersecurity Framework is a risk-based approach to managing cybersecurity

risk, and is composed of three parts: the Framework Core, the Framework

Implementation Tiers, and the Framework Profiles. Each Framework component

reinforces the connection between business drivers and cybersecurity activities. [35]

The Framework Core is a set of cybersecurity activities, desired outcomes, and

applicable references that are common across critical infrastructure sectors. The Core

presents industry standards, guidelines, and practices in a manner that allows for

communication of cybersecurity activities and outcomes across the organization from

the executive level to the implementation/operations level. The Framework Core

consists of five concurrent and continuous Functions—Identify, Protect, Detect,

Respond, Recover. When considered together, these Functions provide a high-level,

strategic view of the lifecycle of an organization’s management of cybersecurity risk.

The Framework Core then identifies underlying key Categories and Subcategories for

each Function, and matches them with example Informative References such as

existing standards, guidelines, and practices for each Subcategory. [35]

Framework Implementation Tiers (“Tiers”) provide context on how an organization

views cybersecurity risk and the processes in place to manage that risk. Tiers describe

the degree to which an organization’s cybersecurity risk management practices exhibit

the characteristics defined in the Framework (e.g., risk and threat aware, repeatable,

and adaptive). The Tiers characterize an organization’s practices over a range, from

Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal,

reactive responses to approaches that are agile and risk-informed. During the Tier

selection process, an organization should consider its current risk management

practices, threat environment, legal and regulatory requirements, business/mission

objectives, and organizational constraints. [35]

Part III: Mission Areas

In February 2013,

President Obama signed

EO 13636 directing the

National Institute of

Standards and

Technology (NIST) to

develop a Cybersecurity

Framework. A year

later, NIST released v1.0

of a framework that was

to form the basis of a

Voluntary Cybersecurity

Program encouraging

critical infrastructure

owners and operators to

improve the security of

their information

networks.

275

A Framework Profile (“Profile”) represents the outcomes based on business needs that

an organization has selected from the Framework Categories and Subcategories. The

Profile can be characterized as the alignment of standards, guidelines, and practices to

the Framework Core in a particular implementation scenario. Profiles can be used to

identify opportunities for improving cybersecurity posture by comparing a “Current”

Profile (the “as is” state) with a “Target” Profile (the “to be” state). To develop a

Profile, an organization can review all of the Categories and Subcategories and, based

on business drivers and a risk assessment, determine which are most important; they

can add Categories and Subcategories as needed to address the organization’s risks.

The Current Profile can then be used to support prioritization and measurement of

progress toward the Target Profile, while factoring in other business needs including

cost-effectiveness and innovation. Profiles can be used to conduct self-assessments

and communicate within an organization or between organizations. [35]

While the NIST Cybersecurity Framework doesn’t explain how, it is assumed that an

asset’s profile can be mapped to a tier level. Presumably the higher the tier level, the

more secure the asset. But this is all about risk management, so there are no

guarantees.

Conclusion

Cybersecurity as a mission of homeland security has come full circle. Recognizing that

the growing use of the Internet portended a potential avenue of attack, the 1997

Report of the President’s Commission on Critical Infrastructure can be considered the

beginning of homeland security. PDD-63 laid the foundation for the critical

infrastructure protection mission. Whereas PDD-63 was focused on cyber threats to

infrastructure, HSPD-7 understandably gave priority to physical threats after the

example of 9/11. In response to the growing frequency and ferocity of cyber attacks

on the nation, PPD-21 restored the primacy of cybersecurity to homeland security.

Cybersecurity and critical infrastructure protection are inseparable. Aware of the

potential worst case scenarios, today we remain an ever vigilant nation against cyber

attack.

Chapter 16: Cybersecurity

276

Part III: Mission Areas

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. How is cybersecurity related to critical infrastructure protection?

2. Why does cyber attack hold so much destructive potential?

3. Of the possible worst case scenarios, which do you think would be most devastating? Explain.

4. Of the possible worst case scenarios, which do you think would be most long lasting? Explain.

5. Who owns the Internet?

6. Who manages the Internet?

7. According to the 1984 Counterfeit Access Device and Computer Fraud & Abuse Act, which of the following actions

constitute a crime?

a. Accessing a computer without the owner’s consent.

b. Probing a network to assess its security measures.

c. Disconnecting the Internet to contain a virus.

8. List and describe two potential targets that could shutdown the Internet.

9. What is DHS’s role in cybersecurity?

10. How many cyber teams does DHS have ready to deploy in the event of a national emergency?

277

Chapter 17: Counterterrorism

Counterterrorism

Careful study of this chapter will help a student do the following:

 Explain how terrorism uniquely distinguishes the crime of assault.

 Explain why Islamic extremism is considered a terrorist threat.

 Evaluate the 2011 National Strategy for Counterterrorism.

 Assess the different roles of the FBI and DHS under PDD-39/HSPD-5.

 Discuss the primary means for dealing with known terrorists, foreign or domestic.

 Compare different options for dealing with foreign terrorists.

Chapter 17

Learning Outcomes

278

“Those who would give up essential Liberty, to purchase a little temporary Safety,

deserve neither Liberty nor Safety.”

– Benjamin Franklin, November 11, 1755

Introduction

9/11 was largely seen as a failure of coordination between Law Enforcement and the

Intelligence Community. While debating the role and structure of the new Department

of Homeland Security, Congress briefly considered subordinating the Intelligence

Community under the direction of the new Department. Concerns over potential

abuses infringing on civil liberties, however, quickly ended this consideration. Instead,

DHS was assigned a role of bridging the gap between the Law Enforcement and

Intelligence Communities to prevent future such attacks. While the Department of

Homeland Security plays an integral role filling the gaps exposed by 9/11, primary

responsibility for counterterrorism remains with the Federal Bureau of Investigation.

This chapter will briefly examine the threat, the roles and relationships of the

responsible Federal agencies, and what they’re doing to counter it.

Terrorism

As has already been seen, terrorism is a crime distinguished by motive. Terrorism is

defined in Title 18 United States Code, Section 2331, as “Acts dangerous to human life

that are a violation of the criminal laws of the United States or of any State, that

appear to be intended to intimidate or coerce a civilian population; influence the policy

of a government by intimidation or coercion; or to affect the conduct of a government

by mass destruction, assassination, or kidnapping.” The particular crime is assault.

There are many different types of assault, all of them generally illegal. What

distinguishes terrorism is the motive behind the assault; an intention to intimidate or

coerce the U.S. population or government.

Terrorists, accordingly, are people guilty of the crime of terrorism. They need not

execute the crime to be guilty of it. Merely planning the crime makes them guilty of

criminal conspiracy, which makes the planners terrorists. Similarly, even though

terrorism is a crime under U.S. law, it does not just apply to U.S. citizens. Anybody

guilty of planning or committing a crime on U.S. territory is subject to U.S. law, and

may therefore be brought before U.S. justice.

Terrorism, as a motive, is a homeland security concern. Unfortunately, terrorism and

homeland security have become synonymous. It is important to understand the

difference. Certainly the 9/11 hijackers were terrorists by every means of the

definition. So was Timothy McVeigh, the criminal behind the 1995 Oklahoma City

Bombing. While terrorism is a concern for homeland security, it is not the homeland

Part III: Mission Areas

Assault of any type is

generally illegal. What

distinguishes terrorism

is the motive behind the

assault; an intention to

intimidate or coerce the

U.S. population or

government.

279

security concern. As has been shown, the homeland security concern is about

domestic catastrophic destruction. While terrorism may be one motivating factor, it is

not the only motivating factor. As Hurricane Katrina demonstrated, homeland security

threats need have no motive whatsoever.

A similar confusion seems to relate terrorism to mass murder. The two are not the

same. The act of “mass killing” is defined by the 2012 Investigative Assistance for

Violent Crimes Act (28 USC 530C) as “three or more killings in a single incident”. Thus

the 1999 shootings that killed 13 at Columbine High School CO, 2012 shootings that

killed 26 at Sandy Hook Elementary School CT, and 2007 shootings that killed 32 at

Virginia Technical University, VA may be labeled “mass killings”, but no evidence

indicates that the shooters harbored terrorist motives. They were not terrorist

incidents.

The Terrorist Threat

From a legal standpoint, the terrorist threat is nothing more than criminal assault

undertaken for the purpose of extorting the U.S. government. Of course all crime is to

be discouraged, but what makes this particular class of crime a national priority? The

short answer is 9/11; Oklahoma City too. In both cases, terrorist motives drove the

perpetrators to extreme measures. Their crimes were shocking in both their

magnitudes and proportions. It is concern about preventing another 9/11 that

distinguishes terrorism. And because of their anti-government sentiment, domestic

militias and radical Islamists are a particular concern.

The militia movement is a relatively new right-wing extremist movement consisting of

armed paramilitary groups, both formal and informal, with an anti-government,

conspiracy-oriented ideology. Militia groups began to form not long after the deadly

standoff at Waco, Texas, in 1993; by the spring of 1995, they had spread to almost

every state. Many members of militia groups have been arrested since then, usually on

weapons, explosives and conspiracy charges. Although the militia movement has

declined in strength from its peak in early 1996, it remains an active movement,

especially in the Midwest, and continues to cause a number of problems for law

enforcement and the communities in which militia groups are active. [1]

Radical Islamists, also known as Fundamental Islamists, Islamic Extremists, and Militant

Islamists, came to be represented by Osama bin Laden’s organization, al Qaeda,

following the 9/11 attacks. Al Qaeda became a rallying point for disaffected Muslims

who sought to strike at the United States directly during operations in Iraq and

Afghanistan. Founded on the writings of Sayyid Qutb, Al Qaeda fought to restore Islam

by establishing “true Islamic states”, implementing sharia, and eliminating non-Muslim

influences and the enemies of Islam, which in their view the United States figured

Chapter 17: Counterterrorism

Terrorism is a crime

under Title 18 USC,

S2331. Anybody guilty

of planning or

committing a terrorist

act on U.S. territory, or

against a U.S. citizen

anywhere , is subject to

U.S. law and may be

brought before U.S.

justice.

280

prominently. [2] The al Qaeda movement continued long after bin Laden went into

hiding and was eventually killed. Then in 2013, al Qaeda was eclipsed by the Islamic

State (IS). The movement consolidated various opposition forces, including elements

of al Qaeda, to support armed insurgencies in Iraq and Syria. Two years after U.S.

troops withdrew from Iraq in 2011, IS forces overran western Iraq and parts of Syria

and claimed the territory as part of a new Islamic Caliphate. IS became notorious for

broadcasting executions of captured western prisoners. IS also claimed responsibility

for the November 2015 attacks that killed 130 people in Paris. [3] The U.S. accordingly

renewed its commitment of military support to assist Iraq in driving back IS, and

similarly strengthened military operations against IS in Syria. Given their past records

of attack and avowed enmity towards the United States, the prevailing concern is that

either al Qaeda or IS might seek to mount another 9/11 or similar attack against the

U.S.

Counterterrorism

Following the Tokyo Subway and Oklahoma City attacks, on June 21 1995 President

Clinton issued Presidential Decision Directive No. 39 (PDD-39) stating U.S. Policy on

Counterterrorism: “The United States regards all such terrorism as a potential threat to

national security as well as a criminal act and will apply all appropriate means to

combat it. In doing so, the U.S. shall pursue vigorously efforts to deter and preempt,

apprehend and prosecute, or assist other governments to prosecute, individuals who

perpetrate or plan to perpetrate such attacks.” [4] The shorthand description for these

activities is “counterterrorism”, abbreviated “CT”. Counterterrorism is defined in Joint

Publication 3-26 as “Activities and operations taken to neutralize terrorists and their

organizations and networks in order to render them incapable of using violence to

instill fear and coerce governments or societies to achieve their goals.” [5, pp. GL-3]

National Strategy for Counterterrorism

The 2011 National Strategy for Counterterrorism articulates the U.S. Government’s

approach to countering terrorism and identifies the range of tools employed by the

strategy. Though specifically directed against the threat of al Qaeda, the same

approach applies to IS. [6, p. 2] The 2011 Strategy identified eight overarching goals:

1. Protect the American People, Homeland, and American Interests. The most solemn

responsibility of the President and the United States Government is to protect the

American people, both at home and abroad. This includes eliminating threats to

their physical safety, countering threats to global peace and security, and

promoting and protecting U.S. interests around the globe. [6, p. 8]

Part III: Mission Areas

Because of their anti-

government sentiment,

domestic militias and

radical Islamists are a

particular terrorist

concern.

281

2. Disrupt, Degrade, Dismantle, and Defeat al-Qa‘ida and Its Affiliates and Adherents.

The American people and interests will not be secure from attacks until this threat

is eliminated—its primary individuals and groups rendered powerless, and its

message relegated to irrelevance. [6, p. 8]

3. Prevent Terrorist Development, Acquisition, and Use of Weapons of Mass

Destruction. The danger of nuclear terrorism is the greatest threat to global

security. Terrorist organizations, including al-Qa‘ida, have engaged in efforts to

develop and acquire weapons of mass destruction (WMD)—and if successful, they

are likely to use them. Therefore, the United States will work with partners around

the world to deter WMD theft, smuggling, and terrorist use; target and disrupt

terrorist networks that engage in WMD-related activities; secure nuclear,

biological, and chemical materials; prevent illicit trafficking of WMD-related

materiel; provide multilateral nonproliferation organizations with the resources,

capabilities, and authorities they need to be effective; and deepen international

cooperation and strengthen institutions and partnerships that prevent WMD and

nuclear materials from falling into the hands of terrorists. Success will require us to

work with the international community in each of these areas while establishing

security measures commensurate with the threat, reinforcing counter-smuggling

measures, and ensuring that all of these efforts are sustained over time. [6, pp. 8-

9]

4. Eliminate Safehavens. Al-Qa‘ida and its affiliates and adherents rely on the physical

sanctuary of ungoverned or poorly governed territories, where the absence of

state control permits terrorists to travel, train, and engage in plotting. In close

coordination with foreign partners, the United States will continue to contest and

diminish al-Qa‘ida’s operating space through mutually reinforcing efforts designed

to prevent al-Qa‘ida from taking advantage of these ungoverned spaces. We will

also build the will and capacity of states whose weaknesses al-Qa‘ida exploits.

