How successful has the creation of the DHS been in providing the United States with a huge law enforcement capability that would deter, prepare, and prevent any future September 11th type events? Defend your position in 3-4 paragraphs.
your initial post should be a minimum of 200-250 words.
Homeland Security law
Homeland SecurityHomeland Security
Safeguarding the U.S. from Domestic Catastrophic DestructionSafeguarding the U.S. from Domestic Catastrophic Destruction
by CW Productions Ltd.
Edited by Richard White, Ph.D., Tina Bynum, DM, and Stan Supinski, Ph.D.
Homeland Security
Safeguarding the U.S. from Domestic Catastrophic Destruction
By CW Productions Ltd.
Edited by:
Richard White, Ph.D., Tina Bynum, DM, and Stan Supinski, Ph.D.
Homeland SecurityHomeland Security
Safeguarding the U.S. from Domestic Catastrophic DestructionSafeguarding the U.S. from Domestic Catastrophic Destruction
by CW Productions Ltd.
Edited by Richard White, Ph.D., Tina Bynum, DM, and Stan Supinski, Ph.D.
Cover art: New York City Freedom Tower, Mandritoiu, courtesy of Shutterstock.com
Copyright © 2016 by CW Productions, Ltd.
Permission in writing must be obtained from the publisher before any part of this work may be reproduced in any form or by any
means, electronic or mechanical, including photocopying and recording, or by any information storage or retrieval system.
All trademarks, service marks, registered trademarks, and registered service marks are the property of their respective owners and
are used herein for identification purposes only.
Previously published as The U.S. Department of Homeland Security: An Overview, by Richard White, Tina Markowski, and Kevin
Collins © 2010
Printed in the United States of America.
10 9 8 7 6 5 4 3 2
ISBN 0-536-15295-0
2005420444
EH
Please visit our web site at www.cwpnow.com
CW Productions Ltd.
Colorado Springs, CO
A Homeland Security Education Company
ii
Preface
Welcome to the third edition of our textbook. As indicated by the new title, this edition is significantly different than
the previous two, and accordingly stocked with mostly new material. Whereas the first two editions described “what”
was being done in the name of homeland security, this one explains “why”. In keeping with our previous approach, we
do not ascribe ourselves as “authors” but “editors” because the bulk of material is drawn directly from government
documents, either primary sources or publicly available derivatives. Two of our foremost derivative sources were
reports published by the Congressional Research Service (CRS) and Government Accountability Office (GAO). They
have access to information, unclassified as it may be, well beyond the means of the general public. We would also like
to acknowledge the many public websites that were also instrumental in completing this text. And while we were only
“editors”, we think this book offers its own unique contributions to the field of homeland security. First, it delivers both
a comprehensive yet concise treatment of a very broad subject spanning numerous separate fields, from national
security to military operations to law enforcement to emergency management, to name only a few. Second, and most
importantly, it offers insight into the exact nature of homeland security. Because it was brought to the forefront of
national attention by an act of terrorism, homeland security has become confused with terrorism. While terrorism
certainly remains a concern to homeland security, it is not the root concern. As we try to make eminently clear in this
textbook, the homeland security concern predates 9/11, stemming back to the 1995 Tokyo Subway Attacks which saw
the first employment of a weapon of mass destruction by non-state actors. As our title suggests, the homeland
security concern is domestic catastrophic destruction. 9/11 demonstrated how it could be achieved by subverting
critical infrastructure. Hurricane Katrina demonstrated how it could be accomplished without malicious intent. While
we give due attention to the terrorist motive, we don’t give it the undue attention it has gained by becoming almost
synonymous with homeland security. In this regard, we hope to set the record straight and make it clear what
homeland security “is”, and what it “is not”. Homeland security is not terrorism, nor is it mass killings. While closely
related, homeland security, terrorism, and mass killings are distinctly separate. We hope to demonstrate that in this
book. More importantly, we hope to impart a clarity of understanding that will give you, the reader, a corresponding
advantage in your academic and professional pursuits supported by this knowledge.
iii
Richard White, Ph.D.
Rick White is an Assistant Research Professor at the University of Colorado at Colorado Springs. His Ph.D. is in
Engineering Security. He has published works on critical infrastructure risk management. Rick’s interest in homeland
security stems back to 9/11 when he was teaching at the Air Force Academy and watched together with his cadets as
the hijacked aircraft crashed into the Twin Towers. A retired Air Force officer, Rick has developed and taught
homeland security courses for colleges, universities, and various government agencies over the years. Other textbooks
include Homeland Defense: An Overview (Pearson 2007), Introduction to Joint and Coalition Warfare (FastPlanet
2005), and United States Military Power (FastPlanet 2004).
Tina Bynum , DM
Tina Bynum is the University Program Director for the College of Security Studies at Colorado Technical University
where she develops and manages the curriculum for homeland security, criminal justice, and public administration
programs at the undergraduate, graduate, and doctoral levels. She is an editorial review board member for the Journal
for Homeland Security Education and is a member of the International Society for Preparedness, Resilience and
Security (INSPRS). A retired firefighter and emergency medical technician, Dr. Bynum also plays key roles in local
emergency planning and exercising under the Homeland Security Exercise and Evaluation Program (HSEEP) protocols
and teaches courses in criminal justice, emergency and fire management services, public administration, and homeland
security. While serving as the Associate Director for the University of Colorado’s Trauma, Health and Hazards Center,
she developed a peer support program to build resilience and assist recovery from high-risk occupational traumatic
experiences that was implemented in local police and fire departments. This program has gone on to serve the needs
of military personnel returning from combat. Dr. Bynum also co-authored The United States Department of Homeland
Security, An Overview (2Ed, 2010).
Stan Supinski, Ph.D.
Stan Supinski is the Deputy Director of Partnership Programs and faculty member for the Naval Postgraduate School,
Center for Homeland Defense and Security. He has taught and directed Homeland security courses for a variety of
institutions, to include Long Island University, the University of Denver and the University of Massachusetts. He also
founded and formerly directed the Homeland Security/Defense Education Consortium on behalf of NORAD/US
Northern Command. Dr. Supinski is a retired US Air Force officer, having served as a professor of Russian at the US Air
Force Academy and as an intelligence officer in various locations worldwide.
About the Authors
iv
Contents
Part I: Hard Lessons
Chapter 1: Turning Point ……………………………………………………………………. 3
Chapter 2: Lost Opportunities …………………………………………………………… 19
Chapter 3: We Have Some Planes ……………………………………………………. 33
Chapter 4: And They Saved Many …………………………………………………….. 47
Chapter 5: Not by Chance ………………………………………………………………… 71
Chapter 6: Surpassing Disproportion …………………………………………………. 89
Chapter 7: Failure of Imagination ………………………………………………………. 99
Chapter 8: Failure of Initiative ………………………………………………………….. 111
Part II: HS, DHS, & HS Enterprise
Chapter 9: Homeland Security ………………………………………………………… 135
Chapter 10: DHS Formation ……………………………………………………………. 149
Chapter 11: DHS Evolution …………………………………………………………….. 163
Chapter 12: DHS Progress …………………………………………………………….. 187
Chapter 13: HS Enterprise ……………………………………………………………… 223
Part III: Mission Areas
Chapter 14: Critical Infrastructure Protection ……………………………………… 239
Chapter 15: Counter WMD Strategy …………………………………………………. 251
Chapter 16: Cybersecurity ……………………………………………………………… 261
Chapter 17: Counterterrorism………………………………………………………….. 277
Chapter 18: Emergency Preparedness & Response …………………………… 293
Chapter 19: Aviation Security …………………………………………………………… 309
Chapter 20: Maritime Security ………………………………………………………….. 327
Chapter 21: Surface Transportation Security ……………………………………… 341
Chapter 22: Border Security …………………………………………………………….. 353
Chapter 23: Immigration Enforcement ……………………………………………….. 367
v
Contents
Part IV: Mission Components
Chapter 24: National Protection & Programs Directorate ……………………… 383
Chapter 25: Science & Technology Directorate …………………………………… 397
Chapter 26: Domestic Nuclear Detection Office ………………………………….. 413
Chapter 27: Intelligence & Analysis …………………………………………………… 425
Chapter 28: Federal Emergency Management Agency ………………………… 439
Chapter 29: U.S. Coast Guard …………………………………………………………. 457
Chapter 30: Transportation Security Administration …………………………….. 473
Chapter 31: U.S. Customs & Border Protection …………………………………… 485
Chapter 32: U.S. Secret Service ………………………………………………………. 503
Chapter 33: U.S. Immigration & Customs Enforcement ………………………… 513
Chapter 34: U.S. Citizenship & Immigration Services …………………………… 529
Part V: Mission Partners
Chapter 35: Congress …………………………………………………………………….. 543
Chapter 36: National Security Council ……………………………………………….. 555
Chapter 37: Intelligence Community …………………………………………………. 567
Chapter 38: Department of Defense ………………………………………………….. 583
Chapter 39: National Guard …………………………………………………………….. 595
Chapter 40: Federal Bureau of Investigation ………………………………………. 613
Chapter 41: State & Local Law Enforcement ………………………………………. 625
Chapter 42: First Responders ………………………………………………………….. 641
Appendices
Appendix A: DHS Budgets ………………………………………………………………. 651
Appendix B: Glossary ……………………………………………………………………… 669
Appendix C: Index ………………………………………………………………………….. 681
Appendix D: Works Cited ………………………………………………………………… 695
vi
Contents
List of Tables
3-1: 9/11 Hijackers & Flights ……………………………………………………………… 34
3-2: 9/11 Timeline ……………………………………………………………………………. 45
8-1: Hurricane Katrina New Orleans Timeline …………………………………….. 119
10-1: Organizations Transferred to DHS ……………………………………………. 155
11-1: DHS Initial Operating Organization …………………………………………… 169
11-2: Mapping DHS Organization & Critical Mission Areas …………………… 170
11-3: Comparison of Strategy Objectives ………………………………………….. 177
11-4: QHSR Missions & Goals ………………………………………………………… 180
12-1: 2007 GAO Assessment of Border Security ………………………………… 190
12-2: 2007 GAO Assessment of Immigration Enforcement …………………… 191
12-3: 2007 GAO Assessment of Immigration Services ………………………… 192
12-4: 2007 GAO Assessment of Aviation Security ………………………………. 193
12-5: 2007 GAO Assessment of Surface Transportation Security………….. 194
12-6: 2007 GAO Assessment of Maritime Security ……………………………… 195
12-7: 2007 GAO Assessment of Emergency Preparedness& Response … 196
12-8: 2007 GAO Assessment of Critical Infrastructure Protection ………….. 197
12-9: 2007 GAO Assessment of Science and Technology …………………… 198
12-10: Comparison of 2011 & 2007 GAO Mission Area Assessments ……. 199
12-11: 2011 GAO Expectations for Aviation Security …………………………… 202
12-12: 2011 GAO Expectations for CBRN Threats ……………………………… 203
12-13: 2011 GAO Expectations for CIP of Physical Assets…………………… 204
12-14: 2011 GAO Expectations for Surface Transportation ………………….. 205
12-15: 2011 GAO Expectations for Border Security …………………………….. 207
12-16: 2011 GAO Expectations for Maritime Security ………………………….. 209
12-17: 2011 GAO Expectations for Immigration Enforcement ……………….. 211
12-18: 2011 GAO Expectations for Immigration Services …………………….. 213
12-19: 2011 GAO Expectations for CIP of Cyber Assets ……………………… 215
12-20: 2011 GAO Expectations for Emergency Preparedness & Response …….. 217
12-21: 2015 GAO Assessment of DHS Management Functions ………….. 2019
vii
Contents
List of Tables (continued)
14-1: CIP Directives, Strategies, & Plans …………………………………………… 242
14-2: Infrastructure Sectors and Lead/Sector-Specific Agencies ……………. 243
15-1: CWMD Guidance Documents ………………………………………………….. 253
16-1: U.S. Tier 1 ISPs …………………………………………………………………….. 266
16-2: DHS National Cyber Risk Alert Levels……………………………………….. 272
19-1: Transportation Subsectors ………………………………………………………. 310
19-2: Cyber Attack Vectors ……………………………………………………………… 322
19-3: Potential Types of Aircraft Cyber Attacks …………………………………… 323
20-1: Transportation Subsectors ………………………………………………………. 328
21-1: Transportation Subsectors ………………………………………………………. 342
24-1: Critical Infrastructure Sectors …………………………………………………… 386
25-1: DHS Laboratories ………………………………………………………………….. 403
25-2: DOE Laboratories ………………………………………………………………….. 403
25-3: DHs Centers of Excellence ……………………………………………………… 404
38-1: Organization of U.S. Military Forces ………………………………………….. 584
38-2: National Guard Direction, Payment, & Authorities ……………………….. 585
38-3: U.S. Combatant Commands ……………………………………………………. 585
viii
Contents
List of Figures
5-1: Pentagon Crash Sites………………………………………………………………… 75
5-2: AFCD Incident Command on 9/11 ……………………………………………….. 79
8-1: Track of Hurricane Katrina ………………………………………………………… 115
10-1: DHS Organization …………………………………………………………………. 159
11-1: 2003 DHS Organization ………………………………………………………….. 171
11-2: 2008 DHS Organization ………………………………………………………….. 179
11-3: 2015 DHS Organization ………………………………………………………….. 181
12-1: Selected Factors Influencing DHS Mission and Performance
Ten Years Following 9/11 ……………………………………………………….. 200
14-1: 2013 NIPP Risk Management Framework …………………………………. 244
14-2: PSA Security Survey Example “Dashboard” Results …………………… 246
15-1: DoD Geographic Combatant Commands ………………………………….. 254
16-1: Schematic Representation of a Portion of the Internet …………………. 265
16-2: Internet ISP Tiers ………………………………………………………………….. 266
16-3: IXP Role in Today’s Internet ……………………………………………………. 267
16-4: AVOIDIT Cyber Attack Taxonomy ……………………………………………. 269
20-1: USCG Security In-Depth ………………………………………………………… 335
22-1: Total Estimated Illegal Border Inflows, FY2000-FY2012 ………………. 364
23-1: Annual Immigration Admissions 1900-2010 ……………………………….. 369
23-2: Immigrant Countries of Origin 1900-2010 ………………………………….. 370
23-3: Foreign-Born Residents by Region of Origin 1960-2010 ………………. 371
23-4: Nonimmigrant Visas Issued by U.S. Department of State 1987-2013 ……… 372
23-5: Nonimmigrant Admissions at U.S. Ports of Entry 2003-2013 ………… 373
23-6: Inadmissible Aliens at Ports of Entry 2005-2013 …………………………. 374
23-7: Alien Formal Removals and Voluntary Returns 1990-2013 ………….. 376
23-8: Estimated Number of Unauthorized Resident Aliens …………………… 377
24-1: NPPD Organization Chart ………………………………………………………. 385
24-2: NIPP Risk Management Framework …………………………………………. 386
25-1: DHS S&T Organization …………………………………………………………… 399
ix
Contents
List of Figures (continued)
25-2: DHS S&T Annual Funding ……………………………………………………….. 406
26-1: DNDO Organization ……………………………………………………………….. 415
26-2: Layers of the Nuclear Detection Architecture ……………………………… 419
27-1: DHS Office of Intelligence & Analysis Organization Chart …………….. 428
28-1: FEMA Leadership Organization Chart ……………………………………….. 444
28-2: FEMA Regions ………………………………………………………………………. 445
29-1: United States Coast Guard Organization Chart …………………………… 466
29-2: United States Coast Guard Districts ………………………………………….. 467
30-1: TSA Organization Chart 2010 ………………………………………………….. 477
31-1: CBP Organization Chart ………………………………………………………….. 488
31-2: The U.S. Import Process …………………………………………………………. 496
32-1: U.S. Secret Service Organization Chart …………………………………….. 505
33-1: ICE Organization Chart …………………………………………………………… 515
33-2: ICE Removal Statistics ……………………………………………………………. 524
34-1: USCIS Organization Chart ………………………………………………………. 532
36-1: National Security Council Organization ……………………………………… 560
37-1: The U.S. Intelligence Community ……………………………………………… 576
38-1: Geographic Combatant Commands’ Areas of Responsibility ………… 586
38-2: Dual-Status Commander Chain of Command …………………………….. 590
39-1: Reserve Component Mobilization Authorities ……………………………… 598
40-1: Balancing Civil Liberties ………………………………………………………….. 621
42-1; Emergency Preparedness Cycle ………………………………………………. 646
x
Contents
List of Figures (continued)
A-1: FY03 DHS Budget Allocation ……………………………………………………. 653
A-2: FY04 DHS Budget Allocation ……………………………………………………. 654
A-3: FY05 DHS Budget Allocation ……………………………………………………. 655
A-4: FY06 DHS Budget Allocation ……………………………………………………. 656
A-5: FY07 DHS Budget Allocation ……………………………………………………. 657
A-6: FY08 DHS Budget Allocation ……………………………………………………. 658
A-7: FY09 DHS Budget Allocation ……………………………………………………. 659
A-8: FY10 DHS Budget Allocation ……………………………………………………. 660
A-9: FY11 DHS Budget Allocation ……………………………………………………. 661
A-10: FY12 DHS Budget Allocation ………………………………………………….. 662
A-11: FY13 DHS Budget Allocation ………………………………………………….. 663
A-12: FY14 DHS Budget Allocation ………………………………………………….. 664
A-13: FY15 DHS Budget Allocation ………………………………………………….. 665
A-14: FY16 DHS Budget Allocation ………………………………………………….. 666
xi
Part I:
Hard Lessons
This section explores the events that created and shaped U.S. homeland security policy. It begins shortly after the end
of the Cold War in 1991. After a four-decade standoff between the United States and Soviet Union, there was a global
sense of relief and great expectation that the world would become a much safer place after the threat of imminent
nuclear war had subsided. Those illusions were shattered in March 1995 after a religious cult attempted to murder
thousands of Japanese commuters aboard the Tokyo subway system using Sarin nerve gas. It was the first time a non-
state actor employed a weapon of mass destruction, marking a watershed moment in history when small groups
attained the destructive power of nations. The implication was not lost on Congress which, spurred by the Oklahoma
City bombing a few months later, chartered a number of commissions to investigate the prospects of WMD attack on
U.S. soil. Because the Tokyo subway attacks sought to topple the Japanese government, they were, by definition, acts
of terrorism. The congressional committees subsequently blurred the distinction between act and motive, labeling a
WMD attack by non-state actors as “terrorism”. The committees also introduced the term “homeland security” to
describe various organizational proposals to prevent and respond to WMD attack. In February 2001, the Hart-Rudman
Commission recommended creation of a National Homeland Security Agency. These recommendations would’ve gone
unheeded except for 9/11. On September 11th, 2001, nineteen hijackers inflicted as much damage as the Imperial
Japanese Navy on December 7th, 1941; 3,000 dead and $40 billion in direct damages. The 9/11 Commission
characterized the attack as one of “surpassing disproportion”. However, instead of using WMD, the attackers
achieved WMD effects by subverting the nation’s transportation infrastructure, turning passenger jets into guided
missiles. The enduring lesson from 9/11 is that the critical infrastructure essential to an industrial economy also
contains the means for catastrophic destruction. What makes critical infrastructure particularly vulnerable, and
therefore a tempting target, is that little of it was designed to withstand deliberate attack, and much of it, due to the
Internet revolution, is susceptible to cyber attack. Moreover, the national security system built during the Cold War to
counter threats from nation states, suffered a collective “failure of imagination” to counter threats from non-state
actors. Accordingly, the U.S. Federal government underwent its largest reorganization since the end of World War II
and created a new Department of Homeland Security. But in its rush to close the gap exposed by this new threat, the
Federal government overlooked the consequences posed by an even older threat. In August 2005, Hurricane Katrina
forced the evacuation of a major U.S. city and killed over 1,400 of its citizens. It was another hard lesson that
catastrophic destruction comes in both natural and manmade forms.
2
Part I: Hard Lessons
3
Turning Point
Careful study of this chapter will help a student do the following:
Explain the significance of the 1995 Tokyo subway attacks.
Describe the legal definition of terrorism.
Compare the different classes of weapons of mass destruction.
Discuss how the 1995 Tokyo subway attacks precipitated U.S. homeland security policy.
Chapter 1
Learning Outcomes
Chapter 1: Turning Point
4
“The 1995 Sarin nerve gas attack on the Tokyo subway marked a turning point in the
history of terrorism.”
– 1999 Gilmore Commission Report
Introduction
Providing for the common defense is a purpose of U.S. government enumerated in the
Preamble to the Constitution. For over two hundred years the nation’s military
defended the country from other nations who sought to do us harm. But as weapons
of war developed into weapons of mass destruction (WMD), a new threat began to
emerge towards the end of the 20th century that the nation’s military could not
counter. That threat was nuclear terrorism, or more generally speaking, the
employment of WMD by non-state actors. This chapter examines the turning point
when the nation first realized its vulnerability, and events surrounding the evolution
from national security to homeland security.
From the Frying Pan into the Fire
With the dissolution of the Soviet Union in August 1991, the United States emerged
from the Cold War as the world’s sole remaining superpower. After forty-four years of
facing down the Soviet Union in global brinkmanship, it seemed the United States
could finally step back from the nuclear abyss that threatened at a moment’s notice to
turn the Cold War into World War III. As events would turn out though, it seemed that
the United States had jumped from the frying pan into the fire.
Loose Nukes
By 1991, the Soviet Union had amassed a stockpile of 35,000 nuclear warheads1 [1]
strategically located in the Soviet Republics of Russia, Ukraine, Belarus, and
Kazakhstan. The failed coup in Moscow in August 1991 and subsequent disintegration
of the Soviet Union raised concerns about the safety and security of nuclear weapons
in the former Soviet Republics. [2, pp. 3-4] In 1968, the United States and Soviet
Union signed the nuclear Nonproliferation Treaty (NPT) agreeing to keep nuclear
weapons from countries that did not have them. [3] Fearing that those weapons and
their secrets might now fall into the hands of rogue nations, in November 1991,
senators Sam Nunn (D-GA), and Richard Lugar (R-IN) sponsored the Soviet Nuclear
Threat Reduction Act authorizing $400 million to assist former members of the Soviet
Union with 1) destroying nuclear, chemical, and other weapons of mass destruction, 2)
providing secure transport for weapons on their way to destruction, and 3) establishing
verifiable safeguards against proliferation of these weapons. [2, pp. 3-4]
Part I: Hard Lessons
1By 1991, the United States had amassed over 20,000 nuclear warheads. [1]
5
Chapter 1: Turning Point
Initially, many in Congress saw U.S. assistance under Nunn-Lugar as an emergency
response to impending chaos in the former Soviet Union. Even after the sense of
immediate crisis passed in 1992 and 1993, many analysts and members of Congress
remained concerned about the potential for diversion or a loss of control of nuclear
and other weapons. Russia’s economy was extremely weak and press accounts
reported that nuclear materials from Russia were appearing on the black market in
Western Europe. Consequently, many began to view the Cooperative Threat Reduction
Program as part of a long-term threat reduction and nonproliferation effort in keeping
with the 1968 Nonproliferation Treaty. This view changed, though, after 1995 Tokyo
Subway Attack. [2, p. 5]
1995 Tokyo Subway Attack
At 6:00 am on the morning of March 20, 1995, Ken’ichi Hirose was driven to the
Yotsuya subway station in Tokyo. Upon arrival, Hirose boarded a westbound train to
Shinjuku Station where he caught a northbound train to Ikebukuro Station. While
waiting to board his next train, Hirose bought a sports tabloid then sought to isolate
himself among the crowd. After surveying the other passengers to confirm nobody
was looking, Hirose removed two plastic bags filled with clear liquid and wrapped them
in the newspaper. The bags were filled with the deadly nerve agent Sarin. Ken’ichi
Hirose was part of a five-man team dispatched by Shoko Asahara to attack the
Japanese government. [4]
Shibuya Asahara proclaimed himself “Christ” and sought to take on the sins of the
world in advance of a nuclear Armageddon from which he would emerge as “emperor”
of Japan. On March 20, 1995, Asahara sought to hasten his prophesied apocalypse by
murdering thousands of commuters transiting Tokyo’s Kasumigaseki and Nagatacho
districts, home to the Japanese government. Asahara also hoped it would put an end
to a police investigation into murder charges against the cult. To attain his designs,
Asahara would release the chemical agent Sarin within the crowded and confined
Tokyo subway. [4]
Sarin is an odorless, colorless liquid that attacks the nervous system. Developed as a
pesticide in 1938 Germany, it is outlawed by the 1993 Chemical Weapons Convention.
Sarin quickly vaporizes when exposed to the atmosphere, posing a threat to victims
either through inhalation or direct contact. Sarin is fatal even at very low
concentrations; a single drop the size of a pinhead can kill an adult. Death follows
quickly in one to ten minutes. [5]
Sarin is an odorless,
colorless liquid that
attacks the nervous
system.
6
On the morning of March 20, 1995, five members of Aum Shinrikyo, Ken’ichi Hirose,
Ikuo Hayashi, Toru Toyoda, Masato Yokoyama, and Yasuo Hayashi, picked up their bags
of Sarin and set out for the rush hour commute aboard the Tokyo subway. Hirose was
a thirty-year-old doctor of Physics. Hayashi was a medical doctor held in esteem at the
Ministry of Science and Technology before quitting his job and joining Aum. Toyoda
was a Physics student who graduated with honors from the University of Tokyo and
was about to begin doctoral studies when he joined Aum. Yokoyama was a thirty-one-
year-old Applied Physics major who worked at an electronics firm before joining Aum.
Thirty-seven year old Hayashi, the oldest member of the group, studied Artificial
Intelligence at university and traveled to India to study yoga before joining Aum. Five
men, all highly educated and psychologically sound, set out that Monday morning to
launch a chemical attack on the world’s busiest commuter transport system at the
peak of morning rush hour. [4]
Each perpetrator carried two bags of Sarin, except Yasuo Hayashi who carried three.
Carrying their bags of sarin and umbrellas with sharpened tips, the perpetrators
boarded their appointed trains. At prearranged stations, the sarin bags wrapped in
newspaper were dropped and punctured several times with the sharpened tip of an
umbrella. Each perpetrator then got off the train and exited the station to rendezvous
with pre-arranged getaway cars. They left behind them packets of Sarin leaking out
onto train cars packed with passengers. [4]
Ken’ichi Hirose was aboard the second car of the A777 heading inward to the
government district. As he was about to release the Sarin, Hirose caught the
unwanted attention of a schoolgirl. He paused. To ward off her attention, Hirose
decided to move up to the third car, taking his packet with him. As the train
approached Ochanomizu Station, Hirose dropped the packet to the floor, whispered an
Aum mantra, then punctured it with the tip of his umbrella. Hirose poked the packet
with such force that he bent the tip of his sharpened umbrella. Still, both bags were
successfully broken, and the Sarin began to leak across the train floor. Hirose
immediately departed and fled for his waiting getaway car. [4]
Ikuo Hayashi arrived at Sendagi Station and purchased a copy of the Japan Communist
Party newspaper to wrap his bags of Sarin. At 7:48 am he boarded the first car of the
A725K inbound to Tokyo’s central business district. Hayashi wore a surgical mask
commonly worn by Japanese during cold and flu season. At Shin-Ochanomizu Station
he dropped his packet to the floor and poked it with his umbrella. In his haste to flee,
though, Hayashi succeeded in puncturing only one of the two bags. Sarin leaked out
across the train as Hayashi moved quickly to join his getaway driver. [4]
Part I: Hard Lessons
7
Masato Yokoyama stopped on his way to Shinjuku Station to buy a paper to wrap his
bags of Sarin. Yokoyama put on a wig and fake glasses before boarding the fifth car of
the B801 inbound to the government district on the Marunouchi Line. As his train
approached Yotsuya Station, Yokoyama dropped his packet to the floor and began
poking it. He succeeded in making only a single puncture in one of the bags. As
Yokoyama fled the scene, the single bag leaked Sarin slowly across the floor. [4]
Toru Toyoda picked up a newspaper and wrapped his Sarin bags on the way to Naka-
Meguro Station. At 7:59 am he boarded the first car of the B711T inbound to Tokyo’s
central district. Sitting close to the door, Toyoda set the Sarin packet on the floor.
When the train arrived at the next station, Ebisu, Toyoda punctured the bags as he
disembarked. He was on the train a total of two minutes, the quickest drop of the day.
[4]
In order to prove his loyalty, Yasuo Hayashi carried three bags of Sarin. These he
wrapped in newspaper before boarding the train at 07:43. Hayashi took the third car
of the A720S departing Ueno Station. Shortly after boarding, he dropped his packet to
the floor. Two stops later, Hayashi punctured the bags as he departed the train at
Akihabara Station. Hayashi made the most punctures of any of the perpetrators. [4]
As the Sarin started vaporizing, passengers within the packed cars began to fall sick.
Victims would later report feeling nauseous and experiencing blurred vision. Neither
knowing nor understanding what was happening, instinct took control and compelled
them to flight. As the trains pulled into the next station, victims pushed their way out
of the contaminated cars, unwittingly spreading the agent onto the crowded platforms.
One passenger, noticing a liquid-soaked package on the floor, kicked it out the door
onto the Kodenmacho Station platform. Soon, waiting commuters began feeling the
effects and started pushing towards the exits. Some collapsed on the platform before
they could make it. [4]
Unaware what was happening, the contaminated trains continued towards central
Tokyo. Only after people started collapsing did agents realize something was seriously
wrong and ordered all trains stopped. But not before thousands had been exposed.
Hundreds collapsed outside the station entrances and lay on the ground waiting for
assistance. Ambulances transported 688 to nearby hospitals. More than 4,000 made
their own way, including the “worried well”. Hospitals were overwhelmed. [4]
Chapter 1: Turning Point
8
Of the 5,510 who sought treatment, 17 were deemed critical, 37 severe, and 984
moderate. By mid-afternoon, the mildly affected victims had recovered from vision
problems and were released. Most of the remaining patients were well enough to go
home the next day. Twelve people were not so fortunate and eventually died from
their exposure. Most of them were station attendants who had sought to help stricken
passengers. Experts suggest that if the attackers had been more successful in deploying
the Sarin, thousands could have died. [4]
In 2008, victims were authorized payment of damages because the attack had been
directed at the Japanese government. By 2009, 5,259 had applied for benefits under
the law. Of those, 47 were certified disabled, and 1,077 certified having serious
injuries or illnesses. Surveys of the victims showed that many still suffer from post-
traumatic stress disorder. In one survey, 27% of 837 respondents complained they felt
insecure whenever riding a train. [4]
The Terrorism Threat
The Tokyo subway attack was a seminal event; it was the first time a non-state group
had used a weapon of mass destruction against civilians. The incident appeared to
underscore both the vulnerabilities and potentially catastrophic consequences of
unprotected societies and ill-prepared governments in the face of indiscriminate
attacks employing weapons of mass destruction. Two years earlier, the bombing of
New York City’s World Trade Center by Islamic fundamentalists had demonstrated that
the United States itself was not immune to acts of terrorism intent on causing large
numbers of casualties. Indeed, the six persons who perished in that attack and the
approximately 1,000 others who were injured paled in comparison to the tens of
thousands who might have been harmed had the terrorists’ plans to topple one of the
towers into the other actually had succeeded. If any further evidence were needed of
this potential, it was provided less than a month after the Tokyo attack when Timothy
McVeigh used a large truck bomb to demolish the Alfred P. Murrah Federal office
building in Oklahoma City, killing 168 persons and injuring hundreds more. [6, p. 1]
Terrorism. “Acts dangerous to human life that are a violation of the criminal laws of
the United States or of any State, that appear to be intended to intimidate or coerce a
civilian population; influence the policy of a government by intimidation or coercion; or
to affect the conduct of a government by mass destruction, assassination, or
kidnapping.”
– Title 18 United States Code, Section 2331
Part I: Hard Lessons
The Tokyo subway
attack was a seminal
event; it was the first
time a non-state group
had used a weapon of
mass destruction
against civilians.
9
Until the 1993 attack on the World Trade Center, most Americans thought that
terrorism was something that happened elsewhere. However frequently U.S. citizens
and interests were the target of terrorists abroad, many nonetheless believed that the
United States itself was somehow immune to such violence within its own borders.
Terrorism, accordingly, was regarded as a sporadic—albeit attention-grabbing—
problem that occasionally affected Americans traveling or living overseas and
concerned only those U.S. government agencies with specific diplomatic and national
security responsibilities. If the 1993 World Trade Center bombing shattered that
complacency, then the explosion in Oklahoma City two years later dramatically
underscored the breadth of grievances felt toward the U.S. government. The list of
potential adversaries had seemed suddenly to grow from the foreign radicals and
religious extremists located in other regions of the world about whom we had always
worried, to include wholly domestic threats, such as those posed by the militantly
antigovernment, white supremacist organizations that had come to light in the
aftermath of the Oklahoma City tragedy. [6, p. 6]
In the wake of the New York and Oklahoma City bombings and Tokyo subway attacks,
there was a dramatic shift in the perceived threat of WMD terrorism. A number of
developments account for this sudden shift in direction and appreciation for what had
been previously dismissed as a far less realistic threat scenario. [6, p. 7]
First, terrorism had arguably shown a marked trend toward greater lethality. While
some observers pointed optimistically to the decline in the number of international
terrorist incidents during the 1990s as a noteworthy and salutary development in the
struggle against terrorism, the percentage of terrorist incidents with fatalities had
paradoxically increased. For example, at least one person was killed in 29% of terrorist
incidents in 1995. That represented the highest ratio of fatalities to incidents recorded
over the previous thirty years. [6, p. 7]
Second, the dangers posed specifically by chemical and biological weapons became
increasingly apparent. In part, this was a function of the demise of the Cold War
preoccupation with the nuclear dimension of international relations. Perhaps more
significant, however, was the possibility that, given the ongoing travails of the Russian
economy, poorly paid, disgruntled former Soviet scientists might attempt to sell their
expertise in chemical, biological and nuclear weapons on the “open market” to
terrorists or rogue states. [6, p. 8]
Chapter 1: Turning Point
In the wake of the New
York and Oklahoma City
bombings and Tokyo
subway attacks, there
was a dramatic shift in
the perceived threat of
WMD terrorism.
10
Finally, a precedent for mass destruction had been set in the guise of the 1995 Aum
nerve gas attack. That incident represented the first widely known attempt by a non-
state group to use WMD with the specific intent of causing mass civilian casualties.
Moreover, Aum’s use of such an exotic weapon as sarin may have raised the stakes for
terrorists everywhere, who might feel driven to emulate or create their own version of
the Tokyo attack to attract attention to themselves and their causes. [6, p. 9]
In the wake of these incidents, a new era of terrorism was perceived by experts and
government officials alike who foresaw a potentially bloodier and more destructive age
of violence emerging as we approached the twenty-first century. The changes in
terrorism that they described raised concerns in the United States, especially within
Congress and the Executive Branch, about the implications of evolving terrorist threats
that were now seen to include use of WMD. [6, p. 1]
WMD Terrorism
According to 18USC S2332a, a weapon of mass destruction is “any weapon that is
designed or intended to cause death or serious bodily injury through the release,
dissemination, or impact of toxic or poisonous chemicals, or their precursors; any
weapon involving a biological agent, toxin, or vector; or any weapon that is designed to
release radiation or radioactivity at a level dangerous to human life.” For simplicity,
current convention recognizes chemical, biological, radiological, and nuclear (CBRN)
agents as general classes of WMD. 18USC S2332a makes it illegal to employ WMD
against U.S. citizens, anywhere in the world.
Chemical weapons are defined in 18USC S229F as “chemicals, precursors, munitions, or
devices specifically designed to cause death or other harm through the toxic properties
of the chemicals.” Under 18USC S229F, it is illegal to develop, produce, acquire, or
transfer chemical weapons. Chemical agents are generally classified by their effects.
Thus nerve agents attack the body’s nervous system, blood agents block oxygen
transfer in the blood, blister agents cause blisters, and choking agents attack the
respiratory system. Experts also recognize that a host of toxic industrial chemicals
(TICs) essential to manufacturing processes may also be employed as weapons. [7, pp.
II-10 – II-11] In 2005, the National Planning Scenarios were released, examining
possible attack scenarios and their potential consequences. Of the fifteen listed
scenarios, four related to chemical attacks. Two pertained to the release of chemical
agents. The other two involved the release of toxic industrial chemicals. The
deliberate destruction of a chlorine storage tank produced the most casualties,
estimated at 17,500 according to the scenario. The nerve agent attack resulted in the
second most casualties, estimated at 6,000 according to that scenario. In both
scenarios, rescue operations were hampered by the difficulty of operating in a
contaminated environment. [8]
Part I: Hard Lessons
WMD is defined in
18USC S2332a. Current
convention recognizes
chemical, biological,
radiological, and nuclear
agents as general
classes of WMD.
11
Biological weapons are defined in 18USC S178 as “any microorganism or infectious
substance, or any naturally occurring, bioengineered or synthesized component of any
such microorganism or infectious substance, capable of causing death, disease, or
other biological malfunction in a human, animal, plant, or other living organism;
deterioration of food, water, equipment, supplies, or materials of any kind; or
deleterious alteration of the environment.” As with chemical weapons, it is illegal to
develop, produce, stockpile, transfer, acquire, retain, or possess a biological agent or
delivery system for use as a weapon. Biological agents include three basic categories:
pathogens, toxins, and bioregulators. Pathogens are disease producing
microorganisms such as bacteria, rickettsia, or viruses. Pathogens can occur naturally
or can be altered with biotechnology. Toxins are poisons formed by a vegetable or
animal, but can be produced synthetically also. Bioregulators affect cell processes in
the body. Used as a bioweapon, they can cause severe adverse effects or death. [7, pp.
II-18] The fifteen National Planning Scenarios describe five different types of biological
incidents, four of them stemming from some form of attack. According to the Planning
Scenarios, an anthrax attack could result in 13,000 casualties. Alternatively, the
deliberate introduction of foot and mouth disease could kill an untold number of
livestock. Either attack would be hugely disruptive to the national economy. [8]
Radiological Dispersal Devices (RDDs), or “dirty bombs” are covered by the definition
for WMD found in 18USC S2332a. Specifically, they include “any weapon that is
designed or intended to release radiation or radioactivity at a level dangerous to
human life; or any device or object that is capable of and designed or intended to
endanger human life through the release of radiation or radioactivity.” 18USC S2332h
makes it illegal to knowingly produce, construct, acquire, transfer, receive, possess,
import, export, possess, or threaten to use an RDD. The Planning Scenarios have only
one RDD scenario. An RDD is not considered particularly destructive, but it is
considered highly disruptive. According to the scenario, an RDD released in a major
urban area could contaminate up to thirty-six city blocks. Essentially, the area of
contamination would have to be evacuated until such time as it could be
decontaminated. Decontamination could take years and cost billions of dollars. [8, pp.
11-1 – 11-4]
Chapter 1: Turning Point
18USC S2332a makes it
illegal to employ WMD
against U.S. citizens,
anywhere in the world.
12
Nuclear weapons are also covered by the definition for WMD found in 18USC S232a.
The Planning Scenarios postulate a situation in which a terrorist group assemble a gun-
type nuclear device from highly enriched uranium (HEU) stolen from a former Soviet
facility. The materials are smuggled into the United States and assembled near a major
metropolitan center. The improvised nuclear device (IND) is transported by van to the
central business district and detonated. The estimated 10-kiloton blast would
incinerate most everything within half mile of the detonation. Blast damage would
gradually taper off out to four miles from the epicenter. Electromagnetic pulse (EMP)
would render any surviving electronics inoperative within three miles of the
detonation. Those outside the blast radius but within twelve miles of detonation could
be affected by radiation exposure. Winds could carry radioactive fallout as far as 150
miles and contaminate as much as 3,000 square miles. [8, pp. 1-1 – 1-5] Dissimilar
circumstances make it difficult to draw comparisons with the August 6, 1945 bombing
of Hiroshima with a similar type device, but casualties from the blast, radiation, and
fallout might be expected to exceed 100,000. Of course, recovery would take decades
and cost hundreds of billions of dollars.
Still, most experts agree that even if terrorists want to employ WMD, they don’t
necessarily have the requisite scientific knowledge or technical capabilities to
implement their violent ambitions. Accordingly, as easy as some may argue it is for
terrorists to culture anthrax spores or brew up a concoction of deadly nerve gas, the
effective dissemination or dispersal of these viruses and poisons still presents serious
technological hurdles that greatly inhibit their effective use. Indeed, the ultimate
failure of the Tokyo subway attacks seems to affirm this position. [6, p. 38]
It should also be noted that, as serious and potentially catastrophic as a domestic
terrorist CBRN attack might prove, it is highly unlikely that it could ever completely
undermine the national security, much less threaten the survival, of the United States
as a nation. Indeed, following the 1995 nerve gas attack, the Japanese government did
not fall, widespread disorder did not ensue, nor did society collapse. There is no reason
to assume that the outcome would be any different in the United States. [6, pp. 37-38]
However, because of the extreme consequences that could result from a successful
CBRN attack, even the remotest likelihood of one cannot be dismissed as insignificant.
The challenge in responding to the threat of potential terrorist use of CBRN weapons is
to craft defense capabilities to respond to an incident if it occurs that are not only both
cost-effective and appropriate, but dynamic enough to respond as effectively as
possible in a wide a range of circumstances or scenarios. [6, pp. 34-35] The problem
was, the Federal government was not ready.
Part I: Hard Lessons
As serious and
potentially catastrophic
a CBRN attack might
prove, it is highly
unlikely it could ever
completely undermine
national security.
However, because of the
extreme consequences
that could result from a
successful CBRN attack,
event the remotest
likelihood of one cannot
be dismissed as
insignificant.
13
U.S. Counterterrorism Posture
At the time of the Tokyo Subway Attacks, the U.S. response to a terrorist incident was
seen as a highly coordinated interagency operation that included federal, state, and
local participation. Primary federal agencies besides the Department of Justice (DoJ),
Federal Bureau of Investigation (FBI), and Federal Emergency Management Agency
(FEMA) included the Department of Defense (DoD), Department of Energy (DoE), the
Environmental Protection Agency (EPA), and the Department of Health and Human
Services (DHHS). [9, pp. CRS-6]
The National Security Council was the center of U.S. government efforts to coordinate
the national response to threats or acts of domestic terrorism. The NSC Principals
Committee, the Deputies Committee, and the Counterterrorism and National
Preparedness Policy Coordination Committee (PCC) constituted the major policy and
decision making bodies involved in the federal response to terrorism. [9, pp. CRS-7]
The PCC had four standing subordinate groups to coordinate policy in specific areas.
The Counterterrorism and Security Group (CSG) coordinated policy for preventing and
responding to foreign terrorism, either internationally or domestically. The
Preparedness and Weapons of Mass Destruction Group provided policy coordination
for preventing WMD attacks in the United States and developing response and
consequence management capabilities to deal with domestic WMD incidents. The
Information Infrastructure Protection and Assurance Group handled policy for
preventing and responding to major threats to America’s cyberspace, and the
Continuity of Federal Operations Group was charged with policy coordination for
assuring the continued operation of Constitutional offices and federal departments and
agencies. [9, pp. CRS-7 – CRS-8]
When the NSC was advised of the threat of a terrorist incident or actual event, the
appropriate subordinate group would convene to formulate recommendations for the
Counterterrorism and Preparedness PCC who in turn would provide policy analysis for
the Deputies Committee. The Deputies Committee would ensure that the issues being
brought before the Principals Committee and NSC were properly analyzed and
prepared for a decision by the President. [9, pp. CRS-8]
In the wake of the Tokyo subway attacks and Oklahoma City bombing, President
Clinton in June 1995 signed Presidential Decision Directive #39 (PDD-39) updating U.S.
policy on counterterrorism. Among its provisions, PDD-39 designated the FBI the Lead
Federal Agency for responding to terrorist attacks on U.S. soil. PDD-39 also assigned
FEMA primary responsibility for coordinating federal efforts in responding to the
consequences of a WMD attack. [9, pp. CRS-5]
Chapter 1: Turning Point
In the wake of the Tokyo
subway attacks and
Oklahoma City bombing,
President Clinton in June
1995 signed PDD-39
updating U.S. policy on
counterterrorism. PDD-
39 designated the FBI as
the Lead Federal Agency
for responding to
terrorist attacks on U.S.
soil. FEMA was assigned
responsibility for
coordinating the Federal
response to a WMD
attack.
14
The FBI’s first step when a terrorist threat was discovered was to initiate a threat
credibility assessment. The FBI would take immediate steps to identify, acquire, and
plan for the use of federal resources to augment the State and local authorities if the
threat was deemed highly credible or an incident was verified. The FBI will designate a
Federal On-Scene Commander (OSC) who would function as the incident manager for
the U.S. Government. The FBI would operate from a Joint Operations Center (JOC) and
report back to the Strategic Information Operations Center (SIOC) at FBI Headquarters
in Washington DC. If necessary, the FBI could call upon a Domestic Emergency Support
Team (DEST) comprised of representatives from other Federal agencies to help advise
on the incident. In the event of a WMD incident, the FBI on-scene commander could
request DoD support through the Attorney General. [9, pp. CRS-9 – CRS-13]
Homeland Security
Concerned about the overall leadership and coordination of programs to combat
terrorism, Congress established three separate commissions to include the Advisory
Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of
Mass Destruction (also known as the Gilmore Panel because it was chaired by
Governor James Gilmore III of Virginia); the United States Commission on National
Security in the 21st Century (also known as the Hart-Rudman Commission because it
was chaired by former Senators Gary Hart and Warren Rudman); and the National
Commission on Terrorism (also known as the Bremer Commission because it Chairman
was former Ambassador Paul Bremer). [10, p. 37]
The Bremer Commission raised the issue that the National Coordinator, the senior
official responsible for coordinating all U.S. counterterrorism efforts, didn’t have
sufficient authority to ensure the President’s priorities were reflected in agencies’
budgets. The United States didn’t have a single counterterrorism budget. Instead,
counterterrorism programs existed in the individual budgets of 45 departments and
agencies of the federal government. [11]
In December 2000, the second report of the Gilmore Commission issued a finding that
the organization of the federal government’s programs for combating terrorism was
fragmented, uncoordinated, and politically unaccountable. It linked the lack of a
national strategy to the fact that no entity had the authority to direct all of the
agencies that may be engaged. At the federal level, no entity had the authority even
to direct the coordination of relevant federal efforts. As a consequence, the Gilmore
Commission recommended that the next President should establish a National Office
for Combating Terrorism in the Executive Office of the President, and should seek a
statutory basis for this office. [12]
Part I: Hard Lessons
Concerned about the
overall leadership and
coordination of
programs to combat
terrorism, Congress
established three
separate commissions to
investigate the
prospects for WMD
attack on U.S. soil.
15
The Gilmore Commission recommended that the National Office for Combating
Terrorism should have a broad and comprehensive scope, with responsibility for the
full range of deterring, preventing, preparing for, and responding to international as
well as domestic terrorism. The director of the office should be the principal
spokesman of the Executive Branch on all matters related to federal programs for
combating terrorism and should be appointed by the President and confirmed by the
Senate. The office should have a substantial and professional staff, drawn from
existing National Security Council offices and other relevant agencies. The Gilmore
Commission argued that the office should have at least five major sections, each
headed by an Assistant Director:
1. Domestic Preparedness Programs
2. Intelligence
3. Health and Medical Programs
4. Research, Development, Test, and Evaluation (RDT&E), and National Standards
5. Management and Budget [12]
The Hart-Rudman Commission decried the fact that responsibility for homeland
security resided at all levels of the U.S. government—local, state, and federal. That
within the federal government, almost every agency and department was involved in
some aspect of homeland security, but none was organized to focus on the scale of the
contemporary threat to the homeland. The Hart-Rudman Commission recommended
an organizational realignment that:
Designated a single person, accountable to the President, to be responsible for
coordinating and overseeing various U.S. government activities related to
homeland security;
Consolidated certain homeland security activities to improve their effectiveness
and coherence;
Established planning mechanisms to define clearly specific responses to specific
types of threats; and
Ensured that the appropriate resources and capabilities were available. [13]
In February 2001, the Hart-Rudman Commission recommended the creation of a
National Homeland Security Agency (NHSA) with responsibility for planning,
coordinating, and integrating various U.S. government activities involved in homeland
security. [13] Sadly, the recommendation came too little too late. Less than seven
months later the nation would suffer a terrorist attack of catastrophic proportions on
its own soil. What few had foreseen was how it would be accomplished not by WMD,
but by subverting the nation’s infrastructure.
Chapter 1: Turning Point
In February 2001, the
Hart-Rudman
Commission
recommended the
creation of a National
Homeland Security
Agency .
16
Conclusion
The United States stepped back from the brink of nuclear annihilation at the end of the
Cold War only to face the threat of nuclear terrorism at the outset of the 21st century.
The incident that brought this terrible prospect to the forefront of national security
concern was the Tokyo subway bombing in 1995. It was the first employment of WMD
by a non-state agent. Taken together with the increasing frequency and ferocity of
terrorist attacks against the United States itself, the Tokyo subway bombing suddenly
made the unthinkable not only thinkable, but credible. So as the United States
prepared for a new century, it also started preparing for the prospect of a domestic
terrorist attack employing a CBRN agent. As various advisory committees investigated
the matter and advised Congress, they developed the concept of homeland security
and the recommendation for a homeland security agency. What made it happen was
what nobody expected would happen.
Part I: Hard Lessons
17
Chapter 1: Turning Point
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. What was the historic significance of the Tokyo subway attacks?
2. Why are the Tokyo subway attacks considered an act of terrorism?
3. Do you have to be a terrorist to employ a WMD agent? Explain your answer.
4. What type of WMD agent do you think would be easiest to acquire? Explain your answer.
5. What type of WMD agent do you think would be most physically destructive? Explain your answer.
6. What type of WMD agent do you think could possibly cause the most deaths? Explain your answer.
7. Would you rather have one enemy with many WMD, or many enemies with one WMD? Explain your answer.
8. Identify five differences between a soldier fighting for a country and a terrorist fighting for a cause.
9. Identify five differences between the 1995 Tokyo subway attacks and the 1995 Oklahoma City bombing.
10. Identify five differences between the 1995 Tokyo subway attacks and the 2007 Virginia Tech shooting.
18
Part I: Hard Lessons
19
Lost Opportunities
Careful study of this chapter will help a student do the following:
Explain why Osama bin Laden declared war on the U.S.
Describe the difficulties in arresting or killing Osama bin Laden.
Compare the differences between an attack on U.S. soil and an attack against U.S. foreign interests.
Discuss how 9/11 might have been prevented.
Chapter 2
Learning Outcomes
Chapter 2: Lost Opportunities
20
Part I: Hard Lessons
“A direct attack against American citizens on American Soil is likely over the next
quarter century.”
– Phase III Report of the U.S. Commission on National Security/21st Century
February 15, 2001
Introduction
On September 11th, 2001, the unthinkable happened, but not in the manner anybody
imagined. This chapter examines the opportunities missed in the gathering storm that
would become 9/11.
New Priorities
After a bitterly contested election, George W. Bush was inaugurated the 46th President
of the United States in January 2001. He campaigned on a platform that included
bringing integrity and honor back to the White House, increasing the size of the
military, cutting taxes, improving education, and aiding minorities. [1] Under the
direction of his newly appointed National Security Advisor, Condoleezza Rice, the
incoming national security team focused their priorities on China, missile defense, the
Middle East peace process, and the Persian Gulf. In January 2001, Rice was briefed by
the outgoing National Security Advisor, Sandy Berger, and told she would find herself
spending more time on terrorism in general, and al Qaeda in particular. [2, p. 199]
Al Qaeda
Al Qaeda was conceived in 1988 by Osama Bin Laden, the seventeenth child of a Saudi
construction magnate. [2, p. 55] In 1980, Bin Laden left university to help the
mujahideen fight the Soviets in Afghanistan. [3] In December 1979, the Soviet Union
sent the 40th Army into the Afghan capital of Kabul to prop up the pro-Soviet
government of Nur Mohammad Taraki. [4] Arriving in Pakistan, bin Laden joined
Abdullah Azzam and used money and machinery from his own construction company
to help the mujahideen. By 1984, bin Laden and Azzam established Maktab al-
Khidamat (MAK) to funnel money, arms, and fighters from around the Arab world into
Afghanistan. [3] After nine years, the Soviets had killed 850,000-1.5 million Afghan
civilians at a cost to their own forces of 14,453 killed and 11,654 wounded, but were
still no nearer to suppressing the mujahideen insurgency. Unwilling or unable to
sustain a counter-insurgency, Soviet forces withdrew from Afghanistan in April 1988.
[4] As they departed, Bin Laden and Azzam agreed that the organization they created
should not be allowed to dissolve. Accordingly, they established what they called a
base or foundation, “al Qaeda” as a potential general headquarters for future jihad.
Though Azzam had been considered number one in the MAK, by August 1988 bin
Laden was clearly the leader of al Qaeda [2, pp. 55-56]
Al Qaeda was conceived
in 1988 by Osama Bin
Laden, the seventeenth
child of a Saudi
construction magnate.
21
Chapter 2: Lost Opportunities
Bin Laden
In 1990, bin Laden returned home to Saudi Arabia. On August 2, 1990, Saddam
Hussein launched the Iraqi invasion of Kuwait. With nothing to stop Iraqi forces from
crossing into Saudi Arabia, the royal family felt at risk. Bin Laden, whose efforts in
Afghanistan had earned him celebrity and respect, proposed to the Saudi monarchy
that he summon mujahideen for a jihad to retake Kuwait. He was rebuffed, and the
Saudis joined the U.S.-led coalition. [2, p. 57] On August 7, 1990, the U.S. 82nd
Airborne landed in Dhahran Saudi Arabia, and took up positions barely 400 miles from
Medina, the second holiest site in Islam. [3] Bin Laden and a number of Muslim clerics
began to publicly denounce the arrangement. The Saudi government exiled the clerics
and undertook to silence bin Laden by, among other things, confiscating his passport.
With help from a dissident member of the royal family, bin Laden managed to get out
of the country and make his way to Sudan. [2, p. 57]
Exile in Sudan
Previously, In 1989, bin Laden had been invited by Hassan al Turabi, head of the
National Islamic Front, to assist him in Sudan. After making his escape from Saudi
Arabia in 1991, bin Laden moved to Khartoum and set about building a large set of
complex and intertwined business and terrorist enterprises. In time, his business
ventures would encompass numerous companies and a global network of bank
accounts and nongovernmental institutions. Fulfilling his bargain with Turabi, bin
Laden used his construction company to build a new highway from Khartoum to Port
Sudan on the Red Sea coast. Meanwhile, al Qaeda finance officers and top operatives
used their positions in bin Laden’s companies to acquire weapons, explosives, and
technical equipment for terrorist purposes. In early 1992, al Qaeda issued a fatwa, a
religious edict calling for jihad against the Western “occupation” of Islamic lands,
specifically singling out U.S. forces for attack. During bin Laden’s time in Sudan, al
Qaeda was suspected of supporting attacks against U.S. forces in Yemen, Somalia, and
Saudi Arabia. [2, pp. 57-61] In 1995 al Qaeda was implicated in an assassination
attempt against Egyptian President Hosni Mubarak. Subsequent pressure from Saudi
Arabia, Egypt, and the United States forced the expulsion of bin Laden from Sudan.
Because his citizenship had been revoked in 1994, bin Laden could not return to Saudi
Arabia. Instead, he chose to return to Pakistan and eventually make his way back to
Afghanistan. [3]
In response to Saddam
Hussein’s invasion of
Kuwait on August 2,
1990, the U.S. 82nd
Airborne deployed to
Dhahran Saudi Arabia,
and took up positions
barely 400 miles from
Medina, the second
holiest site in Islam. Bin
Laden and a number of
Muslim clerics began to
publicly denounce the
arrangement.
22
Part I: Hard Lessons
Return to Afghanistan
When bin Laden arrived in Pakistan in May 1996, the Taliban were still fighting to gain
control of Afghanistan. After the Soviets departed in April 1988, Afghanistan erupted
in civil war between competing militias. In 1994, the Taliban arose as a political-
religious force, and with financial backing from Pakistan and Saudi Arabia, succeeded in
rising to power in September 1996. [5] Under the protection of the Taliban leader,
Mullah Muhammed Omar, bin Laden re-established al Qaeda operations in Kandahar,
Afghanistan. Through his connections, bin Laden brought much needed financial
support to the Taliban. In return, bin Laden and al Qaeda were given a sanctuary in
which to train and indoctrinate fighters and terrorists, import weapons, and plot and
staff terrorist schemes. The Taliban seemed to open the doors to all who wanted to
come to Afghanistan to train in the camps. It is estimated some 10,000 to 20,000
fighters underwent instruction at bin Laden supported camps in Afghanistan from 1996
to 2001. [2, pp. 65-67]
War on the United States
Shortly after arriving in Afghanistan in 1996, bin Laden issued a fatwa declaring war
against the United States. U.S. forces remained in Saudi Arabia to protect the kingdom
from any further aggression by Saddam Hussein. [3] In his 1996 fatwa, bin Laden
decried the “occupation of the land of the two Holy Places—the foundation of the
house of Islam, the place of the revelation, the source of the message and the place of
the noble Ka’ba, the Qiblah of all Muslims—by the armies of the American Crusaders
and their allies.” [6] Two years later, after al Qaeda had regathered its strength, bin
Laden issued a second fatwa in February 1998. The second fatwa declared the killing
of North Americans and their allies an “individual duty for every Muslim” to “liberate
the al Aqsa Mosque (in Jerusalem) and the holy mosque (in Mecca) from their grip”. At
the public announcement of the fatwa, bin Laden called North Americans “very easy
targets”, and told journalists “You will see the results of this in a very short time.” On
August 7, 1998, two truck bombs were exploded outside U.S. embassies in Nairobi,
Kenya, and Dar es Salaam, Tanzania. Together, the explosions killed 224 people
including 12 Americans, and injured 4,500 more. The attacks were linked to al Qaeda,
and bin Laden was placed on the FBI’s list of Ten Most Wanted. [3]
Shortly after arriving in
Afghanistan in 1996, bin
Laden issued a fatwa
declaring war against
the United States.
23
Chapter 2: Lost Opportunities
Cat and Mouse
Al Qaeda and bin Laden had come to the attention of the U.S. before the African
embassy bombings. The CIA had even conceived a kidnapping plan to deliver bin
Laden to an Arab court to answer for his role in the failed assassination attempt on
Egypt’s president. Because CIA senior management didn’t think the plan would work,
it was never executed. Still, the CIA maintained surveillance of bin Laden and al Qaeda.
It was because of this monitoring they were able to quickly trace the embassy
bombings back to bin Laden. Debate about what to do settled very soon on one
option: Tomahawk cruise missiles. [2, pp. 114-118] Two weeks later, on March 20,
1998, Navy vessels in the Arabian Sea fired about 75 cruise missiles at four training
camps inside Afghanistan. One camp was where bin Laden met with other leaders.
According to the CIA, bin Laden departed the camp just hours before the cruise
missiles hit. [7] At the same time he authorized the cruise missile attacks, President
Clinton issued a Memorandum of Notification authorizing the CIA to capture bin Laden.
A second memorandum issued in December authorized the CIA to capture or kill bin
Laden. As the agency examined alternative plans throughout 1999, all were discarded
as either unlikely to succeed or likely to cause significant collateral damage. [2, pp. 126
-143] At the turn of the new century, al Qaeda was implicated in failed attacks against
targets in Jordan, and the USS The Sullivans. Jordanian police foiled the first, and the
boat filled with explosives sank before detonating. Together with a failed attack on Los
Angeles International Airport they were collectively called the “Millennium Plot”. [8]
While reviewing these actions in January 2000, National Security Advisor Sandy Berger
was advised that more al Qaeda attacks were not a question of “if” but rather of
“when” and “where”. The warning placed increased pressure on efforts to capture or
kill bin Laden. The State Department was thwarted by the Taliban’s refusal to give him
over. CIA progress was slowed by attempts to recruit Taliban rivals in southern
Afghanistan. Military options were stymied by absence of a friendly operating base in
the area. President Clinton noted the lack of progress in March 2000 when he wrote in
the margin of his daily briefing that “the United States could surely do better.” [2, pp.
182-190] On October 12, 2000, a speed boat laden with explosives rammed the USS
Cole in Yemen, killing 17 sailors and heavily damaging the destroyer. While al Qaeda
was suspected in the attack, the absence of “smoking gun” evidence prevented the
White House from delivering an ultimatum to the Taliban to give up bin Laden. Further
action was subsequently deferred to the new Bush Administration after belatedly
winning one of the closest presidential contests in U.S. history. [2, pp. 190-198]
On October 12, 2000, a
speed boat laden with
explosives rammed the
USS Cole in Yemen,
killing 17 sailors and
heavily damaging the
destroyer.
24
Part I: Hard Lessons
The Planes Operation
By early 1999, al Qaeda was already a potent adversary of the United States. Bin Laden
and his chief of operations, Abu Hafs al Masri, also known as Mohammed Atef,
occupied undisputed leadership positions atop al Qaeda’s organizational structure.
Within this structure, al Qaeda’s worldwide terrorist operations relied heavily on the
ideas and work of enterprising and strong willed field commanders who enjoyed
considerable autonomy. Khalid Sheikh Mohammed (KSM) was one such commander.
[2, p. 145] KSM was involved in the “Bojinka” plot, a 1995 plan to bomb 12 U.S.
commercial jets in midair over the Pacific as they flew home from the Philippines. The
plot was discovered, however, and KSM’s accomplices arrested in Manila. KSM evaded
capture and made his way to Afghanistan in 1996. Shortly after arriving, he managed a
meeting with bin Laden and Mohammed Atef. KSM presented several ideas for attack
against the United States. One proposal involved hijacking ten planes to attack targets
on both the East and West coasts of the United States. In addition to the Twin Towers
and Pentagon, the planes were to hit the White House, CIA and FBI headquarters,
unidentified nuclear power plants, and the tallest buildings in California and
Washington State. The tenth plane was to kill every adult male passenger before
landing and denouncing U.S. Middle East policies in front of the media. Bin Laden
listened, but did not commit. [9, pp. 1-2] He had just arrived in Afghanistan himself,
and had yet to re-establish al Qaeda operations. It wasn’t until after the African
embassy bombings in 1998 that planning for the 9/11 operation began in earnest. In
March/April 1999, bin Laden summoned KSM to Kandahar and told him al Qaeda
would support his proposal, but he had to scale it back. KSM and bin Laden agreed to
four targets: the Twin Towers, Pentagon, White House, and U.S. Capitol. The plot was
now referred to within al Qaeda as the “Planes Operation”. [2, pp. 148-154]
Recruitment
Bin Laden soon selected four individuals to serve as suicide operatives: Nawaf al
Hazmi, Khalid al Mihdhar, Walid Muhammad Salih bin Attash, also known as Khallad,
and Abu Bara Taizi. Hazmi and Mihdhar were Saudi nationals; Khallad and Abu Bara
were from Yemen. KSM knew the Yemeni nationals would have trouble obtaining U.S.
visas. Therefore, KSM decided to split the operation into two parts. Hazmi and
Mihdhar would go to the United States, and Khallad and Abu Bara would go to
Malaysia to carry out a smaller version of the Bojinka plot. The four spent most the rest
of the year at the Mes Aynak training camp in Afghanistan before they flew to Kuala
Lumpur where they were to study airport security and conduct surveillance of U.S.
carriers. On January 15, 2000, Hazmi and Mihdhar took off for Los Angeles to complete
plans for the U.S. portion of the attack. Khallad and Abu Bara remained behind, but
they would never complete their portion of the Planes Operation; in the spring of
2000, bin Laden cancelled the Malaysia part of the operation because it was too
difficult to coordinate with the U.S. part. Meanwhile, those plans continued. [9, pp. 2-
3]
al Qaeda’s worldwide
terrorist operations
relied heavily on the
ideas and work of
enterprising and strong
willed field commanders
who enjoyed
considerable autonomy.
Khalid Sheikh
Mohammed (KSM) was
one such commander.
KSM presented several
ideas for attack against
the United States.
25
Chapter 2: Lost Opportunities
While KSM was deploying his initial operatives for the 9/11 attacks to Kuala Lumpur, a
group of four Western-educated men who would prove ideal for the attacks were
making their way from Hamburg Germany to al Qaeda camps in Afghanistan. The four
were Mohamed Atta, Marwan al Shehhi, Ziad Jarrah, and Ramzi Binalshibh. Atta,
Shehhi, and Jarrah would become pilots for the 9/11 attacks, while Binalshibh would
act as a key coordinator for the plot. [9, p. 3]
Binalshibh, Atta, and Jarrah met with Bin Laden’s deputy, Mohamed Atef, who directed
them to return to Germany and enroll in flight training. Atta was chosen as the emir, or
leader, of the mission. He met with Bin Laden to discuss the targets: the World Trade
Center, which represented the U.S. economy; the Pentagon, a symbol of the U.S.
military; and the U.S. Capitol, the perceived source of U.S. policy in support of Israel.
The White House was also on the list, as Bin Laden considered it a political symbol and
wanted to attack it as well. In early 2000, Shehhi, Atta, and Binalshibh met with KSM in
Karachi for training that included learning about life in the United States and how to
read airline schedules. [9, p. 4]
By early March 2000, all four new al Qaeda recruits were back in Hamburg. They began
researching flight schools in Europe, but quickly found that training in the United
States would be cheaper and faster. Atta, Shehhi, and Jarrah obtained U.S. visas, but
Binalshibh—the sole Yemeni in the group—was rejected repeatedly. In the spring of
2000, Atta, Shehhi, and Jarrah prepared to travel to the United States to begin flight
training. Binalshibh would remain behind and help coordinate the operation, serving as
a link between KSM and Atta. [9, p. 4]
Training
While the Hamburg operatives were just joining the 9/11 plot, Nawaf al Hazmi and
Khalid al Mihdhar were already living in the United States. Having arrived in Los
Angeles in January, they moved to San Diego in February. KSM contends that he
directed the two to settle in San Diego after learning from a phone book about
language and flight schools there. Hazmi and Mihdhar were supposed to learn English
and then enroll in flight schools, but they made only cursory attempts at both. Mihdhar
paid for an English class that Hazmi took for about a month. The two al Qaeda
operatives also took a few short flying lessons. According to their flight instructors,
they were interested in learning to fly jets and did not realize that they had to start
training on small planes. In June 2000, Mihdhar abruptly returned to his family in
Yemen, apparently without permission. KSM was very displeased and wanted to
remove him from the operation, but Bin Laden interceded, and Mihdhar remained part
of the plot. [9, pp. 4-6]
In March/April 1999, bin
Laden summoned KSM
to Kandahar and told
him al Qaeda would
support his proposal,
but he had to scale it
back. KSM and bin
Laden agreed to four
targets: the Twin
Towers, Pentagon,
White House, and U.S.
Capitol. The plot was
now referred to within
al Qaeda as the “Planes
Operation”.
26
Part I: Hard Lessons
On the East Coast, in May and June 2000, the three operatives from Hamburg who had
succeeded in obtaining visas began arriving in the United States. Mohamed Atta and
Marwan Shehhi flew into New Jersey; Ziad Jarrah flew into Florida. Atta and Shehi
looked into flight schools in New Hampshire and New Jersey, and, after spending about
a month in New York City, visited the Airman Flight School in Norman, Oklahoma. For
some reason, Atta and Shehhi decided not to enroll there. Instead, they went to
Venice, Florida, where Jarrah had already started his training at Florida Flight Training
Center. Atta and Shehhi enrolled in a different flight school, Huffman Aviation, and
began training almost daily. Jarrah obtained his single engine private pilot certificate in
early August; Atta and Shehhi received their pilots’ licenses a few weeks later. Their
instructors described Atta and Shehhi as aggressive and rude, and in a hurry to
complete their training. [9, p. 6]
The plot called for four pilots. By the fall of 2000, Atta, Shehhi, and Jarrah were
progressing in their training. It was clear, though, that Hazmi and Mihdhar would not
learn to fly aircraft. In their place was sent a young Saudi named Hani Hanjour.
Hanjour had studied in the United States intermittently since 1991, and had undergone
enough flight training in Arizona to obtain his commercial pilot certificate in April 1999.
In 2000, he was training for al Qaeda at the al Faruq camp in Afghanistan. Recognizing
his skills, Hanjour was sent to KSM for inclusion in the plot. On December 8, 2000,
Hani Hanjour joined Nawaf al Hazmi in San Diego; Khalid al Mihdhar was still absent in
Yemen. Together, Hanjour and Hazmi relocated to Mesa Arizona where Hanjour spent
most of his previous time in the United States. By early 2001, Hanjour was training in a
Boeing 737 simulator. Because his performance struck his flight instructors as sub-
standard, they discouraged Hanjour from continuing, but he persisted. By the end of
March, Hanjour finished training and drove east with Hazmi. On April 1 they were
stopped and issued a speeding ticket in Oklahoma. A few days later they arrived in
Northern Virginia and rented an apartment in Alexandria outside Washington DC. In
May they moved to Paterson New Jersey to be closer to New York City. [9, pp. 7-8]
Back in Florida, the Hamburg pilots—Atta, Shehhi, and Jarrah—continued to train. By
the end of 2000, they also were starting to train on jet aircraft simulators. Around the
beginning of the New Year, all three of them left the United States on various foreign
trips. Atta traveled to Germany for an early January 2001 meeting with Ramzi
Binalshibh. Atta reported that the pilots had completed their training and were
awaiting further instruction from al Qaeda. After the meeting, Atta returned to Florida
and Binalshibh headed to Afghanistan to brief the al Qaeda leadership. [9, p. 7]
The plot called for four
pilots. By the fall of
2000, Atta, Shehhi, and
Jarrah were progressing
in their training.
27
Chapter 2: Lost Opportunities
While the pilots trained in the United States, Bin Laden and al Qaeda leaders in
Afghanistan started selecting the muscle hijackers—those operatives who would storm
the cockpit and control the passengers on the four hijacked planes. (The term “muscle”
hijacker appears in the interrogation reports of 9/11 conspirators KSM and Binalshibh,
and has been widely used to refer to the non-pilot hijackers.) The so-called muscle
hijackers actually were not physically imposing, as the majority of them were between
5’5” and 5’7” in height and slender in build. In addition to Hazmi and Mihdhar, the first
pair to enter the United States, there were 13 other muscle hijackers, all but one from
Saudi Arabia. They were Satam al Suqami, Wail and Waleed al Shehri (two brothers),
Abdul Aziz al Omari, Fayez Banihammad (from the UAE), Ahmed al Ghamdi, Hamza al
Ghamdi, Mohand al Shehri, Saeed al Ghamdi, Ahmad al Haznawi, Ahmed al Nami,
Majed Moqed, and Salem al Hazmi (the brother of Nawaf al Hazmi). [9, p. 8]
The muscle hijackers received special training in Afghanistan on how to conduct
hijackings, disarm air marshals, and handle explosives and knives. Next KSM sent them
to the UAE, where his nephew, Ali Abdul Aziz Ali, and another al Qaeda member,
Mustafa al Hawsawi, would help them buy plane tickets to the United States. In late
April 2001, the muscle hijackers started arriving in the United States, specifically in
Florida, Washington, DC, and New York. They traveled mostly in pairs and were
assisted upon arrival by Atta and Shehhi in Florida or Hazmi and Hanjour in DC and
New York. The final pair, Salem al Hazmi and Abdulaziz al Omari, arrived New York on
June 29 and likely were picked up the following day by Salem’s brother, Nawaf, as
evidenced by Nawaf’s minor traffic accident while heading east on the George
Washington Bridge. Finally, on July 4, Khalid al Mihdhar, who had abandoned Nawaf al
Hazmi back in San Diego 13 months earlier, re-entered the United States. Mihdhar
promptly joined the group in Paterson, New Jersey. [9, pp. 8-9]
In addition to assisting the newly-arrived muscle hijackers, the pilots busied
themselves during the summer of 2001 with cross-country surveillance flights and
additional flight training. In addition to the test flights, some of the operatives
obtained additional training. The 9/11 operatives were now split between two
locations: southern Florida and Paterson, New Jersey. Atta had to coordinate the two
groups, especially with Nawaf al Hazmi, who was considered Atta’s second-in-
command for the entire operation. Their first in-person meeting probably took place in
June, when Hazmi flew round-trip between Newark and Miami. [9, p. 9]
While the pilots trained
in the United States, Bin
Laden and al Qaeda
leaders in Afghanistan
started selecting the
muscle hijackers—those
operatives who would
storm the cockpit and
control the passengers
on the four hijacked
planes.