Persistent insecurity and chaos in some regions can undermine efforts to increase

political engagement and build capacity and provide assistance, thereby

exacerbating chaos and insecurity. Our challenge is to break this cycle of state

failure to constrict the space available to terrorist networks. [6, p. 9]

5. Build Enduring Counterterrorism Partnerships and Capabilities. Foreign partners

are essential to the success of our CT efforts; these states are often themselves the

target of—and on the front lines in countering—terrorist threats. The United

States will continue to rely on and leverage the capabilities of its foreign partners

even as it looks to contribute to their capacity and bolster their will. To achieve our

objectives, partners must demonstrate the willingness and ability to operate

independently, augmenting and complementing U.S. CT efforts with their unique

insights and capabilities in their countries and regions. Building strong enduring

partnerships based on shared understandings of the threat and common

objectives is essential to every one of our overarching CT objectives. Assisting

partners to improve and expand governance in select instances is also critical,

including strengthening the rule of law so that suspected terrorists can be brought

Chapter 17: Counterterrorism

Radical Islamists, also

known as Fundamental

Islamists, Islamic

Extremists, and Militant

Islamists, came to be

represented by al

Qaeda. Founded on the

writings of Sayyid Qutb,

Al Qaeda fought to

restore Islam by

establishing “true

Islamic states”,

implementing sharia,

and eliminating non-

Muslim influences and

the enemies of Islam,

which in their view the

United States figured

prominently.

282

to justice within a respected and transparent system. Success will depend on our

ability to work with partners bilaterally, through efforts to achieve greater regional

integration, and through multilateral and international institutions. [6, p. 9]

6. Degrade Links between al-Qa‘ida and its Affiliates and Adherents. Al-Qa‘ida senior

leaders in Pakistan continue to leverage local and regional affiliates and adherents

worldwide through formal and informal alliances to advance their global agenda.

Al-Qa‘ida exploits local grievances to bolster recruitment, expand its operational

reach, destabilize local governments, and reinforce safehavens from which it and

potentially other terrorist groups can operate and attack the United States.

Together with our partners, we will degrade the capabilities of al-Qa‘ida’s local and

regional affiliates and adherents, monitor their communications with al-Qa‘ida

leaders, drive fissures between these groups and their bases of support, and

isolate al-Qa‘ida from local and regional affiliates and adherents who can augment

its capabilities and further its agenda. [6, p. 9]

7. Counter al-Qa‘ida Ideology and Its Resonance and Diminish the Specific Drivers of

Violence that al-Qa‘ida Exploits. This Strategy prioritizes U.S. and partner efforts to

undercut al-Qa‘ida’s fabricated legitimization of violence and its efforts to spread

its ideology. As we have seen in the Middle East and North Africa, al-Qa‘ida’s calls

for perpetual violence to address longstanding grievances have met a devastating

rebuke in the face of nonviolent mass movements that seek solutions through

expanded individual rights. Along with the majority of people across all religious

and cultural traditions, we aim for a world in which al-Qa‘ida is openly and widely

rejected by all audiences as irrelevant to their aspirations and concerns, a world

where al-Qa‘ida’s ideology does not shape perceptions of world and local events,

inspire violence, or serve as a recruiting tool for the group or its adherents.

Although achieving this objective is likely to require a concerted long-term effort,

we must retain a focus on addressing the near-term challenge of preventing those

individuals already on the brink from embracing al-Qa‘ida ideology and resorting to

violence. We will work closely with local and global partners, inside and outside

governments, to discredit al-Qa‘ida ideology and reduce its resonance. We will put

forward a positive vision of engagement with foreign publics and support for

universal rights that demonstrates that the United States aims to build while al-

Qa‘ida would only destroy. We will apply focused foreign and development

assistance abroad. At the same time, we will continue to assist, engage, and

connect communities to increase their collective resilience abroad and at home.

These efforts strengthen bulwarks against radicalization, recruitment, and

mobilization to violence in the name of al-Qa‘ida and will focus in particular on

those drivers that we know al-Qa‘ida exploits. [6, pp. 9-10]

Part III: Mission Areas

The 2011 National

Strategy for

Counterterrorism

articulates the U.S.

Government’s approach

to countering terrorism

and identifies the range

of tools employed by the

strategy. Though

specifically directed

against the threat of al

Qaeda, the same

approach applies to

Islamic State (IS).

283

8. Deprive Terrorists of their Enabling Means. Al-Qa‘ida and its affiliates and

adherents continue to derive significant financial support from donors in the

Persian Gulf region and elsewhere through kidnapping for ransom and from

exploitation of or control over lucrative elements of the local economy. Terrorist

facilitation extends beyond the financial arena to those who enable travel of

recruits and operatives; acquisition and movement of materiel; and electronic and

non-electronic communication. The United States will collaborate with partner

nations around the world to increase our collective capacity to identify terrorist

operatives and prevent their travel and movement of supplies across national

borders and within states. We will continue to expand and enhance efforts aimed

at blocking the flow of financial resources to and among terrorist groups and to

disrupt terrorist facilitation and support activities, imposing sanctions or pursuing

prosecutions to enforce violations and dissuade others. We will also continue our

focus on countering kidnapping for ransom, which is an increasingly important

funding source for al-Qa‘ida and its affiliates and adherents. Through our

diplomatic outreach, we will continue to encourage countries—especially those in

Europe—to adopt a policy against making concessions to kidnappers while using

tailored messages unilaterally and with our partners to delegitimize the taking of

hostages. Mass media and the Internet in particular have emerged as enablers for

terrorist planning, facilitation, and communication, and we will continue to

counter terrorists’ ability to exploit them. [6, p. 10]

Counterterrorism Responsibilities

PDD-39 placed responsibility for U.S. counterterrorism efforts with the Department of

Justice (DOJ) and the Department of State (DOS). PDD-39 made the Federal Bureau of

Investigation (FBI) under DOJ responsible for preventing and responding to domestic

terrorist attacks. Conversely, PDD-39 made the State Department responsible through

its ambassadors for coordinating response to attacks on U.S. interests overseas. [4]

Following 9/11, Homeland Security Presidential Directive No. 5 modified these roles

making the Department of Homeland Security responsible for coordinating the Federal

response to domestic incidents, including terrorist attacks. Otherwise, HSPD-5

preserved the FBI’s role with investigating and prosecuting acts of terrorism, and DOS

retained its role of protecting U.S. interests overseas. [7]

FBI Counterterrorism

The FBI is the lead federal law enforcement agency charged with counterterrorism

investigations. This includes terrorist acts committed within and outside U.S. national

boundaries. Since the 9/11 attacks, the FBI has implemented a series of reforms

intended to transform itself from a largely reactive law enforcement agency focused

on investigations of criminal activity into a more proactive, agile, flexible, and

intelligence-driven agency that can prevent acts of terrorism. [8, p. ii] The FBI’s post-

9/11 transformation is particularly evident in four areas: The USA PATRIOT Act

Chapter 17: Counterterrorism

PDD-39 made the FBI

responsible for

preventing and

responding to domestic

terrorist attacks. In

2003, after

establishment of the

Department of

Homeland Security,

HSPD-5 amended PDD-

39 making DHS

responsible for

coordinating the Federal

response to domestic

incidents, including

terrorist attacks.

284

provided the FBI additional authorities and enhanced investigative tools. The FBI and

DOJ altered the way the Bureau investigated terrorism with the 2008 revision of The

Attorney General’s Guidelines for Domestic FBI Operations. The FBI expanded

operationally via a proliferation of Joint Terrorism Task Forces (JTTFs) across the United

States. In so doing, it also increased its cooperation with state, local, and federal

agencies. Finally, watershed changes were made in the Bureau’s intelligence program.

[8, p. 3]

Historically, there have been differences between electronic surveillance (wiretaps)

conducted for intelligence and for law enforcement purposes. Among these is the

protection of the constitutional rights of persons under criminal investigation. The

Foreign Intelligence Surveillance Act (FISA) regulates intelligence collection directed at

foreign powers and agents of foreign powers in the United States to include those

engaged in international terrorism. FISA required the government to certify that “the

purpose” of surveillance was to gather foreign intelligence information. Prior to the

USA PATRIOT Act, DOJ turned the “primary purpose” standard into written policy that

had the effect of limiting the coordination between intelligence and criminal

investigators. This came to be known as “the Wall” between intelligence and law

enforcement and the “unfortunate consequences” of this barrier to information

sharing were noted by the 9/11 Commission in its report on the 9/11 attacks. Section

218 of the USA PATRIOT Act amended FISA to replace the phrase “the purpose” with

the phrase “a significant purpose.” As one legal scholar described it, by moving the

FISA requirement from the purpose to a significant purpose, the USA PATRIOT Act

“knocked out the foundation for ‘the Wall.’” This removed impediments to the

exchange of information about terrorism or other national security threats between

intelligence and law enforcement personnel. [8, pp. 3-4]

The FBI and DOJ also emphasized their forward-leaning approach with the September

29, 2008, revision of the Attorney General’s Guidelines for Domestic FBI Operations,

which they claim “make the FBI’s operations in the United States more effective by

providing simpler, clearer, and more uniform standards and procedures.” Referred to

as the “Mukasey Guidelines” after Michael B. Mukasey, who was Attorney General at

the time of their release, this is the latest in a series of guidelines stretching back to

1976 that govern the FBI’s investigative activities. The Mukasey Guidelines went into

effect on December 1, 2008. In large part, these guidelines sprang from the post-9/11

national security context, in which the FBI surmised that it could not simply react to

crimes. It had to preemptively search for criminal, counterintelligence, and terrorist

threats to the homeland. The most prominent changes in the Mukasey Guidelines

concern “assessments.” Agents and analysts may now use assessments outside of the

more traditional preliminary and full investigations, which require some level of factual

predication. Preliminary investigations can be opened with “any ‘allegation or

information’ indicative of possible criminal activity or threats to the national security.”

Opening a full investigation requires an “‘articulable factual basis’ of possible criminal

Part III: Mission Areas

Since the 9/11 attacks,

the FBI has implemented

a series of reforms

intended to transform

itself from a largely

reactive law

enforcement agency

focused on

investigations of

criminal activity into a

more proactive, agile,

flexible, and intelligence

-driven agency that can

prevent acts of

terrorism.

285

or national threat activity.” On the other hand, opening an assessment does not

require particular factual predication. Assessments are not to be “pursued for frivolous

or improper purposes and are not based solely on First Amendment activity or on the

race, ethnicity, national origin, or religion of the subject of the assessment, or a

combination of only such factors.” Assessments offer terrorism investigators a variety

of techniques, including public surveillance and the use of confidential informants to

penetrate conspiracies. The Bureau has incorporated assessments into its investigative

processes. According to numbers made publicly available in March 2011, the FBI

initiated 11,667 assessments to check leads on individuals, activities, groups, or

organizations between December 2008 and March 2009. These, in turn, led to 427

preliminary or full investigations. Officials noted that about one-third of the

assessments resulted from vague tips. Reportedly, between March 2009 and March

2011, the Bureau opened 82,325 assessments. About half of the assessments from this

time frame focused on determining whether specific groups or individuals were spies

or terrorists. This pool of 42,888 assessments produced just under 2,000 full or

preliminary investigations. [8, pp. 11-12]

JTTFs are locally based, multi-agency teams of investigators, analysts, linguists, SWAT

experts, and other specialists who investigate terrorism and terrorism-related crimes.

Seventy-one of the more than 100 JTTFs operated by DOJ and the FBI were created

since 9/11. Over 4,400 federal, state, and local law enforcement officers and agents—

more than four times the pre-9/11 total— work in them. These officers and agents

come from more than 600 state and local agencies and 50 federal agencies. The FBI

considers the JTTFs “the nation’s front line on terrorism.” They “investigate acts of

terrorism that affect the U.S., its interests, property and citizens, including those

employed by the U.S. and military personnel overseas.” As this suggests, their

operations are highly tactical and focus on investigations, developing human sources

(informants), and gathering intelligence to thwart terrorist plots. JTTFs also offer an

important conduit for the sharing of intelligence developed from FBI-led

counterterrorism investigations with outside agencies and state and local law

enforcement. To help facilitate this, especially as the threat of homegrown jihadists

has emerged, the number of top-secret security clearances issued to local police

working on JTTFs has increased from 125 to 878 between 2007 and 2009. There is also

a National JTTF, which was established in July 2002 to serve as a coordinating

mechanism with the FBI’s partners. Some 40 agencies are now represented in the

National JTTF, which has become a focal point for information sharing and the

management of large-scale projects that involve multiple partners. [8, pp. 13-14]

Chapter 17: Counterterrorism

The FBI’s post-9/11

transformation was

facilitated by 1)

enhanced authorities

provided under the USA

PATRIOT Act; 2) new

General Guidelines

making it easier to

develop a terrorist case;

3) expansion of Joint

Terrorism Task Forces

(JTTFs) increasing

cooperation with State

and Local law

enforcement; and 4)

watershed changes to

the Bureau’s intelligence

program.