28
Part I: Hard Lessons
The next step for Atta was a mid-July status meeting with Binalshibh at a small resort
town in Spain. According to Binalshibh, the two discussed the progress of the plot, and
Atta disclosed that he would still need about five or six weeks before he would be able
to provide the date for the attacks. Atta also reported that he, Shehhi, and Jarrah had
been able to carry box cutters onto their test flights; they had determined that the best
time to storm the cockpit would be about 10-15 minutes after takeoff, when they
noticed that cockpit doors were typically opened for the first time. Atta also said that
the conspirators planned to crash their planes into the ground if they could not strike
their targets. Atta himself planned to crash his aircraft into the streets of New York if
he could not hit the World Trade Center. After the meeting, Binalshibh left to report
the progress to the al Qaeda leadership in Afghanistan, and Atta returned to Florida on
July 19. [9, pp. 9-10]
In early August, Atta spent a day waiting at the Orlando airport for one additional
muscle hijacker intended for the operation, Mohamed al Kahtani. Kahtani was turned
away by U.S. immigration officials and failed to join the operation. On August 13,
another in-person meeting of key players in the plot apparently took place, as Atta,
Nawaf al Hazmi, and Hanjour gathered in Las Vegas. Two days later, the FBI learned
about the strange behavior of Zacarias Moussaoui, who was now training on flight
simulators in Minneapolis. [9, p. 10]
On August 15, 2001, the flight school reported its suspicions about Moussaoui to the
FBI, including that he only wanted to learn how to take off and land the airplane, that
he had no background in aviation, and that he had paid in cash for the course. The
Minneapolis FBI opened an investigation on Moussaoui, believing that he was seeking
flight training to commit a terrorist act. . [10, p. 101] On August 16, 2001, Moussaoui
was arrested by FBI and INS agents in Minnesota and charged with an immigration
violation. Materials itemized when he was arrested included a laptop computer, two
knives, flight manuals pertaining to Boeing’s 747 aircraft, a flight simulator computer
program, fighting gloves and shin guards, and a computer disk with information about
crop dusting. [11] Without any firm evidence of terrorist intentions, and unable to
obtain a warrant to search Moussaoui’s laptop, the FBI began plans to deport
Moussaoui to France and ask French authorities to search his belongings. [10, p. 101]
On August 15, 2001, a
flight school reported to
the FBI that one of its
students, Zacarias
Moussaoui only wanted
to learn how to take off
and land the airplane,
that he had no
background in aviation,
and that he had paid in
cash for the course.
29
Chapter 2: Lost Opportunities
Moussaoui’s arrest occurred about a month after an FBI field agent in Phoenix sent an
electronic communication to headquarters suggesting that bin Laden affiliated agents
were attending flight schools with possible intent of targeting civil aviation. Later
referred to as the “Phoenix Memo”, the message was transmitted to the FBI
Counterterrorism Division and New York Division on July 10, 2001. The message was
sent after conducting surveillance on four students attending aviation colleges and
universities in Arizona. While some of the subjects confessed to being al Qaeda
members, none were associated with the Planes Operation. The Phoenix Memo did
not raise any particular alarm at the FBI because it gave no specific evidence and was
marked for “routine” action. [10, pp. 60-64]
Just over two weeks before the attacks, the conspirators purchased their flight tickets.
Between August 26 and September 5, they bought tickets on the Internet, by phone,
and in person. Once the ticket purchases were made, the conspirators returned excess
funds to al Qaeda. The last step was to travel to the departure points for the attacks.
[9, p. 10]
The teams assembled according to their assigned targets. Operatives attacking the
Pentagon gathered in Laurel Maryland near Dulles Airport where they were scheduled
to take American Airlines Flight 77. On September 10th they stayed the night at a
hotel in Herndon, Virginia. Operatives assigned to attack the White House gathered in
Newark where they were scheduled to take United Airlines Flight 93. Just after
midnight on September 9, Jarrah received a speeding ticket as he headed north
through Maryland along Interstate 95, towards his team’s staging point in New Jersey.
The two teams targeting the Twin Towers both staged out of Boston. By September 9,
Marwan al Shehhi and the team he would lead against United Airlines Flight 175 had
arrived in Boston. The team that Mohammed Atta would lead against American
Airlines Flight 11 was also assembled in Boston. Then, for reasons unknown, on
September 10, Atta picked up Abdul Aziz al Omari, one of the Flight 11 muscle
hijackers, from his Boston hotel and drove to Portland, Maine. They would take a
commuter flight to Boston during the early hours of September 11 to connect to Flight
11. The Portland detour almost prevented Atta and Omari from making Flight 11 out of
Boston. In fact, the luggage they checked in Portland failed to make it onto the plane.
On the morning of September 11, after years of planning and many months of
intensive preparation, all four terrorist teams were in place to execute the attacks of
that day. [9, pp. 10-11]
On August 16, 2001,
Moussaoui was arrested
and charged with an
immigration violation.
Moussaoui’s arrest
occurred about a month
after an FBI field agent
sent what was later
called the “Phoenix
Memo” to headquarters
suggesting that bin
Laden affiliated agents
were attending flight
schools with possible
intent of targeting civil
aviation.
30
Part I: Hard Lessons
Conclusion
Though the 9/11 attacks were unforeseen, it is plausible they might still have been
prevented. Before the attacks occurred, bin Laden was a known terrorist with an
avowed mission to kill Americans, wanted by the U.S. government. Attempts to
capture or kill him, though, were ultimately thwarted by a lack of will; while the CIA
dallied in tribal negotiations, the administration was unwilling to risk the collateral
damage attendant to overt military operations. Still, the Planes Operation might have
been foiled during any number instances at home, particularly when 1) known al
Qaeda operatives crossed U.S. borders, 2) the FBI received the Phoenix Memo warning
of a potential strike against U.S. civil aviation, coupled with 3) the arrest of Zacarias
Moussaoui while attending flight school, and 4) when plot members were ticketed for
speeding. These lost opportunities, and more such on the day of the attacks, would
figure prominently in shaping the nation’s homeland security policy.
31
Chapter 2: Lost Opportunities
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. Why did Osama bin Laden declare war on the United States?
2. Describe the two different attacks Osama bin Laden successfully mounted against the U.S. before 9/11.
3. Identify five similarities between the 2000 attack on the USS Cole and the 1983 Beirut barracks bombing.
4. Identify five differences between the 2000 attack on the USS Cole and the 1993 attack on the World Trade Center.
5. Would you classify the following attacks as a criminal act or act of war? Explain your answers.
a. 1983 Beirut barracks bombing
b. 1993 attack on the World Trade Center
c. 2000 attack on the USS Cole
6. Why didn’t the U.S. simply arrest Osama bin Laden after the 2000 attack on the USS Cole?
7. Why didn’t the U.S. simply kill Osama bin Laden after the 2000 attack on the USS Cole?
8. List three reasons why an attack on U.S. soil would be harder than an attack against U.S. foreign interests.
9. List three reasons why Osama bin Laden would want to mount an attack on U.S. soil.
10. Do you think 9/11 was preventable? Explain your answer.
32
Part I: Hard Lessons
33
We Have Some Planes
Careful study of this chapter will help a student do the following:
Describe the 9/11 attacks.
Explain the significance of the targets.
Assess whether a similar attack would be successful today.
Demonstrate the relationship between 9/11 and the 1995 Tokyo subway attacks.
Chapter 3
Learning Outcomes
Chapter 3: We Have Some Planes
34
Part I: Hard Lessons
“American 11: We have some planes. Just stay quiet, and you’ll be okay. We are
returning to the airport.”
– 2004 9/11 Commissioner Report
Introduction
Tuesday, September 11, 2001, dawned temperate and nearly cloudless in the eastern
United States. Millions of men and women readied themselves for work. Some made
their way to the Twin Towers, the signature structures of the World Trade Center
complex in New York City. Others went to Arlington, Virginia, to the Pentagon. Across
the Potomac River, the United States Congress was back in session. At the other end
of Pennsylvania Avenue, people began to line up for a White House tour. In Sarasota,
Florida, President George W. Bush went for an early morning run.
For those heading to an airport, weather conditions could not have been better for a
safe and pleasant journey. Among the travelers were Mohamed Atta and Abdul Aziz al
Omari, who arrived at the airport in Portland Maine.
Boston: American 11 and United 175
On Tuesday, September 11, 2001, Mohammed Atta and Abul Aziz al Omari arrived at
the airport in Portland Maine to catch a 6:00 a.m. flight to Boston’s Logan
International Airport. [1, p. 253]
When he checked in for his flight to Boston, Atta was selected by a computerized
prescreening system known as CAPPS (Computer Assisted Passenger Prescreening
System), created to identify passengers who should be subject to special security
measures. Under security rules in place at the time, the only consequence of Atta’s
selection by CAPPS was that his checked bags were held off the plane until it was
confirmed that he had boarded the aircraft. [1, p. 1]
Table 3-1: 9/11 Hijackers & Flights
AA Flt. 11, Boston Logan AA Flt. 77, Dulles
1. Mohammed Atta* 11. Hani Hanjour*
2. Abul Aziz al Omari 12. Khalid al Midhhar
3. Satam al Suqami 13. Majed Moqed
4. Wail al Shehri 14. Nawaf al Hazmi
5. Waleed al Shehri 15. Salem al Hazmi
UA Flt. 175, Boston Logan UA Flt. 93, Newark
6. Marwan al Shehhi* 16. Ziad Jarrah*
7. Fayez Banihammad 17. Saeed al Ghamdi
8. Mohand al Shehri 18. Ahmed al Nami
9. Ahmed al Ghamndi 19. Ahad al Haznawi
10. Hamza al Ghamdi
*Designated Pilot
35
Chapter 3: We Have Some Planes
At 6:45 a.m., Atta and Omari arrived in Boston. Between 6:45 and 7:40, Atta and
Omari, along with Satam al Suqami, Wail al Shehri, and Waleed al Shehri, checked in
and boarded American Airlines Flight 11, bound for Los Angeles. The flight was
scheduled to depart at 7:45. [1, p. 2]
Elsewhere at Logan Airport, Marwan al Shehhi, Fayez Banihammad, Mohand al Shehri,
Ahmed al Ghamdi, and Hamza al Ghamdi checked in for United Airlines Flight 175, also
bound for Los Angeles. Their flight was scheduled to depart at 08:00. [1, p. 2]
As Atta’s team passed through passenger screening, three members–Suqami, Wail al
Shehri, and Waleed al Shehri–were selected by CAPPS. Their selection affected only
the handling of their checked bags, not their screening at the checkpoint. All five men
cleared the checkpoint and made their way to the gate for American 11. Atta, Omari,
and Suqami took their seats in business class. The Shehri brothers had adjacent seats
in row 2 in the first-class cabin. They boarded American 11 between 7:31 and 7:40.
The aircraft pushed back from the gate at 7:40. [1, p. 2]
Shehhi and his team, none of whom had been selected by CAPPS, boarded United 175
between 7:23 and 7:28. Their aircraft pushed back from the gate just before 8:00. [1,
p. 2]
Washington Dulles: American 77
At 7:15 a.m., Khalid al Mihdhar and Majed Moqed checked in with the American
Airlines ticket counter at Dulles International Airport in Virginia. Both were ticketed for
Flight 77 bound for Los Angeles. Within 20 minutes, three other members of the team
checked in including Hani Hanjour, Nawaf al Hazmi, and Salem al Hazmi. Hani Hanjour,
Khalid al Mihdhar, and Majed Moqed were flagged by CAPPS. The Hazmi brothers
were also selected for extra security by the airline’s customer service representative at
the check-in counter. He did so because one of the brothers did not have photo
identification nor could he understand English, and because the agent found both
passengers to be suspicious. The only consequence of their selection was that their
checked bags were held off the plane until it was confirmed that they had boarded the
aircraft. [1, p. 3]
On the morning of
September 11, 2001,
eight of the nineteen
hijackers were flagged
by the Computer
Assisted Passenger
Prescreening System
(CAPPS). Under security
rules in place at the
time, the only
consequence was that
their checked bags were
held off the plane until it
was confirmed that they
had boarded the
aircraft.
36
Part I: Hard Lessons
The five hijackers proceeded to the Main Terminal’s west security screening point. The
checkpoint featured closed-circuit television that recorded all passengers, including the
hijackers as they were screened. Both Mihdhar and Moqed set off the metal detector
and were directed to a second metal detector. Mihdhar did not trigger the alarm and
was permitted through the checkpoint. Moqed set it off, a screener wanded him with
a hand-held magnetic detector. He passed this inspection. About 20 minutes later,
Hani Hanjour, Nawaf al Hazmi, and Salem al Hazmi entered the screening area. Nawaf
al Hazmi set off both the first and second metal detectors and was then hand-wanded
before being passed. In addition, his over-the-shoulder carry-on bag was swiped by an
explosive trace detector and then passed. [1, p. 3]
At 7:50 a.m., Majed Moqed and Khalid al Mihdhar boarded American 77 and were
seated in 12A and 12B in coach. Hani Hanjour, assigned to seat 1B in first class, soon
followed. The Hazmi brothers, sitting in 5E and 5F, joined Hanjour in the first-class
cabin. [1, pp. 3-4]
Newark: United 93
At Newark Airport in New Jersey, another hijacking team assembled. Between 7:03
and 7:39, Saeed al Ghamdi, Ahmed al Nami, Ahad al Haznawi, and Ziad Jarrah checked
in at the United Airlines Ticket counter for Flight 93, going to Los Angeles. Haznawi
was selected by CAPPS. His checked bag was screened for explosives and then loaded
on the plane. [1, p. 4]
The four men passed though the security checkpoint and boarded their plane between
7:39 and 7:48. All four had seats in the first-class cabin. Jarrah was in seat 1B, closest
to the cockpit; Nami was in 3C, Ghamdi in 3D, and Haznawi in 6B. [1, p. 4]
The 19 men were aboard four transcontinental flights. They were planning to hijack
these planes and turn them into large guided missiles, loaded with up to 11,400 gallons
of jet fuel. By 8:00 a.m. on the morning of Tuesday, September 11, 2001, they had
defeated all the security layers that America’s civil aviation security system then had in
place to prevent hijacking. [1, p. 4]
The Hijacking of American 11
American Airlines Flight 11 provided nonstop service from Boston to Los Angeles. On
September 11, Captain John Ogonowski and First Officer Thomas McGuinness piloted
the Boeing 767. It carried its full capacity of nine flight attendants. Eighty-one
passengers boarded the flight with them, including the five terrorists. [1, p. 4]
At Washington Dulles,
three of the hijackers set
off metal detectors and
were directed to
secondary screening. All
three passed inspection
with a hand-held
magnetic detector.
37
Chapter 3: We Have Some Planes
American Flight 11 took off at 7:59. Just before 8:14, it had climbed to 26,000 feet, not
quite its initial assigned cruising altitude of 29,000 feet. All communications and flight
profile data were normal. About this time, the “Fasten Seatbelt” sign would usually
have been turned off and the flight attendants would have begun preparing for cabin
service. [1, p. 4]
At this time, American 11 had its last routine communication with the ground when it
acknowledged navigational instructions from the FAA’s air traffic control (ATC) center
in Boston. Sixteen seconds after that transmission, ATC instructed the aircraft’s pilots
to climb to 35,000 feet. That message and all subsequent attempts to contact the
flight were not acknowledged. From this and other evidence, it is believed the
hijacking began at 8:14 or shortly thereafter. [1, p. 4]
Reports from two flight attendants in the coach cabin, Betty Ong and Madeline “Amy”
Sweeney, tell us most of what we know about how the hijacking happened. As it
began, some of the hijackers–most likely Wail al Shehri and Waleed al Shehri, who
were seated in row 2 in first class–stabbed the two unarmed flight attendants who
would have been preparing for cabin service. [1, p. 5]
It’s not known exactly how the hijackers gained access to the cockpit; FAA rules
required that the doors remain closed and locked during flight. Ong speculated that
they had “jammed their way” in. Perhaps the terrorists stabbed the flight attendants
to get a cockpit key, to force one of them to open the cockpit door, or to lure the
captain or first officer out of the cockpit. [1, p. 5]
At the same time or shortly thereafter, Atta–the only terrorist on board trained to fly a
jet–would have moved to the cockpit from his business-class seat, possibly
accompanied by Omari. As this was happening, passenger Daniel Lewin, who was
seated in the row just behind Atta and Omari, was stabbed by one of the hijackers–
probably Satam al Suqami, who was seated directly behind Lewin. Lewin had served
four years as an officer in the Israeli military. He may have made an attempt to stop
the hijackers in front of him, not realizing that another was sitting behind him. [1, p. 5]
The hijackers quickly gained control and sprayed Mace, pepper spray, or some other
irritant in the first-class cabin, in order to for the passengers and flight attendants
toward the rear of the plane. They claimed they had a bomb. [1, p. 5]
By 8:00 a.m. on the
morning of Tuesday,
September 11, 2001, the
nineteen hijackers had
defeated all the security
layers that America’s
civil aviation security
system then had in place
to prevent hijacking.
38
Part I: Hard Lessons
About five minutes after the hijacking began, Betty Ong contacted the American
Airlines Southeastern Reservations Office in Cary, North Carolina, via an AT&T airphone
to report an emergency aboard the flight. The emergency call lasted approximately 25
minutes, as Ong calmly and professionally relayed information about events taking
place aboard the airplane to authorities on the ground. [1, p. 5]
At 8:19, Ong reported: “The cockpit is not answering, somebody’s stabbed in business
class–and I think there’s Mace–that we can’t breathe–I don’t know, I think we’re
getting hijacked.” She then told of the stabbings of the two flight attendants. [1, p. 5]
American’s Southeastern Reservations Office quickly contacted the American Airlines
operations center in Fort Worth, Texas, who soon contacted the FAA’s Boston Air
Traffic Control Center. Boston Center knew of a problem on the flight in part because
just before 8:25 the hijackers had attempted to communicate with the passengers.
The microphone was keyed, and immediately one of the hijackers said, “Nobody move.
Everything will be okay. If you try to make any moves, you’ll endanger yourself and the
airplane. Just stay quiet.” Air traffic controllers heard the transmission; Ong did not.
The hijackers probably did not know how to operate the cockpit radio communication
system correctly, and thus inadvertently broadcast their message over the air traffic
control channel instead of the cabin public-address channel. Also at 8:25, and again at
8:29, Amy Sweeney got through to the American Flight Services Office in Boston but
was cut off after she reported someone was hurt aboard the flight. Three minutes
later, Sweeney was reconnected to the office and began relaying updates to her
manager. [1, pp. 5-6]
At 8:26, Ong reported that the plane was “flying erratically.” A minute later, Flight 11
turned south. American also began getting identifications of the hijackers, as Ong and
then Sweeney passed on some of the seat numbers of those who had gained
unauthorized access to the cockpit. [1, p. 6]
At 8:41 Sweeney reported that passengers in coach were under the impression there
was a routine medical emergency in first class. Other flight attendants were busy at
duties such as getting medical supplies while Ong and Sweeney were reporting events.
[1, p. 6]
At 8:41, American’s operations center learned that air traffic controllers had declared
Flight 11 a hijacking, and thought it was headed toward Kennedy airport in New York
City. Air traffic control was busy moving other flights out of the way as they tracked
Flight 11 on primary radar, which seemed to show the aircraft descending. [1, p. 6]
At 8:46:40, American 11
crashed into the North
Tower of the World
Trade Center in New
York City. All on board,
along with an unknown
number of people in the
tower, were killed
instantly.
39
Chapter 3: We Have Some Planes
At 8:44 contact was lost with Betty Ong. About this time Sweeney reported
“Something is wrong. We are in a rapid descent… we are all over the place.” When
asked to look out the window, Sweeney reported “We are flying low. We are flying
very, very low. We are flying way too low.” Seconds later she said, “Oh my God we are
way too low.” The phone call ended. [1, p. 7]
At 8:46:40, American 11 crashed into the North Tower of the World Trade Center in
New York City. All on board, along with an unknown number of people in the tower,
were killed instantly. [1, p. 7]
The Hijacking of United 175
United Airlines Flight 175 was scheduled to depart for Los Angeles at 8:00. Captain
Victor Saracini and First Officer Michael Horrocks piloted the Boeing767, which had
seven flight attendants. Fifty-six passengers boarded the flight. [1, p. 7]
United 175 pushed back from its gate at 7:58 and departed Logan Airport at 8:14. By
8:33, it had reached its assigned cruising altitude of 31,000 feet. The flight attendants
would have begun their cabin service. [1, p. 7]
The hijackers attacked sometime between 8:42 and 8:46. They used knives, Mace, and
the threat of a bomb. They stabbed members of the flight crew. Both pilots had been
killed. The eyewitness accounts came from calls made from the rear of the plane, from
passengers originally seated further forward in the cabin, a sign that passengers and
perhaps crew had been moved to the back of the aircraft. [1, p. 7]
The first operational evidence that something was abnormal on United 175 came at
8:47 when the aircraft changed beacon codes twice within a minute. At 8:51, the flight
deviated from its assigned altitude, and a minute later New York air traffic controllers
began repeatedly and unsuccessfully trying to contact it. [1, p. 7]
At 8:52, in Easton, Connecticut, a man named Lee Hanson received a phone call from
his son Peter, a passenger on United 175. His son told him: “I think they’ve taken over
the cockpit–an attendant has been stabbed–and someone else up front may have
been killed. The plane is making strange moves. Call United Airlines–Tell them it’s
Flight 175, Boston to LA.” Lee Hansen then called the Easton Police Department and
relayed what he had heard. [1, p. 7]
The first operational
evidence that something
was abnormal on United
175 came at 8:47 when
the aircraft changed
beacon codes twice
within a minute. At
8:51, the flight deviated
from its assigned
altitude, and a minute
later New York air traffic
controllers began
repeatedly and
unsuccessfully trying to
contact it.
40
Part I: Hard Lessons
Also at 8:52, a male flight attendant called a United office in San Francisco. The flight
attendant reported that the flight had been hijacked, both pilots killed, a flight
attendant stabbed, and the hijackers were probably flying the plane. The call lasted
about two minutes. [1, pp. 7-8]
At 8:58, the flight took a heading toward New York City. At 8:59, Flight 175 passenger
Brian David Sweeney tried to call his wife, Julie. He left a message on their home
answering machine that the plane had been hijacked. He then called his mother, Luise
Sweeney, told her the flight had been hijacked, and added that the passengers were
thinking about storming the cockpit to take control of the plane away from the
hijackers. [1, p. 8]
At 9:00, Lee Hanson received a second call from his son Peter: It’s getting bad, Dad–A
stewardess was stabbed–They seem to have knives and Mace–They said they have a
bomb–It’s getting very bad on the plane–Passengers are throwing up and getting sick–
The plane is making jerky movements–I don’t think the pilot is flying the plane–I think
we are going down–I think they intend to go to Chicago or someplace and fly into a
building–Don’t worry Dad–If it happens, it’ll be very fast–My God, my God. [1, p. 8]
The call ended abruptly. Lee Hanson had heard a woman scream just before it cut off.
He turned on a television, and in her home so did Luise Sweeney. Both then saw the
second aircraft hit the World Trade Center. [1, p. 8]
At 9:03:11, United Airlines Flight 175 struck the South Tower of the World Trade
Center. All on board, along with an unknown number of people in the tower, were
killed instantly. [1, p. 8]
At 9:03:11, United
Airlines Flight 175 struck
the South Tower of the
World Trade Center. All
on board, along with an
unknown number of
people in the tower,
were killed instantly.
41
Chapter 3: We Have Some Planes
The Hijacking of American 77
American Airlines Flight 77 was scheduled to depart from Washington Dulles for Los
Angeles at 8:10. The aircraft was a Boeing 757 piloted by Captain Charles F.
Burlingame and First Officer David Charlebois. There were four flight attendants. On
September 11, the flight carried 58 passengers. [1, p. 8]
American 77 pushed back from its gate at 8:09 and took off at 8:20. At 8:46, the flight
reached its assigned cruising altitude of 35,000 feet. Cabin service would have begun.
At 8:51, American 77 transmitted its last routine radio communication. The hijacking
began between 8:51 and 8:54. As on American 11 and United 175, the hijackers used
knives and moved all the passengers to the rear of the aircraft. Unlike the earlier
flights, the Flight 77 hijackers were reported by a passenger to have box cutters.
Finally, a passenger reported that an announcement had been made by the “pilot” that
the plane had been hijacked. Neither of the firsthand accounts mentioned any
stabbings or the threat or use of either a bomb or Mace, though both witnesses began
the flight in the first-class cabin. [1, p. 8]
At 8:54, the aircraft deviated from its assigned course, turning south. Two minutes
later the transponder was turned off and even primary radar contact with the aircraft
was lost. The Indianapolis Air Traffic Control Center repeatedly tried and failed to
contact the aircraft. American Airlines dispatchers also tried, without success. [1, p. 9]
At 9:00, American Airlines Executive Vice President Gerard Arpey learned that
communications had been lost with American 77. This was now the second American
aircraft in trouble. He ordered all American Airlines flights in the Northeast that had
not taken off to remain on the ground. After learning that United Airlines was missing
a plane, American Airlines headquarters extended the ground stop nationwide. [1, p. 9]
At 9:12, Renee May called her mother, Nancy May, in Las Vegas. She said her flight
was being hijacked by six individuals who had moved them to the rear of the plane.
She asked her mother to alert American Airlines. Nancy May and her husband
promptly did so. [1, p. 9]
As some point between 9:16 and 9:26, Barbara Olson called her husband, Ted Olson,
the solicitor general of the United States. She reported that the flight had been
hijacked, and the hijackers had knives and box cutters. She further indicated that the
hijackers were not aware of her phone call, and that they had put all the passengers in
the back of the plane. About a minute into the conversation the call was cut off. [1, p.
9]
At 8:54, American 77
deviated from its
assigned course, turning
south. Two minutes
later the transponder
was turned off and even
primary radar contact
with the aircraft was
lost. The Indianapolis
Air Traffic Control
Center repeatedly tried
and failed to contact the
aircraft. American
Airlines dispatchers also
tried, without success.
42
Part I: Hard Lessons
Shortly after the first call, Barbara Olson reached her husband again. She reported that
the pilot had announced that the flight had been hijacked, and she asked her husband
what she should tell the captain to do. Ted Olson asked for her location and she
replied that the aircraft was then flying over houses. Another passenger told her they
were traveling northeast. The Solicitor General then informed his wife of the two
previous hijackings and crashes. She did not display signs of panic and did not indicate
any awareness of an impending crash. At that point the second call was cut off. [1, p.
9]
At 9:20, the autopilot on American 77 was disengaged; the aircraft was at 7,000 feet
and approximately 38 miles west of the Pentagon. At 9:32, controllers at the Dulles
Terminal Radar Approach Control “observed a primary radar target tracking eastbound
at a high rate of speed.” This was later determined to have been Flight 77. [1, p. 9]
At 9:34, Ronald Reagan Washington National Airport advised the Secret Service of an
unknown aircraft heading in the direction of the White House. American 77 was then 5
miles west-southwest of the Pentagon and began a 330 degree turn. At the end of the
turn, it was descending through 2,200 feet, pointed toward the Pentagon and
downtown Washington. The hijacker pilot then advanced the throttles to maximum
power an dove toward the Pentagon. [1, p. 9]
At 9:37:46, American Airlines Flight 77 crashed into the Pentagon, traveling at
approximately 530 miles per hour. All on board, as well as many civilian and military
personnel in the building, were killed. [1, p. 10]
The Battle for United 93
At 8:42, United Airlines Flight 93 took off from Newark (New Jersey) Liberty
International Airport bound for San Francisco. The aircraft was piloted by Captain
Jason Dahl and First Officer Leroy Homer, and there were five flight attendants. Thirty-
seven passengers, including the hijackers, boarded the plane. Scheduled to depart the
gate at 8:00, the Boeing 757’s takeoff was delayed because of the airport’s typically
heavy morning traffic. [1, p. 10]
As United 93 left Newark, the flight’s crew members were unaware of the hijacking of
American 11. Around 9:00, the FAA, American, and United were facing the staggering
realization of apparent multiple hijackings. At 9:03, they would see another aircraft
strike the World Trade Center. Crisis managers at the FAA and the airlines did not yet
act to warn other aircraft. At the same time, Boston Center realized that a message
transmitted just before 8:25 by the hijacker pilot of American 11 included the phrase,
“We have some planes.” [1, p. 10]
At 9:37:46, American
Airlines Flight 77
crashed into the
Pentagon, traveling at
approximately 530 miles
per hour. All on board,
as well as many civilian
and military personnel
in the building, were
killed.
43
Chapter 3: We Have Some Planes
The hijackers attacked at 9:28. While traveling 35,000 feet above eastern Ohio, United
93 suddenly dropped 700 feet. Eleven seconds into the descent, the FAA’s air traffic
control center in Cleveland received the first of two radio transmissions from the
aircraft. During the first broadcast, the captain or first officer could be heard declaring
“Mayday” amid the sounds of a physical struggle in the cockpit. The second radio
transmission, 35 seconds later, indicated that the fight was continuing. The captain or
first officer could be heard shouting: “Hey get out of here–get out of here–get out of
here.” [1, p. 11]
At 9:32, a hijacker, probably Jarrah, made or attempted to make the following
announcement to the passengers of Flight 93: “Ladies and Gentlemen: Here the
captain, please sit down keep remaining sitting. We have a bomb on board. So, sit.”
The flight data recorder (also recovered) indicates that Jarrah then instructed the
plane’s autopilot to turn the aircraft around and head east. [1, p. 11]
The cockpit voice recorder data indicate that a woman, most likely a flight attendant,
was being held captive in the cockpit. She struggled with one of the hijackers who
killed or otherwise silenced her. [1, p. 12]
Shortly thereafter, the passengers and flight crew began a series of calls from GTE
airphones and cellular phones. The calls between family, friends, and colleagues took
place until the end of the flight and provided those on the ground with firsthand
accounts. They enabled the passengers to gain critical information, including the news
that two aircraft had slammed into the World Trade Center. [1, p. 12]
Five calls described the intent of passengers and surviving crew members to revolt
against the hijackers. According to one call, they voted on whether to rush the
terrorists in an attempt to retake the plane. They decided, and acted. [1, p. 13]
At 9:57, the passenger assault began. Several passengers had terminated phone calls
with loved ones in order to join the revolt. One of the callers ended her message as
follows: “Everyone’s running up to first class. I’ve got to go. Bye.” [1, p. 13]
The cockpit voice recorder captured the sounds of the passenger assault muffled by
the intervening cockpit door. Some family members who listened to the recording
report that they can hear the voice of a loved one among the din. We cannot identify
whose voices can be heard. But the assault was sustained. [1, p. 13]
Aboard United 93, five
calls described the
intent of passengers and
surviving crew members
to revolt against the
hijackers. According to
one call, they voted on
whether to rush the
terrorists in an attempt
to retake the plane.
They decided, and
acted.
44
Part I: Hard Lessons
In response, Jarrah immediately began to roll the airplane to the left and right,
attempting to knock the passengers off balance. At 9:58:57, Jarrah told another
hijacker in the cockpit to block the door. Jarrah continued to roll the airplane sharply
left and right, but the assault continued. At 9:59:52, Jarrah changed tactics and
pitched the nose of the airplane up and down to disrupt the assault. The recorder
captured the sounds of loud thumps, crashes, shouts, and breaking glasses and plates.
At 10:00:03, Jarrah stabilized the airplane. [1, pp. 13-14]
Five seconds later, Jarrah asked, “Is that it? Shall we finish it off?” A hijacker
responded, “No. Not yet. When they all come, we finish it off.” The sounds of fighting
continued outside the cockpit. Again, Jarrah pitched the nose of the aircraft up and
down. At 10:00:26, a passenger in the background said, “In the cockpit. If we don’t
we’ll die!” Sixteen seconds later, a passenger yelled, “Roll it!” Jarrah stopped the
violent maneuvers about 10:01:00 and said, “Allah is the greatest! Allah is the
greatest!” He then asked another hijacker in the cockpit. “Is that it? I mean, shall we
put it down?” To which the other replied, “Yes, put it in it, and pull it down.” [1, p. 14]
The passengers continued their assault and at 10:02:23, a hijacker said, “Pull it down!
Pull it down!” The hijackers remained at the controls but must have judged that the
passengers were only seconds from overcoming them. The airplane headed down; the
control wheel was turned hard to the right. The airplane rolled onto its back, and one
of the hijackers began shouting “Allah is the greatest. Allah is the greatest.” With the
sounds of the passenger counterattack continuing, the aircraft plowed into an empty
field in Shanksville, Pennsylvania, at 580 miles per hour, about 20 minutes flying time
from Washington, D.C. [1, p. 14]
Jarrah’s objective was to crash his airliner into symbols of the American Republic, the
Capitol or the White House. He was defeated by the alerted, unarmed passengers of
United 93. [1, p. 14]
Table 3-2: 9/11 Timeline
11 Sep 01 Flt. Events
07:59 AA 11 Takeoff from Boston Logan
08:14 UA 175 Takeoff from Boston Logan
08:19 AA 11 Report of Onboard Trouble
08:20 AA 77 Takeoff from Dulles
08:41 AA 11 Declared Hijacking
08:42 UA 175 Suspected Time of Attack
08:42 UA 93 Takeoff from Newark
08:46 AA 11 Crashes into WTC North Tower
08:47 UA 175 Aircraft Beacon Codes Changed
08:51 AA 77 Suspected Time of Attack
08:54 AA 77 Aircraft Deviates from Course
09:03 UA 175 Crashes into WTC South Tower
09:28 UA 93 Suspected Time of Attack
09:32 AA 77 Tracked Inbound to DC
09:37 AA 77 Crashes into Pentagon
09:57 UA 93 Passengers Assault Hijackers
10:03 UA 93 Crashes in Shanksville, PA
At 10:02:23, with the
sounds of the passenger
counterattack
continuing, United 93
plowed into an empty
field in Shanksville,
Pennsylvania, at 580
miles per hour, about 20
minutes flying time from
Washington, D.C.
45
Chapter 3: We Have Some Planes
Conclusion
More than 2,600 people died at the World Trade Center; 125 died at the Pentagon;
256 died on the four planes. The death toll surpassed that at Pearl Harbor in December
1941. This immeasurable pain was inflicted by 19 young Arabs acting at the behest of
Islamist extremists headquartered in distant Afghanistan. Some had been in the United
States for more than a year, mixing with the rest of the population. Though four had
training as pilots, most were not well-educated. Most spoke English poorly, some
hardly at all. In groups of four or five, carrying with them only small knives, box cutters,
and cans of Mace or pepper spray, they had hijacked the four planes and turned them
into deadly guided missiles.
Table 3-2: 9/11 Timeline
11 Sep 01 Flt. Events
07:59 AA 11 Takeoff from Boston Logan
08:14 UA 175 Takeoff from Boston Logan
08:19 AA 11 Report of Onboard Trouble
08:20 AA 77 Takeoff from Dulles
08:41 AA 11 Declared Hijacking
08:42 UA 175 Suspected Time of Attack
08:42 UA 93 Takeoff from Newark
08:46 AA 11 Crashes into WTC North Tower
08:47 UA 175 Aircraft Beacon Codes Changed
08:51 AA 77 Suspected Time of Attack
08:54 AA 77 Aircraft Deviates from Course
09:03 UA 175 Crashes into WTC South Tower
09:28 UA 93 Suspected Time of Attack
09:32 AA 77 Tracked Inbound to DC
09:37 AA 77 Crashes into Pentagon
09:57 UA 93 Passengers Assault Hijackers
10:03 UA 93 Crashes in Shanksville, PA
46
Part I: Hard Lessons
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. Who was responsible for airport security on 9/11?
2. Describe three airport security measures the 19 hijackers defeated on 9/11.
3. What was the purpose of hijacking transcontinental passenger jets?
4. Describe three different methods the hijackers used to subdue aircraft cabin and crew.
5. How were the hijackers able to evade FAA tracking?
6. Why do you suppose the Twin Towers and Pentagon were selected as targets?
7. What do you suppose was the target of the fourth aircraft?
8. Why do you suppose the passengers of the first three aircraft didn’t mount a collective resistance?
9. Identify five similarities between 9/11 and the 1995 Tokyo subway attacks.
10. Do you think a similar attack would be successful today? Explain your answer.
47
And They Saved Many
Careful study of this chapter will help a student do the following:
Describe emergency response efforts in New York City on 9/11.
Evaluate emergency response efforts in New York City on 9/11.
Appreciate the dedication and effectiveness of first responders on 9/11.
Chapter 4
Learning Outcomes
Chapter 4: And They Saved Many
48
Part I: Hard Lessons
“That day we lost 2,752 people at the World Trade Center; 343 were firefighters. But
we also saved 25,000 people. And that’s what people should remember because
firefighters and rescuers went in and they knew it was dangerous, but they went in to
save people. And they saved many.”
– 9/11 Commission Staff Statement No. 13, 2004
Introduction
Unlike most of America, both New York City and the World Trade Center had been the
target of terrorist attacks before 9/11. On February 26, 1993, a 1,500-pound bomb
stashed in a rental van was detonated on a parking garage ramp beneath the Twin
Towers. The explosion killed six people, injured 1,000 more, and exposed
vulnerabilities in the World Trade Center’s and the City’s emergency preparedness. The
towers lost power and communications capability. Generators had to be shut down to
assure safety. Elevators stopped. The public address system and emergency lighting
systems failed. The unlit stairwells filled with smoke and were so dark as to be
impassable. Rescue efforts by the Fire Department of New York were hampered by the
inability of its radios to function in buildings as large as the Twin Towers. The 9-1-1
emergency call system was overwhelmed. [1, p. 3] Despite a $100 million overhaul to
the WTC, including fire safety enhancements, many of the same problems plagued the
WTC response on 9/11. This chapter reviews the emergency response to the 9/11
attacks in New York City, and examines compounding factors that contributed to the
largest loss of life of any emergency response agency in U.S. history.
The World Trade Center
The World Trade Center (WTC) complex was built for the Port Authority of New York
and New Jersey. Construction began in 1967, and tenants began to occupy its space in
1970. The Twin Towers came to occupy a unique and symbolic place in the culture of
New York City and America. [1, p. 2]
The WTC actually consisted of seven buildings, including one hotel, spread across 16
acres of land. The buildings were connected by an underground mall one level below
the plaza area. The Twin Towers (“1 WTC” or the “North Tower,” and “2 WTC” or the
“South Tower”) were the signature structures, containing 10.4 million square feet of
office space. On any given work day up to 50,000 office workers occupied the towers,
and 40,000 visitors passed through the complex. [1, p. 2]
The WTC actually
consisted of seven
buildings spread across
16 acres, connected by
an underground mall.
The Twin Towers were
the signature structures,
containing 10.4 million
square feet of office
space. On any given
work day up to 50,000
office workers occupied
the towers, and 40,000
visitors passed through
the complex.
49
Chapter 4: And They Saved Many
The Twin Towers
Both towers had 110 stories and were about 1,350 feet high. Both were square; each
wall measured 208 feet in length. The outside of each tower was covered by a frame of
14- inch-wide steel columns; the centers of the steel columns were 40 inches apart.
These exterior walls bore the majority of the weight of the building. [1, p. 2]
The interior core of the buildings was a hollow steel shaft, in which elevators and
stairwells were grouped. Each tower contained three central stairwells, which ran
essentially from top to bottom, and 99 elevators. Generally, elevators originating in the
lobby ran to “sky lobbies” on upper floors, where further elevators carried passengers
to the tops of the buildings. [1, p. 2]
Stairwells A and C ran from the 110th floor to the mezzanine level and Stairwell B ran
from the 107th floor to level B6. All three stairwells ran essentially straight up and
down, except for two deviations in Stairwells A and C where the staircase jutted out
toward the perimeter of the building. These deviations were necessary because of the
placement of heavy elevators and machine rooms. These areas were located between
the 42nd and 48th floors and the 76th and 82nd floors in both towers. [1, p. 2]
On the upper and lower boundaries of these deviations were “transfer” hallways
contained within the stairwell proper. Each hallway contained “smoke doors” to
prevent smoke from rising from lower to upper portions of the building. Smoke doors
were kept closed but not locked. Other than these slight deviations in Stairwells A and
C, the stairs ran straight up and down. [1, p. 2]
Doors leading to the roof were kept locked. The Port Authority told us that this was
because of structural and radiation hazards, and for security reasons. To access the
roof in either towers required passing through three doors: one leading from the
stairwell onto the 110th floor, and two leading from the floor onto the roof itself.
There was no rooftop evacuation plan. The roof was a cluttered surface that would be
a challenging helipad even in good conditions and, in a fire, smoke from the building
would travel upward. [1, pp. 2-3]
Emergency Preparedness
To address the problems encountered during the response to the 1993 bombing, the
Port Authority implemented $100 million in physical, structural, and technological
changes to the WTC. In addition, the Port Authority enhanced its fire safety plan. [1, p.
3]
50
Part I: Hard Lessons
The Port Authority added battery-powered emergency lighting to the stairwells and
backup power to its alarm system. Other upgrades included glow-in-the-dark signs and
markings. Upgrades to the elevator system included a redesign of each building’s lobby
command board to enable it to monitor all of the elevators. [1, p. 3]
To aid communications the Port Authority installed a “repeater system” for use by the
Fire Department of New York. The “repeater” used an antenna on the top of 5 WTC to
“repeat” and greatly amplify the wave strength of radio communications, so they could
be heard more effectively by firefighters operating many floors apart. [1, p. 3]
The Port Authority also sought to prepare civilians better for future emergencies.
Deputy fire safety directors conducted biannual fire drills, with advance notice to
tenants. During a fire drill, designated fire wardens were instructed to lead people in
their respective areas to the center of the floor where they would use an emergency
intercom phone to obtain specific information on how to proceed. [1, p. 3]
Civilians were taught basic procedures such as to evacuate by the stairs and to check
doors for heat before proceeding. Civilians who evacuated in both 1993 and 2001 have
told us that they were better prepared in 2001. [1, p. 3]
Civilians were not, however, directed into the stairwells during these drills. Civilians
were not provided information about the configuration of the stairwells and the
existence of transfer hallways or smoke doors. Neither full nor partial evacuation drills
were held. Participation in the drills that were held, moreover, varied greatly from
tenant to tenant. [1, pp. 3-4]
Civilians were never instructed not to evacuate up. The standard fire drill instructions
advised participants that in the event of an actual emergency, they would be directed
to descend to at least two floors below the fire. Most civilians recall simply being
taught to await instructions which would be provided at the time of an emergency. [1,
p. 4]
Civilians were not informed that rooftop evacuations were not part of the Port
Authority’s evacuation plan. They were not informed that access to the roof required a
key. The Port Authority acknowledges that it had no protocol for rescuing people
trapped above a fire in the towers. [1, p. 4]
Civilians were not
informed that rooftop
evacuations were not
part of the Port
Authority’s evacuation
plan. They were not
informed that access to
the roof required a key.
The Port Authority
acknowledges that it
had no protocol for
rescuing people trapped
above a fire in the
towers.
51
Chapter 4: And They Saved Many
First Responders
On 9/11, the principal first responders were from the Fire Department of New York
(FDNY), the New York Police Department (NYPD), the Port Authority Police Department
(PAPD), and the Mayor’s Office of Emergency Management (OEM). [1, p. 4]
NYPD
The 40,000-officer New York Police Department consisted of three primary divisions:
operations, intelligence, and administration. The Special Operations Division
supervised units critical in responding to a major event. This division included the
aviation unit, which provided helicopters for the purpose of survey and/or rescue, and
the Emergency Service Units (ESU), or rescue teams, which carried out specialized
missions. [1, p. 4]
The NYPD had standard operating procedures for the dispatch of officers to an
incident. Gradations in response were called “mobilization” levels and went from 1
(lowest) to 4 (highest). Level 3 and 4 mobilizations could not be ordered by someone
below the rank of captain. [1, p. 4]
The NYPD ran the City’s 9-1-1 emergency call center. 9-1-1 operators were civilians
trained in the rudiments of emergency response. Fire emergencies were transferred to
the FDNY dispatch center. [1, p. 4]
FDNY
The 11,000-member Fire Department of New York was headed by a Fire Commissioner,
who, unlike the Police Commissioner, lacked operational authority. Operations were
controlled by the Chief of the Fire Department. The logistics of fire operations were
coordinated by Fire Dispatch Operations division. 9-1-1 calls concerning fire
emergencies were transferred to this division. [1, p. 4]
Basic operating units included ladder companies, to conduct standard rescue
operations, and engine companies, to put out fires. The Department’s Specialized
Operations Command contained specialized units, including five rescue companies, to
perform specialized and highly risky rescue operations, and one HAZMAT team. [1, p.
4]
On 9/11, the principal
first responders were
from the Fire
Department of New
York (FDNY), the New
York Police Department
(NYPD), the Port
Authority Police
Department (PAPD), and
the Mayor’s Office of
Emergency
Management (OEM).
52
Part I: Hard Lessons
Alarm levels escalated from first (lowest) to fifth (highest) with a pre-established
number of units associated with each. Prior to 9/11, it was common FDNY practice for
units to arrive with extra personnel, and for off-duty firefighters to respond to major
incidents. . [1, p. 5]
The years leading up to 9/11 were successful ones for the FDNY. In 2000, fewer people
died from fires in New York City—107—than in any year since 1946. Firefighter
deaths—22 during the 1990s—compared favorably with the best periods in FDNY
history. The FDNY had fought 153,000 fires in 1976; in 1999, that number had been
reduced to 60,000. [1, p. 5]
Emergency Operations
In July 2001, Mayor Rudolph Giuliani signed a directive entitled “Direction and Control
of Emergencies in the City of New York.” Its purpose was “to ensure the optimum use
of agency resources while … eliminating potential conflict among responding agencies
which may have areas of overlapping expertise and responsibility.” [1, p. 5]
The directive designated, for different types of emergencies, an appropriate agency as
“Incident Commander.” The Incident Commander would be “responsible for the
management of the City’s response to the emergency.” The role of the Mayor’s Office
of Emergency Management was supportive, to “coordinate the participation of all city
agencies in resolving the event,” and to “assist the Incident Commander in his/her
efforts in the development and implementation of the strategy for resolving the
event.” [1, p. 5]
The Mayor’s creation of the Office of Emergency Management and the issuance of his
Incident Command Directive were attempts to address the long-standing rivalry
between the NYPD and the FDNY. This rivalry has been acknowledged by every witness
we have asked about it. Some characterized the more extreme manifestations of the
rivalry—fistfights at the scenes of emergencies, for instance—as the actions of “a few
knuckleheads.” Some described the rivalry as the result of healthy organizational pride
and competition. Others told us that the problem has escalated over time and has
hampered the ability of the City to respond well in emergency situations. [1, p. 5]
The NYPD and the FDNY were two of the preeminent emergency response
organizations in the United States. But each considered itself operationally
autonomous. Each was accustomed to responding independently to emergencies. By
September 11 neither had demonstrated the readiness to respond to an “Incident
Commander” if that commander was an official outside of their Department. The
Mayor’s Office of Emergency Management had not overcome this problem. [1, p. 5]
The Mayor’s creation of
the Office of Emergency
Management and the
issuance of his Incident
Command Directive
were attempts to
address the long-
standing rivalry
between the NYPD and
the FDNY.
53
Chapter 4: And They Saved Many
September 11, 2001
At 8:46:40 a.m. the hijacked American Airlines Flight 11 flew into the upper portion of
the North Tower. [1, p. 6]
A jet fuel fireball erupted upon impact, and shot down at least one bank of elevators.
The fireball exploded onto numerous lower floors, including the 77th, 50th, 22nd,
West Street lobby level, and the B4 level, four stories below ground. The burning jet
fuel immediately created thick, black smoke which enveloped the upper floors and
roof of the North Tower. The roof of the South Tower was also engulfed in smoke
because of prevailing light winds from the north. [1, p. 6]
Within minutes, New York City’s 9-1-1 system was flooded with eyewitness accounts of
the event. Most callers correctly identified the target of the attack. Some identified the
plane as a commercial airliner. [1, p. 6]
The first response came from private firms and individuals—the people and companies
in the building. Everything that would happen to them during the next few minutes
would turn on their circumstances and their preparedness, assisted by building
personnel on site. [1, p. 6]
Trapped
Because all of the building’s stairwells were destroyed in the impact zone, the
hundreds of survivors trapped on or above the 92nd floor gathered in large and small
groups, primarily between the 103rd and 106th floors. A large group was reported on
the 92nd floor, technically below the impact but trapped by debris. Civilians were also
reported trapped below the impact zone, mostly on floors in the eighties, though also
on at least the 47th and 22nd floors, as well as in a number of elevators. [1, p. 6]
Because of damage to the building’s systems, civilians did not receive instructions on
how to proceed over the public address system. Many were unable to use the
emergency intercom phones as instructed in fire drills. Many called 9-1-1. [1, p. 6]
At 8:46:40 a.m. the
hijacked American
Airlines Flight 11 flew
into the upper portion of
the North Tower. The
first response came
from private firms and
individuals—the people
and companies in the
building. Everything that
would happen to them
during the next few
minutes would turn on
their circumstances and
their preparedness,
assisted by building
personnel on site.
54
Part I: Hard Lessons
9-1-1 operators and FDNY dispatchers had no information about either the location or
magnitude of the impact zone and were therefore unable to provide information as
fundamental as whether callers were above or below the fire. 9-1-1 operators were
also not given any information about the feasibility of rooftop rescues. In most
instances, 9-1- 1 operators and FDNY dispatchers, to whom the 9-1-1 calls were
transferred, therefore relied on standard operating procedure for high-rise fires. Those
procedures are to advise civilians to stay low, remain where they are, and wait for
emergency personnel to reach them. This advice was given to callers from the North
Tower for locations both above and below the impact. [1, pp. 6-7]
The protocol of advising against evacuation, of telling people to stay where they were,
was one of the lessons learned from the 1993 bombing. Fire chiefs told us that the
evacuation of tens of thousands of people from skyscrapers can create many new
problems, especially for disabled individuals or those in poor health. Many of the
injuries after the 1993 bombing occurred during the evacuation. Evacuees also may
complicate the movements and work of firefighters and other emergency workers. [1,
p. 7]
Although the default guidance to stay in place may seem understandable in cases of
conventional high rise fires, all the emergency officials that morning quickly judged
that the North Tower should be evacuated. The acting fire safety director in the North
Tower immediately ordered everyone to evacuate that building, but the public address
system was damaged and no one apparently heard the announcement. [1, p. 7]
Hence, one of the few ways to communicate to people in the building was through
calls to the 9-1-1 or other emergency operators. We found no protocol for
communicating updated evacuation guidance to the 9-1-1 operators who were
receiving calls for help. Improvising as they learned information from callers, some
operators advised callers that they could break windows. Some operators were
advising callers to evacuate if they could. [1, p. 7]
Evacuation
Below the impact zone in the North Tower, those civilians who could began evacuating
down the stairs almost immediately. [1, p. 7]
Although the default
guidance to stay in place
seemed understandable
in cases of conventional
fire, all the emergency
officials that morning
quickly judged that the
North Tower should be
evacuated. The acting
fire safety director in the
North Tower
immediately ordered
everyone to evacuate
that building, but the
public address system
was damaged and no
one apparently heard
the announcement.
55
Chapter 4: And They Saved Many
Civilians who called the Port Authority police desk at 5 WTC were advised to leave if
they could. Most civilians began evacuating without waiting to obtain instructions over
the intercom system. Some had trouble reaching the exits because of damage caused
by the impact. While evacuating, they were confused by deviations in the increasingly
crowded stairwells, and impeded by doors which were locked or jammed as a result of
the impact. Despite these obstacles, the evacuation was relatively calm and orderly. [1,
p. 7]
Within ten minutes of impact, smoke was beginning to rise to the upper floors in
debilitating volumes and isolated fires were reported, although there were some
pockets of refuge. Faced with insufferable heat, smoke, and fire, and no prospect for
relief, some jumped or fell from the building. [1, p. 8]
Confusion Next Door
Many civilians in the South Tower were unaware initially of what happened in the
other tower. Many people decided to leave. Some were advised to do so by fire
wardens. In addition, some entire companies, including Morgan Stanley, which
occupied over 20 floors of the South Tower, were evacuated by company security
officials. [1, p. 8]
The evacuation standard operating procedures did not provide a specific protocol for
when to evacuate one tower in the event of a major explosion in the other. At 8:49
a.m. the deputy fire safety director in the North Tower spoke with his counterpart in
the South Tower. They agreed to wait for the FDNY to arrive before determining
whether to evacuate the South Tower. According to one fire chief, it was unimaginable,
“beyond our consciousness,” that another plane might hit the adjacent tower. [1, p. 8]
In the meantime, an announcement came over the public address system in the South
Tower urging people to stay in place. Indeed, evacuees in the sky lobbies and the main
lobby were advised by building personnel to return to their offices. The Port Authority
told us that the advice may have been prompted by the safety hazard posed by falling
debris and victims outside the building. Similar advice was given by security officials in
the sky lobby of the South Tower. We do not know the reason for this advice, in part
because the on-duty deputy fire safety director in charge of the South Tower perished
in the tower’s collapse. As a result of the announcement, many civilians in the South
Tower remained on their floors. Others reversed their evacuation and went back up.
The Port Authority Police desk in 5 WTC gave conflicting advice to people in the South
Tower about whether to evacuate. [1, pp. 8-9]
Within ten minutes of
impact, smoke was
beginning to rise to the
upper floors in
debilitating volumes and
isolated fires were
reported, although there
were some pockets of
refuge. Faced with
insufferable heat,
smoke, and fire, and no
prospect for relief, some
jumped or fell from the
building.
56
Part I: Hard Lessons
FDNY Response
The FDNY response began immediately after the crash. Chief Pfeifer, Deputy Assistant
Chief, FDNY and four companies arrived at about 8:52 a.m. As they entered the lobby,
they immediately encountered badly burned civilians who had been caught in the path
of the fireball. [1, p. 9=10]
Peter Hayden, Assistant Chief, FDNY, and Chief Pfeifer, the initial FDNY incident
commanders were briefed on building systems by building personnel. Units began
mobilizing in the increasingly crowded lobby. It was challenging for the chiefs to keep
track of arriving units. They were frustrated by the absence of working building
systems and elevators. [1, p. 10]
Shortly before 9:00 a.m., FDNY chiefs advised building personnel and a Port Authority
Police Department officer to evacuate the adjacent South Tower. Impressed by the
magnitude of the catastrophe, fire chiefs had decided to clear the whole WTC complex,
including the South Tower. [1, p. 11]
By 9:00 a.m., many senior FDNY leaders, including seven of the eleven most highly
ranked chiefs in the department, had begun responding from headquarters in
Brooklyn. The Chief of Department and the Chief of Operations called a 5th alarm,
which would bring additional engine and ladder companies; they also called two more
FDNY Rescue teams. The Chief of Department arrived at approximately 9:00 a.m. He
established an overall Incident Command Post on the median of the West Side
Highway. [1, p. 11]
Emergency Medical Service (EMS) personnel were directed to one of four triage areas
around the perimeter of the WTC. In addition, many private hospital ambulances were
rushing to the WTC complex. [1, p. 11]
In the North Tower lobby, the chiefs quickly made the decision that the fire in the
North Tower could not be fought. The chiefs decided to concentrate on evacuating
civilians from the North Tower, although they held various views about whether
anyone at or above the impact zone could be saved. [1, p. 11]
As of 9:00 a.m., if only those units dispatched had responded, and if those dispatched
units were not “riding heavy” with extra men, 235 firefighters would be at the scene or
enroute. The vast majority of these would be expected to enter the North Tower. [1, p.
11]
The FDNY response
began immediately after
the crash. Chief Pfeifer,
Deputy Assistant Chief,
FDNY and four
companies arrived at
about 8:52 a.m. Shortly
before 9:00 a.m., FDNY
chiefs advised building
personnel and a Port
Authority Police
Department officer to
evacuate the adjacent
South Tower. Impressed
by the magnitude of the
catastrophe, fire chiefs
had decided to clear the
whole WTC complex.
57
Chapter 4: And They Saved Many
NYPD Response
The NYPD response also began seconds after the crash. At 8:47 a.m. the NYPD ordered
a Level 3 Mobilization. An initial mobilization point for patrol officers was established
on the west side of the intersection of West and Liberty Streets. NYPD rescue teams
were directed to mobilize at the intersection of Church and Vesey Streets. The first of
these officers arrived at Church and Vesey at 8:56 a.m. At 8:50 a.m., the aviation unit
of the NYPD dispatched two helicopters to the WTC to report on conditions and assess
the feasibility of a rooftop landing or special rescue operations. [1, p. 12]
Within ten minutes of the crash, NYPD and Port Authority Police personnel were
assisting with the evacuation of civilians. [1, p. 12]
At 8:58 a.m., a helicopter pilot reported on rooftop conditions for the possibility of
rooftop extraction. They didn’t see anybody up on the roof. Even so, the heat and the
smoke from the building interfered with the rotor system, making it difficult to hold
position. [1, p. 12]
At 8:58 a.m., while enroute, the Chief of the NYPD raised the department’s
mobilization to Level 4—its highest level—which would result in the dispatch of
approximately 30 lieutenants, 100 sergeants, and 800 police officers, in addition to
rescue teams, which were already at the scene. The Chief of Department arrived at
Church and Vesey at 9:00 a.m. [1, p. 12]
At 9:01 a.m., the NYPD patrol mobilization point at West and Liberty was moved to
West and Vesey, in order to handle the greater number of patrol officers who would
be responding to the Level 4 mobilization. These officers would be stationed around
the perimeter of the complex to assist with evacuation and crowd control. [1, p. 13]
Around the city, the NYPD cleared routes along major thoroughfares for emergency
vehicles responding to the WTC. The NYPD and Port Authority police coordinated the
closing of bridges, subways, PATH trains, and tunnels into Manhattan. [1, p. 13]
The NYPD response also
began seconds after the
crash. At 8:47 a.m. the
NYPD ordered a Level 3
Mobilization. At 8:58
a.m., the NYPD Chief
raised the department’s
mobilization to Level 4—
its highest level—which
would result in the
dispatch of
approximately 30
lieutenants, 100
sergeants, and 800
police officers, in
addition to rescue
teams, which were
already at the scene.
58
Part I: Hard Lessons
Port Authority Response
The Port Authority’s on-site commanding police officer was standing in the concourse
when a fireball exploded out of the North Tower lobby, causing him to dive for cover.
Within minutes of impact Port Authority police from bridge, tunnel, and airport
commands began responding to the WTC. Officers from the WTC command began
assisting in evacuating civilians. The Port Authority Police Department lacked clear
standard operating procedures to guide personnel responding from one command to
another during a major incident. [1, p. 13]
The fire safety director in charge of the complex arrived in the North Tower lobby at
approximately 8:52 a.m. and was informed by the deputy fire safety director there that
evacuation instructions had been announced over the public address system within
one minute of impact. As mentioned earlier, to our knowledge, because the public
address system had been damaged upon impact, no civilians heard that
announcement. [1, p. 13]
At 9:00 a.m., the Port Authority Police commanding officer ordered an evacuation of
civilians in the World Trade Center complex because of the danger posed by highly
flammable jet fuel from Flight 11. The order was issued, however, over a radio channel
which could be heard only by officers on the Port Authority WTC command channel.
There is no evidence that this order was communicated to officers in other Port
Authority Police commands or to members of other responding agencies. At 9:00 a.m.,
the Port Authority Police Superintendent and Chief of Department arrived together at
the WTC complex, and made their way to the North Tower lobby. Some Port Authority
officers immediately began climbing the stairs and assisting civilians. [1, p. 13]
OEM Response
Officials in the Office of Emergency Management’s headquarters at 7 WTC began to
activate its emergency operation center immediately after the North Tower was hit. At
approximately 8:50 a.m. a senior representative from that office arrived in the lobby of
the North Tower and began to act as its field responder. [1, p. 13]
In the 17-minute period between 8:46 a.m. and 9:03 a.m. on September 11, New York
City and the Port Authority of New York and New Jersey had mobilized the largest
rescue operation in the City’s history. Well over one thousand first responders had
been deployed, evacuations had begun, and the critical decision that the fire could not
be fought had been made. [1, p. 14]
The Port Authority’s on-
site commanding police
officer was standing in
the concourse when a
fireball exploded out of
the North Tower lobby,
causing him to dive for
cover. Within minutes of
impact Port Authority
police from bridge,
tunnel, and airport
commands began
responding to the WTC.
Officers from the WTC
command began
assisting in evacuating
civilians.
59
Chapter 4: And They Saved Many
The decision was made to evacuate the South Tower as well. At 9:02 a.m., a further
announcement in the South Tower advised civilians to begin an orderly evacuation if
conditions warranted. [1, p. 14]
One minute later, a plane hit the South Tower. [1, p. 14]
Second Crash
At 9:03 a.m., the hijacked United Airlines Flight 175 hit 2 WTC (the South Tower) from
the south, crashing through the 78th to 84th floors. What had been the largest and
most complicated rescue operation in city history instantly doubled in magnitude. [1,
p. 14]
The plane banked as it hit the building, leaving portions of the building undamaged on
impact floors. As a consequence—and in contrast to the situation in the North Tower—
one of the stairwells (Stairwell A) initially remained passable from top to bottom. [1, p.
14]
At the lowest point of impact, the 78th floor sky lobby, hundreds had been waiting to
evacuate when the plane hit. Many were killed or injured severely; others were
relatively unaffected. We know of at least one civilian who seized the initiative and
shouted that anyone who could walk should walk to the stairs, and anyone who could
help should help others in need of assistance. At least two small groups of civilians
descended from that floor. [1, p. 14]
Others remained alive in the impact zone above the 78th floor, though conditions on
these floors began to deteriorate within ten minutes. [1, p. 14]
Repeat Nightmare
As in the North Tower, civilians became first responders. Some civilians ascended the
stairs and others remained on affected floors to assist colleagues. Although Stairwell A
in the South Tower remained passable from above the impact zone to the lobby,
conditions were difficult and deteriorating. [1, p. 15]
Many ascended in search of clearer air or to attempt to reach the roof. Those
attempting to reach the roof were thwarted by locked doors. Others attempting to
descend were frustrated by jammed or locked doors in stairwells or confused by the
structure of the stairwell deviations. [1, p. 16]
In the 17-minute period
between 8:46 a.m. and
9:03 a.m. on September
11, New York City and
the Port Authority of
New York and New
Jersey had mobilized the
largest rescue operation
in the City’s history. Well
over one thousand first
responders had been
deployed, evacuations
had begun, and the
critical decision that the
fire could not be fought
had been made.
60
Part I: Hard Lessons
By 9:35 a.m., the West Street lobby level of the South Tower was becoming
overwhelmed by injured who had descended to the lobby but were having difficulty
continuing. [1, p. 16]
Within 15 minutes of the impact, debilitating smoke had reached at least one location
on the 100th floor, and severe smoke conditions were reported throughout floors in
the nineties and hundreds over the course of the following half hour. By 9:30 a.m. a
number of civilians who had failed to reach the roof and could not descend because of
intensifying smoke became trapped on the 105th floor. There were reports of
tremendous smoke in most areas of that floor, but at least one area remained less
affected until shortly before the building collapsed. [1, p. 16]
Still, there were several areas between the impact zone and the uppermost floors
where conditions were better. At least a hundred people remained alive on the 88th
and 89th floors, in some cases calling 9-1-1 for direction. The 9-1-1 system remained
plagued by the operators’ lack of awareness of what was occurring and by the sheer
volume of emergency calls. [1, p. 16]
No one in the first responder community knew that Stairwell A remained potentially
passable. No callers were advised that helicopter rescues were not feasible. Civilians
below the impact were also generally advised to remain where they were by 9-1-1 or
FDNY dispatch operators. [1, p. 17]
North Tower
Back in the North Tower, evacuation generally continued. Thousands of civilians
continued to descend in an orderly manner. On the 91st floor, the highest floor with
stairway access, all but one were uninjured and able to descend. At 9:11 a.m., Port
Authority workers at the 64th floor of the North Tower were told by the Port Authority
Police desk in Jersey City to stay near the stairwells and wait for assistance. These
workers eventually began to descend anyway, but most of them died in the collapse of
the North Tower. [1, p. 17]
Those who descended Stairwell B of the North Tower exited between the elevator
banks in the lobby. Those who descended the Stairwells A and C exited at the raised
mezzanine level, where the smoky air was causing respiratory problems. All civilians
were directed into the concourse at lobby level. Officers from the Port Authority and
New York Police Departments continued to assist with the evacuation of civilians, for
example, guiding them through the concourse in order to shelter the evacuees from
falling debris and victims. [1, p. 17]
In the North Tower,
evacuation generally
continued. Thousands of
civilians continued to
descend in an orderly
manner. On the 91st
floor, the highest floor
with stairway access, all
but one were uninjured
and able to descend.
61
Chapter 4: And They Saved Many
By 9:55 a.m., those few civilians who were still evacuating consisted primarily of
injured, handicapped, elderly, or severely overweight individuals. [1, p. 17]
Calls to 9-1-1 reflect that others remained alive above and below the impact zone,
reporting increasingly desperate conditions. [1, p. 17]
Double Trouble
Immediately after the second plane hit, the FDNY Chief of Department called a second
5th alarm. While nine Brooklyn units had been staged on the Brooklyn side of the
Brooklyn Battery tunnel at 8:53 a.m., these units were not dispatched to the scene at
this time. Instead, units from further away were dispatched. [1, p. 17]
Just after the South Tower impact, chiefs in the North Tower lobby huddled to discuss
strategy for the operations and communication in the two towers. [1, p. 18]
At 9:05 a.m., two FDNY chiefs tested the WTC complex’s repeater system. This was the
system installed after the 1993 bombing in order to enable firefighters operating on
upper floors to maintain consistent radio communication with the lobby command.
The system had been activated for use on portable radios at 8:54 a.m., but a second
button which would have enabled the master hand-set was not activated at that time.
The chief testing the master handset at 9:05 a.m. did not realize that the master
handset had not been activated. When he could not communicate, he concluded that
the system was down. The system was working, however, and was used subsequently
by firefighters in the South Tower. [1, p. 18]
The FDNY Chief of Safety agreed with the consensus that the only choice was to let the
fires “burn up and out.” The chiefs in the North Tower were forced to make decisions
based on little or no information. [1, p. 18]
Climbing up the stairwells carrying heavy equipment was a laborious task even for
physically fit firefighters. Though the lobby command post did not know it, one
battalion chief in the North Tower found a working elevator, which he took to the 16th
floor before beginning to climb. Just prior to 10:00 a.m., about an hour after
firefighters first began streaming into the North Tower, at least two companies of
firefighters had climbed to the sky lobby on the 44th floor of the North Tower.
Numerous units were located between the 5th and 37th floors in the North Tower. [1,
p. 18]
Just after the South
Tower impact, chiefs in
the North Tower lobby
huddled to discuss
strategy for the
operations and
communication in the
two towers.
62
Part I: Hard Lessons
South Tower
At approximately 9:07 a.m., two chiefs commenced operations in the South Tower
lobby. Almost immediately they were joined by an Office of Emergency Management
field responder. They were not immediately joined by a sizable number of fire
companies, as most, if not all units which had been in the North Tower lobby remained
there. One chief and a ladder company found a working elevator to the 40th floor.
From there they proceeded to climb Stairwell B. One member of the ladder company
stayed behind to operate the elevator. [1, pp. 18-19]
Poor Communications
Unlike the commanders in the North Tower lobby, these chiefs in the South Tower
kept their radios on the repeater channel. For the first 15 minutes of the operations in
the South Tower, communications among them and the ladder company which
ascended with the chief worked well. Upon learning from a company security official
that the impact zone began at the 78th floor, a ladder company transmitted this
information, and the chief directed an engine company on the 40th floor to attempt to
find an elevator to reach that upper level. [1, p. 19]
Unfortunately, no FDNY chiefs outside the South Tower realized that the repeater
channel was functioning and being used by units in the South Tower. Chiefs in the
North Tower lobby and outside were unable to reach the South Tower lobby command
post initially. [1, p. 19]
Communications also began to break down within the South Tower. Those units
responding to the South Tower were advised to use tactical channel 3. From
approximately 9:21 a.m. on, the ascending chief was unable to reach the South Tower
lobby command post. The lobby chief ceased to transmit on repeater channel 7 at that
time. [1, p. 19]
The first FDNY fatality of the day occurred at approximately 9:25 a.m. when a civilian
landed on a fireman on West Street. [1, p. 19]
At approximately 9:07
a.m., two FDNY chiefs
commenced operations
in the South Tower
lobby. Unlike the
commanders in the
North Tower lobby,
these chiefs in the South
Tower kept their radios
on the repeater channel.
Because they were
unaware of the repeater
channel, chiefs in the
North Tower lobby and
outside were unable to
reach the South Tower
lobby command post
initially.
63
Chapter 4: And They Saved Many
Confusion
By 9:30 a.m., few of the units dispatched to the South Tower had arrived at their
staging area. Many units were unfamiliar with the complex and could not enter the
South Tower because of the danger of victims and debris falling on Liberty Street.