286

DOS Counterterrorism

The Department of State has six regional bureaus that address foreign policy

considerations on a regional basis. The assistant secretaries of the regional bureaus are

key actors in CT activities and operations policy in their assigned regions. Furthermore,

the DOS Bureau of Counterterrorism publishes an annual country report on terrorism

and manages US policy for a whole-of-government approach to CT. The DOS Bureau of

Counterterrorism maintains the Foreign Terrorist Organizations List that provides

justification for the President to block or freeze tangible property and freeze financial

accounts of individuals or terrorist organizations pursuant to Executive Order 13224,

Blocking Property and Prohibiting Transactions With Persons Who Commit, Threaten

to Commit, or Support Terrorism. This tool is designed to sever terrorists’ organizations

logistics and resources. These efforts are worked through Partner Nations (PNs) where

the United States maintains country teams under the leadership of the local

ambassador, technically known as the Chief of Mission (COM). [5, pp. III-2]

The COM is the personal representative of the President and the official U.S.

Government (USG) representative in the host country. The COM is responsible for the

conduct of relations with the host government and is the primary channel for

communications with that government. The COM directs, coordinates, and supervises

all USG executive branch employees in that effort, except those under the command of

a U.S. military commander. CT activities and operations conducted by the Department

of Defense (DoD) and other USG departments and agencies require COM concurrence

prior to execution, unless otherwise directed by the President. [5, pp. III-2]

The FBI, in coordination with the Secretary of State and the COM, will assume lead

responsibility for law enforcement investigation of terrorist or WMD incidents abroad.

The FBI’s tasks may include taking custody of suspected terrorists, lawful transfer of

custody of suspected terrorists, forensic examination of material collected of possible

intelligence or criminal prosecution value, and hostage negotiation support. [5, pp. III-

2]

DHS Counterterrorism

The 2002 Homeland Security Act made it the mission of the Department of Homeland

Security to “prevent terrorist attacks within the United States.” [9] Since its inception

in 2003, DHS has had an intelligence component to support this mission and has been

a member of the U.S. Intelligence Community (IC). The Homeland Security Act of 2002,

assigned the original DHS intelligence component—the Directorate of Information

Part III: Mission Areas

DHS does not generally

engage in traditional

foreign intelligence

collection activities such

as imagery intelligence,

signals intelligence,

human intelligence,

measurement and

signatures intelligence,

and foreign open source

intelligence.

287

Analysis and Infrastructure Protection—with responsibility to receive, analyze, and

integrate law enforcement and intelligence information in order to— “(A) identify and

assess the nature and scope of terrorist threats to the homeland; (B) detect and

identify threats of terrorism against the United States; and (C) understand such threats

in light of actual and potential vulnerabilities of the homeland.” [10, pp. ii-1]

Following the Second Stage Review (2SR) in July 2005, former Secretary of Homeland

Security, Michael Chertoff established a strengthened Office of Intelligence and

Analysis (I&A) and made the Assistant Secretary for Information Analysis the Chief

Intelligence Officer (CINT) for the Department. He also tasked I&A with ensuring that

intelligence is coordinated, fused, and analyzed within the Department to provide a

common operational picture; provide a primary connection between DHS and the IC as

a whole; and to act as a primary source of information for state, local and private

sector partners. [10, p. ii]

Today, the DHS Intelligence Enterprise (DHS IE) consists of those elements within DHS

that have an intelligence mission. These include I&A, the Office of Cyber and

Infrastructure Analysis (OCIA), and the Intelligence Division of the Office of Operations

Coordination and Planning (all located at DHS headquarters), and the intelligence

elements of six DHS operational components: U.S. Customs and Border Protection

(CBP), U.S. Immigration and Customs Enforcement (ICE), U.S. Citizenship and

Immigration Services (USCIS), the Transportation Security Administration (TSA), U.S.

Coast Guard (USCG), and U.S. Secret Service (USSS). [10, p. 3]

The heads of the DHS intelligence components do not report to the I&A Under

Secretary, but to their respective component chiefs. However, pursuant to the

Implementing Recommendations of the 9/11 Commission Act of 2007, they are

required to advise and coordinate closely with the Under Secretary on their activities in

support of the intelligence mission of the Department. In order to provide senior-level

direction for Department-wide intelligence activities, a Homeland Security Intelligence

Council (HSIC) was formed. The HSIC is comprised of the key intelligence officials from

applicable DHS components. [10, p. 7]

DHS does not generally engage in traditional foreign intelligence collection activities

such as imagery intelligence, signals intelligence, human intelligence, measurement

and signatures intelligence, and foreign open source intelligence. I&A combines the

unique information collected by DHS components as part of their operational activities

(e.g., at airports, seaports, and the border) with foreign intelligence from the

Intelligence Community; law enforcement information from Federal, state, local, and

tribal sources; private sector data about critical infrastructure and key resources; and

information from domestic open sources to develop homeland security intelligence.

Chapter 17: Counterterrorism

DHS I&A combines the

unique information

collected by DHS

components as part of

their operational

activities (e.g., at

airports, seaports, and

the border) with foreign

intelligence from the

Intelligence Community;

law enforcement

information from

Federal, state, local, and

tribal sources; private

sector data about

critical infrastructure

and key resources; and

information from

domestic open sources

to develop homeland

security intelligence.

288

This encompasses a broad range of homeland security threats. It includes border

security information to counter human smuggling and trafficking, cargo data to

prevent the introduction of dangerous items, information to protect critical

infrastructure against all hazards, information about infectious diseases, and

demographic data and other research about ‘violent radicalization.’ [10, p. 5]

Nevertheless, I&A is a full partner within the Intelligence Community and represents

DHS on several IC committees. The Under Secretary, for example, is a member of the

Director of National Intelligence (DNI) Executive Committee. I&A contributes analytic

staff to the National Counterterrorism Center (NCTC). The office also contributes items

to the President’s Daily Brief providing a unique homeland security perspective on

terrorism and other threats to the United States to the nation’s leaders. [10, p. 6]

I&A produces numerous intelligence products including the Homeland Security Threat

Assessment, an annual report identifying major threats to the homeland. I&A also

produces Intelligence Notes, Intelligence Warnings, Homeland Security Assessments,

etc. I&A makes the products of its analysis available to state and local officials through

the Homeland Security Information Network (HSIN), a web-based platform that

facilitates Sensitive But Unclassified information sharing and collaboration between

federal, state, local, tribal, private sector, and international partners. HSIN provides

real-time, interactive connectivity between states and major urban areas and the DHS

National Operations Center (NOC). [10, pp. 9-10]

Congress made information sharing a top priority of the Department’s intelligence

component in the Homeland Security Act of 2002 and underscored its importance

through the Intelligence Reform and Terrorism Prevention Act of 2004. Since the 2SR

reorganization, Congress imposed additional requirements for intelligence analysis;

information sharing; department-wide intelligence integration; and support to state,

local, tribal governments, and the private sector through the Implementing

Recommendations of the 9/11 Commission Act of 2007. [10, p. ii]

In an effort to strengthen intelligence and information sharing and analysis capabilities

with states and major urban areas, DHS established intelligence fusion centers.

Congress defines fusion centers as a “collaborative effort of two or more Federal,

state, local, or tribal government agencies that combines resources, expertise, or

information with the goal of maximizing the ability of such agencies to detect, prevent,

investigate, apprehend, and respond to criminal or terrorist activity.” At the end of

2009, there were 72 DHS/FBI designated state and Urban Area Security Initiative (UASI)

fusion centers. I&A supports these centers by providing operational, analytic,

reporting, and management advice and assistance; training; information technology

systems and connectivity; and intelligence officers and analysts. [10, pp. 11-12]

Part III: Mission Areas

As terrorism is a crime,

the first order of action

is to apprehend and

arrest those suspected

of planning or executing

such crimes and

prosecuting them under

State and Federal law.

289

Direct Actions

As terrorism is a crime, the first order of action is to apprehend and arrest those

suspected of planning or executing such crimes and prosecuting them under State and

Federal law. For suspects beyond our borders, the Attorney General will attempt to

extradite them and render them to U.S. justice. In the case that a foreign government

refuses to surrender a suspect, the U.S. might conduct a rendition essentially

kidnapping the suspect and forcefully taking them into custody. In the case where a

foreign government is incapable of surrendering or otherwise controlling a terrorist

menace, the U.S. might employ military force to remove or eliminate the threat.

Persons suspected of criminal or terrorist activity may be transferred from one State

(i.e., country) to another for arrest, detention, and/or interrogation. Commonly, this is

done through extradition, by which one State surrenders a person within its

jurisdiction to a requesting State via a formal legal process, typically established by

treaty. Far less often, such transfers are effectuated through a process known as

“extraordinary rendition” or “irregular rendition.” These terms have often been used

to refer to the extrajudicial transfer of a person from one State to another. [11, p. ii]

The first well-known rendition case involved the Achille Lauro hijackers in 1985: after

they were given a plane and were enroute in international air space, they were forced

by United States Navy fighter planes to land at the Naval Air Station Sigonella, an

Italian military base in Sicily used by the US Navy and NATO. [12] Following the attacks

of September 11, 2001, however, what had been a limited program expanded

dramatically, with some experts estimating that 150 foreign nationals taken by the CIA.

Foreign nationals suspected of terrorism have been transported to detention and

interrogation facilities in Jordan, Iraq, Egypt, Diego Garcia, Afghanistan, Guantánamo,

and elsewhere. [13] Suspects were reportedly arrested, blindfolded, shackled, and

sedated, or otherwise kidnapped, and transported by private jet or other means to the

destination country. [12] The practice became controversial during the Bush

Administration because the destination countries were known to employ harsh

interrogation techniques rising to the level of torture, purportedly with the knowledge

or acquiescence of the United States. In January 2009, President Obama issued an

Executive Order creating a special task force to review U.S. transfer policies, including

the practice of rendition, to ensure compliance with applicable legal requirements. [11,

p. ii]

Terrorist suspects beyond the reach of rendition may be subject to U.S. military force.

In November 2002, Qaed Salim Sinan al-Harethi, an al-Qaeda operative and Yemeni

citizen suspected of involvement in the October 2000 bombing of the USS Cole, was

killed by the CIA using a Predator drone firing a Hellfire missile. The attack was

controversial because it also killed Kamal Derwish, a U.S. citizen accompanying al-

Harethi. The Bush Administration defended the action citing a presidential finding that

Chapter 17: Counterterrorism

For suspects beyond our

borders, the Attorney

General will attempt to

extradite them and

render them to U.S.

justice. In the case that

a foreign government

refuses to surrender a

suspect, the U.S. might

conduct a rendition

essentially kidnapping

the suspect and

forcefully taking them

into custody. In the case

where a foreign

government is incapable

of surrendering or

otherwise controlling a

terrorist menace, the

U.S. might employ

military force to remove

or eliminate the threat.

290

permitted worldwide covert actions against members of al-Qaeda. Despite the

controversy, the use of Predators to kill suspected terrorists has become common

practice. [14]

Military force may be delivered in all shapes and sizes, and not just by the Department

of Defense. The CIA has an extensive paramilitary capability of its own. By DoD

definition, paramilitary forces are distinct from the regular armed forces of any

country, but resembling them in organization, equipment, training or mission. In

addition to providing intelligence support US military operations from the Korean War

era to Iraq today, the CIA has also worked closely alongside DoD personnel in military

operations. The CIA typically takes on missions that must be clandestine or covert to

avoid directly implicating the U.S. Government. Examples of CIA covert operations

include the 1961 Bay of Pigs invasion of Cuba, and interdiction missions along the Ho

Chi Minh Trail in Laos, a neutral country during the Vietnam conflict. Despite these

mixed results, the CIA is credited with helping depose the Taliban government after

they refused to surrender Bin Laden following 9/11. [15, p. 1] Units from the CIA’s

Special Activities Division (SAD) were the first U.S. forces to enter Afghanistan in

September 2001. They joined with the Afghan United Front (Northern Alliance) to

prepare for the subsequent arrival of U.S. Special Operations Forces (SOF). Together,

the United Front, SAD, and SOF combined to overthrow the Taliban by November. The

campaign was noted for its minimal use of conventional military force and

correspondingly low casualty count among allies. [16] The CIA was also instrumental in

developing the Predator drone, which saw its first combat use in Afghanistan. Today,

the Predator is employed extensively to target suspected terrorist leaders around the

world. [17]

The DoD employs Special Operations Forces to deliver military capability in hostile,

denied, or politically sensitive areas of the world. Special operations are distinguished

from regular military operations by degree of physical and political risk, operational

techniques, and mode of employment. DoD special operations are frequently

clandestine, designed in such a say to conceal them, but not necessarily covert, that is,

designed to conceal the identity of the sponsor. [15, p. 1] SOF teams helped provide

the Afghan United Front with airpower during the early months of Operation

ENDURING FREEDOM. Joint Terminal Attack Controllers (JTACs) using laser range

finders helped direct precision guided munitions dropped from orbiting U.S. Air Force B

-1 and B-52 bombers onto Taliban targets. This use of airpower proved instrumental in

helping the United Front capture the northern city of Mazar-e-Sharif in November

2001. [18] Supported by CIA operatives on the ground, Navy SEALs mounted the raid

into Pakistan that succeeded in killing Osama bin Laden on May 2, 2011. [19]

Part III: Mission Areas

Military force may be

delivered in all shapes

and sizes, and not just

by the Department of

Defense. The CIA has an

extensive paramilitary

capability of its own.

291

Interagency Coordination

Interagency coordination for counterterrorism operations is accomplished through the

National Counterterrorism Center (NCTC). The National Counterterrorism Center was

established in 2004 to ensure that information from any source about potential

terrorist acts against the U.S. could be made available to analysts and that appropriate

responses could be planned. According to the NCTC Charter (P.S. 108-458), the NCTC

serves as the principal advisor to the Director of National Intelligence (DNI) on

intelligence operations relating to terrorism, and provides strategic operational plans

for military and civilian counterterrorism efforts and for effective integration of

counterterrorism intelligence and operations across agency boundaries within and

outside the United States. The NCTC Director is appointed by the President of the

United States. And though the Director reports to the DNI, in practice Director works

through the National Security Council and the White House staff. [20]

Interagency coordination for counterterrorism policy is orchestrated by the National

Security Council. The National Security Council is the key integrator of the President’s

whole-of-government CT policy and strategies, which requires interagency

coordination at the Principals Committee, Deputies Committee, and supporting

interagency policy committees, and the efforts of the National Security Council Staff.