Some units entered the Marriott Hotel and were given assignments there; others
mistakenly responded to the North Tower. An additional 2nd alarm was requested at
9:37 a.m. because so few units had reported. At this time, units which had been staged
on the Brooklyn side of the Brooklyn Battery Tunnel were sent, and many of them
arrived at the WTC by 9:55 a.m. [1, p. 19]
At 9:50 a.m., a ladder company had made its way up to the 70th floor of the South
Tower. There they encountered many seriously injured people. At 9:53 a.m. a group of
civilians were found trapped in an elevator on the 78th floor sky lobby. By 9:58 a.m.,
the ascending chief had reached the 78th floor on Stairwell A, and reported that it
looked open to the 79th floor. He reported numerous civilian fatalities in the area. A
ladder company on the 78th floor was preparing to use hoses to fight the fire when the
South Tower collapsed. [1, p. 19]
Incident Command
The overall incident command was just outside the WTC complex. At approximately
9:10 a.m., because of the danger of falling debris, this command post was moved from
the middle of West Street to its western edge by the parking garage in front of 2 World
Financial Center. The overall command post’s ability to track all FDNY units was
extremely limited. [1, pp. 19-20]
At approximately 9:20 a.m., the Mayor and the NYPD Commissioner reached the FDNY
overall command post. The FDNY Chief of Department briefed the Mayor on
operations and stated that this was a rescue mission of civilians. He stated that he
believed they could save everyone below the impact zones. He also advised that, in his
opinion, rooftop rescue operations would be impossible. None of the chiefs present
believed a total collapse of either tower was possible. Later, after the Mayor had left,
one senior chief present did articulate his concern that upper floors could begin to
collapse in a few hours, and so he said that firefighters thus should not ascend above
floors in the sixties. [1, p. 20]
By 9:30 a.m., few of the
units dispatched to the
South Tower had arrived
at their staging area.
Many units were
unfamiliar with the
complex and could not
enter the South Tower
because of the danger
of victims and debris
falling on Liberty Street.
Some units entered the
Marriott Hotel and were
given assignments
there; others mistakenly
responded to the North
Tower.
64
Part I: Hard Lessons
Surge
By 9:20 a.m., significantly more firemen than were dispatched were at the WTC
complex or enroute. Many off-duty firemen were given permission by company officers
to “ride heavy.” Others found alternative transportation and responded. In one case an
entire company of off-duty firefighters managed to congregate and come to the WTC
as a complete team, in addition to the on-duty team which already had been
dispatched to the scene. Numerous fire marshals also reported to the WTC. [1, p. 20]
At 9:46 a.m., the Chief of Department called a third 5th alarm. This meant that over
one third of all of the FDNY units in New York City were at or enroute to the WTC. [1, p.
20]
The Police Department was also responding massively after the attack on the South
Tower. Almost 2,000 officers had been called to the scene. In addition, the Chief of the
Department called for Operation Omega, to evacuate and secure sensitive locations
around the city. At 9:06 a.m. the NYPD Chief of Department instructed that no units
were to land on the roof of either tower. [1, p. 20]
An NYPD rescue team in the North Tower lobby prepared to climb at approximately
9:15 a.m. They attempted to check in with the FDNY chiefs present, but were rebuffed.
Office of Emergency Management personnel present did not intercede. The team went
to work anyway, climbing Stairwell B in order to set up a triage center on upper floors
for victims who could not walk. Later, a second rescue team arrived in the North Tower
and did not attempt to check-in with the FDNY command post. [1, p. 20]
NYPD rescue teams also entered the South Tower. The Office of Emergency
Management field responder present ensured that they check-in with the lobby chief.
In this case, both agreed that the rescue team would ascend in support of FDNY
personnel. By 9:15 a.m., two more of these teams were preparing to leave the Church
and Vesey mobilization point in order to enter the towers. [1, p. 20]
At approximately 9:30 a.m. one of the helicopters present advised that a rooftop
evacuation still would not be possible. [1, p. 20]
By 9:20 a.m.,
significantly more
firemen than were
dispatched were at the
WTC complex or
enroute. Many off-duty
firemen were given
permission by company
officers to “ride heavy.”
Others found alternative
transportation and
responded. In one case
an entire company of off
-duty firefighters
managed to congregate
and come to the WTC as
a complete team.
65
Chapter 4: And They Saved Many
Structural Failure
At 9:37 a.m., a civilian on the 106th floor of the South Tower reported to a 9-1-1
operator that a lower floor—“90-something floor”—was collapsing. This information
was conveyed incorrectly by the 9-1-1 operator to an NYPD dispatcher. The NYPD
dispatcher further confused the substance of the 9-1-1 call in conveying at 9:52 a.m. to
NYPD officers that “the 106th floor is crumbling.” [1, p. 21]
By 9:58 a.m., there were two NYPD rescue teams in each of the two towers, another
approaching the North Tower, and approximately ten other NYPD officers climbing in
the towers. [1, p. 21]
In addition, there were numerous NYPD officers on the ground floors throughout the
complex, assisting with evacuation, and patrolling and securing the WTC perimeter. A
greater number of NYPD officers were staged throughout lower Manhattan, assisting in
civilian evacuation, keeping roads clear, and conducting other operations in response
to the attacks. [1, p. 21]
Prior to 9:59 a.m., no NYPD helicopter transmission predicted that either tower would
collapse. [1, p. 21]
Agency Coordination
Initial responders from outside Port Authority Police commands proceeded to the
police desk in 5 WTC or to the fire safety desk in the North Tower lobby. Officers were
assigned to assist in stairwell evacuations and to expedite evacuation in the plaza,
concourse, and PATH station. As reports of trapped civilians were received, Port
Authority Police officers also started climbing stairs for rescue efforts. Others, including
the Port Authority Police Superintendent, began climbing toward the impact zone in
the North Tower. The Port Authority Police Chief and other senior officers began
climbing in the North Tower with the purpose of reaching the Windows of the World
restaurant on the 106th floor, where there were at least 100 people trapped. [1, p. 21]
The Port Authority Police Department lacked clear standard operating procedures for
coordinating a multi-command response to the same incident. It also lacked a radio
channel that all commands could access. Many officers remained on their local
command channels, which did not work once they were outside the immediate
geographic area of their respective commands. [1, pp. 21-22]
The Port Authority
Police Department
lacked clear standard
operating procedures
for coordinating a multi-
command response to
the same incident. It
also lacked a radio
channel that all
commands could access.
Many officers remained
on their local command
channels, which did not
work once they were
outside the immediate
geographic area of their
respective commands.
66
Part I: Hard Lessons
Many Port Authority Police officers from different commands responded on their own
initiative. By 9:30 a.m. the Port Authority’s central police desk requested that
responding officers meet at West and Vesey and await further instructions. In the
absence of predetermined leadership roles for an incident of this magnitude, a number
of Port Authority inspectors, captains, and lieutenants stepped forward at West and
Vesey to formulate an on-site response plan. They were hampered by not knowing
how many officers were responding to the site and where those officers were
operating. Many of the officers who responded to this command post lacked suitable
protective equipment to enter the complex. [1, p. 22]
By 9:58 a.m., one Port Authority Police officer had reached the sky lobby on the 44th
floor of the North Tower. Also in the North Tower, two Port Authority teams had
reached floors in the upper and lower twenties. Numerous officers also were climbing
in the South Tower, including the Port Authority rescue team. Many also were on the
ground floors of the complex assisting with evacuation, manning the Port Authority
Police desk in 5 WTC, or supporting lobby command posts. [1, p. 22]
The emergency response effort escalated with the crash of United 175 into the South
Tower. With that escalation, communications and command-and-control became
increasingly critical and increasingly difficult. First responders assisted thousands of
civilians in evacuating the towers, even as incident commanders from responding
agencies lacked knowledge of what other agencies and, in some cases, their own
responders were doing. [1, p. 22]
Then the South Tower collapsed. [1, p. 22]
South Tower Collapse
At 9:59 a.m., the South Tower collapsed in ten seconds. It is believed that all of the
people still inside the tower were killed, as well as a number of individuals—both first
responders and civilians—in the concourse, the Marriott, and on neighboring streets.
[1, pp. 22-23]
The next emergency issue was to decide what to do in the North Tower, once the
South Tower had collapsed. In the North Tower, 9-1-1 calls placed from above the
impact zone grew increasingly desperate. The only civilians still evacuating above the
10th floor were those who were injured or handicapped. First responders were
assisting those people in evacuating. [1, p. 23]
At 9:59 a.m., the South
Tower collapsed in ten
seconds. It is believed
that all of the people
still inside the tower
were killed, as well as a
number of individuals—
both first responders
and civilians—in the
concourse, the Marriott,
and on neighboring
streets.
67
Chapter 4: And They Saved Many
Every FDNY command post ceased to operate upon the collapse of the South Tower.
Lacking awareness of the South Tower’s collapse, the chiefs in the North Tower
nonetheless ordered an evacuation of the building. [1, p. 23]
An FDNY marine unit radioed immediately that the South Tower had collapsed. To our
knowledge, this information did not reach the chiefs at the scene. [1, p. 23]
Within minutes some firefighters began to hear evacuation orders over tactical 1, the
channel being used in the North Tower. Some FDNY personnel also gave the
evacuation instruction on command channel 2, which was much less crowded, as only
chiefs were using it. Two battalion chiefs on upper floors heard the instruction on
Command 2 and repeated it to everyone they encountered. At least one of them also
repeated the evacuation order on tactical 1. [1, p. 23]
Other firefighters did not receive the transmissions. The reasons varied. Some FDNY
radios may not have picked up the transmission in the difficult high-rise environment.
The difficulty of that environment was compounded by the numerous communications
all attempted on tactical 1 after the South Tower collapsed; the channel was
overwhelmed, and evacuation orders may have been lost. Some of the firefighters in
the North Tower were among those who had responded even though they were off-
duty, and they did not have their radios. Finally, some of the firefighters in the North
Tower were supposed to have gone to the South Tower and were using the tactical
channel assigned to that Tower. [1, p. 24]
Many firefighters who did receive the evacuation order delayed their evacuation in
order to assist victims who could not move on their own. Many perished. [1, p. 24]
Many chiefs on the scene were unaware that the South Tower collapsed. To our
knowledge, none of the evacuation orders given to units in the North Tower followed
the specific protocols—which would include stating “mayday, mayday, mayday”—to
be given for the most urgent building evacuation. To our knowledge none of the
evacuation orders mentioned that the South Tower had collapsed. Firefighters who
received these orders lacked a uniform sense of urgency in their evacuation. [1, p. 24]
None of the evacuation
orders given to FDNY
units in the North Tower
followed the specific
protocols to be given for
the most urgent building
evacuation. None of the
evacuation orders
mentioned that the
South Tower had
collapsed. Firefighters
who received these
orders lacked a uniform
sense of urgency in their
evacuation.
68
Part I: Hard Lessons
The Police Department had a better understanding of the situation. The South Tower’s
collapse disrupted the NYPD rescue team command post at Church and Vesey.
Nonetheless, the NYPD command structure gave vital help to its units. [1, p. 24]
Many NYPD radio frequencies became overwhelmed with transmissions relating to
injured, trapped, or missing officers. By 10:10 a.m., the NYPD rescue team advised that
they were moving their command post north and began moving vehicles in that
direction. [1, p. 25]
NYPD Aviation radioed in immediately that the South Tower had collapsed. At 10:08
a.m., an aviation helicopter pilot advised that he did not believe the North Tower
would last much longer. There was no ready way to relay this information to the fire
chiefs in the North Tower. [1, p. 25]
Both NYPD rescue teams in the North Tower knew that the South Tower had collapsed
and evacuated the building. One remained in the complex near 5 and 6 WTC in order
to keep searching for people who needed help. A majority of these officers died. [1, p.
25]
At the time of the South Tower’s collapse, a number of NYPD and Port Authority Police
officers, as well as some FDNY personnel, were operating in different groups in the
North Tower mezzanine, the WTC plaza, and the concourse, as well as on the
neighboring streets. Many of these officers were thrown into the air and were
enveloped in the total darkness of the debris cloud. Within minutes of the South Tower
collapse, these officers began to regroup in the darkness and to lead the remaining
civilians and injured officers out of the complex. Many of these officers continued
rescue operations in the immediate vicinity of the North Tower and remained there
until the North Tower collapsed. Many lost their lives. [1, p. 25]
The collapse of the South Tower also forced the evacuation of the Port Authority Police
command post on West and Vesey, forcing its officers to move north. There is no
evidence that Port Authority Police officers from outside the WTC command ever
heard an evacuation order on their radios. Some of these officers in the North Tower
determined to evacuate, either on their own, or in consultation with other first
responders they came across. One Port Authority Police officer from the WTC
command reported that he heard an urgent evacuation instruction on his radio soon
after the South Tower collapsed. Other Port Authority police stayed in the WTC
complex, assisting with the evacuation. [1, pp. 25-26]
The Police Department
had a better
understanding of the
situation. The South
Tower’s collapse
disrupted the NYPD
rescue team command
post at Church and
Vesey. Nonetheless, the
NYPD command
structure gave vital help
to its units.
69
Chapter 4: And They Saved Many
North Tower Collapse
The FDNY Chief of Department and the Port Authority Police Department
Superintendent and many of their senior staff were killed. The Fire Department of New
York suffered 343 casualties, the largest loss of life of any emergency response agency
in U.S. history. The Port Authority Police Department suffered 37 casualties, the largest
loss of life of any American police force in history. The New York Police Department
suffered 23 casualties, the second largest loss of life of any police force in U.S. history,
exceeded only by the loss of Port Authority police the same day. [1, p. 26]
On 9/11, 403 officers from FDNY, NYPD, and PAPD lost their lives. They were part of
the 2,752 killed at the World Trade Center that day. The nation suffered the largest
loss of civilian life on its soil as a result of a domestic attack in its history. [1, p. 26]
Conclusion
Because of its experience in 1993, New York City was seen as the best prepared city in
the nation ready to contend with catastrophic terrorism. The events of 9/11 proved
otherwise. And if New York City wasn’t ready, how did that bode for the rest of the
nation? These concerns would weigh heavily in the shaping of U.S. homeland security
policy.
On 9/11, 403 officers
from FDNY, NYPD, and
PAPD lost their lives.
They were part of the
2,752 killed at the World
Trade Center that day.
The nation suffered the
largest loss of civilian
life on its soil as a result
of a domestic attack in
its history.
70
Part I: Hard Lessons
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. Which tower was first hit, and which tower was first to collapse on 9/11?
2. Why do you suppose the standing guidance was to remain in place during an emergency?
3. What options were available to those whose offices were located above the crash sites?
4. What options were available to those whose offices were located below the crash sites?
5. Identify the three agencies who led emergency response efforts at the World Trade Center.
6. Summarize the overall emergency response plan devised by the first responders.
7. Describe the problems with coordination and communication between first responders at the World Trade Center.
8. Identify two reasons why self-dispatching units would complicate an emergency response?
9. Identify two ways that first responders significantly reduced the death toll at the World Trade Center.
10. If you had been mayor of New York City, what would you have done different on 9/11?
71
Not By Chance
Careful study of this chapter will help a student do the following:
Describe emergency response efforts at the Pentagon on 9/11.
Evaluate emergency response efforts at the Pentagon on 9/11.
Appreciate the dedication and effectiveness of first responders on 9/11.
Compare emergency operations at the Pentagon to emergency operations at the World Trade Center.
Chapter 5
Learning Outcomes
Chapter 5: Not By Chance
72
Part I: Hard Lessons
“The success of the ACFD response to the terrorist attack on the Pentagon did not
happen by chance.”
– Arlington County After Action Report, 2002
Introduction
On any other day, the disaster at the Pentagon would be remembered as a singular
challenge, an extraordinary national story. Yet the calamity at the World Trade Center
included catastrophic damage 1,000 feet above the ground that instantly imperiled
tens of thousands of people. The two experiences are not comparable. Nonetheless,
broader lessons in integrating multiagency response efforts are apparent in analyzing
the Pentagon response. [1, p. 4]
The Pentagon
The Pentagon is the headquarters of the United States Department of Defense, located
in Arlington County, Virginia. [2] It has served for more than 70 years as a symbol of
power in defense of the United States. Ironically, the groundbreaking ceremony for
construction of the Pentagon took place on September 11, 1941, less than 3 months
before the U.S. entry into World War II. Built on a site previously known as Arlington
Farms, the five surrounding roadways dictated its pentagonal shape. The Pentagon’s
placement was personally approved by President Franklin Roosevelt to avoid
obstructing the view of the U.S. Capitol from Arlington National Cemetery. The 380,000
tons of sand dredged from the Potomac River produced the reinforced concrete used
to construct the building and the 41,492 concrete piles that support it. This innovative
use of concrete saved enough steel to build an additional aircraft carrier for the War
Department. Construction of the Pentagon was completed in just 16 months at a cost
of $83 million. [3, p. 7]
The Pentagon is a massive structure. The building covers 29 acres of land, with a floor
area of almost 7 million square feet. Almost 18 miles of corridors connect the 5 floors
of office space housing some 23,000 employees. The heating and refrigeration plant
alone covers a full acre and more than 100,000 miles of telephone cables run through
the building. Although the network of corridors, escalators, elevators, and stairwells is
designed to speed movement from place to place, to the uninitiated, maneuvering
through the Pentagon can be daunting. [3, p. 7]
On September 11, 2001, exactly 60 years after the building’s construction began,
American Airlines Flight 77 was hijacked and flown into the Western side of the
building, killing 189 people including the five hijackers. It was the first significant
foreign attack on the capital’s governmental facilities since the burning of Washington
during the War of 1812. [2]
On September 11, 2001,
exactly 60 years after
the Pentagon’s
construction began,
American Airlines Flight
77 was hijacked and
flown into the Western
side of the building,
killing 189 people
including the five
hijackers. It was the first
significant foreign
attack on the capital’s
governmental facilities
since the burning of
Washington during the
War of 1812.
73
Chapter 5: Not By Chance
Emergency Preparedness
In the event of a fire, even one of significant size, the issue of “who’s in charge” is
usually straightforward. The fire department that owns the jurisdiction owns the scene
until the fire is extinguished or brought under control. All other organizations support
and are under the tactical control of the fire department’s designated Incident
Commander. Once the fire is out, command might be transferred to a law enforcement
agency if, for example, arson or some other criminal act is suspected. The fire scene
would then become a crime scene. [3, pp. A-20]
While the Pentagon resided firmly within the jurisdiction of the Arlington County Fire
Department (ACFD), many unique aspects about the facility combined to create
overlapping areas of authority. To begin with, the Pentagon is a U.S. military facility
under direct control of the Secretary of Defense. Building entry is restricted and
controlled by its own law enforcement organization, the Defense Protective Service
(DPS). The fire station at the Pentagon heliport is operated by the Fort Myer Fire
Department. [3, pp. A-20] The responsibility for contingency operations at Department
of Defense (DoD) facilities in the Washington Metropolitan Area, including the
Pentagon, belong to the Commanding General of the Military District of Washington
(MDW). [3, p. 8]
Another complication was the nature of the incident itself. Following on the heels of
the attacks on the World Trade Center in New York, it was clear this was a terrorist act.
Under the terms of Presidential Decision Directive (PDD)-39, acts of terrorism are the
exclusive domain of the Department of Justice (DOJ) and the FBI. This major fire
incident, the jurisdictional responsibility of the ACFD, occurred because of a terrorist
attack, thereby rendering the site a crime scene, the responsibility of the FBI. These
complex jurisdictional and organizational relationships tested the coordination and
relationships of everyone involved. [3, pp. A-20]
Fortunately, in March 2001, the Washington area Council of Governments adopted the
National Incident Management System (NIMS) and Incident Command System (ICS)
model. Thus, there was a common understanding of basic working relationships among
local jurisdictions. However, establishing and maintaining command of the response to
the Pentagon attack was daunting. There were thousands of people and hundreds of
pieces of equipment from more than a dozen different jurisdictions, as well as many
Federal, State, and Arlington County government agencies, and scores of volunteer
organizations, businesses, and individuals. This understandably challenged the
leadership of a fire department that usually directs the efforts of some 260 uniformed
personnel. Although the ACFD performed well in responding to the terrorist attack on
the Pentagon, the actual experience of coordinating the multifaceted response proved
significantly more challenging than previously envisioned. [3, pp. A-20]
While the Pentagon
resided firmly within the
jurisdiction of the
Arlington County Fire
Department (ACFD),
many unique aspects
about the facility
combined to create
overlapping areas of
authority. Fortunately,
in March 2001, the
Washington area
Council of Governments
adopted the National
Incident Management
System (NIMS) and
Incident Command
System (ICS) model.
74
Part I: Hard Lessons
September 11, 2001
The only thing special about the morning of September 11, 2001, was the spectacular
fall weather across the Washington Metropolitan Area. In Arlington County, the 67
firefighters and emergency medical technicians of the fire department’s “B” shift were
staffing the county’s 10 neighborhood fire stations. By 8:30 a.m., training classes at the
Arlington County Fire Training Academy were in full swing. Other ACFD personnel were
engaged in meetings in the District of Columbia, preparing for the upcoming
International Monetary Fund (IMF) conference. Several Arlington County chief officers
were at a county sponsored management class at the Fairlington Community Center.
At 8:45 a.m., when American Airlines Flight #11 slammed into the north tower of New
York City’s World Trade Center, it was abundantly clear this would be a day like no
other. At 9:06 a.m., United Airlines Flight #175 crashed into the World Trade Center’s
south tower, revealing the true nature of the unprecedented horror. A brutal, mind-
numbing terrorist attack was under way against the United States. [3, pp. A-4]
At 9:37 a.m., in Arlington County, Captain Steve McCoy and the crew of ACFD Engine
101 were enroute to a training session in Crystal City, traveling north on Interstate 395.
Their conversation about the World Trade Center attack earlier that morning was
interrupted by the sight and sound of a commercial airliner in steep descent, banking
sharply to its right before disappearing beyond the horizon. At the same time,
Arlington County Police on patrol in south Arlington County, saw a large American
Airlines aircraft in a steep dive and on a collision course with the Pentagon. [3, p. 9]
At 9:38 a.m., American Airlines Flight #77 crashed into the west side of the Pentagon,
just beyond the heliport. It was traveling at a speed of about 400 miles per hour,
accelerating with close to its full complement of fuel at the time of impact. [3, p. 9]
The destruction caused by the attack was immediate and catastrophic. The 270,000
pounds of metal and jet fuel hurtling into the solid mass of the Pentagon was the
equivalent in weight of a diesel train locomotive, except it was traveling at more than
400 miles per hour. More than 600,000 airframe bolts and rivets and 60 miles of wire
were instantly transformed into white-hot shrapnel. The resulting impact, penetration,
and burning fuel had catastrophic effects to the five floors and three rings in and
around Pentagon Corridors 4 and 5. [3, p. 9]
All 64 people aboard the airliner were killed, as were 125 people inside the Pentagon
(70 civilians and 55 military service members). [1, p. 5]
75
Chapter 5: Not By Chance
Emergency Response
At 9:38 a.m., shortly after American Airlines Flight #77 disappeared from sight, a
tremendous explosion preceded a massive plume of smoke and fire. Unable to
pinpoint the precise location, Captain McCoy aboard Engine 101 immediately radioed
the Arlington County Emergency Communications Center (ECC), reporting an airplane
crash in the vicinity of the 14th Street Bridge or in Crystal City. Aware of the World
Trade Center attack, Captain McCoy also advised that the Federal Bureau of
Investigation should be notified, since this was a possible terrorist attack. Hearing the
radio message, fire and rescue units from Arlington County and elsewhere began to
respond, self-dispatching from stations or diverting from other destinations. [3, pp. A-
4]
Figure 5-1: Pentagon Crash Site [3, p. 8]
At 9:38 a.m., shortly
after American Airlines
Flight #77 disappeared
from sight, a
tremendous explosion
preceded a massive
plume of smoke and fire.
Unable to pinpoint the
precise location, Captain
McCoy aboard Engine
101 immediately
radioed the Arlington
County Emergency
Communications Center
(ECC), reporting an
airplane crash in the
vicinity of the 14th
Street Bridge or in
Crystal City.
76
Part I: Hard Lessons
At 9:38 a.m. on September 11, only one fire crew, Foam 161 of the Fort Myer Fire
Department, knew the exact location of the crash site. Captain Dennis Gilroy and his
team were already on station at the Pentagon when Flight #77 slammed into it, just
beyond the heliport. Foam 161 caught fire and suffered a flat tire from flying debris.
Firefighters Mark Skipper and Alan Wallace were outside the vehicle at impact and
received burns and lacerations. Recovering from the initial shock, they began helping
victims climb out of the Pentagon’s first floor windows. Captain Gilroy called the Fort
Myer Fire Department, reporting for the first time the actual location of the crash. [3,
pp. A-4]
Help was already on the way from several directions as units sped toward the source of
the smoke plume, not toward a specific street address. ACFD Truck 105 reached the
scene first, followed shortly by fire and medical units from several Arlington County
stations. [3, pp. A-5]
At the FBI Washington Field Office (WFO), Special Agent-in-Charge (SAC) Arthur
Eberhart was putting in motion the steps necessary to support New York City. Of
WFO’s four senior leaders, he was the only one present at headquarters that morning.
Upon learning of the World Trade Center crashes, SAC Eberhart activated the WFO
Command Center. Members of the WFO National Capital Response Squad (NCRS) were
paged and instructed to report immediately to headquarters. Supervisory Special
Agent (SSA) Jim Rice, the NCRS leader, was at the FBI WFO Command Center on the
telephone with Mr. Larry Cirutti of the Military District of Washington at the Pentagon
when a monitored District of Columbia police radio transmission reported an explosion
at the Pentagon. Mr. Cirutti told SSA Rice a helicopter must have “slid off the helipad”
into the building. Special Agent Chris Combs, the NCRS Fire Service Liaison, was
teaching a class at the District of Columbia Fire Academy when he received his page.
While enroute to the WFO Headquarters, he heard a news report of the Pentagon
attack and proceeded directly to the Pentagon. [3, pp. A-6]
Meanwhile, at the Metropolitan Washington Airports Authority (MWAA) Fire
Department at Ronald Reagan Washington National Airport, Captain Michael Defina
was investigating an incident at Terminal B when he heard the impact and saw the
smoke rising in the distance. He called Fire Communications and was advised of a
report of a Boeing 757 crash off the end of Runway 1-19. That was quickly amended,
identifying the Pentagon as the crash site. The MWAA contacted the Arlington ECC and
was directed to respond to the Pentagon. They did so with substantial resources: a
rescue engine, two foam units, two mass casualty units, a mini-pumper, and a
command vehicle. Because MWAA had authority to respond automatically to an
airplane crash within 5 miles of the airport, two heavy rescue units had already self-
dispatched to the Pentagon. [3, pp. A-6]
Help was already on the
way from several
directions as units sped
toward the source of the
smoke plume, not
toward a specific street
address. ACFD Truck 105
reached the scene first,
followed shortly by fire
and medical units from
several Arlington County
stations.
77
Chapter 5: Not By Chance
ACFD’s Training Officer Captain Chuck Gibbs reached the incident site within the first 3
minutes, followed by Battalion Chief Bob Cornwell, who assumed initial Incident
Command responsibilities. Those duties were quickly assumed by Assistant Fire Chief
for Operations James Schwartz, who assigned Battalion Chief Cornwell, a 35-year
veteran firefighter, to lead fire suppression efforts inside the building. Captain Gibbs
commanded the River Division. Special Agent Combs arrived moments after Chief
Schwartz. The partnership between Chief Schwartz and Special Agent Combs, who
served as FBI agency representative to the Incident Commander, proved invaluable in
the days ahead. [3, pp. A-6]
Incident Command
When ACFD Chief Edward Plaugher arrived at the Pentagon shortly after the attack, he
chose not to assume Incident Command, but let it remain delegated to Chief Schwartz.
Chief Plaugher recognized he would be more valuable as a free agent, buffering the
command structure from outside distractions, such as the media, and directing his
attention to support requiring his personal intervention. This proved to be a fortuitous
decision. [3, pp. A-21]
A tiered command structure quickly evolved in the first hours of the incident. Chief
Schwartz directed fire and rescue operations from the Incident Command Post (ICP).
Around midday, he established an ICS Operations Section at the Pentagon heliport,
from which day-to-day firefighting and rescue efforts were planned and executed.
Chief Gray, a second-generation ACFD Firefighter, led the Operations Section
supported by Chief Cornwell and Captain Gibbs. Battalion Chief Tom Hurlihy, from the
District of Columbia, was later added to the operations team. [3, pp. A-21]
Away from the incident scene, Battalion Chief George Lyon designated Fire Station 1 as
a Field Operations Center. It was there that replacement personnel and equipment
were organized and dispatched to the Pentagon. [3, pp. A-21]
At about 1:00 p.m., Chief Schwartz learned that a task force led by Loudoun County
Chief Jack Brown had arrived at Fire Station 1. He asked Chief Brown, formerly with the
Fairfax County Fire and Rescue Department and a long-time colleague, to report to the
ICP and lead the Planning Section. When the Fairfax County Urban Search and Rescue
(US&R) Team deployed by the Federal Emergency Management Agency (FEMA) arrived
about 2:00 p.m., the Incident Commander recognized that these very special resources
would require considerable attention and asked Chief Brown to serve as their liaison. A
Logistics Section was added later that day. It ramped up and was fully operational on
the morning of September 12. Functional branches were established for fire
suppression at the impact area (River Division), the Center Courtyard (A-E Division),
and medical treatment (South Parking Lot). [3, pp. A-21]
A tiered command
structure quickly evolved
in the first hours of the
incident. Chief Schwartz
directed fire and rescue
operations from the
Incident Command Post
(ICP). Around midday,
he established an ICS
Operations Section at
the Pentagon heliport,
from which day-to-day
firefighting and rescue
efforts were planned
and executed.
78
Part I: Hard Lessons
The Incident Command also interfaced with the Arlington County Emergency
Operations Center (EOC), located in the county government complex. The EOC was
responsible for policy guidance and resource support. EOC personnel and equipment
were assembled by 10:30 a.m. and, at 12:30 p.m., County Manager Ron Carlee
convened the first Emergency Management Team meeting. [3, pp. A-22]
The FBI deployed both the Joint Terrorism Task Force (JTTF) and the National Capital
Response Squad. Special Agent Combs established the FBI initial command presence
with the ACFD Incident Command. The collaboration and cooperation between the FBI
and ACFD was remarkable. The FBI Evidence Recovery Team began arriving before
10:00 a.m. and set up in a grassy area a short distance from the heliport. Because of
the extremely congested traffic conditions, it took several hours for the entire FBI
contingent to negotiate the route from the District of Columbia to the Pentagon. [3,
pp. A-22]
The FBI had more than one role. It was responsible for the entire crime scene
operation, including evidence gathering and body recovery. That operation engaged
more than 700 FBI agents at the Pentagon, assisted by hundreds of people from other
organizations. It was also responsible for organizing and operating the Federal
interagency Joint Operations Center (JOC) as the Federal agency “coordination” center.
The FBI was also responsible for investigating the hijacking at Washington Dulles
International Airport. [3, pp. A-23]
Thus, the Pentagon attack required a fully coordinated response by the ACFD Incident
Commander, the FBI On-Scene Commander, and the Commanding General of the
MDW representing the DoD. From the moment Special Agent Combs reported to Chief
Schwartz as the FBI representative and initial FBI On-Scene Commander, the
collaboration and cooperation between the FBI and ACFD was under way. The FBI
carefully respected the command primacy of the ACFD while it retrieved evidence
during the 10-day fire and rescue phase. The FBI assumed command of the scene from
the ACFD on September 21. The foundation for this relationship had formed long
before the attack on the Pentagon. Special Agent Combs, a former New York
firefighter, had worked routinely with every Washington Metropolitan Area fire
department. He had taught classes at area fire academies and met regularly with the
fire community leadership. Similarly, Major General James Jackson of the MDW placed
his formidable resources in support of the ACFD Incident Command and the FBI until
control was returned to the DoD on September 28. [3, pp. A-20]
Thus, the Pentagon
attack required a fully
coordinated response by
the ACFD Incident
Commander, the FBI On-
Scene Commander, and
the Commanding
General of the MDW
representing the DoD.
From the moment
Special Agent Combs
reported to Chief
Schwartz as the FBI
representative and
initial FBI On-Scene
Commander, the
collaboration and
cooperation between
the FBI and ACFD was
under way.
79
Chapter 5: Not By Chance
Emergency Medical Services
ACFD Captain Edward Blunt also arrived at the Pentagon within minutes of the crash
and assumed control of Emergency Medical Services (EMS). Captain Blunt immediately
contacted the Arlington County Emergency Communications Center and requested and
immediately received a separate EMS operations channel. He also asked for 20 medic
units, 2 buses, and a command vehicle (EMS Supervisor Vehicle 112) to support the
EMS response. Captain Blunt designated the field adjacent to Washington Boulevard
(Route 27) as the treatment area, and asked the Arlington County Police Department
(ACPD) patrol units on-scene to clear Washington Boulevard to create north and south
access for emergency response traffic. Captain Alan Dorn arrived shortly after Captain
Blunt, and was assigned as Triage Officer. Together, Captains Blunt and Dorn began
working with military medical personnel who volunteered to help set up triage areas.
[3, pp. A-6 – A-7]
Initially, medical units staged in the Pentagon South Parking Lot, adjacent to Route
110, until called forward to the EMS sector on Route 27. By 9:50 a.m., six ACFD EMS
units had already arrived at the incident site (M-102, M-104, M-105, M-106, M-109,
and M-110). M-101, Engine 103, and an ACFD Reserve Medic Unit quickly joined them.
Two additional ACFD Reserve Medic Units (RM-111 and RM-112) arrived next and were
directed to provide EMS support at the Pentagon’s Center Courtyard. [3, pp. A-7]
At 9:50 a.m., the ECC advised Captain Blunt that Virginia Hospital Center – Arlington,
Inova Fairfax Hospital, and Washington Hospital Center were prepared to accept as
many victims as needed. [3, pp. A-7]
Figure 5-2: ACFD Incident Command on 9/11 [3, pp. A-23]
At 9:50 a.m., the ECC
advised Captain Blunt
that Virginia Hospital
Center – Arlington, Inova
Fairfax Hospital, and
Washington Hospital
Center were prepared to
accept as many victims
as needed.
80
Part I: Hard Lessons
Sizing Up
The massive size of the Pentagon and the complexity of its various rings, corridors, and
floors compounded the challenge of the response force. First of all, it distorted the
perception of the task at hand. It is true that fire damage was contained to a relatively
small area, but it was a relatively small area in one of the largest business complexes in
the world. This was office space built to accommodate a substantial workforce, with all
the accompanying common space, meeting and conference rooms, and other support
facilities. [3, pp. A-7]
To those watching on television, or even from the Pentagon’s South Parking Lot, the
gash created by the Boeing 757 airliner was large, but it affected a specific area of only
two of the Pentagon’s five Wedges. Neither the depth of the incursion nor the massive
devastation inside the building was readily apparent as flames burned behind blast-
proof windows. Huge heaps of rubble and burning debris littered with the bodies and
body parts of 188 victims covered an area the size of a modern shopping mall. Flight
#77 penetrated the outer wall of the Pentagon’s E Ring and the damage extended all
the way through the inner wall of the C Ring, a distance of approximately 285 feet. [3,
pp. A-8]
Furthermore, the unique design of the Pentagon hid from view activities at the Center
Courtyard in the middle of the complex. Battalion Chief Jerome Smith was assigned
responsibility for fire suppression from the Center Courtyard, with units from the
District of Columbia and ACFD. His mission was to prevent the fire from breaching the
B Ring. Upon reaching the Center Courtyard, Battalion Chief Smith found the area in
turmoil. More than 400 building occupants crowded the Center Courtyard. Others
leapt from the upper floors, as colleagues armed with fire extinguishers attempted to
extinguish the flames consuming burning comrades. [3, pp. A-10 – A-11]
Dispatching Units
Although self-dispatching quickened the arrival of a substantial number of fire, rescue,
and medical units, many arrived haphazardly. The occupants of those vehicles were
singularly intent on saving victims and attacking the fire. Police engaged in area traffic
control were understandably reluctant to delay emergency vehicles descending on the
scene with lights flashing and sirens blaring. [3, pp. A-10]
Deploying EMS units from other jurisdictions, particularly self-dispatched units, found
it easy to bypass the staging area and proceed directly to the response site. Some
victims flagged down EMS units before they reached the staging area. The crew from
one Alexandria unit reported that it independently performed triage and treatment in
the Pentagon South Parking Lot to assist five severely burned victims. [3, pp. A-10]
The gash created by the
Boeing 757 airliner was
large, but it affected a
specific area of only two
of the Pentagon’s five
Wedges. Neither the
depth of the incursion
nor the massive
devastation inside the
building was readily
apparent as flames
burned behind blast-
proof windows. Huge
heaps of rubble and
burning debris littered
with the bodies and
body parts of 188
victims covered an area
the size of a modern
shopping mall.
81
Chapter 5: Not By Chance
As a result, although the ACFD instituted Incident Command procedures very early on,
they still faced the monumental challenge of gaining control of the resources already
onsite and those arriving minute-by-minute. [3, pp. A-10]
Unit Accountability
Captain Jeff Liebold, working at the Incident Command Post, was tasked to determine
what units were onsite and where they were working. Because radio communications
were overloaded and ineffective, Captain Liebold sent two firefighters on foot to
record the identification number and location of every piece of equipment on the
Pentagon grounds. In the first few hours, foot messengers at times proved to be the
most reliable means of communicating. [3, pp. A-10]
The uncontrolled influx of fire and rescue personnel had important accountability
implications. had there been a second attack, as occurred at the World Trade Center, it
would have been virtually impossible for the Incident Commander to assess the impact
to response operations. [3, pp. A-10]
As it was, at 10:15 a.m., Chief Schwartz ordered the immediate evacuation of the
incident site. The FBI had warned him that a second hijacked airliner was flying on a
course toward the Pentagon and was 20 minutes away. [3, pp. A-13]
Triage
At approximately 9:55 a.m., Assistant Chief John White arrived and was directed by
Chief Schwartz to command the EMS Branch. Chief Schwartz advised him that Captains
Dorn and Blunt were assessing and establishing mass triage sites at the traffic circle
area of Washington Boulevard and westbound Columbia Pike. Captain Dorn organized
responders and military volunteers, while Captain Blunt performed forward
assessment. [3, pp. A-12]
Chief White instructed Captain Dorn to continue making preparations for casualties in
the designated triage and treatment areas and to use the EMS units located along
Route 27. ACFD triage and treatment sectors were established using ACFD assets,
mutual-aid responders and military emergency medical technicians, nurses, and
physicians. The military participants were receptive to direction and readily deferred to
EMS officers. A military nurse equipped with a radio was able to communicate with the
Defense Protective Service and aid stations in the Pentagon. [3, pp. A-13]
At 10:15 a.m., Chief
Schwartz ordered the
immediate evacuation
of the incident site. The
FBI had warned him that
a second hijacked
airliner was flying on a
course toward the
Pentagon and was 20
minutes away.
82
Part I: Hard Lessons
Chief White then met with Captain Blunt along Route 27 adjacent to the Pentagon
heliport for a forward assessment report. Chief White asked him for a count of the
casualties in his area by triage designators: red (IMMEDIATE: Life Threatening Injury);
yellow (DELAYED: Serious, Not Life Threatening); and green (MINOR: Ambulatory). [3,
pp. A-13]
After Chief Schwartz issued the 10:15 a.m. evacuation order, Chief White instructed
Captain Blunt to ”load and go,” transporting as many patients as possible out of the
area. The first wave of patients was enroute to area hospitals within 10 minutes of the
evacuation notice and all other personnel were relocated to the Columbia Pike
underpass at the South Parking Lot. Medivac helicopters that had responded to the
Pentagon incident scene were relocated to a safer place. [3, pp. A-13]
At the underpass, Chief White, in coordination with EMS officers and military medical
volunteers, made plans to reestablish triage in that area. He designated Captain Dorn
as Triage Officer, Captain Blunt as Forward Triage Officer, Chief Glen Butler from the
MWAA as Treatment Officer, and Firefighter Paramedic David Hehr as Transportation
and Disposition Officer. [3, pp. A-14]
Dr. James Vafier, the Alexandria EMS Medical Director, accompanied an EMS unit to
the incident site and was assigned a forward assessment role with a position on the
sidewalk between Corridors 3 and 4. The plan was for military stretcher bearers to
carry victims extracted by firefighters to Dr. Vafier’s position for preliminary
assessment. He would then assign them to the appropriate triage and treatment area.
[3, pp. A-14]
After the all clear was sounded and site evacuation ended, EMS and military
responders implemented Chief White’s operations plan. [3, pp. A-14]
Fire Suppression
During the first 24 hours, it was necessary to evacuate the Pentagon on four separate
occasions because of the risk of structural collapse or the threat of additional terrorist
attacks. It is difficult to measure the full impact of repeated building evacuations, but it
was clearly negative and significant. Each time an evacuation was ordered, firefighters
interrupted operations, abandoned equipment, shut off hoses, and ran several
hundred yards to protected areas. From there, they had to watch as flames reclaimed
the parts of the Pentagon they had just evacuated. [3, pp. A-16] Firefighting was also
hampered by unique aspects of the Pentagon itself.
83
Chapter 5: Not By Chance
Teams of firefighters assigned suppression work on the Pentagon roof had difficulty
finding access points from the fifth floor. Neither building engineers nor detailed
structural drawings were available to assist them at that location. Captain Robert
Swarthout, Incident Safety Officer at the ICP, was in contact with a Pentagon engineer,
but that resource was not accessible at the point of fire attack. Firefighters eventually
climbed onto a ledge from a fifth-floor window then hoisted themselves onto the roof.
[3, pp. A-16]
Attacking the fire on the roof was particularly difficult. The thick wood-plank inner
layer burned out of control, protected by a layer of concrete below and a thick slate
roof above. Firefighters cut trenches across the slate roof. It was physically demanding
and involved a certain degree of guesswork to breach the roof ahead of a fire that
could not be seen. On the second day, September 12, a military representative pointed
out to Battalion Chief Randy Gray, the Incident Command Operations Section Chief, the
locations of two key communications and operations facilities threatened by the roof
fire. The fire was stopped short of those facilities. [3, pp. A-16]
Height restrictions limited equipment access along A-E Drive into the Center Courtyard.
Eventually, the tiller cab had to be cut off of an ACFD ladder truck so it could support
the fire attack from inside the Center Courtyard. [3, pp. A-16]
Despite these difficulties, fire suppression in the first 12 hours was able to contain the
damage without interrupting critical worldwide military command and control during a
major national security emergency. Despite the magnitude, complexity, and duration
of operations, there were no fatalities or serious injuries among fire and rescue
personnel. This can be attributed in large part to the skill level in core competencies,
professionalism, training, and teamwork of ACFD personnel and their counterparts in
supporting jurisdictions. [3, pp. A-17]
Communications
Communication at the scene was challenging. Radio traffic overwhelmed the system to
the extent that foot messengers became the most reliable means of communicating.
Fortunately, there was a growing surplus of people onsite and available to serve in that
capacity. [3, pp. A-36]
Radio communications inside the Pentagon were, for the most part, impossible. Where
line of sight could be achieved, “talk around” was minimally effective. Initially, as calls
jammed local towers, cellular telephones were not useful. No priority was assigned to
emergency services. Nextel telephones with the 2-way radio capability were somewhat
more reliable. [3, pp. A-36]
84
Part I: Hard Lessons
There was not a clearinghouse hospital designated. Thus, EMS Control did not have a
single communications point of contact among hospitals and clinics. [3, pp. A-36]
Some mutual-aid jurisdictions arrived without handheld radios. Others used
equipment incompatible with the ACFD or preprogrammed in ways that limited
communications. [3, pp. A-37]
Beginning on September 12, the Incident Command Operations Section organized the
fire suppression units into four divisions, each led by a chief officer from the
preeminent jurisdiction (Division A – Arlington, Division B – the District of Columbia,
Division C – Alexandria, and Division D – Fairfax). They were instructed to use the
assigned home jurisdiction radio channel for communicating. This facilitated “talk
around” within each division. However, in one instance, a DCFD replacement crew
worked on one portion of the roof of the Pentagon while an ACFD team worked on a
different portion. The two units had no way to communicate with each other in case
either team needed help. [3, pp. A-37]
Crime Scene Investigation
The FBI began collecting evidence immediately after arriving at the Pentagon incident
site on September 11. As fire and rescue efforts proceeded, FBI activity involving
evidence recovery and removal of bodies and body parts became a 24-hour operation.
Special Agent Adams directed this phase of the criminal investigation during the day
shift, with Special Agent Thomas O’Connor taking over at night. The FBI worked closely
with FEMA US&R teams and the fire department Technical Rescue Teams (TRTs).
Special Agent Adams and Special Agent O’Connor attended the preshift briefings by the
US&R Incident Support Team (IST) coordinator. US&R and TRT members would first
shore up an area to ensure it was reasonably safe, then begin hunting through the
debris, searching primarily for surviving victims buried in the rubble. [3, pp. C-54]
As they encountered bodies, parts of bodies, and other evidence linked to the crime,
they called forward the FBI contingent assigned to each team. Each item was
photographed, numbered, and tagged. This information, along with a diagram showing
where the evidence was found, was given to one of the soldiers from the Army’s Old
Guard, the 3rd Infantry Regiment from Fort Myer, VA, who transported the human
remains to the FBI’s temporary morgue at the North Parking Lot loading dock. Sixty
soldiers supported the FBI on each 12-hour shift. [3, pp. C-54]
The FBI began collecting
evidence immediately
after arriving at the
Pentagon incident site
on September 11. As fire
and rescue efforts
proceeded, FBI activity
involving evidence
recovery and removal of
bodies and body parts
became a 24-hour
operation.
85
Chapter 5: Not By Chance
SSA Jim Rice assigned Special Agent Tara Bloesch to set up and manage the temporary
morgue. Special Agent Bloesch had previous experience establishing morgue
operations during FBI overseas operations in Kosovo and other overseas locations. She
determined that the North Parking Lot loading dock was a suitable site. The doors
remained closed except when receiving remains, and a large tarp was hung to
safeguard the privacy of the morgue. The DPS, the FBI Critical Incident Response Group
(CIRG), the ACPD SWAT team, the U.S. Marshals Service, and military police from MDW
provided security at different times throughout the operation. [3, pp. C-55]
Summary
The first ACFD personnel arrived at the Pentagon within 2 minutes of the attack. ACFD
and mutual-aid medical personnel began aiding victims immediately. Within 4 minutes
of the attack, the ACFD had established its command presence. MWAA fire and
medical units were on the scene and the first contingent of the FBI’s NCRS had arrived
within 5 minutes of impact. Three major Washington Metropolitan Area hospitals were
ready to receive injured victims 12 minutes after the attack. By 10:00 a.m. on
September 11, most of the ACFD duty shift was engaged at the Pentagon. [3, pp. A-7]
All 64 aboard Flight #77 were killed when the Boeing 757 crashed into the Pentagon.
Damage and debris penetrated halfway into the five-story building, about 285 feet,
killing an additional 125 personnel including 70 civilians and 55 service members.
Approximately 110 people were seriously injured and transported to area hospitals. [1,
pp. 4-5] Only 42 injured victims received on-site medical care. An estimated 100
additional victims were treated for minor injuries. [3, pp. A-14] Because of the quick
response and triage of ACFD EMS and supporting units, all of them survived. [3, pp. A-
8]
By September 13, all surviving victims had been treated or transported from the
Pentagon, and the EMS branch stood down. Eight days later, ten days after arriving on
scene, the Arlington County Fire Department also stood down, and on September 21
turned over Incident Command to the FBI. [3, pp. A-27]
The first ACFD personnel
arrived at the Pentagon
within 2 minutes of the
attack. ACFD and
mutual-aid medical
personnel began aiding
victims immediately.
Within 4 minutes of the
attack, the ACFD had
established its
command presence.
86
Conclusion
To be sure, several factors facilitated the response to the Pentagon and distinguish it
from the response to the World Trade Center: 1) there was a single incident; 2) the
incident site was relatively easy to secure and contain; 3) there were no other buildings
in the immediate area; and 4) there was no collateral damage beyond the Pentagon.
[1, p. 5] To be fair, the Pentagon response encountered problems similar to those at
the WTC, including 1) difficulties accounting for self-dispatched units, and 2)
overwhelmed and incompatible radio communications. [1, pp. 9-10] Even so, while no
emergency response is flawless, the response to the 9/11 terrorist attack on the
Pentagon was mainly a success for three reasons: 1) strong professional relationships
and trust established among emergency responders; 2) the pursuit of a regional
approach to response, and 3) the adoption of the Incident Command System. [1, p. 5]
As a result, following 9/11 a consensus emerged among the First Responder
community that a clear Incident Command System should be required of all response
agencies. [1, p. 6]
Part I: Hard Lessons
87
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. List the response agencies having jurisdictional authority at the Pentagon on 9/11.
2. How did Incident Command facilitate emergency operations at the Pentagon on 9/11?
3. What was the advantage of having a single Incident Command Post at the Pentagon on 9/11?
4. Describe the circumstances behind the order to evacuate first responders from the Pentagon.
5. How was the order to evacuate first responders from the Pentagon different from the order to evacuate first
responder from the South Tower on 9/11?
6. Why was it important for Incident Command to notify area hospitals of pending casualties?
7. Why is it important for Incident Command to maintain accountability of first responders on scene of an incident?
8. At what point, as Incident Commander, do you let crime scene investigators take control of the site?
9. Explain how emergency operations at the Pentagon were similar to emergency operations at the World Trade
Center on 9/11.
10. Explain how emergency operations at the Pentagon were different to emergency operations at the World Trade
Center on 9/11.
Chapter 5: Not By Chance
88
Part I: Hard Lessons
89
Surpassing Disproportion
Careful study of this chapter will help a student do the following:
Explain the distinguishing characteristic of the 9/11 attacks.
Explain how critical infrastructure makes the nation vulnerable to domestic catastrophic attack.
Describe the relationship between critical infrastructure protection and cyber security.
Separate motive from action; differentiate terrorism from domestic catastrophic attack.
Chapter 6
Learning Outcomes
Chapter 6: Surpassing Disproportion
90
“The 9/11 attack was an event of surpassing disproportion.”
– 2004 9/11 Commission Report
Introduction
The 9/11 attacks killed 2,973 people and caused more than $41.5B in damages. [1, pp.
CRS-2 – CRS-3] On September 11th, 2001, nineteen hijackers inflicted more damage on
the United States than the Imperial Japanese Navy on December 7th, 1941. [2, p. 2]
According to the 9/11 Commission, the attacks were distinguished by their “surpassing
disproportion”. They were carried out by a tiny group of people dispatched from one
of the poorest, most remote, and least industrialized countries on earth. Measured on
a governmental scale, the resources behind it were trivial. [3, pp. 339-340] Altogether,
the attacks cost no more than $500,000 to execute. [3, p. 172] The hijackers were able
to achieve this level of destruction not by employing weapons of mass destruction, but
by subverting the nation’s transportation infrastructure, turning passenger jets into
guided missiles. This chapter will explore the new, unprecedented threat unveiled by
9/11: the threat of domestic catastrophic attack by non-state actors preying on the
nation’s critical infrastructure.
Critical Infrastructure
According to Title 42, Section 5195c of United States Code, “critical infrastructure” is
“systems and assets, whether physical or virtual, so vital to the United States that the
incapacity or destruction of such systems and assets would have a debilitating impact
on security, national economic security, national public health or safety, or any
combination of those matters.” The nation’s health, wealth, and security rely on the
production and distribution of certain goods and services. The array of physical assets,
functions, and systems across which these goods and services move is called critical
infrastructure. [4, p. 2] Critical infrastructure is a network of independent, mostly
privately-owned, man-made systems and processes that function collaboratively and
synergistically to produce and distribute a continuous flow of essential goods and
services. [5, p. 3]
The transportation infrastructure moves goods and people within and beyond our
borders, and makes it possible for the United States to play a leading role in the global
economy. [5, p. 3]
The oil and gas production and storage infrastructure fuels transportation services,
manufacturing operations, and home utilities. [5, p. 3]
Part I: Hard Lessons
According to the 9/11
Commission, the attacks
were distinguished by
their “surpassing
disproportion”.
91
The water supply infrastructure assures a steady flow of water for agriculture, industry
(including various manufacturing processes, power generation, and cooling), business,
firefighting, and our homes. [5, p. 4]
The emergency services infrastructure in communities across the country responds to
urgent police, fire, and medical needs, saving lives and preserving property. [5, p. 4]
The government services infrastructure consists of federal, state, and local agencies
that provide essential services to the public, promoting the general welfare. [5, p. 4]
The banking and finance infrastructure manages trillions of dollars, from deposit of our
individual paychecks to the transfer of huge amounts in support of major global
enterprises. [5, p. 4]
The electrical power infrastructure consists of generation, transmission, and
distribution systems that are essential to all other infrastructures and every aspect of
our economy. Without electricity, our factories would cease production, our televisions
would fade to black, and our radios would fall silent (even a battery-powered receiver
depends on an electric-powered transmitter). Our street intersections would suddenly
be dangerous. Our homes and businesses would go dark. Our computers and our
telecommunications would no longer operate. [5, p. 4]
The telecommunications infrastructure has been revolutionized by advances in
information technology to form an information and communications infrastructure,
consisting of the Public Telecommunications Network (PTN), the Internet, and the
many millions of computers in home, commercial, academic, and government use.
Taking advantage of the speed, efficiency and effectiveness of computers and digital
communications, all the critical infrastructures are increasingly connected to networks,
particularly the Internet. Thus, they are connected to one another. Networking enables
the electronic transfer of funds, the distribution of electrical power, and the control of
gas and oil pipeline systems. Networking is essential to a service economy as well as to
competitive manufacturing and efficient delivery of raw materials and finished goods.
The information and communications infrastructure is basic to responsive emergency
services. It is the backbone of our military command and control system. And it is
becoming the core of our educational system. [5, p. 4]
Chapter 6: Surpassing Disproportion
The hijackers were able
to achieve this level of
destruction not by
employing weapons of
mass destruction, but by
subverting the nation’s
transportation
infrastructure, turning
passenger jets into
guided missiles.
92
Disruption of any infrastructure is always inconvenient and can be costly and even life
threatening. Major disruptions could lead to major losses and affect national security,
the economy, and the public good. Mutual dependence and the interconnectedness
made possible by the information and communications infrastructure lead to the
possibility that our infrastructures may be vulnerable in ways they never have been
before. Intentional exploitation of these new vulnerabilities could have severe
consequences for our economy, security, and way of life. [5, p. 4]
Domestic Catastrophic Attack
In terms of fatalities, 9/11 ranks fourth among the top ten disasters in the United
States. [6] Suppose you are a member of a small militant group and you want to
surpass this record, how do you do it? You can’t do it with traditional firearms. The
Virginia Tech shooting on April 16, 2007, the single deadliest U.S. incident by a lone
gunman killed 32 people and wounded 17 others. [7] What about multiple shooters?
Unlikely. In November 2008, 10 members of Lashkar-e Taiba mounted coordinated
attacks on six separate locations in Mumbai India. They killed 164 people and
wounded at least 308. [8] Since the 1999 shooting at Columbine High School in
Colorado, U.S. police are trained to respond to active shooters as quickly as possible,
making it unlikely that a similar attack would last four days as it did in Mumbai. [9, pp.
1-2] So what about explosives? On April 19, 1995, Timothy McVeigh detonated a truck
bomb that killed 168 people and injured more than 680 others in the Alfred P. Murrah
Federal Building in Oklahoma City. It would be difficult to replicate this attack since
ammonium nitrate, which comprised the main component of the bomb, is much more
closely controlled. [10] Furthermore, a similar bomb failed to topple the World Trade
Center in 1993. [11] Conventional weapons might suit conventional crime, but they are
unsuited to domestic catastrophic attack.
The single largest incident of manmade destruction was the atomic bombing of
Hiroshima Japan on August 6, 1945. The estimated toll from the blast was 70,000
casualties, plus the utter destruction of the city. [12] However, creating mass-casualty
weapons capable of killing thousands or even tens of thousands of people requires
advanced knowledge, significant financial resources, and access to unique equipment.
Stealing one presents equally challenging options as the materials and weapons are
kept under the tightest security. Even if one could be acquired, it would still entail
tremendous difficulties in transportation and deployment. [13, pp. 20-38] Just as the
1995 Tokyo subway attacks demonstrate the feasibility of employing WMD, they also
demonstrate the difficulty of employing WMD.
Unlike WMD which are sequestered under lock-and-key, critical infrastructure is
inherently accessible to the public. Millions depend on it to sustain their lives, and
millions are at risk should it go wrong. On April 26, 1986, the meltdown of the
Chernobyl Nuclear Power Plant in Ukraine killed 31 personnel, forced the evacuation
Part I: Hard Lessons
Mutual dependence and
the interconnectedness
made possible by the
information and
communications
infrastructure lead to
the possibility that our
infrastructures may be
vulnerable in ways they
never have been before.
Intentional exploitation
of these new
vulnerabilities could
have severe
consequences for our
economy, security, and
way of life.
93
and resettlement of 350,400 residents, and exposed an estimated 530,000 recovery
workers to higher levels of radiation. While experts debate how this exposure might
affect future cancer rates, they have taken the precaution of establishing a “zone of
alienation” 19 miles in all directions from the plant (187 mi2). Ukrainian officials
estimate the area will not be safe for human life again for another 20,000 years. [14]
Most infrastructure failure is the result of accident, not only Chernobyl, but also
Bhopal India, where in December 1984, 2,259 people were killed overnight when
methyl isocyanate accidentally vented from a nearby Union Carbide pesticide plant.
[15]
But as demonstrated on 9/11, infrastructure may also be purposely subverted. The
essential vulnerability of today’s critical infrastructure is that little of it was centrally
planned or designed, and virtually none of it was built to withstand deliberate attack.
The result is that millions of lives depend on networks that are not fully understood,
riddled with weaknesses, and susceptible to malicious tampering. And while physical
exploitation of physical vulnerabilities, such as happened on 9/11, remain worrisome,
the greater concern is virtual exploitation of cyber vulnerabilities through the Internet.
[5, p. 5]
Cyber Vulnerability
The information technology revolution of the 1990s-2000s changed the way U.S.
business and government operate. Without a great deal of thought about security, the
nation shifted control of essential processes in manufacturing, utilities, banking, and
communications to networked computers. As a result, the cost of doing business
dropped and productivity skyrocketed. [16, p. 5] But at the same time, the proliferation
of networks blurred ownership boundaries diffusing accountability, decreasing “end-to
-end” or system-wide analysis and responsibility, reducing investment in research and
development, and reserve capacity. Today’s processes are more efficient, but they lack
the redundant characteristics that gave their predecessors more resilience. They are
also susceptible to cyber attack. [5, pp. 8-10]
Technologies and techniques that have fueled major improvements in the
performance of our infrastructures can also be used to disrupt them. The United
States, where close to half of all computer capacity and 60 percent of Internet assets
reside, is at once the world’s most advanced and most dependent user of information
technology. More than any other country, we rely on a set of increasingly accessible
and technologically reliable infrastructures, which in turn have a growing collective
dependence on domestic and global networks. This provides great opportunity, but it
also presents new vulnerabilities that can be exploited. It heightens risk of cascading
technological failure, and therefore of cascading disruption in the flow of essential
goods and services. [5, pp. 4-5] A cyber attack against the national electric grid is a
particularly unsettling prospect.
Chapter 6: Surpassing Disproportion
Without a great deal of
thought about security,
the nation shifted
control of essential
processes in
manufacturing, utilities,
banking, and
communications to
networked computers.
Today’s processes are
more efficient, but they
lack the redundant
characteristics that gave
their predecessors more
resilience. They are also
susceptible to cyber
attack.
94
Electric utilities rely on supervisory control and data acquisition (SCADA) systems to
manage the nation’s power generation, transmission, and distribution networks.
While generally protected from intrusion, SCADA systems operate over the Internet.
The move to SCADA boosts efficiency at utilities because it allows workers to operate
equipment remotely. But this access to the Internet exposes these once-closed
systems to cyber attacks. Project Aurora in 2006 demonstrated how a generator could
be remotely commanded over the Internet to physically self-destruct [11, p. 21].
Physical damage to generators and other critical components on a large scale could
result in a prolonged outage as procurement for these components range from months
to years [12, p. 12]. Of potential concern is a cyber attack causing an extended outage
across a significant portion of the North American Grid. In August 2003, an extended
blackout affected 50 million people in the northeastern United States and Canada,
causing an estimated $4-$10 billion in economic losses. Though it lasted only a week,
the outage resulted in a 0.7% drop in Canada’s gross domestic product [9, p. 2]. A John
Hopkins study determined that New York City experienced a 122% increase in
accidental deaths and 25% increase in disease-related deaths, and that ninety people
died as a direct result of the power outage [10]. Depending on the timing of the
attack, the death toll could be significant. In 1995, 739 people died from heat
exhaustion in Chicago. Most of the victims were elderly poor residents who could not
afford air conditioning. [17] In 2003, 14,802 French citizens died from heat-related
ailments because most homes did not have air conditioning. [18] An attack on the
North American Grid knocking out electricity over an extended region for an extended
period in summer could potentially dwarf the damage suffered on 9/11.
Cyber attacks against SCADA systems controlling oil refineries, or oil and gas pipeline
networks could be equally devastating, depriving large metropolitan areas of critical
fuel for extended periods. A cyber attack disrupting the Federal Reserve system would
have profound implications for the U.S. economy. [5, p. 12]
9/11 was a “wake-up call” to the catastrophic potential of critical infrastructure. [19, p.
5] The rapid assimilation of the Internet, originally designed to facilitate collaboration
among trusted colleagues, makes that same infrastructure vulnerable to hostile agents.
[16, p. viii] Together, the expansion and integration of the Internet with infrastructure
has fundamentally changed national security.
Changing Geography
Few enemies of the United States have ever had the means to seriously threaten our
heartland. Even in the darkest early days of World War II, just after Pearl Harbor, no
enemy had the shipping, landing craft, or forces to invade the continental U.S., or
aircraft with the range to reach the mainland and return. For most of our history we
never had to worry much about being attacked at home; broad oceans east and west
and peaceable neighbors north and south gave us all the protection needed. [5, p. 7]
Part I: Hard Lessons
9/11 was a “wake-up
call” to the catastrophic
potential of critical
infrastructure.. The
rapid assimilation of the
Internet, originally
designed to facilitate
collaboration among
trusted colleagues,
makes that same
infrastructure
vulnerable to hostile
agents. Together, the
expansion and
integration of the
Internet with
infrastructure has
fundamentally changed
national security.
95
In the early 1950s, the geography that kept us safe was overcome by Soviet long-range
bombers and intercontinental ballistic missiles aimed not only at our military
capabilities, but also at the industries and institutions that give our nation its character.
We had to learn to think differently about our safety and security. We built backyard
bomb shelters, and whole generations practiced diving beneath their school desks at
the sound of a siren. The fear of surprise nuclear attack slowly faded as we developed
satellites and other early warning capabilities that enabled us to overcome geography
and detect a Soviet missile launch in time to launch our own missiles— thus ensuring
the credibility of the deterrent policy of Mutual Assured Destruction. [5, p. 7]
The demise of the Soviet Union, “detargeting” of nuclear missiles, and strategic arms
reductions appeared to leave America once more relatively invulnerable to physical
attack by foreign nations. However, as the threat of a nuclear war has diminished, new
technologies have appeared that render physical geography less relevant and our
domestic sanctuary less secure. Today, a computer can cause switches or valves to
open and close, move funds from one account to another, or convey a military order
almost as quickly over thousands of miles as it can from next door, and just as easily
from an unauthorized computer as an authorized one. A false or malicious computer
message can traverse multiple national borders, leaping from jurisdiction to
jurisdiction to avoid identification, complicate lawful pursuit, or escape retribution. [5,
p. 7]
In short, the global reach of the Internet coupled with the catastrophic potential of
critical infrastructure, eliminates the protective advantage the U.S. has enjoyed most
of its history. The Internet makes it possible for an enemy to attack us from a distance,
using cyber tools, without first confronting our military power and with a good chance
of going undetected. The new geography is a borderless cyber geography whose major
topographical features are technology and change. [5, p. 7] Taking advantage of this
new geography is a new threat, that of the non-state actor.
Changing Threat
A threat is traditionally defined as a capability linked to hostile intent. Linking capability
to intent works well when malefactors are clearly discernible and U.S. intelligence
agencies can focus collection efforts to determine what capabilities they possess or are
trying to acquire. During the Cold War, for example, weapons with potential to
threaten the United States took years to develop, involved huge industrial complexes,
and were on frequent display in large military exercises. Today, however, malefactors
are no longer necessarily nation-states, and expensive weapons of war are joined by
means that are easier to acquire, harder to detect, and have legitimate peacetime
applications. [5, p. 14] The ability of non-state actors to wield destruction on a scale
previously reserved to nation-states represents an historic shift in national security
affairs.
Chapter 6: Surpassing Disproportion
In short, the global
reach of the Internet
coupled with the
catastrophic potential of
critical infrastructure,
eliminates the
protective advantage
the U.S. has enjoyed
most of its history.
96
Previously, national security entailed protecting U.S. interests from other nations.
Among the community of nations where each state is a sovereign entity unbound by
the laws of another nation, relations are maintained by diplomacy, commerce, and
when necessary, military force. Thus, for example, after a string of attacks in the early
1980s were linked to the Libyan government of Muammar Gaddafi, the U.S. applied
diplomacy, economic sanctions, and eventually military force to put an end to the
country’s malfeasance. [20] Al Qaeda, on the other hand, was not a sovereign entity,
nor bin Laden a head of state. Though they operated from Afghanistan they were not
Afghan, nor did they conduct their attacks at the behest of the Taliban government. In
fact, bin Laden could claim no country for his own, having had his Saudi citizenship
revoked in 1994. [3, p. 63] As private individuals, bin Laden and members of al Qaeda
were subject to law. Following the 1998 attack on the U.S. embassies in Tanzania and
Kenya, bin Laden was placed on the FBI’s list of Ten Most Wanted Fugitives. [21]
Following 9/11, bin Laden was indicted for terrorism and placed on the FBI’s list of
Most Wanted Terrorists. [22]
Title 18, Section 2331 of United States Code defines terrorism as “acts dangerous to
human life that are a violation of the criminal laws of the United States or any State
intended to i) intimidate or coerce a civilian population; ii) influence the policy of a
government by intimidation or coercion; or iii) affect the conduct of a government by
mass destruction, assassination, or kidnapping within the territorial jurisdiction of the
United States.” Without doubt, the 9/11 attacks were terrorist acts, motivated as they
were by bin Laden’s 1998 fatwa declaring war on America. [3, p. 47] However, in
protecting the nation from future such attacks, focusing on “terrorism” as a motive for
hostile intent is very limiting. Narcotics trafficking and economic crime may also serve
as motivating factors for hostile intent in attacking the nation’s infrastructure. [5, p. 8]
In fact, the potential number of motives that might stoke hostile intent are
innumerable, making threat identification problematic at best.
Since 9/11, much attention has been devoted to the foreign terrorist threat. While
certainly a concern, it is only one possibility among an infinite variety. The inherent
vulnerability of critical infrastructure to physical and cyber attack means that the
perpetrator need not be foreign, and the motive need not be terrorism. Whatever the
motive, assault of any size is a crime under U.S. law. Together with motive, means and
opportunity are required to commit a crime. While infrastructure remains vulnerable
to various means of attack, and motives are impossible to count, perhaps the best
means of preventing another 9/11-type attack is to reduce the window of opportunity
by protecting critical infrastructure. This is precisely what was decided in the months
following 9/11, and why critical infrastructure protection became a cornerstone of
subsequent homeland security policy.
Part I: Hard Lessons
Since 9/11, much
attention has been
devoted to the foreign
terrorist threat. While
certainly a concern, it is
only one possibility
among an infinite
variety. The inherent
vulnerability of critical
infrastructure to
physical and cyber
attack means that the
perpetrator need not be
foreign, and the motive
need not be terrorism.
Whatever the motive,
assault of any size is a
crime under U.S. law.
97
Conclusion
9/11 exposed the vulnerability of critical infrastructure for abetting domestic
catastrophic attack by small groups or individuals. Overnight, the historical protection
afforded by vast oceans and friendly neighbors vanished. The instruments of
destruction were woven into the fabric of our society. Non-state actors had usurped a
power of devastation that was once reserved to nation-states. Our national security
posture was shattered. Whereas before we could count and specifically identify our
enemies and deter their actions, our enemies were now uncountable and more
difficult to identify. Though terrorism remains a likely threat indicator, it is but one of
an unlimited number of potential motives. Given a vast array of means and motives,
restricting a criminal’s opportunity seems the most efficient strategy for preventing a
similar crime. Thus, critical infrastructure protection became a cornerstone of the
nation’s homeland security policy.
Chapter 6: Surpassing Disproportion
98
Part I: Hard Lessons
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. According to the 9/11 Commission, what was the distinguishing characteristic of the 9/11 attacks?
2. How did the 9/11 hijackers achieve WMD effects without using WMD?
3. Why is critical infrastructure critical?
4. Why is critical infrastructure vulnerable?
5. What is the relationship between critical infrastructure protection and cyber security?
6. Was 9/11 an act of terrorism? Explain your answer.
7. Was the Oklahoma City bombing an act of terrorism? Explain your answer.
8. Is terrorism the only motive that might precipitate catastrophic attack? Explain your answer.
9. Was 9/11 a criminal act or an act of war? Explain your answer.
10. Can we prevent another domestic catastrophic attack? Explain your answer.
99
Chapter 7: Failure of Imagination
Failure of Imagination
Careful study of this chapter will help a student do the following:
Explain the respective failures that precipitated the 9/11 tragedy.
Describe what changes might have prevented 9/11.
Discuss the need to improve post-attack emergency response.
Explain the need to undertake the largest reorganization of U.S. government since the end of World War II.
Chapter 7
Learning Outcomes
100
“We believe the 9/11 attacks revealed four kinds of failures: in imagination, policy,
capabilities, and management.”
– 2004 9/11 Commission Report
Introduction
While the 9/11 attacks ushered in a new threat to the nation’s security, they also
tested those institutions that were established at the end of World War II to prevent
another “Pearl Harbor”. The 9/11 Commission found those institutions sorely lacking,
and enumerated their failures of imagination, policy, capabilities, and management.
And despite the heroic efforts of First Responders at the World Trade Center, the 9/11
Commission could not help but wonder if better coordination might have kept more of
them alive. This chapter presents those findings from the 9/11 Commission Report
that would result in profound changes to American institutions and significantly shape
subsequent homeland security policy.
Failure of Imagination
Before 9/11, al Qaeda and its affiliates had killed fewer than 50 Americans, including
the East Africa embassy bombings and the Cole attack. The U.S. government took the
threat seriously, but not in the sense of mustering anything like the kind of effort that
would be gathered to confront an enemy of the first, second, or even third rank. The
modest national effort exerted to contain Serbia and its depredations in the Balkans
between 1995 and 1999, for example, was orders of magnitude larger than that
devoted to al Qaeda. [1, p. 340]
Beneath the acknowledgment that Bin Laden and al Qaeda presented serious dangers,
there was uncertainty among senior officials about whether this was just a new and
especially venomous version of the ordinary terrorist threat America had lived with for
decades, or was radically new, posing a threat beyond any yet experienced. [1, p. 343]
Both Presidents Bill Clinton and George Bush and their top advisers understood Bin
Laden was a danger. But given the character and pace of their policy efforts, it is not
clear they fully understood just how many people al Qaeda might kill, and how soon it
might do it. [1, pp. 342-343]
In late 1998, reports came in of a possible al Qaeda plan to hijack a plane. One, a
December 4 Presidential Daily Briefing for President Clinton, brought the focus back to
more traditional hostage taking; it reported Bin Laden’s involvement in planning a
hijack operation to free prisoners such as the “Blind Sheikh,” Omar Abdel Rahman,
convicted in the 1993 World Trade Center bombing. Threat reports also mentioned the
Part I: Hard Lessons
Before 9/11, al Qaeda
and its affiliates had
killed fewer than 50
Americans, including the
East Africa embassy
bombings and the Cole
attack. The U.S.
government took the
threat seriously, but not
in the sense of
mustering anything like
the kind of effort that
would be gathered to
confront an enemy of
the first, second, or even
third rank.