The key interagency policy committee for CT is the Counterterrorist Security Group,

which is led by the Assistant to the President for Homeland Security and

Counterterrorism (i.e., the former Homeland Security Advisor). [5, pp. III-1]

Conclusion

The basic difficulty in capturing or killing terrorists is finding them, preferably before

they strike. The first problem is identifying potential terrorists. Psychological studies

have found no common factors among the profiles of past terrorists: they can be

anybody. Attempts by the National Security Agency to identify terrorists by studying

their contacts and communications also proved fruitless as well as illegal. And even if

they are identified, terrorists are not easy to locate: it took ten years to locate Bin

Laden even with a $25 million bounty on his head. The unspoken fact of the matter is

that the terrorist threat can never be eliminated. Given this realization, the question

arises whether it is more effective to pursue terrorists, or deny them the means for

inflicting catastrophic damage?

Chapter 17: Counterterrorism

Interagency

coordination for

counterterrorism

operations is

accomplished through

the National

Counterterrorism Center

(NCTC). Interagency

coordination for

counterterrorism policy

is orchestrated by the

National Security

Council (NSC).

292

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. How does terrorism uniquely distinguish the crime of assault?

2. Why does al Qaeda remain a terrorist threat after Osama bin Laden’s death?

3. Looking at the 2011 National Strategy for Counterterrorism, which short-term goal do you think most effective?

Explain.

4. Looking at the 2011 National Strategy for Counterterrorism, which long-term goal do you think most effective?

Explain.

5. According to PDD-39/HSPD-5, what is the counterterrorism role of the FBI?

6. According to HSPD-5, what is the counterterrorism role of DHS?

7. How did the USA PATRIOT Act improve the FBI’s ability to investigate terrorism?

8. What is the primary means for dealing with known terrorists, foreign or domestic?

9. Describe two options available to the President if foreign governments are unwilling or unable to render unto

justice terrorist elements within their country that threaten the United States.

10. As the Director of the National Counterterrorism Center, what circumstances might move you to recommend CIA

paramilitary forces over DoD special forces to perform a particular overseas counterterrorism mission?

Part III: Mission Areas

293

Emergency Preparedness &

Response

Careful study of this chapter will help a student do the following:

 Explain the responsibility of State Governors to their citizens.

 Explain why 9/11 raised concern about State and Local emergency preparedness.

 Describe Stafford Act authorities to grant Federal disaster assistance to States.

 Describe the FEMA process and means for delivering assistance to States.

 Describe the considerable means available to States for responding to emergencies.

 Evaluate the Incident Commander’s role and means for directing emergency response.

 Evaluate the role of exercises for improving emergency preparedness.

Chapter 18

Learning Outcomes

Chapter 18: Emergency Preparedness & Response

294

“We must prepare to minimize the damage and recover from any future terrorist

attacks that may occur despite our best efforts at prevention.”

– 2002 National Strategy for Homeland Security

Introduction

9/11 forced the realization that the nation was unprepared to respond to a WMD

attack. While FEMA had been established in 1979 to streamline Federal support to

natural disasters, it had no corresponding capabilities to integrate Federal support to

manmade catastrophes. Moreover, the contrast between the local response at the

World Trade Center and the local response at the Pentagon on 9/11 proved that the

structured integration of responding agencies through the Incident Command System

saved lives. Accordingly, the Department of Homeland Security was commissioned by

Congress to begin strengthening the response capabilities of the nation, and make sure

they were integrated from the bottom-up through the Local, State, and Federal levels

of government.

Integrating the Federal Response

Following 9/11, the President and Congress sought to improve the nation’s ability to

respond and recover to domestic catastrophic attack. Of particular concern was the

potential employment of WMD. In 2002, few parts of the country had the ability to

respond to a WMD attack. Even the best prepared states and localities didn’t have

adequate resources to respond to the full range of potential threats exposed by 9/11.

Many did not have in place mutual aid agreements to facilitate cooperation with their

neighbors in time of emergency. The Federal government had done relatively little to

remedy the situation. What few domestic preparedness programs that existed were

spread across eight different Federal departments and agencies, and provided money

under a tangled web of grant programs. Accordingly, one of the first objectives for the

new Department of Homeland Security was to create a fully integrated national

emergency response system capable of dealing with most any catastrophe, both

natural and manmade. [1, p. 42]

The first order of business was consolidation. The 2002 Homeland Security Act

authorized the establishment of an Emergency Preparedness and Response

Directorate within the new Department of Homeland Security. [2] The new directorate

incorporated the Strategic National Stockpile and National Disaster Medical System

from Health and Human Services, the Nuclear Incident Response Team from the

Department of Energy, and the Domestic Emergency Support Teams from the

Department of Justice. [3] The Homeland Security Act also allowed the Federal

Emergency Management Agency to be incorporated as an independent agency under

the new directorate. With FEMA came the authority to distribute grants under the

Homeland Security Grant Program. [2]

Part III: Mission Areas

Following 9/11, the

President and Congress

sought to improve the

nation’s ability to

respond and recover to

domestic catastrophic

attack. Of particular

concern was the

potential employment of

WMD.

295

After consolidation, the next order of business was establishing clear lines of

responsibility and authority. On February 28, 2003, HSPD-5 was issued making the

Secretary of Homeland Security the Principal Federal Official (PFO) for domestic

incident management. It was the Secretary’s responsibility to see that executive

agencies were prepared to respond and to coordinate their response when Federal

assistance was needed in a disaster. HSPD-5 also directed the Secretary to develop a

National Response Plan (NRP) detailing how the Federal government would marshal its

resources for a disaster, and a National Incident Management System (NIMS) detailing

how those resources would be integrated into a local disaster response. [4]

The NIMS provides a standard command and management structure for coordinating a

multi-agency response to disaster. Much of NIMS is built upon the Incident Command

System (ICS), which was developed by Federal, State, and local wildland fire agencies

during the 1970s. ICS is a management system designed to enable effective incident

management by integrating a combination of facilities, equipment, personnel,

procedures and communications operating within a common organizational structure.

[5, pp. 48-49] To facilitate coordination between Federal, State, and Local agencies

responding to a disaster, HSPD-5 mandated NIMS for all Federal agencies starting in

2003, and made it a prerequisite for State and Local governments to receive Homeland

Security Grant Program funds starting in 2005. [4]

The Homeland Security Act mandated the creation of a National Response Plan to

replace the previous Federal Response Plan. [2] HSPD-5 assigned the task to the DHS

Secretary and provided further guidance on its preparation. [4] The subsequent NRP

was released in December 2004. It was a large document comprised of some 426

pages. It provided the basic plan how the Federal government would prepare and

respond to disaster at the request of State and Local government. The underlying

principle of the plan was that Federal capabilities would be packaged into fifteen

Emergency Support Functions (ESFs). Various Federal agencies were assigned

responsibility for preparing, maintaining, and providing these ESF capabilities when

requested. The Secretary of Homeland Security, under the authority of HSDP-5, was

responsible for seeing that the ESFs were ready and available when needed. [6, p. xi]

Because it was so big, the problem with the NRP was that few people were familiar

with it, let alone had read it by the time Hurricane Katrina struck in August 2005. The

flawed response to Hurricane Katrina was attributed, in part, to a failure to follow the

NRP. Congress acted by passing the 2006 Post-Katrina Emergency Management

Reform Act which elevated FEMA to report directly to the Secretary, and mandated

changes to the NRP. [7, pp. CRS-3-CRS-4] As a result, in January 2008, DHS issued the

National Response Framework (NRF) which remains the nation’s plan for responding to

disaster.

Chapter 18: Emergency Preparedness & Response

HSPD-5 issued in

February 2003 directed

the Secretary to develop

a National Response

Plan (NRP) detailing

how the Federal

government would

marshal its resources for

a disaster, and a

National Incident

Management System

(NIMS) detailing how

those resources would

be integrated into a

local disaster response.

296

Requesting Federal Assistance

Federal disaster assistance is provided upon request of the State Governor. Such a

request is made under the authority of the Robert T. Stafford Disaster Relief and

Emergency Assistance Act (P.L. 93-288, as amended, hereinafter “the Stafford Act”). To

request Federal assistance, the Governor must declare either a State emergency or

major disaster. Emergency declarations are made to protect property and public

health and safety and to lessen or avert the threat of a major disaster or catastrophe.

Emergency declarations are often made when a threat is recognized (such as

emergency declarations for hurricanes which may be made prior to landfall) and are

intended to supplement and coordinate local and state efforts prior to the event.

Emergency declarations are also made to provide direct federal assistance to protect

lives and property. This aids activities such as evacuations and the protection of public

assets. In contrast, a major disaster declaration is made as a result of the disaster or

catastrophic event and constitutes a broader authority that helps states and local

communities, as well as families and individuals, respond and recover from the

damage caused by the event. [8, pp. ii-1]

Ordinarily, only a Governor can initiate a request for a Presidential emergency or major

disaster declaration. In extraordinary circumstances, the President may unilaterally

declare a major disaster or emergency. This request is made through the FEMA

Regional Administrator and based on a finding that the disaster is of such severity and

magnitude that effective response is beyond the capabilities of the State and affected

local governments, and that Federal assistance is necessary. [5, p. 41]

The completed request, addressed to the President, is submitted through the FEMA

Regional Administrator, who evaluates the damage and requirements for Federal

assistance and makes a recommendation to the FEMA Administrator. The FEMA

Administrator, acting through the Secretary of Homeland Security, may then

recommend a course of action to the President. [5, p. 42] If the Governor’s request is

accepted, the President, in turn, will issue a corresponding declaration of emergency or

major disaster. This Presidential declaration triggers the release of funds from the

President’s Disaster Relief Fund, managed by FEMA under the Stafford Act. The

Presidential declaration will also activate disaster aid programs from other Federal

departments and agencies. A Presidential major disaster declaration triggers long-term

Federal recovery programs, some of which are matched by State programs, and

designed to help disaster victims, businesses, and public entities. An emergency

declaration is more limited in scope and without the long-term Federal recovery

programs of a major disaster declaration. Generally, Federal assistance and funding are

provided to meet a specific emergency need or to help prevent a major disaster from

occurring. [5, pp. 40-42]

Part III: Mission Areas

Federal disaster

assistance is provided

upon request of the

State Governor. Such a

request is made under

the authority of the

Robert T. Stafford

Disaster Relief and

Emergency Assistance

Act.

297

In many cases, assistance may be obtained from the Federal Government without a

Presidential declaration. For example, FEMA places liaisons in State EOCs and moves

commodities near incident sites that may require Federal assistance prior to a

Presidential declaration. Additionally, some types of assistance, such as Fire

Management Assistance Grants – which provide support to States experiencing severe

wildfires – are performed by Federal departments or agencies under their own

authorities and do not require Presidential approval. Finally, Federal departments and

agencies may provide immediate lifesaving assistance to States under their own

statutory authorities without a formal Presidential declaration. [5, p. 42]

Responding Federal departments and agencies respect the sovereignty and

responsibilities of local, tribal, and State governments while rendering assistance. The

intention of the Federal Government in these situations is not to command the

response, but rather to support the affected local, tribal, and/or State governments. [5,

p. 40]

NRF Response

The DHS National Operations Center (NOC) serves as the national fusion center,

collecting and synthesizing all-source information, including information from State

fusion centers, across all-threats and all-hazards information covering the spectrum of

homeland security partners. Federal departments and agencies report information

regarding actual or potential incidents requiring a coordinated Federal response to the

NOC. [5, p. 33]

When notified of a threat or an incident that potentially requires a coordinated Federal

response, the NOC evaluates the information and notifies appropriate senior Federal

officials and Federal operations centers: the FEMA National Response Coordination

Center (NRCC), the FBI Strategic Information Operations Center (SIOC), the National

Counterterrorism Center (NCTC), and the National Military Command Center (NMCC).

The NOC serves as the primary coordinating center for these and other operations

centers. [5, p. 34]

After being notified, departments and agencies should:

 Identify and mobilize staff to fulfill their department’s or agency’s responsibilities,

including identifying appropriate subject-matter experts and other staff to support

department operations centers.

Chapter 18: Emergency Preparedness & Response

If the Governor’s request

is accepted, the

President, in turn, will

issue a corresponding

declaration of

emergency or major

disaster. This

Presidential declaration

triggers the release of

funds from the

President’s Disaster

Relief Fund, managed by

FEMA under the Stafford

Act.

298

 Identify staff for deployment to the NOC, the NRCC, FEMA Regional Response

Coordination Centers (RRCCs), or other operations centers as needed, such as the

FBI’s Joint Operations Center. These organizations have standard procedures and

call-down lists, and will notify department or agency points of contact if

deployment is necessary.

 Identify staff that can be dispatched to the Joint Field Office (JFO), including

Federal officials representing those departments and agencies with specific

authorities, lead personnel for the JFO Sections (Operations, Planning, Logistics,

and Administration and Finance) and the ESFs.

 Begin activating and staging Federal teams and other resources in support of the

Federal response as requested by DHS or in accordance with department or agency

authorities.

 Execute pre-scripted mission assignments and readiness contracts, as directed by

DHS. [5, p. 36]

The FEMA Regional Administrator deploys a liaison to the State Emergency Operations

Center (SEOC) to provide technical assistance and also activates the Regional Response

Coordination Center. Federal department and agency personnel, including Emergency

Support Function primary and support agency personnel, staff the RRCC as required.

The RRCCs:

 Coordinate initial regional and field activities.

 In coordination with State, tribal, and local officials, deploy regional teams to

assess the impact of the event, gauge immediate State needs, and make

preliminary arrangements to set up operational field facilities.

 Coordinate Federal support until a Joint Field Office (JFO) is established.

 Establish a Joint Information Center (JIC) to provide a central point for coordinating

emergency public information activities. [5, p. 44]

In coordination with the RRCC and the State, FEMA may deploy an Incident

Management Assistance Team (IMAT). IMATs are interagency teams composed of

subject-matter experts and incident management professionals. IMAT personnel may

be drawn from national or regional Federal department and agency staff according to

established protocols. IMAT teams make preliminary arrangements to set up Federal

field facilities and initiate establishment of the Joint Field Office. [5, p. 44]

Part III: Mission Areas

Once a Presidential

declaration is issued,

FEMA will establish a

Joint Field Office (JFO) in

proximity to the State

Emergency Operations

Center (SEOC), and send

a Federal Coordinating

Officer (FCO) to assist

the State Coordinating

Officer (SCO) with

ordering Federal

resources.

299

Emergency Support Functions

FEMA coordinates response support from across the Federal Government and certain

NGOs by calling up, as needed, one or more of fifteen Emergency Support Functions.

The ESFs are coordinated by FEMA through its NRCC. During a response, ESFs are a

critical mechanism to coordinate functional capabilities and resources provided by

Federal departments and agencies, along with certain private-sector and

nongovernmental organizations. They represent an effective way to bundle and funnel

resources and capabilities to local, tribal, State, and other responders. These functions

are coordinated by a single agency but may rely on several agencies that provide

resources for each functional area. The mission of the ESFs is to provide the greatest

possible access to capabilities of the Federal Government regardless of which agency

has those capabilities.

ESF #1 – Transportation

ESF #2 – Communications

ESF #3 – Public Works and Engineering

ESF #4 – Firefighting

ESF #5 – Emergency Management

ESF #6 – Mass Care, Emergency Assistance, Housing, and Human Services

ESF #7 – Logistics Management and Resource Support

ESF #8 – Public Health and Medical Services

ESF #9 – Search and Rescue

ESF #10 – Oil and Hazardous Materials Response

ESF #11 – Agriculture and Natural Resources

ESF #12 – Energy

ESF #13 – Public Safety and Security

ESF #14 – Long-Term Community Recovery

ESF #15 – External Affairs [5, p. 57]

ESFs may be selectively activated for both Stafford Act and non-Stafford Act incidents

under circumstances as defined in HSPD-5. Not all incidents requiring Federal support

result in the activation of ESFs. FEMA can deploy assets and capabilities through ESFs

into an area in anticipation of an approaching storm or event that is expected to cause

a significant impact and result. This coordination through ESFs allows FEMA to position

Federal support for a quick response, though actual assistance cannot normally be

provided until the Governor requests and receives a Presidential major disaster or

emergency declaration. Many States have also organized an ESF structure along this

approach. [5, p. 57]

Chapter 18: Emergency Preparedness & Response

FEMA coordinates

response support from

across the Federal

Government and certain

NGOs by calling up, as

needed, one or more of

fifteen Emergency

Support Functions.

300

When ESFs are activated, they may have a headquarters, regional, and field presence.

At FEMA headquarters, the ESFs support decision making and coordination of field

operations within the NRCC. The ESFs deliver a broad range of technical support and

other services at the regional level in the Regional Response Coordination Centers, and

in the Joint Field Office and Incident Command Posts, as required by the incident. At all

levels, FEMA issues mission assignments to obtain resources and capabilities from

across the ESFs in support of the State. [5, p. 57]

All ESF support is directed to the local Incident Commander operating under the

Incident Command System. The incident command structure enables the ESFs to work

collaboratively. For example, if a State requests assistance with a mass evacuation, the

Joint Field Office would request personnel from ESF #1 (Transportation), ESF #6 (Mass

Care, Emergency Assistance, Housing, and Human Services), and ESF #8 (Public Health

and Medical Services). These would then be integrated into a single branch or group

within the ICS Operations Section to ensure effective coordination of evacuation

services. [5, p. 57]

Bottom-Up Support

All disasters are local. Under the United States federal system of government, State,

County, Municipal, and Tribal governments are responsible for the safety and security

of the citizens within their jurisdiction. This separation of authorities is manifested in

Article X of the Constitution, which stipulates that “The powers not delegated to the

United States by the Constitution, nor prohibited by it to the States, are reserved to

the States respectively, or to the people.” From a more practical standpoint, local

jurisdictions are best suited to respond to incidents by virtue of their proximity.

Hence, the National Response Framework is a bottom-up system, designed to provide

assistance only when State and Local resources have been overwhelmed or exhausted.

Most jurisdictions maintain sufficient capability to respond to most incidents.

However, when an incident exceeds the capacity of the local jurisdiction, it may

request assistance from a neighboring or higher jurisdiction. This determination

typically originates with the on-scene Incident Commander (IC).

The Incident Commander is the individual responsible for all response activities,

including the development of strategies and tactics and the ordering and release of

resources. The Incident Commander has overall authority and responsibility for

conducting incident operations and is responsible for the management of all incident

operations at the incident site. The Incident Commander directs incident response

operations from an Incident Command Post (ICP). [5, p. 50]

Part III: Mission Areas

All ESF support is

directed to the local

Incident Commander

operating under the

Incident Command

System.

301

If the Incident Commander determines that additional resources or capabilities are

needed, he or she will contact the local Emergency Operations Center (EOC) and relay

requirements to the local Emergency Manager (EM). Local EOCs are the physical

locations where multiagency coordination occurs. EOCs help form a common operating

picture of the incident, relieve on-scene command of the burden of external

coordination, and secure additional resources. The core functions of an EOC include

coordination, communications, resource allocation and tracking, and information

collection, analysis, and dissemination. During an incident, the local Emergency

Manager ensures the EOC is staffed to support the Incident Command Post and

arranges needed resources. Resources may be provided in the form of Emergency

Support Functions, similar to the NRF. The EOC also serves to update and advise

elected or appointed officials so they may provide policy direction as needed to

support the incident response. [5, pp. 50-51]

The EOC might request additional resources from neighboring jurisdictions through a

Mutual Aid Agreement (MAA). An MAA is formed between neighboring jurisdictions

specifying the conditions under which assistance will be provided, and the terms for

remuneration. Because of the financial obligations involved with an MAA, the EOC

might first have to consult with fiduciary officials before invoking such an agreement.

Of course, time is most precious during an incident.

When multiple agencies become involved in the incident, as determined by the type of

incident or by invoking an MAA, then the Incident Commander might form a Unified

Command with other officials having legal authority over the responding assets.

Operating from the Incident Command Post, the Unified Command will exercise

direction and control over tactical operations through corresponding officials acting in

concert from a single Incident Action Plan (IAP). Under a Unified Command, each

participating agency retains its authority, responsibility and accountability for assigned

assets. [5, p. 48]

If the incident is of such magnitude or complexity that it exceed Local response

capacity, the EOC might have to defer to the State Emergency Operations Center

(SEOC) to request additional resources. In some cases, this might require the local

elected official to issue a declaration of emergency or disaster to gain access to State

funds or resources. The SEOC, in turn, might marshal resources under Mutual Aid

Agreements with other jurisdictions or even direct the use of the National Guard. All

responding assets report to the on-scene Incident Command Post and take direction

according to the Incident Action Plan.

Chapter 18: Emergency Preparedness & Response

If the Incident

Commander determines

that additional

resources are needed,

he or she will contact

the local Emergency

Operations Center (EOC)

and relay requirements

to the local Emergency

Manager (EM). In turn,

the EOC might request

additional resources

from neighboring

jurisdictions through a

Mutual Aid Agreement

(MAA).

302

If State resources prove insufficient to the task, the Governor might request assistance

from neighboring states under the Emergency Management Assistance Compact

(EMAC). Under the terms of the EMAC, neighboring States can provide civilian

resources and National Guard support under the direction of the local Incident

Command Post. [5, p. 6]

If the combined resources of the States are insufficient, or additional funds or special

capabilities are needed to contend with the incident, the Governor may appeal for

Federal assistance. The Governor may appoint a State Coordinating Officer (SCO) to

work with the local FEMA region official to prepare the corresponding declarations of

emergency or major disaster to request Stafford Act support. Upon the

recommendation of the FEMA Administrator and the Secretary of Homeland Security,

the President will appoint a Federal Coordinating Officer (FCO) to deploy to the SEOC.

[5, p. 67]

The FCO is a senior FEMA official trained, certified, and well experienced in emergency

management, and specifically appointed to coordinate Federal support in the response

to and recovery from emergencies and major disasters. The FCO executes Stafford Act

authorities, including commitment of FEMA resources and the mission assignment of

other Federal departments or agencies via ESFs. If a major disaster or emergency

declaration covers a geographic area that spans all or parts of more than one State, the

President may decide to appoint a single FCO for the entire incident, with other

individuals as needed serving as Deputy FCOs. [5, p. 67]

In all cases, the FCO represents the FEMA Administrator in the field to discharge all

FEMA responsibilities for the response and recovery efforts underway. For Stafford Act

events, the FCO is the primary Federal representative with whom the SCO and other

State, Tribal, and Local response officials interface to determine the most urgent needs

and set objectives for an effective response. [5, p. 67]

Strengthening Local Response

In 2003, FEMA initiated the State Homeland Security Grant Program (SHSGP) to

strengthen State and Local response capabilities, particularly in regard to WMD and

other terrorist incidents. It authorized purchase of specialized equipment to enhance

State and Local agencies’ capabilities in preventing and responding to WMD incidents

and other terrorist incidents, and provided funds for protecting critical infrastructure

of national importance. SHSGP provided funds for designing, developing, conducting,

and evaluating terrorism response exercises; developing and conducting counter-

terrorism training programs; and updating and implementing each state’s Homeland

Security Strategy (SHSS). SHSGP funds could also be used to plan, design, develop,

conduct, and evaluate exercises to train First Responders, and to assess the readiness

Part III: Mission Areas

If the incident exceeds

Local response capacity,

the EOC might defer to

the State Emergency

Operations Center to

request additional

resources. States can

marshal resources under

Mutual Aid Agreements

with other jurisdictions

or even direct the use of

the National Guard. All

responding assets report

to the on-scene Incident

Command Post (ICP) and

take direction according

to the Incident Action

Plan (IAP).

303

of State and Local jurisdictions to prevent and respond to terrorist attacks. Exercises

had to be threat- and performance-based, in accordance with FEMA’s Homeland

Security Exercise and Evaluation Program (HSEEP). [9, pp. CRS-4]

To help guide the incremental buildup of State and Local response capacity to WMD

and terrorist incidents, in December 2003 the Bush Administration issued HSPD-8

directing DHS to develop a National Preparedness Goal (NPG) establishing

preparedness objectives, measures, and priorities. In December 2005, DHS issued a

draft National Preparedness Goal as follows:

“To achieve and sustain capabilities that enable the nation to collaborate in

successfully preventing terrorist attacks on the homeland, and rapidly and

effectively responding to and recovering from any terrorist attack, major

disaster, or other emergency that does occur to minimize the impact on lives,

property, and the economy. This state of national preparedness will be

achieved by reaching risk-based target levels of capability, and sustained by

measuring readiness and directing resources to areas of greatest risk and

need.” [10, pp. CRS-3]

To help attain the NPG, DHS began work on a National Preparedness System (NPS).

The NPS began with identifying fifteen National Planning Scenarios providing examples

of potential catastrophic incidents. From these fifteen incidents, DHS worked with

Federal, State, and Local agencies to derive a Universal Task List (UTL). The UTL

identifies the operations and tasks expected to be performed in order to respond to

events similar to those set out in the National Planning Scenarios. The UTL was

comprised of hundreds of individual tasks set across four mission areas: 1) prevent, 2)

protect, 3) respond, and 4) recover. From the Universal Task List DHS then derived the

Target Capability List (TCL). The TCL identifies thirty-six areas in which responding

agencies would be expected to be proficient in order to meet the expectations set out

in the UTL. The National Preparedness System also included the National Response

Plan and National Incident Management System as the means for implementing these

capabilities. Starting in 2005, States had to demonstrate how they were meeting UTL

and TCL requirements in order to receive State Homeland Security Grant Program

funding. [10]

In March 2011, the Obama Administration issued PPD-8 calling for a new National

Preparedness Goal based on core capabilities. [11] In September 2011, DHS release its

new National Preparedness Goal as follows:

“A secure and resilient Nation with the capabilities required across the whole

community to prevent, protect against, mitigate, respond to, and recover from

the threats and hazards that pose the greatest risk.” [12, p. 1]

Chapter 18: Emergency Preparedness & Response

If State resources prove

insufficient to the task,

the Governor might

request assistance from

neighboring states

under the Emergency

Management Assistance

Compact (EMAC). Under

the terms of the EMAC,

neighboring States can

provide civilian

resources and National

Guard support under the

direction of the local

Incident Command Post.

304

The 2011 NPG replaced the 36 Target Capabilities with 35 Core Capabilities. The

revised National Preparedness System issued in November 2011 now required States

to link HSGP funding requests towards achieving the Core Capabilities. They would

demonstrate this by annually conducting a Threat and Hazard Identification and Risk

Assessment (THIRA). [13]

The 2011 National Preparedness System also introduced the National Planning

Framework. Just as the NRP and NIMS were considered part of the 2005 National

Preparedness System, the National Planning Framework provided a family of plans, not

only updating the National Response Framework, and also adding a National

Prevention Framework, National Protection Framework, National Mitigation

Framework, and National Disaster Recovery Framework. [14, p. 1]

In September 2015, DHS issued a second National Preparedness Goal under the Obama

Administration. The 2015 version did not change the NPG itself, however, it did revise

the Core Capabilities, reducing their number from 35 to 32. Otherwise, the Disaster

Preparedness System remained unchanged. [15]

Homeland Security Exercises

To validate existing Core Capabilities, the 2011 National Preparedness System

advocates the use of homeland security exercises. [13, p. 5] In 2007, DHS issued

guidance in four volumes for conducting homeland security exercise in the form of the

Homeland Security Exercise and Evaluation Program. HSEEP offered a systematic

method for planning, executing, and documenting homeland security exercises. [16] In

2013, the four HSEEP volumes were slimmed down to one. [17] Otherwise, not much

had changed. The ultimate objective of HSEEP exercises is to identify deficiencies and

take actions to correct them. State and Local government may request funding to

conduct HSEEP exercises under the FEMA Homeland Security Grant Program.