101
possibility of using an aircraft filled with explosives. The most prominent of these
mentioned a possible plot to fly an explosives-laden aircraft into a U.S. city. [1, p. 344]
The possibility of a suicide hijacking emerged following the crash of a Boeing 767 off
the coast of Massachusetts, EgyptAir Flight 990 on October 31, 1999. The most
plausible explanation was that one of the pilots had gone berserk, seized the controls,
and flown the aircraft into the sea. President Clinton’s counter-terrorism advisor,
Richard Clarke, later testified he thought that warning about the possibility of a suicide
hijacking would have been just one more speculative theory among a thousand others,
probably hundreds of thousands. Yet the possibility was imaginable, and had been
imagined. [1, p. 345]
In early August 1999, the Federal Aviation Administration’s (FAA’s) Civil Aviation
Security intelligence office summarized the Bin Laden hijacking threat. After a solid
recitation of all the information available on the topic, the paper identified a few
principal scenarios, one of which was a “suicide hijacking operation.” The FAA analysts
judged such an operation unlikely, because “it does not offer an opportunity for
dialogue to achieve the key goal of obtaining Rahman and other key captive
extremists. . . . A suicide hijacking is assessed to be an option of last resort.” [1, p. 345]
The North American Aerospace Defense Command (NORAD) imagined the possible use
of aircraft as weapons, too, and developed exercises to counter such a threat—from
planes coming to the United States from overseas, perhaps carrying a weapon of mass
destruction. None of this speculation was based on actual intelligence of such a threat.
One idea, intended to test command and control plans and NORAD’s readiness,
postulated a hijacked airliner coming from overseas and crashing into the Pentagon.
The idea was put aside in the early planning of the exercise as too much of a
distraction from the main focus (war in Korea), and as too unrealistic. [1, p. 346]
In citing a “failure of imagination”, the 9/11 Commission Report draws parallels
between the 9/11 attacks and the 1941 attack on Pearl Harbor. In both cases, the
evidence leading up to the attacks was clear and obvious in hindsight. The 9/11
Commission Report makes the argument, though, that the “clear signal” that emerges
in hindsight might have been equally evident in foresight had those responsible given
stronger consideration to scenarios they dismissed as implausible. The failure of
imagination was the failure to consider not only what had been, but also what could
be. If more concerted attention had been given to the suicide hijacking scenario
conceived by some agencies, then indicators and warnings could have been devised,
emerging evidence matched against them, and counteraction prepared in advance.
This was nothing new. Such procedures had been painstakingly developed by the
Intelligence Community in the decades after Pearl Harbor. In this case, they were not
employed to analyze an enemy that, as the twentieth century closed, was most likely
to launch a surprise attack directly against the United States. [1, pp. 344-348]
Chapter 7: Failure of Imagination
In citing a “failure of
imagination”, the 9/11
Commission Report
draws parallels between
the 9/11 attacks and the
1941 attack on Pearl
Harbor. In both cases,
the evidence leading up
to the attacks was clear
and obvious in
hindsight. The 9/11
Commission Report
makes the argument,
though, that the “clear
signal” that emerges in
hindsight might have
been equally evident in
foresight had those
responsible given
stronger consideration
to scenarios they
dismissed as
implausible.
102
Failure of Policy
The road to 9/11 again illustrates how the large, unwieldy U.S. government tended to
underestimate a threat that grew ever greater. The terrorism fostered by Bin Laden
and al Qaeda was different from anything the government had faced before. The
existing mechanisms for handling terrorist acts had been trial and punishment for acts
committed by individuals; sanction, reprisal, deterrence, or war for acts by hostile
governments. The actions of al Qaeda fit neither category. Its crimes were on a scale
approaching acts of war, but they were committed by a loose, far-flung, nebulous
conspiracy with no territories or citizens or assets that could be readily threatened,
overwhelmed, or destroyed. [1, p. 348]
The U.S. policy response to al Qaeda before 9/11 was essentially defined following the
embassy bombings of August 1998. The tragedy of the embassy bombings provided an
opportunity for a full examination, across the government, of the national security
threat that bin Laden posed. Such an examination could have made clear to all that
issues were at stake that were much larger than the domestic politics of the moment.
But the major policy agencies of the government did not meet the threat. [1, p. 349]
The diplomatic efforts of the Department of State were largely ineffective. Al Qaeda
and terrorism was just one more priority added to already-crowded agendas with
countries like Pakistan and Saudi Arabia. After 9/11 that changed. [1, p. 349]
Policymakers turned principally to the CIA and covert action to implement policy.
Before 9/11, no agency had more responsibility—or did more—to attack al Qaeda,
working day and night, than the CIA. But there were limits to what the CIA was able to
achieve in its energetic worldwide efforts to disrupt terrorist activities or use proxies to
try to capture or kill bin Laden and his lieutenants. As early as mid-1997, one CIA
officer wrote to his supervisor: “All we’re doing is holding the ring until the cavalry gets
here.” [1, p. 349]
Military measures failed or were not applied. Before 9/11 the Department of Defense
was not given the mission of ending al Qaeda’s sanctuary in Afghanistan. Officials in
both the Clinton and Bush administrations regarded a full U.S. invasion of Afghanistan
as practically inconceivable before 9/11. It was never the subject of formal interagency
deliberation. [1, p. 349]
Lesser forms of intervention could also have been considered. One would have been
the deployment of U.S. military or intelligence personnel, or special strike forces, to
Afghanistan itself or nearby—openly, clandestinely (secretly), or covertly (with their
connection to the United States hidden). Then the United States would no longer have
Part I: Hard Lessons
The road to 9/11 again
illustrates how the
large, unwieldy U.S.
government tended to
underestimate a threat
that grew ever greater.
103
been dependent on proxies to gather actionable intelligence. However, it would have
needed to secure basing and overflight support from neighboring countries. A
significant political, military, and intelligence effort would have been required,
extending over months and perhaps years, with associated costs and risks. Given how
hard it later proved to locate bin Laden even with substantial ground forces in
Afghanistan, the odds of success before 9/11 are hard to calculate. There is no
indication that President Clinton was offered such an intermediate choice, or that this
option was given any more consideration than the idea of invasion. [1, p. 349]
These policy challenges are linked to the problem of imagination. Since both President
Clinton and President Bush were genuinely concerned about the danger posed by al
Qaeda, approaches involving more direct intervention against the sanctuary in
Afghanistan apparently must have seemed—if they were considered at all—to be
disproportionate to the threat. [1, p. 349]
Failures in Capability
Before 9/11, the United States tried to solve the al Qaeda problem with the same
government institutions and capabilities it had used in the last stages of the Cold War
and its immediate aftermath. These capabilities were insufficient, but little was done to
expand or reform them. [1, pp. 350-351]
For covert action, of course, the White House depended on the Counterterrorist
Center and the CIA’s Directorate of Operations. Though some officers, particularly in
the bin Laden unit, were eager for the mission, most were not. The higher
management of the directorate was unenthusiastic. The CIA’s capacity to conduct
paramilitary operations with its own personnel was not large, and the Agency did not
seek a large-scale general expansion of these capabilities before 9/11. James Pavitt, the
head of this directorate, remembered that covert action, promoted by the White
House, had gotten the Clandestine Service into trouble in the past. He had no desire to
see this happen again. He thought, not unreasonably, that a truly serious
counterterrorism campaign against an enemy of this magnitude would be business
primarily for the military, not the Clandestine Service. [1, p. 351]
At no point before 9/11 was the Department of Defense fully engaged in the mission of
countering al Qaeda, though this was perhaps the most dangerous foreign enemy then
threatening the United States. The Clinton administration effectively relied on the CIA
to take the lead in preparing long-term offensive plans against an enemy sanctuary.
The Bush administration adopted this approach, although its emerging new strategy
envisioned some yet further role for the military in addressing the problem.
Within Defense, both Secretary Cohen and Secretary Donald Rumsfeld gave their
principal attention to other challenges. [1, pp. 351-352]
Chapter 7: Failure of Imagination
Before 9/11, the United
States tried to solve the
al Qaeda problem with
the same government
institutions and
capabilities it had used
in the last stages of the
Cold War and its
immediate aftermath.
These capabilities were
insufficient, but little
was done to expand or
reform them.
104
America’s homeland defenders faced outward. NORAD itself was barely able to retain
any alert bases. Its planning scenarios occasionally considered the danger of hijacked
aircraft being guided to American targets, but only aircraft that were coming from
overseas. It would have been a tough sell to make a costly change in NORAD’s defense
posture to deal with the danger of suicide hijackers before such a threat had ever
actually been realized. But NORAD did not canvass available intelligence and try to
make the case. [1, p. 352]
The most serious weaknesses in agency capabilities were in the domestic arena. [1, p.
352]
The FBI did not have the capability to link the collective knowledge of agents in the
field to national priorities. The acting director of the FBI did not learn of his Bureau’s
hunt for two possible al Qaeda operatives in the United States or about his Bureau’s
arrest of an Islamic extremist taking flight training until September 11. The director of
central intelligence knew about the FBI’s Moussaoui investigation weeks before word
of it made its way even to the FBI’s own assistant director for counterterrorism. [1, p.
352]
The FAA’s capabilities to take aggressive, anticipatory security measures were
especially weak. Any serious policy examination of a suicide hijacking scenario,
critiquing each of the layers of the security system, could have suggested changes to fix
glaring vulnerabilities—expanding no-fly lists, searching passengers identified by the
CAPPS screening system, deploying Federal Air Marshals domestically, hardening
cockpit doors, alerting air crew to a different kind of hijacking than what they had been
trained to expect, or adjusting the training of controllers and managers in the FAA and
NORAD. [1, p. 352]
Furthermore, the FAA set and enforced aviation security rules, which airlines and
airports were required to implement. The rules were supposed to produce a “layered”
system of defense. This meant that the failure of any one layer of security would not
be fatal, because additional layers would provide backup security. But each layer
relevant to hijackings—intelligence, passenger prescreening, checkpoint screening, and
onboard security—was seriously flawed prior to 9/11.Taken together, they did not stop
any of the 9/11 hijackers from getting on board four different aircraft at three different
airports. [1, p. 83]
Part I: Hard Lessons
The most serious
weaknesses in agency
capabilities were in the
domestic arena.
America’s homeland
defenders faced
outward.
105
In 2001, the Immigration and Naturalization Service (INS) was overwhelmed by the
challenges posed by illegal entry over the southwest border, criminal aliens, and a
growing backlog of applications for naturalizing immigrants. [1, p. 80] The immigration
system as a whole was widely viewed as increasingly dysfunctional and badly in need
of reform. [1, p. 384] The system was in such poor state that the 9/11 hijackers had
little trouble exploiting it to their advantage. Beginning in 1997, the 19 hijackers
submitted 24 applications and received 23 visas. They entered the United States a total
of 33 times. They arrived through ten different airports, though more than half came in
through Miami, JFK, or Newark. When applying for a visa, the application was checked
against a “consular lookout” database called CLASS, which included a substantial
watchlist of known and suspected terrorists called TIPOFF. Upon entering the country,
passports were again checked against terrorist watchlists and criminal databases.
Despite these measures, known al Qaeda operatives were able to secure U.S. visas
using detectable false statements, and enter the country with passports manipulated
in a fraudulent manner. Those operatives who were flagged for secondary screening
were still able to gain entry by making false statements to INS officials. Moreover, six
of the 9/11 hijackers violated immigration laws after arriving in country. None of these
violations were detected or acted upon by INS inspectors or agents. [2] The 9/11
Commission found that closer examination of the operatives’ travel documents and
more effective use of the watchlists might have exposed 15 of the 19 hijackers. The
central problems were 1) lack of well-developed counterterrorism measures, and 2)
the inability of the system to deliver on its basic commitments. [1, p. 384]
Failures in Management
In the events leading up to 9/11, many opportunities were lost to thwart the plot.
Information was not shared, sometimes inadvertently or because of legal
misunderstandings. Analysis was not pooled. Effective operations were not launched.
Often the handoffs of information were lost across the divide separating the foreign
and domestic agencies of the government. [1, p. 353]
However the specific problems are labeled, they appear to be symptoms of the
government’s broader inability to adapt how it manages problems to the new
challenges of the twenty-first century. The agencies are like a set of specialists in a
hospital, each ordering tests, looking for symptoms, and prescribing medications. What
is missing is the attending physician who makes sure they work as a team. [1, p. 353]
One missing element was effective management of transnational operations. Action
officers should have drawn on all available knowledge in the government. This
management should have ensured that information was shared and duties were
clearly assigned across agencies, and across the foreign-domestic divide. [1, p. 353]
Chapter 7: Failure of Imagination
In the events leading up
to 9/11, many
opportunities were lost
to thwart the plot.
Information was not
shared, sometimes
inadvertently or because
of legal
misunderstandings.
Analysis was not pooled.
Effective operations
were not launched.
Often the handoffs of
information were lost
across the divide
separating the foreign
and domestic agencies
of the government.
106
Consider, for example, the case of Khalid al Mihdhar and Nawaf al Hazmi, and their
January 2000 trip to Kuala Lumpur. In late 1999, the National Security Agency (NSA)
analyzed communications associated with a man named Khalid, a man named Nawaf,
and a man named Salem. They correctly concluded that “Nawaf” and “Khalid” might be
part of “an operational cadre” and that “something nefarious might be afoot.” The NSA
did not pursue these leads however. It saw itself as an agency to support intelligence
consumers, such as CIA. It did not initiate actions, but it waited to be asked. Since
nobody asked, nobody was informed. If this information had been made available to
the CIA al Qaeda unit, a case officer might have checked with the State Department
and learned that U.S. visas had been issued to two gentlemen with the same names on
the same day in Jeddah, Saudi Arabia. Armed with this information, the CIA could have
notified the Immigration and Naturalization Service (INS) and FBI to be on the look for
the two suspects when they entered the country. As it was, no such contact was made
and the two entered the country without notice. [1, pp. 353-354]
Even if watchlisting had prevented or at least alerted U.S. officials to the entry of Hazmi
and Mihdhar, it is unlikely that watchlisting, by itself, would have prevented the 9/11
attacks. Al Qaeda adapted to the failure of some of its operatives to gain entry into the
United States. None of these future hijackers was a pilot. Alternatively, had they been
permitted entry and monitored, some larger results might have been possible had the
FBI been watching. [1, p. 354]
The details of this case illuminate real management challenges, past and future. The
U.S. government must find a way of pooling intelligence and using it to guide the
planning of and assignment of responsibilities for joint operations involving
organizations as disparate as the CIA, the FBI, the State Department, the military, and
the agencies involved in homeland security. [1, p. 357]
Beyond those day-to-day tasks of bridging the foreign-domestic divide and matching
intelligence with plans, the challenges include broader management issues pertaining
to how the top leaders of the government set priorities and allocate resources. [1, p.
357]
On December 4, 1998, DCI Tenet issued a directive to several CIA officials and his
deputy for community management, stating: “We are at war. I want no resources or
people spared in this effort, either inside CIA or the Community.”38 The memorandum
had little overall effect on mobilizing the CIA or the intelligence community. [1, p. 357]
Part I: Hard Lessons
107
The episode indicates some of the limitations of the DCI’s authority over the direction
and priorities of the intelligence community, especially its elements within the
Department of Defense. The DCI had to direct agencies without controlling them. He
did not receive an appropriation for their activities, and therefore did not control their
purse strings. He had little insight into how they spent their resources. U.S. intelligence
was not a coordinated effort. [1, p. 357]
Failure to Coordinate
The National Institute of Standards and Technology estimates that between 16,400
and 18,800 civilians were in the World Trade Center complex when American Airlines
Flight 11 slammed into the North Tower at 8:46 am, September 11. At most, 2,152
individuals died at the WTC who were not on the aircraft or were not First Responders.
Some 1,942 are thought to have worked or were attending meetings above the
respective impact zones in the Twin Towers. Only 110, or 5.36% of those who died
worked below the impact zone. It is impossible to measure how many more civilians
would have died without the assistance of the FDNY, PAPD, and NYPD. It is impossible
to measure the calming influence that ascending firefighters had on descending
civilians that might otherwise have turned into a panicked and dangerous mob. But
the positive impact of the First Responders on the evacuation came at a tremendous
cost in lives. [1, pp. 316-317] Given the contrast to the Pentagon response, it is not
unreasonable to speculate whether more First Responders would have been spared if
there had been better coordination between agencies.
To some degree, on 9/11 First Responders followed Mayor Giuliani’s directive for
incident command issued in July. It was clear that the lead response agency was the
FDNY, and that the other responding agencies acted in a supporting role. There was a
tacit understanding that FDNY personnel would have primary responsibility for
evacuating civilians who were above the ground floors of the Twin Towers, while NYPD
and PAPD personnel would be in charge of evacuating civilians from the WTC complex
once they reached ground level. The NYPD also greatly assisted responding FDNY units
by clearing emergency lanes to the WTC. In addition, coordination occurred at high
levels of command. For example, the Mayor and Police Commissioner consulted with
the Chief of the Department of the FDNY at approximately 9:20. There were other
instances of coordination at operational levels, and information was shared on an ad
hoc basis. For example, an NYPD Emergency Service Unit passed the news of their
evacuation order to firefighters in the North Tower. It is also clear, however, that the
response operations lacked the kind of integrated communications and unified
command contemplated in the directive. These problems existed both within and
among individual responding agencies. [1, p. 319]
Chapter 7: Failure of Imagination
It is impossible to
measure how many
more civilians would
have died without the
assistance of the FDNY,
PAPD, and NYPD. But
the positive impact of
the First Responders on
the evacuation came at
a tremendous cost in
lives. It is also clear,
however, that the
response operations
lacked the kind of
integrated
communications of a
unified command .
108
For a unified incident management system to succeed, each participant must have
command and control of its own units and adequate internal communications. This
was not always the case at the WTC on 9/11. FDNY was lacking command and control
as it proved incapable of coordinating the number of units dispatched to different
points within the 16-acre complex. As a result, numerous units were congregating in
the undamaged Marriott Hotel and at the overall command post on West Street by
9:30, while chiefs in charge of the South Tower still were in desperate need of units.
With better understanding of the resources already available, additional units might
not have been dispatched to the South Tower at 9:37. The situation was rendered even
more difficult by internal communications breakdowns resulting from the limited
capabilities of radios in the high-rise environment of the WTC, and from confusion over
which personnel were assigned to which frequency. Furthermore, when the South
Tower collapsed the overall FDNY command post ceased to operate, which
compromised the FDNY’s ability to understand the situation; an FDNY marine unit’s
immediate radio communication to FDNY dispatch that the South Tower had fully
collapsed was not conveyed to chiefs at the scene. The FDNY’s inability to coordinate
and account for the different radio channels that would be used in an emergency of
this scale contributed to the early lack of units in the South Tower, whose lobby chief
initially could not communicate with anyone outside that tower. Though almost no one
at 9:50 on September 11 was contemplating an imminent total collapse of the Twin
Towers, many First Responders and civilians were contemplating the possibility of
imminent additional terrorist attacks throughout New York City. Had any such attacks
occurred, the FDNY’s response would have been severely compromised by the
concentration of so many of its off-duty personnel, particularly its elite personnel, at
the WTC. [1, pp. 319-320]
Any attempt to establish a unified command on 9/11 would have been further
frustrated by the lack of communication and coordination among responding agencies.
Certainly, the FDNY was not positioned to be “responsible for the management of the
City’s response to the emergency,” as the Mayor’s directive would have required.
Agency command posts were in different locations, and OEM headquarters, which
could have served as a focal point for information sharing, did not play an integrating
role in ensuring that information was shared among agencies on 9/11, even prior to its
evacuation. There was a lack of comprehensive coordination between FDNY, NYPD,
and PAPD personnel climbing above the ground floors in the Twin Towers. Information
that was critical to informed decision making was not shared among agencies. FDNY
chiefs in leadership roles that morning were hampered by a lack of information from
NYPD aviation. At 9:51 A.M., a helicopter pilot cautioned that “large pieces” of the
South Tower appeared to be about to fall and could pose a danger to those below.
Immediately after the tower’s collapse, a helicopter pilot radioed that news. This
transmission was followed by communications at 10:08, 10:15, and 10:22 that called
into question the condition of the North Tower. The FDNY chiefs would have benefited
greatly had they been able to communicate with personnel in a helicopter. Moreover,
FDNY, PAPD, and NYPD did not coordinate their units that were searching the WTC
Part I: Hard Lessons
109
complex for civilians. In many cases, redundant searches of specific floors and areas
were conducted. It is unclear whether fewer first responders in the aggregate would
have been in the Twin Towers if there had been an integrated response, or what
impact, if any, redundant searches had on the total number of first responder
fatalities. [1, p. 320]
Whether the lack of coordination between the FDNY and NYPD on September 11 had a
catastrophic effect has been the subject of controversy. It is clear, however, that the
Incident Command System did not function to integrate awareness among agencies or
to facilitate interagency response [1, p. 320]
Conclusion
The 9/11 attacks were the culmination of many failures on the part of America’s
national security apparatus; too many failures for the 9/11 Commission to assess
specific blame, but sufficient to suggest that 9/11 might have been thwarted at any
number of opportunities if things had gone only slightly different. Emphasizing a
“failure of imagination” was the Commission’s way of pointing out a systemic problem
that stifled innovation and agility, and was absent accountability. Accordingly, the
appropriate solution was a systemic change to America’s national security apparatus,
adding justification to establishing a new Department of Homeland Security. The new
Department would bridge the gaps and provide accountability against this new threat
to national security. While attention was focused against these new manmade threats,
the nation was blindsided by a catastrophic natural hazard.
Chapter 7: Failure of Imagination
110
Part I: Hard Lessons
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. List three different attacks on U.S. service members overseas in the years before the attack on the USS Cole.
2. Identify three differences and three similarities between the attacks you listed and the attack on the USS Cole.
3. Compared to the other three attacks, would you have thought al Qaeda a major threat in December 2000? Explain.
4. Describe the failed efforts by the CIA and DoD to capture or kill Osama bin Laden before 9/11.
5. Explain why the FBI failed to arrest known al Qaeda operatives in the U.S. as they trained for the 9/11 attacks.
6. Explain how FAA regulations abetted the 9/11 hijackers even after they were flagged by CAPPS.
7. Describe the U.S. air defense posture on 9/11.
8. Explain what the 9/11 Commission meant by a “failure of imagination”.
9. Even if the CIA and FBI had coordinated better, how might they have still failed to prevent 9/11? Explain.
10. Discuss the possible repercussions if NORAD had shot down the hijacked aircraft before they crashed into the
South Tower and Pentagon on 9/11.
111
Chapter 8: Failure of Initiative
Failure of Initiative
Careful study of this chapter will help a student do the following:
Describe events that contributed to the deaths of 1,464 New Orleans residents.
Discuss breakdowns between City, State, and Federal officials that frustrated emergency response.
Assess the consequences and difficulties of evacuating a major U.S. city.
Chapter 8
Learning Outcomes
112
“If 9/11 was a failure of imagination, then Katrina was a failure of initiative. It was a
failure of leadership.”
– 2005 House Committee Report
Introduction
No matter how secure the country is made from malicious acts, it will remain
susceptible to acts of nature. When a natural disaster overwhelms local emergency
management, an intricate choreography is required to engage State and Federal
support, and efficiently coordinate the combined response to maximize lifesaving
efforts within the first critical 72 hours of a disaster. The deaths and breakdown of civil
order in New Orleans as a result of Hurricane Katrina are a cautionary tale of what
happens when this choreography breaks down, and emergency aid is neither swift nor
efficient because of a leadership failure of initiative.
Local Disaster Response
First responders — local fire, police, and emergency medical personnel who respond to
all manner of incidents such as earthquakes, storms, and floods — have the lead
responsibility for carrying out emergency management efforts. Their role is to prevent,
protect against, respond to, and assist in the recovery from emergencies, including
natural disasters. Typically, first responders are trained and equipped to arrive first at
the scene of an incident and take action immediately, including entering the scene,
setting up a command center, evacuating those at the scene, tending to the injured,
redirecting traffic, and removing debris. [1, p. 45]
Local governments — cities, towns, counties or parishes — and the officials who lead
them are responsible for developing the emergency operations and response plans by
which their communities respond to disasters and other emergencies, including
terrorist attacks. Local emergency management directors are also generally
responsible for providing training to prepare for disaster response and seek assistance
from their state emergency management agencies when the situation exceeds or
exhausts local capabilities. In many states, they may also negotiate and enter into
Mutual Aid Agreements (MAAs) with other jurisdictions to share resources when, for
example, nearby jurisdictions are unaffected by the emergency and are able to provide
some assistance. [1, p. 46]
Part I: Hard Lessons
First responders — local
fire, police, and
emergency medical
personnel who respond
to all manner of
incidents such as
earthquakes, storms,
and floods — have the
lead responsibility for
carrying out emergency
management efforts.
Their role is to prevent,
protect against, respond
to, and assist in the
recovery from
emergencies, including
natural disasters.
113
State Disaster Response
As the state’s chief executive, the Governor is responsible for the public safety and
welfare of the state’s citizens and generally has wide-ranging emergency management
responsibilities. Governors are responsible for coordinating state resources to address
the full range of actions necessary to prevent, prepare for, and respond to incidents
such as natural disasters. [1, p. 46]
Upon their declaration of an emergency or disaster, governors typically assume a
variety of emergency powers, including authority to control access to an affected area
and provide temporary shelter. Also, in most cases, states generally authorize their
governors to order and enforce the evacuation of residents in disaster and emergency
situations. [1, p. 46]
Governors also serve as the commanders-in-chief of their state military forces,
specifically, the National Guard when in state active duty or Title 32 status. In state
active duty — to which governors can call the Guard in response to disasters and other
emergencies — National Guard personnel operate under the control of the governor,
are paid according to state law, and can perform typical disaster relief tasks, such as
search and rescue, debris removal, and law enforcement. Most governors have the
authority to implement mutual aid agreements with other states to share resources
with one another during disasters or emergencies when, for example, others
(particularly nearby states) are unaffected by the emergency and able to provide
assistance. Most states request and provide this assistance through the Emergency
Management Assistance Compact (EMAC). If all these resources are not fast enough or
sufficient, then the Governor may petition the President for support. [1, p. 46]
Federal Disaster Support
When an incident overwhelms, or is likely to overwhelm, state and local resources, the
Stafford Act (Title 42 USC Ch. 68) authorizes the President, in response to a request
from the Governor of the affected state, to issue two types of declarations—
emergency or major disaster. An emergency is “any occasion or instance for which, in
the determination of the President, federal assistance is needed to supplement state
and local efforts and capabilities to save lives and to protect property and public health
and safety, or to lessen or avert the threat of a catastrophe in any part of the United
Chapter 8: Failure of Initiative
As the state’s chief
executive, the Governor
is responsible for the
public safety and
welfare of the state’s
citizens and generally
has wide-ranging
emergency
management
responsibilities.
114
States.” A major disaster is “any natural catastrophe (including any hurricane, tornado,
storm, high water, wind-driven water, tidal wave, tsunami, earthquake, volcanic
eruption, landslide, mudslide, snowstorm, or drought), or, regardless of cause, any fire,
flood, or explosion, in any part of the United States, which in the determination of the
President causes damage of sufficient severity and magnitude to warrant major
disaster assistance under this chapter to supplement the efforts and available
resources of States, local governments, and disaster relief organizations in alleviating
the damage, loss, hardship, or suffering caused thereby.” [1, p. 31]
If the President approves an emergency or major disaster declaration, then the Federal
Emergency Management Agency (FEMA) will setup a Joint Field Office (JFO) in
proximity to the State Emergency Operations Center (SEOC), and a FEMA Federal
Coordinating Officer (FCO) will begin working with the designated State Coordinating
Officer (SCO) to deliver requested federal assistance. [1, p. 38]
The federal government typically responds to most natural disasters after the affected
states request support. In practice, states may make these requests before disasters
strike because of the near certainty that federal assistance will be necessary after such
an event (e.g., with hurricanes) or, afterwards, once they have conducted preliminary
damage assessments and determined that their response capabilities are
overwhelmed. In either case, the resources the federal government provides in any
disaster response are intended to supplement state and local government resources
devoted to the ongoing disaster relief and recovery effort. This system in use for most
disasters — providing federal assistance in response to requests of the states (or local
governments via the states) — is often referred to as a “pull” system in that it relies on
states to know what they need and to be able to request it from the federal
government. [1, pp. 30-31]
In certain instances, however, the federal response may also be considered a “push”
system, in which federal assistance is provided and/or moved into the affected area
prior to a disaster or without waiting for specific requests from the state or local
governments. [1, p. 31] The “push” system can be risky, especially if resulting damages
are less than expected and the expended federal resources are not needed by the
State. The “push” system has the distinct advantage, though, of reducing delays and
expediting delivery of federal aid to the disaster. Much of the criticism leveled at the
federal government was that it relied on a “pull” system when it should have initiated
a “push” system in response to Hurricane Katrina.
Part I: Hard Lessons
Figure 8-1: Track of Hurricane Katrina [2]
If the President
approves an emergency
or major disaster
declaration, then the
Federal Emergency
Management Agency
(FEMA) will setup a Joint
Field Office (JFO) in
proximity to the State
Emergency Operations
Center (SEOC), and a
FEMA Federal
Coordinating Officer
(FCO) will begin working
with the designated
State Coordinating
Officer (SCO) to deliver
requested federal
assistance.
115
Hurricane Katrina
Hurricane Katrina was the costliest natural disaster, as well as one of the five deadliest
hurricanes in the history of the United States. The storm ranks third behind the 1935
Labor Day hurricane and Hurricane Camille in 1969. Overall, at least 1,500 people died
in the hurricane and subsequent floods, making it the deadliest United States
hurricane since the 1928 Okeechobee hurricane. Total property damage was estimated
at $108 billion. [2]
The tropical depression that became Hurricane Katrina formed over the Bahamas on
August 23, 2005. Early the following day, the new depression intensified into Tropical
Storm Katrina. The cyclone headed generally westward toward Florida and
strengthened into a hurricane only two hours before making landfall between
Hallandale Beach and Aventura on Thursday morning, August 25. The storm weakened
as it crossed over Florida, but regained hurricane strength shortly after emerging into
the Gulf of Mexico on Friday, August 26. The storm strengthened to a Category 5
hurricane over the warm waters of the Gulf of Mexico, but weakened before making
its second landfall as a Category 3 hurricane in southeast Louisiana in the early
morning hours of Monday, August 29. [2]
Katrina caused severe destruction along the Gulf coast from central Florida to Texas,
much of it due to high winds and flooding. Florida suffered twice, first when the storm
crossed over South Florida August 25, and a second time August 29 when Katrina
drove ashore in Louisiana, grazing the Florida Panhandle. Twelve deaths were blamed
on the storm in South Florida. It also left 1.45 million people without power and
caused $523 million in damages, most of it to crops. Two more deaths were attributed
to the storm as it grazed the Florida Panhandle, leaving another 77,000 people without
power, and causing an additional $100 million in damages. Overall, the hurricane
killed 14 people and caused $623 million in damages to Florida. Alabama was also hit
by winds and floods as Katrina made landfall. Sustained winds of 67 mph left 600,000
Chapter 8: Failure of Initiative
Figure 8-1: Track of Hurricane Katrina [2]
Hurricane Katrina was
the costliest natural
disaster, as well as one
of the five deadliest
hurricanes in the history
of the United States. The
storm ranks third behind
the 1935 Labor Day
hurricane and Hurricane
Camille in 1969.
116
people without power. A 12-foot storm surge caused significant flooding several miles
inland along Mobile Bay. The combined winds and high waters washed ships, oil rigs,
boats, and fishing piers ashore along Mobile Bay. Four tornadoes were spawned
inland. Two deaths were attributed to the storm. Twenty-two Alabama counties were
declared disaster areas. In its second landfall, Katrina’s powerful right-front quadrant
passed over the west and central Mississippi coast, causing a 27-foot storm surge to
penetrate 6 miles inland, and up to 12 miles along bays and rivers. Together with the
storm surge, the state was battered by heavy winds and torrential rains. The
combination proved devastating, destroying 90% of all structures within a half mile of
the coastline. The storm destroyed bridges, barges, boats, piers, houses, and cars.
Eighty-two counties were declared disaster areas. Some 900,000 people were left
without power; 238 people were left dead. Mississippi might have been the center of
national attention, except for what happened in New Orleans. [2]
New Orleans
New Orleans was at particular risk. Though about half the city actually lies above sea
level, its average elevation is about six feet below sea level–and it is completely
surrounded by water. Over the course of the 20th century, the Army Corps of
Engineers had built a system of levees and seawalls to keep the city from flooding. The
levees along the Mississippi River were strong and sturdy, but the ones built to hold
back Lake Pontchartrain, Lake Borgne and the waterlogged swamps and marshes to
the city’s east and west were much less reliable. Even before the storm, officials
worried that those levees, jerry-built atop sandy, porous, erodible soil, might not
withstand a massive storm surge. Neighborhoods that sat below sea level, many of
which housed the city’s poorest and most vulnerable people, were at great risk of
flooding. [3]
The day before Katrina hit, New Orleans Mayor Ray Nagin issued the city’s first-ever
mandatory evacuation order. [3] Between 80 and 90 percent of the residents of New
Orleans were evacuated safely in time before the hurricane struck. Despite this, about
100,000 remained in the city, mainly those who did not have access to personal
vehicles. [2] To assist those left behind, Mayor Nagin opened the Superdome as a
“shelter of last resort”. The stadium was situated on relatively high ground near
downtown. It had been used as a shelter during previous storms, including Hurricane
Georges in 1998. The Superdome had been estimated to withstand winds up to 200
miles per hour, and water levels of 35 feet. By the evening of August 28, the night
before Hurricane Katrina hit, some 20,000 people had taken shelter in the Superdome
under the care of 300 Louisiana National Guard. [4]
Part I: Hard Lessons
New Orleans was at
particular risk. Though
about half the city
actually lies above sea
level, its average
elevation is about six
feet below sea level–and
it is completely
surrounded by water.
117
At 3 a.m. on August 29, Hurricane Katrina made landfall near Buras-Triumph, Louisiana
as a strong Category 3 storm with 125 mph winds. It brought a 14-foot storm surge
and 8-10 inches of rain. These raised the level of Lake Pontchartrain causing significant
flooding along its northeastern shore. Several bridges were destroyed, including the I-
10 Twin Span Bridge connecting New Orleans to Slidell. Most of the roads traveling
into and out of the city were damaged. The only routes out of the city were the
westbound Crescent City Connection and Lake Pontchartrain Causeway, which was
restricted to emergency traffic. Power went out. High winds blew out the windows of
many high-rise buildings, and peeled back the waterproof membrane of the
Superdome. However, by mid-day as the eye of the hurricane passed east of the city, it
seemed New Orleans had been spared the worst of the storm. Despite the heavy
winds and rain, most buildings appeared to be structurally intact. But then the levees
began to break. [4]
Katrina’s storm surge overwhelmed the city’s levees and drainage canals. The
Mississippi River Gulf Outlet breached its levees in 20 places, flooding much of east
New Orleans, most of Saint Bernard Parish, and the East Bank of Plaquemines Parish.