At the Federal level, homeland security exercises are conducted more formally under

the National Exercise Program (NEP). In December 2003, the Bush Administration

issued HSPD-8 authorizing a National Exercise Program to train and test national

decision makers across multiple Federal departments. [18] The 2006 Post-Katrina

Emergency Management Reform Act required NEP to conform to HSEEP. NEP exercises

are planned and executed by the FEMA National Exercise Division under the guidance

and coordination of the White House Domestic Readiness Group. Prior to 2013, the

NEP consisted of two types of exercises: 1) National Level Exercises (NLEs), and 2)

Principal Level Exercises (PLEs). An NLE was an operations-based exercise conducted

annually addressing potential catastrophic scenarios involving Federal, State, and Local

agencies. A PLE was a quarterly discussion-based exercise designed to assist senior

policy makers with evaluating emerging threats. [19] Starting in 2013, the NEP began a

Part III: Mission Areas

First Responders may

apply to the FEMA

Homeland Security

Grant Program (HSGP)

to obtain funding for

equipment and training.

Funding needs are

determined by the

Threat and Hazard

Identification and Risk

Assessment (THIRA)

program that requires

States to assess their

readiness against a set

of Core Capabilities. The

idea is to achieve the

National Preparedness

Goal through

incremental

improvement.

305

two-year exercise cycle. Each NEP cycle includes various types of exercises at the

Federal, State, and Local levels, culminating in a capstone NLE at the end of the cycle.

The sequence of exercises is designed to become increasingly more complex during the

course of the NEP cycle. Some exercises may be classified. The number of exercises

executed during each cycle depend on the Principal Objectives recommended by the

White House Domestic Readiness Group and approved by the National Security Council

Principal’s Committee. Lessons learned during the exercise are evaluated and

disseminated to respective agencies to take appropriate corrective action as necessary.

[20]

The first series of national homeland security exercises were called TOPOFF, short for

TOP OFFICIALS. TOPOFF exercises were conducted from 2000 to 2009.

 TOPOFF 1, May 2000, simulated biological and chemical attacks in Denver CO and

Portsmouth NH.

 TOPOFF 2, May 2003, simulated WMD attacks in Chicago IL and Seattle WA.

 TOPOFF 3, April 2005, simulated biological and chemical attacks in Connecticut and

New Jersey.

 TOPOFF 4, October 2007, simulated dirty bomb attacks in Guam, Phoenix AZ, and

Portland OR. [21]

TOPOFF exercises were replaced by NLEs starting in 2009. Then in 2013, NLEs became

Capstone exercises ending the two-year NEP cycle.

 NLE 09, July 2009, simulated terrorist attempts to enter U.S. after major overseas

attack.

 NLE 10, May 2010, simulated terrorist attack using Improvised Nuclear Device

(IND).

 NLE 11, May 2011, simulated earthquake along the New Madrid Seismic Zone

(NMSZ).

 NLE 12, multiple exercises simulating cyber attacks on critical infrastructure.

 NLE 14, multiple exercises simulating nuclear weapon accident in Alaska.

 NLE 15, multiple exercises simulating earthquakes, nuclear accidents, and chemical

attacks. [21]

Chapter 18: Emergency Preparedness & Response

Exercises are a part of

the National

Preparedness System

which establishes a

continuous cycle of

equipping, training,

exercising, and

evaluating. At the

national level, Federal

agencies participate in

the National Exercise

Program (NEP) that now

culminate in a two-year

capstone National Level

Exercise (NLE).

306

Conclusion

Since 2003, the Department of Homeland Security has led efforts to integrate and

strengthen the nation’s ability to respond to catastrophic incidents. The failure of

Hurricane Katrina intensified those efforts. As a result, responding agencies across the

country have adopted the Incident Command System and acquired new capabilities

particularly with respect to WMD attack. Since hurricane Katrina, it is fair to say that

the nation has become proficient at responding to natural disasters. And though the

nation has mercifully not been put to the test, it may also be said that it is much better

prepared than it was on 9/11. This is a DHS success.

Part III: Mission Areas

307

Chapter 18: Emergency Preparedness & Response

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

questions may require additional research outside this book in order to provide a complete answer.

1. What is the responsibility of the State Governor?

2. How did 9/11 prompt Federal support for State and Local first responders?

3. List and describe the two major emergency response initiatives introduced by HSPD-5.

4. Under what authority may the President grant Federal assistance to State Governors?

5. Who does the FCO represent and who do they work with to coordinate Federal assistance?

6. In what form is Federal assistance provided to the States?

7. When Federal assistance arrives on-scene to the disaster, who do they work for?

8. How does the Incident Commander direct all elements towards a common objective?

9. What agreement allows States to request assistance from each other?

10. How do exercise programs help improve emergency preparedness?

308

Part III: Mission Areas

309

Chapter 19: Aviation Security

Aviation Security

Careful study of this chapter will help a student do the following:

 Describe aviation security changes since 9/11.

 Explain ongoing aviation security challenges.

 Evaluate different aviation security measures.

 Assess different aviation security priorities.

Chapter 19

Learning Outcomes

310

“The security and economic prosperity of the United States depend significantly upon

the secure operation of its Aviation Transportation System and safe use of the world’s

airspace.”

– 2010 Transportation Sector-Specific Plan

Introduction

In the aftermath of 9/11, the Federal government moved swiftly to plug the security

gaps exposed in the nation’s Aviation Transportation System. The chapter describes

the security apparatus entrusted with protecting the aviation subsector, and ensuing

programs and concerns that have evolved since 9/11.

Aviation Infrastructure

The aviation infrastructure is a subsector of the transportation infrastructure sector,

one of sixteen national critical infrastructure sectors identified in Presidential Policy

Directive No. 21. Aviation is one of seven subsectors in the Transportation Sector as

listed in Table 1. As such, the aviation subsector is covered under the Department of

Homeland Security National Infrastructure Protection Plan (NIPP). As part of the NIPP,

aviation security is coordinated through a Sector Coordinating Council (SCC) guided by

a U.S. Government Sector-Specific Agency (SSA). The Transportation Security

Administration (TSA), part of DHS, is the SSA for the overall transportation sector.

However, TSA works in conjunction with the Federal Aviation Administration (FAA)

which has regulatory authority over the aviation subsector. Under the NIPP, the SSA

works with the SCC to produce and periodically update a corresponding Sector-Specific

Plan (SSP). The first Transportation Systems SSP was produced in 2007. The

Transportation Systems SSP was last updated in 2010. Annex A to the 2010 SSP

addresses security measures undertaken within the aviation subsector. [1]

According to Annex A, the aviation subsector is formally identified as the Aviation

Transportation System (ATS). Furthermore, the ATS is said to be comprised of the

National Airspace System (NAS). The NAS, in turn, is comprised of more than 690 air

traffic control (ATC) facilities with associated systems and equipment to provide radar

and communication services; more than 19,800 general aviation and commercial

aviation airports capable of accommodating an array of aircraft operations; and

volumes of procedural and safety information necessary for users to operate in the

system. In addition, the NAS includes over 11,000 air navigation facilities and

approximately 13,000 flight procedures. [1, p. 129]

Part III: Mission Areas

Table 19-1: Transportation Subsectors

1 Aviation 5. Mass Transit

2. Freight Rail 6. Passenger Rail

3. Highway 7. Pipelines

4. Maritime

The National Airspace

System (NAS) is

comprised of more than

690 Air Traffic Control

(ATC) facilities; more

than 19,800 general

aviation and commercial

aviation airports; and

over 11,000 air

navigation facilities.

311

Under Title 49 of the Code of Federal Regulations (CFR), the FAA has regulatory

authority over aircraft operators, air cargo, foreign air carriers, indirect air carriers,

commercial airports, general aviation, and flight schools. Extensive rules and

regulations apply to aircraft operations in national airspace and around the globe. U.S.

security rules are also extended to those foreign airports and air carriers that fly to the

United States. [1, p. 130]

Aviation Security Partners

Aviation security and protection functions apply to non-travelers, travelers and their

carry-on items, checked baggage, cargo, and aviation industry personnel, including

staff, vendors, tenants, and flight crews. They impact the operation of foreign and

domestic airlines, airports, and the air cargo supply chain. Because various agencies

have jurisdictional authority over different components, aviation security entails a

complex choreography among both public and private stakeholders. [1, p. 131]

The Transportation Security Administration screens passengers and checked baggage;

deploys Federal Air Marshals (FAMs); assesses security at domestic and foreign

airports; performs vulnerability assessments of aviation assets; and provides training,

public education, and information sharing to enhance the protection of passengers,

cargo, and infrastructure. Additionally, TSA inspectors audit air carriers for compliance

with security programs, standards, and regulations. Furthermore, TSA deploys aviation

security specialists in response to high-threat situations and global security challenges.

TSA operations are monitored and coordinated nationally from the Transportation

Security Operations Center in Herndon, VA. [1, p. 132]

Customs and Border Protection (CBP) agents are law enforcement officers with legal

authority to arrest and apprehend unlawful travelers. CBP further maintains the Air

and Marine Operations Surveillance System (AMOSS) supporting counterterrorism and

counter-narcotics missions focused on general aviation aircraft. CBP coordinates these

actions nationally from its Air and Marine Operations Center (AMOC) in Riverside CA.

[1, p. 132]

The Federal Aviation Administration within the Department of Transportation (DOT) is

responsible for securing NAS facilities and systems supporting air navigation. The FAA

also monitors safe air transit from its National Operations Control Center (NOCC) in

Herndon, VA. [1, p. 132]

The Federal Bureau of Investigation (FBI) within the Department of Justice (DOJ) is

responsible for the ground-based tactical response to hijacking, air piracy, or other

terrorist threats; the investigation, enforcement, and prosecution of criminal law

Chapter 19: Aviation Security

The Transportation

Security Administration

(TSA) screens

passengers and checked

baggage; deploys

Federal Air Marshals

(FAMs); assesses

security at domestic and

foreign airports; and

performs vulnerability

assessments of aviation

assets.

312

violations within its jurisdiction that occur in the ATS; coordinating the law

enforcement community; and intelligence collection, counterintelligence, and foreign

intelligence sharing. [1, p. 132]

The Department of Defense (DoD) is responsible for deterring, defending against, and

defeating aviation threats to the United States and its global interests; airborne

response and resolution of nation-state threats within the ATS; and the operational

response to actual or potential airborne threats in U.S. airspace or the approaches to

the United States and the threat has either been resolved for defeated. [1, p. 132]

The Department of State (DOS) is responsible for coordinating U.S. Government

initiatives that involve foreign governments and international organizations, including

regional aviation security cooperation. [1, p. 132]

The Department of Commerce (DOC) is responsible for providing aviation industry and

trade policy expertise in both interagency policy efforts and international negotiations.

[1, p. 132]

Federal departments and agencies represent a segment of the aviation security

community. The large volume of cargo and number of passengers flying into the

United States from overseas increases the importance of strong partnerships at the

Federal level and with international and domestic aviation partners. Foreign

governments, State and Local law enforcement, and passengers play key roles in the

multi-layered protective posture that has been put in place since 9/11.

Post-9/11 Aviation Security

Following the 9/11 terrorist attacks, Congress took swift action to create the

Transportation Security Administration, federalizing all airline passenger and baggage

screening functions and deploying significantly increased numbers of armed air

marshals on commercial passenger flights. To this day, the federalization of airport

screening remains controversial. Some in Congress contended that, in hindsight, the

decision to create TSA as a federal agency functionally responsible for passenger and

baggage screening was a “big mistake,” and that frontline screening responsibilities

should have been left in the hands of private security companies. While airports have

the option of opting out of federal screening, alternative private screening under TSA

contracts has been limited to 21 airports out of approximately 450 commercial

passenger airports where passenger screening is required. While Congress has sought

to ensure that optional private screening remains available for those airports that want

to pursue this option, proposals seeking more extensive reforms of passenger

screening have not been extensively debated. Rather, the aviation security legislation

Part III: Mission Areas

DoD is responsible for

deterring, defending

against, and defeating

aviation threats to the

United States; It

provides airborne

response and resolution

of nation-state threats

within the Air

Transportation System

(ATS); and it responds to

actual or potential

airborne threats in U.S.

airspace or the

approaches to our

territory.

313

in the aftermath of the 9/11 attacks has largely focused on specific mandates to

comprehensively screen for explosives and carry out background checks and threat

assessments. [2, pp. 1-2]

Despite the extensive focus on aviation security for more than a decade, a number of

challenges remain, including

 effectively screening passengers, baggage, and cargo for explosives threats;

 developing effective risk-based methods for screening passengers and others with

access to aircraft and sensitive areas;

 exploiting available intelligence information and watchlists to identify individuals

who pose potential threats to civil aviation;

 effectively responding to security threats at airports and screening checkpoints;

 developing effective strategies for addressing aircraft vulnerabilities to shoulder

fired missiles and other standoff weapons; and

 addressing the potential security implications of unmanned aircraft operations in

domestic airspace. [2, p. 2]

Explosives Screening Strategy

Prior to the 9/11 attacks, explosives screening was limited in scope and focused on

selective screening of checked baggage placed on international passenger flights.

Immediately following the 9/11 attacks, the Aviation and Transportation Security Act

(ATSA; P.L. 107-71) mandated 100% screening of all checked baggage placed on

domestic passenger flights and on international passenger flights to and from the

United States. [2, p. 2]

In addition, the Implementing the 9/11 Commission Recommendations Act of 2007

(P.L. 110-53) mandated the physical screening of all cargo placed on passenger flights.

Unlike passenger and checked baggage screening, TSA does not routinely perform

physical inspections of air cargo. Rather, TSA satisfies this mandate through the

Certified Cargo Screening Program. Under the program, manufacturers, warehouses,

distributors, freight forwarders, and shippers carry out screening inspections using TSA

-approved technologies and procedures both at airports and at off-airport facilities in

concert with certified supply-chain security measures and chain of custody standards.

Internationally, TSA works with other governments, international trade organizations,

and industry to assure that all U.S.-bound and domestic cargo carried aboard

passenger aircraft meet the requirements of the mandate. [2, p. 2]

Chapter 19: Aviation Security

Despite the extensive

focus on aviation

security for more than a

decade, a number of

challenges remain.

314

Additionally, TSA works closely with Customs and Border Protection (CBP) to carry out

risk-based targeting of cargo shipments, including use of the CBP Advance Targeting

System-Cargo (ATS-C), which assigns risk-based scores to inbound air cargo shipments

to identify shipments of elevated risk. Originally designed to combat drug smuggling,

ATS-C has evolved and adapted over the years, particularly in response to the October

2010 cargo aircraft bomb plot that originated in Yemen, to assess shipments for

explosives threats or other terrorism-related activities. [2, pp. 2-3]

Given the focus on the threats to aviation posed by explosives, a significant focus of

TSA acquisition efforts has been on explosives screening technologies. However, in

2014, Congress found that TSA has continued to face numerous challenges in meeting

key performance requirements set for explosives detection, has only recently

developed a technology investment plan, and has not consistently implemented

Department of Homeland Security policy and best practices for procurement. The

Transportation Security Acquisition Reform Act (P.L. 113- 245) seeks to address these

concerns by requiring a five-year technology investment plan, and to increase

accountability for acquisitions through formal justifications and certifications that

technology investments are cost-beneficial. The act also requires tighter inventory

controls and processes to ensure efficient utilization of procured technologies, as well

as improvements in setting and attaining goals for small-business contracting

opportunities. [2, p. 3]

A major thrust of TSA’s acquisition and technology deployment strategy is improving

the capability to detect concealed explosives and bomb-making components carried by

airline passengers. On December 25, 2009, a passenger attempted to detonate an

explosive device concealed in his underwear aboard Northwest Airlines flight 253

during its approach to Detroit, MI. Al Qaeda in the Arabian Peninsula claimed

responsibility. Al Qaeda and its various factions have maintained a particular interest in

attacking U.S.-bound airliners. Since 9/11, Al Qaeda has also been linked to the Richard

Reid shoe bombing incident aboard American Airlines flight 63 enroute from Paris to

Miami on December 22, 2001, a plot to bomb several trans-Atlantic flights departing

the United Kingdom for North America in 2006, and the October 2010 plot to detonate

explosives concealed in air cargo shipments bound for the United States. [2, p. 3]

Part III: Mission Areas

Given the focus on the

threats to aviation

posed by explosives, a

significant focus of TSA

acquisition efforts has

been on explosives

screening technologies.

315

In response to the Northwest Airlines flight 253 incident, the Obama Administration

accelerated deployment of Advanced Imaging Technology (AIT) whole body imaging

(WBI) screening devices and other technologies at passenger screening checkpoints.

This deployment responds to the 9/11 commission recommendation to improve the

detection of explosives on passengers. In addition to AIT, next generation screening

technologies for airport screening checkpoints include advanced technology X-ray

systems for screening carry-on baggage, bottled liquids scanners, cast and prosthesis

imagers, shoe scanning devices, and portable explosives trace detection equipment. [2,

p. 3]

The use of AIT has raised a number of policy questions. Privacy advocates have

objected to the intrusiveness of AIT, particularly if used for primary screening. To allay

privacy concerns, TSA eliminated the use of human analysis of AIT images, and does

not store imagery. In place of human image analysts, TSA has deployed automated

threat detection capabilities using automated targeting recognition (ATR) software.

Another concern raised about AIT centered on the potential medical risks posed by

backscatter X-ray systems, but those systems are no longer in use for airport screening,

and current millimeter wave systems emit nonionizing millimeter waves not

considered harmful. [2, pp. 3-4]

Some have advocated for risk-based use of AIT. Past legislative proposals have

specifically sought to prohibit the use of WBI technology for primary screening,

although primary screening using AIT is now commonplace, at least at larger airports.

Checkpoints at many smaller airports, however, have not been furnished with AIT

equipment and other advanced checkpoint detection technologies. This raises

questions about TSA’s long-range plans to expand AIT to ensure more uniform

approaches to explosives screening across all categories of airports. Through FY2014,

TSA had deployed about 750 AIT units, roughly 86% of its projected full operating

capability of 870 units. Full operating capability, once achieved, will still leave many

smaller airports without this capability. TSA plans to manage this risk to a large extent

through risk-based passenger screening measures, primarily through increased use of

voluntary passenger background checks under the PreCheck trusted traveler program.

However, this program, likewise, has not been rolled out at many smaller airports:

currently, the program’s incentive of expedited screening is offered at less than one-

third of all commercial passenger airports. [2, p. 4]

Chapter 19: Aviation Security

In 2010, the Obama

Administration

accelerated deployment

of Advanced Imaging

Technology (AIT) whole

body imaging (WBI)

screening devices and

other technologies at

passenger screening

checkpoints. This

deployment responds to

the 9/11 commission

recommendation to

improve the detection of

explosives on

passengers.

316

Risk-Based Passenger Screening

TSA has initiated a number of risk-based screening initiatives to focus its resources and

apply directed measures based on intelligence-driven assessments of security risk.

These include a trusted traveler program called PreCheck, modified screening

procedures for children 12 and under, and a program for expedited screening of

known flight crew and cabin crew members. Programs have also been developed for

modified screening of elderly passengers similar to those procedures put in place for

children. [2, p. 4]

A cornerstone of TSA’s risk-based initiatives is the PreCheck program. PreCheck is TSA’s

latest version of a trusted traveler program that has been modeled after CBP programs

such as Global Entry, SENTRI, and NEXUS. Under the PreCheck program, participants

vetted through a background check process, as well as other passengers randomly

selected and deemed to be low-risk under a process known as “managed inclusion,”

are processed through expedited screening lanes where they can keep shoes on and

keep liquids and laptops inside carry-on bags. As of March 2015, PreCheck expedited

screening lanes were available at more than 130 airports. The cost of background

checks under the PreCheck program is recovered through application fees of $85 per

passenger for a five-year membership. TSA’s goal is to process 50% of passengers

through PreCheck expedited screening lanes, thus reducing the need for standard

security screening lanes. [2, p. 4]

A predecessor test program, called the Registered Traveler program, which involved

private vendors that issued and scanned participants’ biometric credentials, was

scrapped by TSA in 2009 because it failed to show a demonstrable security benefit.

Although initial evaluations and consumer response have suggested that PreCheck

offers an effective, streamlined screening process, some questions remain regarding

whether PreCheck is fully effective in directing security resources to unknown or

elevated-risk travelers. While questions remain regarding the security effectiveness of

risk-based screening measures like PreCheck, these approaches have demonstrated

improved screening efficiency, resulting in cost savings for TSA. TSA estimates annual

savings in screener workforce costs totaling $110 million as a result of risk-based

screening efficiencies. [2, pp. 4-5]

One concern raised over PreCheck, and the passenger screening process in general, is

the public dissemination of instructions, posted on Internet sites, detailing how to

decipher boarding passes to determine whether a passenger has been selected for

expedited screening, standard screening, or more thorough secondary screening. The

lack of encryption and the limited capability TSA has to authenticate boarding passes

and travel documents could be exploited to attempt to avoid detection of threat items

by more extensive security measures. Other concerns raised over the PreCheck

program include the lack of biometric identity authentication and the extensive use of

Part III: Mission Areas

A cornerstone of TSA’s

risk-based initiatives is

the PreCheck program.

Participants vetted

through a background

check process, as well as

other passengers

randomly selected and

deemed to be low-risk

under a process known

as “managed inclusion,”

are processed through

expedited screening

lanes where they can

keep shoes on and keep

liquids and laptops

inside carry-on bags.

317

managed inclusion to route travelers not enrolled in or vetted through the PreCheck

program through designated PreCheck expedited screening lanes based on random

selection or observations by Behavior Detection Officers (BDOs), canine explosives

detection teams, or explosives trace detection equipment. The Government

Accountability Office (GAO) found that TSA had not fully tested its managed inclusion

practices, and recommended that TSA take steps to ensure and document that testing

of the program adheres to established evaluation design practices. [2, p. 5]

In addition to passenger screening, TSA, in coordination with participating airlines and

labor organizations representing airline pilots, has developed a known crewmember

program to expedite security screening of airline flight crews. In July 2012, TSA

expanded the program to include flight attendants. [2, p. 5]

TSA has also developed a passenger behavior detection program to identify potential

threats based on observed behavioral characteristics. TSA initiated early tests of its

Screening Passengers by Observational Techniques (SPOT) program in 2003. By

FY2012, the program deployed almost 3,000 BDOs at 176 airports, at an annual cost of

about $200 million. Despite its significant expansion, questions remain regarding the

effectiveness of the behavioral detection program, and privacy advocates have

cautioned that it could devolve into racial or ethnic profiling of passengers despite

concerted efforts to focus solely on behaviors rather than individual passenger traits or

characteristics. While some Members of Congress have sought to shutter the program,

Congress has not moved to do so. For example, House Amendment 127 (113th

Congress), an amendment to the FY2014 DHS appropriations measure that sought to

eliminate funding for the program, failed to pass a floor vote. Congress also has not

taken specific action to revamp the program, despite the concerns raised by GAO and

the DHS Office of Inspector General. [2, p. 5]

Terrorist Watchlists

The failed bombing attempt of Northwest Airlines flight 253 on December 25, 2009,

raised policy questions regarding the effective use of terrorist watchlists and

intelligence information to identify individuals who may pose a threat to aviation.

Specific failings to include the bomber on either the no-fly or selectee list, despite

intelligence information suggesting that he posed a security threat, prompted reviews

of the intelligence analysis and terrorist watchlisting processes. Adding to these

concerns, on the evening of May 3, 2010, Faisal Shazad, a suspect in an attempted car

bombing in New York’s Times Square, was permitted to board an Emirates Airline flight

to Dubai at John F. Kennedy International airport, even though his name had been

added to the no-fly list earlier in the day. He was subsequently identified, removed

from the aircraft, and arrested after the airline forwarded the final passenger manifest

to CBP’s National Targeting Center just prior to departure. Subsequently, TSA modified

security directives to require airlines to check passenger names against the no-fly list

Chapter 19: Aviation Security

TSA has also developed

a passenger behavior

detection program to

identify potential

threats based on

observed behavioral

characteristics. TSA

initiated early tests of its

Screening Passengers by

Observational

Techniques (SPOT)

program in 2003. By

FY2012, the program

deployed almost 3,000

BDOs at 176 airports.

318

within two hours of being electronically notified of an urgent update, instead of

allowing 24 hours to recheck the list. The event also accelerated the transfer of

watchlist checks from the airlines to TSA under the Secure Flight program. [2, p. 6]

By the end of November 2010, DHS announced that 100% of passengers flying to or

from U.S. airports are being vetted using the Secure Flight system. Secure Flight

continues the no-fly and selectee list practices of vetting passenger name records

against a subset of the Terrorist Screening Database (TSDB). On international flights,

Secure Flight operates in coordination with the use of watchlists by CBP’s National

Targeting Center – Passenger, which relies on the Advance Passenger Information

System (APIS) and other tools to vet both inbound and outbound passenger manifests.

In addition to these systems, TSA also relies on risk-based analysis of passenger data

carried out by the airlines through use of the Computer-Assisted Passenger

Prescreening System (CAPPS). In January 2015, TSA gave notification that it would start

incorporating the results of CAPPS assessments, but not the underlying data used to

make such assessments, into Secure Flight, along with each passenger’s full name, date

of birth and PreCheck traveler number (if applicable). These data are used within the

Secure Flight system to perform risk-based analyses to determine whether passengers

receive expedited, standard, or enhanced screening at airport checkpoints. [2, p. 6]

Central issues surrounding the use of terrorist watchlists include the speed with which

watchlists are updated as new intelligence information becomes available; the extent

to which all information available to the federal government is exploited to assess

possible threats among passengers and airline and airport workers; the ability to

detect identity fraud or other attempts to circumvent terrorist watchlist checks; the

adequacy of established protocols for providing redress to individuals improperly

identified as potential threats; and the adequacy of coordination with international

partners. [2, p. 7]

Security Response to Incidents at Screening Checkpoints

On November 1, 2013, a lone gunman targeting TSA employees fired several shots at a

screening checkpoint at Los Angeles International Airport (LAX), killing one TSA

screener and injuring two other screeners and one airline passenger. The incident

raised concerns about the ability of TSA and airport security officials to mitigate and

respond to such threats. In a detailed post-incident action report, TSA identified

several proposed actions to improve checkpoint security, including enhanced active

shooter incident training for screeners; better coordination and dissemination of

information regarding incidents; expansion and routine testing of alert notification

capabilities; and expanded law enforcement presence at checkpoints during peak

times. TSA did not recommend mandatory law enforcement presence at checkpoints,

and did not support proposals to arm certain TSA employees or provide screeners with

bulletproof vests. [2, p. 7]

Part III: Mission Areas

By the end of November

2010, DHS announced

that 100% of passengers

flying to or from U.S.

airports are being vetted

using the Secure Flight

system. Secure Flight

continues the no-fly and

selectee list practices of

vetting passenger name

records against a subset

of the Terrorist

Screening Database

(TSDB).

319

The Gerardo Hernandez Airport Security Act of 2015 (H.R. 720), named in honor of the

TSA screener killed in the LAX incident, addresses security incident response at

airports. It would mandate airports to put in place working plans for responding to

security incidents including terrorist attacks, active shooters, and incidents targeting

passenger checkpoints. Such plans would be required to include details on evacuation,

unified incident command, testing and evaluation of communications, time frames for

law enforcement response, and joint exercises and training at airports. Additionally,

the bill would require TSA to create a mechanism for sharing information among

airports regarding best practices for airport security incident planning, management,

and training. The bill also would require TSA to identify ways to expand the availability

of funding for checkpoint screening law enforcement support through cost savings

from improved efficiencies. [2, p. 7]

Mitigating the Threat of Shoulder-Fired Missiles to Civilian Aircraft

The threat to civilian aircraft posed by shoulder-fired missiles or other standoff

weapons capable of downing an airliner remains a vexing concern for aviation security

specialists and policymakers. The State Department has estimated that, since the

1970s, over 40 civilian aircraft have been hit by shoulder-fired missiles, causing 25

crashes and more than 600 deaths. Most of these incidents involved small aircraft

operated at low altitudes in areas of ongoing armed conflicts, although some larger

jets have also been destroyed. Notably, on April 6, 1994, an executive jet carrying the

presidents of Rwanda and Burundi was shot down while on approach to Kigali,

Rwanda, and on October 10, 1998, a Boeing 727 was destroyed by rebels in the

Democratic Republic of Congo. The dangers of operating civil aircraft in and near

regions of armed conflict has recently been a topic of particular concern following the

July 17, 2014, downing of Malaysia Airlines Flight 17, a Boeing 777, over eastern

Ukraine after being struck by a much larger surface-to-air missile. [2, pp. 7-8]

The terrorist threat posed by small man-portable shoulder-fired missiles was brought

into the spotlight soon after the 9/11 terrorist attacks by the November 2002

attempted downing of a chartered Israeli airliner in Mombasa, Kenya, the first time

such an event took place outside of a conflict zone. In 2003, then Secretary of State

Colin Powell remarked that there was “no threat more serious to aviation.” Since then,

Department of State and military initiatives seeking bilateral cooperation and voluntary

reductions of man-portable air defense systems (MANPADS) stockpiles have reduced

worldwide inventories by at least 32,500 missiles. Despite this progress, such weapons

may still be in the hands of potential terrorists. This threat, combined with the limited

capability to improve security beyond airport perimeters and to modify flight paths,

leaves civil aircraft vulnerable to missile attacks. [2, p. 8]

Chapter 19: Aviation Security

The threat to civilian

aircraft posed by

shoulder-fired missiles

or other standoff

weapons capable of

downing an airliner

remains a vexing

concern for aviation

security specialists and

policymakers. The State

Department has

estimated that, since

the 1970s, over 40

civilian aircraft have

been hit by shoulder-

fired missiles, causing 25

crashes and more than

600 deaths.

320

The most visible DHS initiative to address the threat was the multiyear Counter-

MANPADS program carried out by the DHS Science & Technology Directorate. The

program concluded in 2009 with extensive operational and live-fire testing along with

Federal Aviation Administration certification of two systems capable of protecting

airliners against heat-seeking missiles. The systems have not been operationally

deployed on commercial airliners, however, due largely to high acquisition and life-

cycle costs. Some critics have also pointed out that the units do not protect against the

full range of potential weapons that pose a potential threat to civil airliners.

Proponents, however, argue that the systems do appear to provide effective

protection against what is likely the most menacing standoff threat to civil airliners:

heat-seeking MANPADS. Nonetheless, the airlines have not voluntarily invested in

these systems for operational use, and argue that the costs for such systems should be

borne, at least in part, by the federal government. Policy discussions have focused

mostly on whether to fund the acquisition of limited numbers of the units for use by

the Civil Reserve Aviation Fleet, civilian airliners that can be called up to transport

troops and supplies for the military. Other approaches to protecting aircraft, including

ground-based missile countermeasures and escort planes or drones equipped with

antimissile technology, have been considered on a more limited basis, but these

options face operational challenges that may limit their effectiveness. [2, p. 8]

While MANPADS are mainly seen as a security threat to civil aviation overseas, a

MANPADS attack in the United States could have a considerable, long-lasting impact on

the airline industry. At the airport level, improving security and reducing the

vulnerability of flight paths to potential MANPADS attacks continues to pose unique

challenges. While major U.S. airports have conducted vulnerability studies, and many

have partnered with federal, state, and local law enforcement agencies to reduce

vulnerabilities to some degree, these efforts face significant challenges because of

limited resources and large geographic areas where aircraft are vulnerable to attack.

While considerable attention has been given to this issue in years past, considerable

vulnerabilities remain, and any terrorist attempts to exploit those vulnerabilities could

quickly escalate the threat of shoulder-fired missiles to a major national security

priority. [2, pp. 8-9]

Cybersecurity

While much attention has been focused on physical security, there is a growing

concern about the emerging threat from cyber attack. New generation electronic-

enabled (e-enabled) aircraft (such as the Boeing 787, Airbus A380, Airbus A350,

Bombardier C-Series, Gulfstream 650, and others ) and retrofitted legacy aircraft

implement an unprecedented amount of new technologies such as IP-enabled

networks, commercial-off-the shelf (COTS) components, wireless connectivity (e.g.,

Bluetooth®), and global positioning systems (GPSs). Aircraft/avionics manufacturers

are implementing “wireless” systems to reduce the amount of wiring within an aircraft.

Part III: Mission Areas

The DHS Counter-

MANPADS program

concluded in 2009 with

extensive operational

and live-fire testing

along with Federal

Aviation Administration

certification of two

systems capable of

protecting airliners

against heat-seeking

missiles. The systems

have not been

operationally deployed

on commercial airliners,

however, due largely to

high acquisition and life-

cycle costs.

321

The reduction in weight helps an aircraft achieve lower fuel consumption and can also

reduce support costs by simplifying aircraft configurations; however, these wireless

systems are vulnerable to cybersecurity threats. [3, p. 12]

With the introduction of new generation e-enabled aircraft, a new era has begun

where aircraft navigation and communication functions are transitioning from

operating as isolated and independent system to being integrated into a centralized

network system that is dependent on exchanging digital information between the e-

enabled aircraft and external networks located on the ground and on other e-enabled

aircraft. Current aircraft systems architectures are relying heavily on IP-based networks

that interconnect aircraft systems such as flight controls, displays, avionics, engine, and

cabin systems. While providing unprecedented global connectivity, these e-enabled

aircraft technologies and COTS components introduce many access points to aircraft

networks; as a result, e-enabled security vulnerabilities not present in past aircraft

designs have the potential to significantly impact current aircraft safety. [3, p. 12]

At the same time, unprecedented access to aircraft systems and networks from

external systems—including GateLink, wireless local area networks (WLANs), Avionics

Full Duplex Switched Ethernet (AFDX) Networking, engine health and usage monitoring

systems (HUMSs), and electronic flight bags (EFBs)—are being introduced. While these

connections allow for the convenience of two-way transfer of critical information to

and from the airplane, this two-way information transfer makes it easier for inaccurate

information to be transferred—either by mistake or through malicious intent—to and

from the airplane. [3, pp. 12-13]

In April 2015, a passenger was removed from a United Airlines flight after tweeting a

joke about hacking the plane’s Inflight Entertainment System (IFE). In a deposition to

the FBI the passenger claimed he was able to access the Thrust Management

Computer (TMC) through the IFE. The TMC works with the autopilot to calculate the

optimum power setting for the engines. According to the affidavit, the passenger was

able to issue a “climb command”, which “caused one of the airplane engines to climb

resulting in a lateral or sideways movement of the plane.” Boeing and independent

aviation experts asserted that what the FBI affidavit described was technically

impossible. Whether the passenger hacked the plane or not, it is clear they were able

to gain access and prod where they shouldn’t. United Airlines took the precaution of

banning the passenger from subsequent flights. [4]

Chapter 19: Aviation Security

The introduction of new

e-enabled aircraft is

centralizing aircraft

navigation and

communication

functions into a network

system capable of

exchanging data with

the ground and other e-

enabled aircraft. This

technology is creating

security vulnerabilities

not present in past

aircraft designs, and has

the potential to

significantly impact

current aircraft safety.

322

Whatever the true circumstances of the previous incident, the implications are clear:

newer aircraft are becoming increasingly vulnerable to cyber threats. Some potential

attack vectors against aircraft are listed in Table 2, and some potential forms of cyber

attack listed in Table 3. [5]

In 2004, the Department of Homeland Security’s National Cybersecurity Division

(NCSD) established the Control Systems Security Program (CSSP), which was chartered

to work with control systems security stakeholders through awareness and outreach

programs that encourage and support coordinated control systems security

enhancement efforts. In 2009, the CSSP established the Industrial Control System Joint

Working Group (ICSJWG) as a coordination body to facilitate the collaboration of

control system stakeholders and to encourage the design, development and

deployment of enhanced security for control systems. In 2011, the ICSJWG released a

Cross-Sector Roadmap for Cybersecurity. Roadmaps develop near, mid, and long-term

perspectives to guide industry efforts toward common goals. Based on the ICSJWG

effort, in 2012, the Transportation Sector Working Group (TSWG) released its own

Roadmap to Secure Control Systems in the Transportation Sector. The TSWG Roadmap

describes a plan for voluntarily improving Industrial Control Systems cybersecurity

across all transportation modes, including aviation. [3, pp. 1-5]

Part III: Mission Areas

Table 19-2: Cyber Attack Vectors [5]

# Attack Vector

1. Remote Connections from Aircraft to Ground Websites

 Anything traversing the internet is exposed to attack

2. Network Connections between Aircraft Systems and Vulnerable Equipment

 Vulnerable due to external connections

 Inherent vulnerabilities of laptops, tablets, & USB devices

3. Corrupted Services

 Command Radio

 Global Positioning System (GPS)

 Aircraft Communications Addressing and Reporting System (ACARS)

 Automatic Dependent Surveillance – Broadcast (ADS-B)

 Digital Weather

 Broadband Satellite

 WiFi/Cellular Connections

In 2004, the Department

of Homeland Security’s

National Cybersecurity

Division (NCSD)

established the Control

Systems Security

Program (CSSP), which

was chartered to work

with control systems

security stakeholders

through awareness and

outreach programs that

encourage and support

coordinated control

systems security

enhancement efforts.

323

The TSWG Roadmap established four goals:

1. Build a Culture of Cybersecurity. End State: Cybersecurity and ICS are viewed as

inseparable and integrated throughout the Transportation Sector.

2. Assess and Monitor Risk. End State. The Transportation Sector has a robust

portfolio of ICS-recommended security analysis tools to effectively assess and

monitor ICS cybersecurity risk.

3. Develop and Implement Risk Reduction and Mitigation Measures. End State:

Security solutions for legacy systems, new architectural designs, and secured

communication systems in the Transportation Sector are readily available and

deployed across the Sector.

4. Manage Incidents. The Transportation Sector is quickly alerted of cybersecurity ICS

incidents, and sophisticated, effective, and efficient mitigation strategies are

implemented in operation. [3, p. 30]

When viewed together, the four goals are intended to capture the full spectrum of

activities needed for transportation control systems cybersecurity. To achieve these

goals within a ten-year timeframe, the TSWG Roadmap identifies subordinate

objectives with near-term (0-2 years), mid-term (2-5 years), and long-term (5-10 years)

milestones. The Transportation Roadmap milestones and metrics provide broad

quantification information that can be used to determine progress as a whole towards

achieving the corresponding objectives, and are presumably monitored under the

auspices of the corresponding National Infrastructure Protection Plan Sector

Coordinating Council and Sector-Specific Plan. [3, p. 30]

Chapter 19: Aviation Security

Table 19-3: Potential Types of Aircraft Cyber Attacks [6]

# Attack Type Examples

1. Spoofing

 Modifying data that otherwise appears to be from a legitimate source

 Uses protocol weaknesses, compromised security data or ground systems

 Flight Plans

 GPS Navigation
Data

2. Exploiting

 Using a digital connection to execute malicious instructions on installed
equipment

 Uses software vulnerabilities such as buffer overflows

 Bots

 Automated
Sabotage

3. Denial of Service

 Using a digital connection to disrupt service

 Often uses inherent protocol features

 Flooding

 ARP Poisoning

4. Counterfeiting

 Inserting malicious content into a legitimate part, software component, or
database

 Trojan Horse

 Backdoor

 RootKit

In 2012, the

Transportation Sector

Working Group (TSWG)

released its own

Roadmap to Secure

Control Systems in the

Transportation Sector.

The TSWG Roadmap

describes a plan for

voluntarily improving

Industrial Control

Systems cybersecurity

across all transportation

modes, including

aviation.

324

Conclusion

Despite much progress, many holes remain in securing the nation’s Aviation

Transportation System. From a physical standpoint, given that current security

measures are imperfect, the question remains “how much security at what price”?

And while TSA continues to search for the right balance, the emerging threat from

cyber attack may render most physical security measures meaningless. In the absence

of any specific solutions, the Department of Homeland Security can only do what it’s

already doing, and that’s to navigate a protective course guided by risk management.

Part III: Mission Areas

325

Chapter 19: Aviation Security

Challenge Your Understanding

The following questions are designed to challenge your understanding of the material presented in this chapter. Some

q