The federally built levee system protecting metro New Orleans breached in 53 places,
including the 17th Street Canal, London Avenue Canal, and the Industrial Canal. By
August 31, 2005, 80% of New Orleans was flooded, with some parts under 15 feet of
water. [4]
The extensive flooding stranded many residents in their homes. Many chopped their
way onto their roofs with hatchets and sledge hammers, which residents had been
urged to store in their attics in case of such events. House tops across the city were
dotted with survivors. Some were trapped inside their attics, unable to escape.
Trapped in their homes, many families awaited rescue, without power, without water,
without food. [4]
The first deaths were reported shortly before midnight on August 28, as three nursing
home patients died during an evacuation to Baton Rouge. By 11:00 pm on August 29,
Mayor Nagin described the loss of life as “significant” with reports of bodies floating on
the water throughout the city, though primarily in the eastern portions. The National
Guard began setting up temporary morgues in select locations. [4]
After the storm passed, on August 30, as flood waters continued to rise, the media
reported rampant arson and looting across the city. Atrocities were reported at the
Superdome. Later investigations proved most of the reports greatly exaggerated. Still,
there was a breakdown in civil order, spurred, in part, by desertions within the New
Orleans Police Department. On August 31, Mayor Nagin imposed a curfew and
ordered the NOPD to abandon search and rescue missions in order to restore civil
Chapter 8: Failure of Initiative
Katrina’s storm surge
overwhelmed the city’s
levees and drainage
canals. The Mississippi
River Gulf Outlet
breached its levees in 20
places, flooding much of
east New Orleans, most
of Saint Bernard Parish,
and the East Bank of
Plaquemines Parish.
The federally built levee
system protecting metro
New Orleans breached
in 53 places
118
order. The same day, Governor Blanco ordered in 6500 National Guard. Relief efforts
were disrupted by violence. Charity Hospital was forced to halt patient evacuations
after coming under gunfire. On September 2, Governor Blanco requested an additional
40,000 National Guard for assistance in evacuation and security. [4]
The situation was indeed miserable at the Superdome. On August 29, as Katrina
passed over New Orleans it ripped two holes into the roof. The scene inside the
building was described as chaotic; reports of rampant drug use, fights, rape, and filthy
living conditions were widespread. Despite increasingly squalid conditions, the
population inside continued to grow as many more arrived hoping to find food, water,
and maybe transportation out of town. On August 31, Governor Blanco ordered the
Superdome evacuated, and sent in 68 school buses to relocate civilians to the Houston
Astrodome. By September 4, the Superdome was completely evacuated. [4]
As rescue operations commenced on August 29, rescuers began dropping people off
outside the Convention Center. It was meant to be a transit point to shelter. The
problem was, no transportation was sent. By the afternoon of the 29th, a crowd of
about 1,000 people had begun to gather outside the Convention Center. After being
told the facility had no food, water, or services, the crowd nonetheless broke in and
took refuge. The next day, a contingent of 250 National Guard engineers arrived and
began working from the facility. The engineers were never given orders to control the
crowd, nor were they prepared for the task. Still, the number of people at the
Convention Center continued to grow over the next three days; some sent there from
the Superdome, some dropped off after being rescued from their roof, and some
arriving of their own volition. There was nobody in charge; nobody to provide for the
evacuees’ care and safety. Reports of robberies, murder, and rape began to surface. A
large cache of alcohol was stolen. People died, and their bodies left where they passed.
Finally, on September 2, a sizable contingent of National Guard arrived to establish
order and provide essential provisions. On September 3, buses began arriving and
refugees evacuated. By September 4, the Convention Center was completely
evacuated. [4]
Final reports indicate that the official death toll, according to the Louisiana Department
of Health, was 1,464 people. [4] Investigations following the hurricane decried many of
the deaths as “preventable”. [1, p. 2] Furthermore, they determined that the suffering
in the days and weeks after the storm was unnecessarily prolonged, and even
exacerbated by the failure of government at all levels to plan, prepare, and respond
aggressively to the storm. [5, p. 2]
Part I: Hard Lessons
Final reports indicate
that the official death
toll, according to the
Louisiana Department of
Health, was 1,464
people. Investigations
following the hurricane
decried many of the
deaths as “preventable”.
Furthermore, they
determined that the
suffering in the days and
weeks after the storm
was unnecessarily
prolonged.
119
Chapter 8: Failure of Initiative
Table 8-1: Hurricane Katrina New Orleans Timeline
Date Description
Wed.
24 Aug 05
First alerts of a tropical storm stirring in Caribbean
Fri.
26 Aug 05
Most residents work a full day and take “wait and see” approach
5 pm warnings from National Weather Service show Hurricane Katrina turning
New Orleans potentially within range
Sat.
27 Aug 05
Saturday morning most residents learn that Katrina’s path is set for New Orleans
Metro-area evacuations begin en masse clogging all outbound arteries of the city for 48 hours
St. Tammany, St. Charles, Plaquemines Parishes announce mandatory evacuations
Orleans and Jefferson Parish both announce voluntary evacuations
Governor Blanco sends “State of Emergency” letter to President Bush
Louisiana State University scientists issue a projected storm surge map
Sun.
28 Aug 05
At 9:30 am Orleans Parish issues first-ever mandatory evacuation
At 10 am Katrina becomes a Category 5 storm with winds of 175 mph
At 11:30 am, President Bush vows to help those affected by the storm
State puts contra-flow plan into effect on interstates
Superdome designated city’s “refuge of last resort”
Director of the National Hurricane Center warns Times-Picayune of a “worst-case scenario”
Tropical storm-force winds close down emergency services in metro area
At 9 pm, Times-Picayune building loses power, generators power up
Mon.
29 Aug 05
At 3 am, Katrina makes landfall as a Category 3 hurricane
Metro-area emergency officials hold status meeting
At 6 am, 317,000 households are without power
At 7 am, water reported coming over the levee in the 9th Ward
At 8:45 am, six to eight-foot flood waters reported in Lower 9th Ward
At 9 am, winds rip hole in roof of Superdome
At 9 am, eye of the storm passes to the east of New Orleans central business district.
Windows in high-rise buildings blow out
11 am, National Weather Service reports a breach in the Industrial Canal levee, emptying Lake Pontchartrain
into the neighborhoods of Eastern New Orleans, the Lower Ninth Ward in Orleans Parish and all of St. Bernard
Parish
2 pm, breach in the 17th Street Canal is confirmed; Lakeview, Mid-City, Broodmoor, Gentilly flooded over next
48 hours.
2 pm, flood waters in the Lower Ninth Ward reach 12 feet in some areas
Flood waters continue to rise and it becomes apparent that it is a worst-case scenario
Tue.
30 Aug 05
9 am, Times-Picayune employees evacuate building in delivery trucks as water rises a foot an hour
Local media reports that Martial Law is declared in Orleans, Jefferson and Plaquemines Parish
Looting reports go national presenting
Flood waters continue to rise throughout city
Wed.
31 Aug 05
Flood waters reach an equilibrium as the “bowl” of the city is now even with Lake Ponchartrain
Some neighborhoods under as much as 20 feet of water
Hellish scenes reported from those stranded in the Superdome: assaults, rape and suicide reported though later
most dismissed
Estimates of 30 days before city can be pumped out
Thousands stranded in houses, on roofs
Approximately one million people without power in metro area
Media reports that thousands are stranded in the New Orleans Convention Center without food or water as a
steady stream of people, many from the flooded Central City neighborhood, trickled first toward Lee Circle and
then to the Convention Center, hoping to be saved from increasingly desperate straits
120
Failure Analysis
According to the Senate investigation of Hurricane Katrina, government failure was
pervasive in that 1) long-term warnings went unheeded and government officials
neglected their duties to prepare for a forewarned catastrophe; 2) government officials
took insufficient actions or made poor decisions in the days immediately before and
after landfall; 3) systems on which officials relied on to support their response efforts
failed, and 4) government officials at all levels failed to provide effective leadership.
The results were tragic loss of life and human suffering on a massive scale, and an
undermining of confidence in the governments’ ability to plan, prepare for, and
respond to national catastrophes. [5, p. 2]
Unheeded Warnings
The potentially devastating threat of a catastrophic hurricane to the Gulf region has
been known for forty years: New Orleans experienced flooding in some areas of
remarkably similar proportions from Hurricane Betsy in 1965, and Hurricane Camille
devastated the Gulf Coast in 1969. More recently, numerous experts and
governmental officials had been anticipating an increase in violent hurricanes, and
Part I: Hard Lessons
Date Description
Thu.
1 Sep 05
Corps of Engineers begins to build dam to stop levee breach at the 17th Street Canal
More than 10,000 people have been rescued in St. Bernard Parish
Times-Picayune asks, “Where is the Cavalry?”; No federal help arrived
Governor Blanco demands “no less than 40,000 troops”
Mayor Nagin lambasts federal officials in a tirade for their lack of effective response
First 5,000 of approximately 23,000 evacuees arrive at Houston Astrodome by bus
Bush seeks $10.5 billion storm-relief package
Fri.
2 Sep 05
7,000 soldiers move in on the Convention Center; they confront 15,000 angry refugees and a boulevard littered
with putrefying corpses
Fires break out in various warehouses across the city
Bush tours area, says what is wrong “we’re going to make right”
Mayor Nagin predicts electricity to be out in city for three months
Airport becomes way station for refugees
Thousands of refugees still in Superdome, Convention Center and I-10
Sat.
3 Sep 05
FEMA says storm overwhelmed agency; outrage grows in Washington
Authorities begin to regain grip on city with military’s aid
President Bush orders 7,200 additional active duty troops to the region, for a total of 30,000
Rape, gunfire reported at Convention Center
Law enforcement agencies fielded about 1,000 distress 911 calls Saturday
St. Bernard rescuers find 31 dead in nursing home
Death toll expected to be in thousands, though nothing official yet
Last of evacuees taken from Superdome and Convention Center
Jefferson Parish President Aaron Broussard breaks down on “Meet the Press” and tells how a colleague’s elderly
mother died in her home Friday after waiting four days for rescuers that never arrived
Rescuers continue to pluck residents from hellish waters
Sun.
4 Sep 05
Estimated 2,000 people, many of them with serious medical problems, were still housed inside Louis Armstrong
International Airport
Mon.
5 Sep 05
16,000 National Guard troops dedicated to search and rescue mission
Jefferson Parish residents allowed home to survey damage
Agencies begin trying to save stranded pets
Corps of Engineers shifts work to damning London Avenue Canal
Mayor Nagin says more than 10,000 could be dead
Makeshift morgue set up in St. Gabriel, La. to handle 140 bodies per day [6]
121
New Orleans’ special and growing vulnerability to catastrophic flooding due to
changing geological and other conditions was widely described in both technical and
popular media. [5, p. 4]
Hurricane Georges hit the Gulf in 1998, spurring the state of Louisiana to ask FEMA for
assistance with catastrophic hurricane planning. Little was accomplished for the next
six years. Between 2000 and 2003, state authorities, an emergency-preparedness
contractor, and FEMA’s own regional staff repeatedly advised FEMA headquarters in
Washington that planning for evacuation and shelter for the “New Orleans scenario”
was incomplete and inadequate, but FEMA failed to approach other federal agencies
for help with transportation and shelter or to ensure that the City and State had the
matters in hand. [5, p. 4]
Then, in 2004, after a White House aide received a briefing on the catastrophic
consequences of a Category 3 hurricane hitting New Orleans, the federal government
sponsored a planning exercise, with participation from federal, state, and local officials,
based on a scenario whose characteristics foreshadowed most of Katrina’s impacts.
While this hypothetical “Hurricane Pam” exercise resulted in draft plans beginning in
early 2005, they were incomplete when Katrina hit. Nonetheless, some officials took
the initiative to use concepts developed in the drafts, with mixed success in the critical
aspects of the Katrina response. However, many of its admonitory lessons were either
ignored or inadequately applied. [5, p. 4]
During the Pam exercise, officials determined that massive flooding from a
catastrophic storm in New Orleans could threaten the lives of 60,000 people and trap
hundreds of thousands more, while incapacitating local resources for weeks to
months. The Pam exercise gave all levels of government a reminder that the “New
Orleans scenario” required more forethought, preparation, and investment than a
“typical” storm. Also, it reinforced the importance of coordination both within and
among federal, state, and local governments for an effective response. [5, p. 5]
The specific danger that Katrina posed to the Gulf Coast became clear on the afternoon
of Friday, August 26, when forecasters at the National Hurricane Center and the
National Weather Service saw that the storm was turning west. First in phone calls to
Louisiana emergency management officials and then in their 5 p.m. EDT Katrina
forecast and accompanying briefings, they alerted both Louisiana and Mississippi that
the track of the storm was now expected to shift significantly to the west of its original
track to the Florida panhandle. The National Hurricane Center warned that Katrina
could be a Category 4 or even a 5 by landfall. By the next morning, Weather Service
Officials directly confirmed to the Governor of Louisiana and other state and local
officials that New Orleans was squarely at risk. [5, p. 5]
Chapter 8: Failure of Initiative
According to the Senate
investigation of
Hurricane Katrina,
government failure was
pervasive in that 1) long
-term warnings went
unheeded ; 2)
government officials
took insufficient actions;
3) systems on which
officials relied on to
support their response
efforts failed, and 4)
government officials at
all levels failed to
provide effective
leadership.
122
Over the weekend, there was a drumbeat of warnings: FEMA held video-
teleconferences on both days, where the danger of Katrina and the particular risks to
New Orleans were discussed; Max Mayfield of the Hurricane Center called the
governors of the affected states, something he had only done once before in his 33
year career; President Bush took the unusual step of declaring in advance an
emergency for the states in the impact zone; numerous media reports noted that New
Orleans was a “bowl” and could be left submerged by the storm; the Department of
Homeland Security’s Simulation and Analysis group generated a report stating that the
levees protecting New Orleans were at risk of breaching and overtopping; internal
FEMA slides stated that the projected impacts of Katrina could be worse than those in
the Hurricane Pam exercise. The warnings were as widespread as they were dire. [5, p.
5]
Insufficient Preparation
While the State of Louisiana and the City of New Orleans undertook unprecedented
measures to prepare ahead of the storm, ineffective leadership, poor advance planning
and an unwillingness to devote sufficient resources to emergency management over
the long term doomed them to fail when Katrina struck. Despite the understanding of
the Gulf Coast’s particular vulnerability to hurricane devastation, officials braced for
Katrina with full awareness of critical deficiencies in their plans and gaping holes in
their resources. While Katrina’s destructive force could not be denied, state and local
officials did not marshal enough of the resources at their disposal. [5, p. 6]
For example, while Governor Blanco stated in a letter to President Bush two days
before landfall that she anticipated the resources of the state would be overwhelmed,
she made no specific request for assistance in evacuating the known tens of thousands
of people without means of transportation, and a senior state official identified no
unmet needs in response to a federal offer of assistance the following day. The state’s
transportation secretary also ignored his responsibilities under the state’s emergency
operations plan, leaving no arm of the state government prepared to obtain and
deliver additional transportation to those in New Orleans who lacked it, when Katrina
struck. In view of the long-standing role of requests as a trigger for action by higher
levels of government, the state bears responsibility for not signaling its needs to the
federal government more clearly. [5, p. 6]
Compounded by leadership failures of its own, the federal government bears
responsibility for not preparing effectively for its role in the post storm response. [5, p.
6]
Part I: Hard Lessons
While Katrina’s
destructive force could
not be denied, state and
local officials did not
marshal enough of the
resources at their
disposal.
123
FEMA was unprepared for a catastrophic event of the scale of Katrina. Established in
1979 to consolidate emergency management functions previously dispersed
throughout federal government, FEMA had not developed – nor had it been designed
to develop – response capabilities sufficient for a catastrophe the size of Katrina. Nor
had it developed the capacity to mobilize sufficient resources from other federal
agencies, and the private and nonprofit sectors. [5, p. 6]
Moreover, FEMA’s Director, Michael Brown, lacked the leadership skills that were
needed. Before landfall, Brown did not direct the adequate pre-positioning of critical
personnel and equipment, and willfully failed to communicate with his boss, Secretary
Chertoff. Earlier in the hurricane season, FEMA had pre-positioned an unprecedented
amount of relief supplies in the region. But the supplies were not enough. Similarly,
while both FEMA and the Department of Health and Human Services made efforts to
activate the federal emergency health capabilities of the National Disaster Medical
System (NDMS) and the U.S. Public Health Service, only a limited number of federal
medical teams were actually in position prior to landfall to deploy into the affected
area. Only one such team was in a position to provide immediate medical care in the
aftermath of the storm. [5, p. 7]
More broadly, the newly created Department of Homeland Security, charged with
preparing for and responding to domestic incidents, failed to effectively lead the
federal response to Hurricane Katrina. DHS leadership failed to bring a sense of
urgency to the federal government’s preparation for Hurricane Katrina, and Secretary
Chertoff himself should have been more engaged in preparations over the weekend
before landfall. Secretary Chertoff made only top-level inquiries into the state of
preparations, and accepted uncritically the reassurances he received. He did not
appear to reach out to the other Cabinet Secretaries to make sure that they were
readying their departments to provide whatever assistance DHS – and the people of
the Gulf – might need. [5, p. 7]
Similarly, had he invoked the Catastrophic Incident Annex (CIA) of the NRP, Secretary
Chertoff could have helped remove uncertainty about the federal government’s need
and authority to take initiative before landfall and signaled that all federal government
agencies were expected to think – and act – proactively in preparing for and
responding to Katrina. The Secretary’s activation of the National Response Plan (NRP)
CIA could have increased the urgency of the federal response and led the federal
government to respond more proactively rather than waiting for formal requests from
Chapter 8: Failure of Initiative
More broadly, the newly
created Department of
Homeland Security,
charged with preparing
for and responding to
domestic incidents,
failed to effectively lead
the federal response to
Hurricane Katrina.
124
overwhelmed state and local officials. Understanding that delay may preclude
meaningful assistance and that state and local resources could be quickly
overwhelmed and incapacitated, the NRP CIA directed federal agencies to pre-position
resources without awaiting requests from the state and local governments. Even then,
the NRP CIA held these resources at mobilization sites until requested by state and
local officials, except in certain prescribed circumstances. [5, p. 7]
The military also had a role to play, and ultimately, the National Guard and active duty
military troops and assets deployed during Katrina constituted the largest domestic
deployment of military forces since the Civil War. And while the Department of
Defense took additional steps to prepare for Katrina beyond those it had taken for
prior civil support missions, its preparations were not sufficient for a storm of Katrina’s
magnitude. Individual commanders took actions that later helped improve the
response, but these actions were not coordinated by the Department. The
Department’s preparations were consistent with how DOD interpreted its role under
the National Response Plan, which was to provide support in response to requests for
assistance from FEMA. However, additional preparations in advance of specific
requests for support could have enabled a more rapid response. [5, pp. 7-8]
In addition, the White House shared responsibility for the inadequate pre-landfall
preparations. To be sure, President Bush, at the request of FEMA Director Michael
Brown, did take the initiative to personally call Governor Blanco to urge a mandatory
evacuation. He also took the unusual step of declaring an emergency in the Gulf States
prior to Katrina making landfall. On the other hand, the President did not leave his
Texas ranch to return to Washington until two days after landfall, and only then
convened his Cabinet as well as a White House task force to oversee federal response
efforts. [5, p. 8]
The effect of the long-term failures at every level of government to plan and prepare
adequately for a catastrophic hurricane in the Gulf was evident in the inadequate
preparations before Katrina’s landfall and then again in the initial response to the
storm. [5, p. 8]
Inadequate Response
Flooding in New Orleans drove thousands of survivors to attics and rooftops to await
rescue. Infrastructure damage complicated the organization and conduct of search-and
-rescue missions. Destruction of communications towers and equipment in particular
limited the ability of crews to communicate with one another, undermining
coordination and efficiency. Rescuers also had to contend with weapons fire, debris,
and polluted water. [5, p. 8]
Part I: Hard Lessons
The military also had
a role to play, and
ultimately, the
National Guard and
active duty military
troops and assets
deployed during
Katrina constituted
the largest domestic
deployment of
military forces since
the Civil War.
125
Planning for search and rescue was also insufficient. FEMA, for instance, failed to
provide boats for its search and rescue teams even though flooding had been
confirmed by Tuesday. Moreover, interagency coordination was inadequate at both
the state and federal levels. While the Louisiana Department of Fisheries and Wildlife
and FEMA are responsible for interagency search and rescue coordination at the state
and federal levels respectively, neither developed adequate plans for this mission.
Staggeringly, the City of New Orleans Fire Department owned no boats, and the New
Orleans Police Department owned five. Meanwhile, widespread communications
failures in Louisiana and Mississippi were so bad that many officers reverted to either
physically running messages from one person to another, or passing messages along a
daisy chain of officers using radios with limited range. [5, p. 9]
While authorities recognized the need to begin search-and-rescue missions even
before the hurricane winds fully subsided, other aspects of the response were
hindered by a failure to quickly recognize the dimensions of the disaster. On the day
after landfall, DHS officials were still struggling to determine the “ground truth” about
the extent of the flooding despite the many reports it had received about the
catastrophe; key officials did not grasp the need to act on the less-than-complete
information that is to be expected in a disaster. DHS leaders did not become fully
engaged in recovery efforts until Thursday, September 1, two days after Hurricane
Katrina hit New Orleans. But this effort should have begun sooner. [5, p. 9]
FEMA Director Michael Brown, then in Louisiana, contributed to the problem by
refusing to communicate with Secretary Chertoff opting instead to pass information
directly to White House staff. Moreover, even though senior DHS officials did receive
on the day of landfall numerous reports that should have led to an understanding of
the increasingly dire situation in New Orleans, many indicated they were not aware of
the crisis until sometime Tuesday morning, August 30, the day after landfall. [5, p. 9]
The Department of Defense also was slow to acquire information regarding the extent
of the storm’s devastation. DOD officials relied primarily on media reports for their
information. Many senior DOD officials did not learn that the levees had breached until
Tuesday; some did not learn until Wednesday, August 31, two days after Katrina made
landfall. As DOD waited for DHS to provide information about the scope of the
damage, it also waited for the lead federal agency, FEMA, to identify the support
needed from DOD. The lack of situational awareness during this phase appears to have
been a major reason for DOD’s belated adoption of the forward-looking posture
necessary in a catastrophic incident. [5, p. 10]
Chapter 8: Failure of Initiative
The Department of
Defense also was slow
to acquire information
regarding the extent of
the storm’s devastation.
DOD officials relied
primarily on media
reports for their
information.
126
While large numbers of active-duty troops did not arrive until the end of the first week
following landfall, the Department of Defense contributed in other important ways
during that period. Early in the week, DOD ordered its military commanders to push
available assets to the Gulf Coast. They also streamlined their ordinarily bureaucratic
processes for handling FEMA requests for assistance and emphasized movement based
on vocal commands with the paperwork to follow, though some FEMA officials believe
that DOD’s approval process continued to take too long. They provided significant
support to search-and-rescue missions, evacuee airlifts, logistics management of buses
arriving in the State for evacuation, and other matters. [5, p. 11]
Toward the end of the week, with its own resources stretched thin, FEMA turned to
DOD to take over logistics for all commodity movements. The Department of Defense
acceded to the request, and provided some logistics assistance to FEMA. However, it
did not undertake the complete logistical take-over initially requested by FEMA
because that was not needed. [5, p. 12] On Wednesday, August 31, the National Guard
Bureau began calling on state Adjutants General to deploy National Guard forces. This
process quickly resulted in the largest National Guard deployment in U.S. history, with
50,000 troops and supporting equipment arriving from 49 states and four territories
within two weeks. [5, p. 11] These forces brought in relief supplies provided by FEMA,
established law and order, and assisted with evacuations. [5, p. 12]
Law Enforcement
Law enforcement outside the Superdome and the Convention Center was a problem,
and was fueled by several contributing factors, including erroneous statements by top
city officials inflaming the public’s perception of the lawlessness in New Orleans. [5, p.
12]
Without effective law enforcement, real or imagined safety threats interrupted
virtually every aspect of the response. Fearing for their personal safety, medical and
search and rescue teams withdrew from their missions. FEMA and commercial vendors
of critical supplies often refused to make deliveries until military escorts could be
arranged. In fact, there was some lawlessness, yet for every actual act there were
rumors of dozens more, leading to widespread and inaccurate reporting that severely
complicated a desperate situation. Unfortunately, local, state, and federal officials did
little to stanch this rumor flow. Police presence on the streets was inadequate, in part
because in a matter of hours Katrina turned the New Orleans police department from
protectors of the public to victims of the storm. Nonetheless, most New Orleans police
officers appear to have reported for duty, many setting aside fears about the safety of
their families or the status of their homes. [5, p. 12]
Part I: Hard Lessons
Without effective law
enforcement, real or
imagined safety threats
interrupted virtually
every aspect of the
response.
127
Even so, the ability of the officers who remained to perform their duties was
significantly hampered by the lack of basic supplies. While supplies such as weapons
and ammunition were lost to flooding, the NOPD leadership did not provide its officers
with basic necessities such as food; nor did the department have logistics in place to
handle supplies. Members of the NOPD also identified the lack of a unified command
for this incident as a major problem; eight members of the Command Staff were
extremely critical of the lack of leadership from the city’s Office of Emergency
Preparedness (OEP). The department’s rank and file were unfamiliar with both the
department’s and the city’s emergency-operations manuals and other hurricane
emergency procedures. Deficiencies in the NOPD’s manual, lack of training on this
manual, lack of familiarity with it, or a combination of the three resulted in inadequate
protection of department resources. [5, p. 13]
Federal law-enforcement assistance was too slow in coming, in large part because the
two federal departments charged with providing such assistance – DHS and the
Department of Justice (DOJ) – had done almost no pre-storm planning. In fact, they
failed to determine even well into the post-landfall period which of the two
departments would assume the lead for federal law enforcement. As a result, later in
the week, as federal law-enforcement officers did arrive, some were distracted by a
pointless “turf war” between DHS and DOJ over which agency was in the lead. In the
end, federal assistance was crucial, but should have arrived much sooner. [5, p. 13]
Health Care
Medical teams had to triage more than 70,000 evacuees and provide acute care to the
sick and wounded. While officials used plans developed in Hurricane Pam as a helpful
framework for managing this process, existing emergency-room facilities were
overwhelmed by the volume of patients. Local and state officials quickly set up
temporary field hospitals at a sports arena and a K-mart in Baton Rouge to supplement
hospital capacity. [5, p. 14]
New Orleans had a large population of “special needs patients,” individuals living at
home who required ongoing medical assistance. Before Katrina struck, the City Health
Department activated a plan to establish a care facility for this population within the
Superdome and provided transportation to evacuate several hundred patients and
their caregivers to Baton Rouge. While Superdome facilities proved useful in treating
special needs patients who remained behind, they had to contend with shortages of
supplies, physical damage to the facility necessitating a post-landfall relocation of
patients and equipment to an area adjacent to the Dome, and a population of more
than 20,000 people using the Superdome as a refuge of last resort. Also, FEMA’s
Chapter 8: Failure of Initiative
Federal law-
enforcement assistance
was too slow in coming,
in large part because
the two federal
departments charged
with providing such
assistance – DHS and
the Department of
Justice (DOJ) – had done
almost no pre-storm
planning.
128
Disaster Medical Assistance Teams which provide the invaluable resources of
pharmacies and hospital equipment, arrived at the Superdome on the night following
landfall, but left temporarily on Thursday, before the evacuation of the Superdome’s
special needs population was completed, because of security concerns. [5, p. 14]
In Louisiana, hospitals had to evacuate after landfall on short notice principally due to
loss of electrical power. While hospitals had evacuated some of their patients before
landfall, they had retained others thought to be too frail for transport, and believed by
staying open they would be available to serve hurricane victims. Their strategy became
untenable after landfall when power was lost, and their backup generators were
rendered inoperable by flooding and fuel shortages. The Louisiana Department of
Health and Hospitals stepped in to arrange for their evacuation; while successful, it had
to compete with search and rescue teams for helicopters and other needed resources.
[5, p. 14]
Many nursing homes in and around New Orleans lacked adequate evacuation plans.
While they were required to have plans on file with local government, there was no
process to ensure that there were sufficient resources to evacuate all the nursing
homes at once, and dozens of patients who were not evacuated died. When
evacuation became necessary, some sent their patients to the Superdome, where
officials struggling to handle the volume of patients already there were obliged to
accept still more. [5, p. 14]
Evacuations
The City of New Orleans, with primary responsibility for evacuation of its citizens, had
language in its plan stating the city’s intent to assist those who needed transportation
for pre-storm evacuation, but had no actual plan provisions to implement that intent.
In late 2004 and 2005, city officials negotiated contracts with Amtrak, riverboat owners
and others to pre-arrange transportation alternatives, but received inadequate
support from the city’s Director of Homeland Security and Emergency Preparedness,
and contracts were not in place when Katrina struck. As Katrina approached,
notwithstanding the city’s evacuation plans on paper, the best solution New Orleans
had for people without transportation was a private-citizen volunteer carpool initiative
called Operation Brothers’ Keepers and transit buses taking people – not out of the
city, but to the Superdome. [5, p. 16]
Part I: Hard Lessons
The City of New Orleans,
with primary
responsibility for
evacuation of its
citizens, had language in
its plan stating the city’s
intent to assist those
who needed
transportation for pre-
storm evacuation, but
had no actual plan
provisions to implement
that intent.
129
The Louisiana Department of Transportation and Development, whose Secretary had
personally accepted departmental responsibility under the state’s emergency
operations plan to arrange for transportation for evacuation in emergencies, had done
nothing to prepare for that responsibility prior to Katrina. Had his department
identified available buses or other means of transport for evacuation within the state
in the months before the hurricane, at a minimum the State would have been
prepared to evacuate people stranded in New Orleans after landfall more quickly than
it did. [5, p. 16]
While the Superdome provided shelter from the devastating winds and water,
conditions there deteriorated quickly. Katrina’s “near miss” ripped the covering off the
roof, caused leaking, and knocked out the power, rendering the plumbing, air
conditioning, and public announcement system totally useless. [5, p. 16] By Tuesday
afternoon, the New Orleans Superdome had become overcrowded, leading officials to
turn additional refugees away. Mayor Nagin directed evacuees be sent to the
Convention Center, but communicated his decision to state and federal officials poorly,
if at all. That failure, in addition to the delay of shipments due to security concerns and
DHS’s own independent lack of awareness of the situation, contributed to the paucity
of food, water, security or medical care at the Convention Center, as a population of
approximately 19,000 gathered there. [5, p. 12]
On Monday, August 29, as Katrina passed over New Orleans, Governor Blanco asked
FEMA Director Michael Brown for buses. Brown assured the state the same day that
500 buses were enroute to assist in the evacuation of New Orleans and would arrive
within hours. In spite of Brown’s assurances and the state’s continued requests over
the course of the next two days, FEMA did not direct the U.S. Department of
Transportation to send buses until very early on Wednesday, August 31, two days after
landfall. Still, the buses did not begin to arrive until Wednesday evening and not in
significant numbers until the next day, four days after landfall. Concerned over FEMA’s
delay in providing buses – and handicapped by the Louisiana Department of
Transportation and Development’s utter failure to make any preparation to carry out
its lead role for evacuation under the state’s emergency plan – Governor Blanco
directed members of her office to begin locating buses on Tuesday and approved an
effort to commandeer school buses for evacuation on Wednesday. But these efforts
were too little, too late. Tens of thousands of people were forced to wait in
unspeakably horrible conditions until as late as Saturday, September 4, to be
evacuated. [5, p. 13]
Chapter 8: Failure of Initiative
The Louisiana
Department of
Transportation and
Development, whose
Secretary had personally
accepted departmental
responsibility under the
state’s emergency
operations plan to
arrange for
transportation for
evacuation in
emergencies, had done
nothing to prepare for
that responsibility prior
to Katrina.
130
Conclusion
Effective response to mass emergencies is a critical role of every level of government.
It is a role that requires a substantial amount of planning, coordination and dispatch
among governments’ diverse units. Following the terrorist attacks of 9/11, the nation
underwent one of the most sweeping reorganizations of federal government in history.
While driven primarily by concerns of terrorism, the reorganization was designed to
strengthen our nation’s ability to address the consequences of both natural and man-
made disasters. In its first major test, this reorganized system failed. [5, p. 2]
Part I: Hard Lessons
131
Chapter 8: Failure of Initiative
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. Why wasn’t New Orleans completely evacuated in advance of the storm?
2. How did City and State emergency managers fail to assist the evacuation?
3. How did City and State emergency managers fail to provide adequate shelter?
4. How did the breakdown in local law enforcement contribute to the disaster?
5. Describe the breakdown in communications between the Governor and President.
6. Describe the breakdown in communications within the new Department of Homeland Security.
7. Describe the breakdown in communications between the responding military forces.
8. Explain why the House Report characterized the response to Hurricane Katrina as a “failure of initiative”.
9. If you were mayor of New Orleans, why would you wait to evacuate your city?
10. If you were mayor of New Orleans, how would you expedite your city’s evacuation?
132
133
Part II:
HS, DHS, & HS Enterprise
This section examines the purpose, formation, evolution, and performance of the Department of Homeland Security,
and its role within the Homeland Security Enterprise. We begin by examining the definition of homeland security.
Unfortunately, the official definition as listed in the 2010 Quadrennial Homeland Security Review, and affirmed in the
2014 QHSR, is completely inadequate. If terrorism and natural disasters are indeed the primary homeland security
concerns as indicated, then a Department of Homeland Security would’ve been created decades earlier following any
number of terrorist incidents or natural disasters. In order to cut through the confusion we offer our own working
definition of homeland security: “To safeguard the United States from domestic catastrophic destruction.” This
definition makes clear that the homeland security concern is domestic catastrophic destruction, no matter what the
motive or cause. And because there are no guaranteed safeguards, homeland security must encompass missions
across the spectrum of prevent, protect, mitigate, respond, and recover. In the prevent and protect mission areas,
DHS is nationally responsible for aviation security, maritime security, surface transportation security, border security,
and immigration enforcement. In the mitigation mission area, DHS works together in partnership with public and
private agencies to reduce critical infrastructure vulnerability to attack, especially cyber attack. And in the respond
and recover mission areas, DHS leads national efforts to enhance interoperability and capability within the First
Responder community. Under authorities provided in the Homeland Security Act, and at the explicit direction of
Congress, DHS has evolved since it was established to better meet its mission requirements. In 2010, at the direction
of Congress, DHS instituted the QHSR process to continuously and systematically review their mission and organization
to ensure they continue to do the right thing, and that they continue to do it right. And while DHS has filled important
gaps exposed by 9/11, homeland security remains a team sport, requiring cooperation not just among Federal
agencies, but also among State, Local, and Tribal governments as part of the Homeland Security Enterprise. For some
missions, like critical infrastructure protection, DHS is the primary agency and leads efforts with help from many
supporting agencies, including infrastructure owners and operators. For other missions, like counterterrorism, DHS is a
supporting agency to the FBI, forwarding actionable leads developed by its many components and partners. Though
DHS’ progress has not been without significant challenges, and they still have substantial ground to gain, it can be
confidently stated that the nation is better prepared to deal with catastrophic destruction than at any time before 9/11
or Hurricane Katrina.
134
Part II: HS, DHS, & HS Enterprise
135
Homeland Security
Careful study of this chapter will help a student do the following:
Discuss the evolving definition of “homeland security”.
Evaluate the various definitions of “homeland security”.
Explain why the U.S. invaded Afghanistan in October 2001.
Chapter 9
Learning Outcomes
Chapter 9: Homeland Security
136
Con·flate /kənˈflāt/ Verb. To combine two or more ideas into one.
– Dictionary.com
Introduction
The 1995 Tokyo subway attack was a turning point in American national security policy
when non-state actors bearing weapons of mass destruction became a credible threat
to the United States. [1] After the 1993 World Trade Center bombing and 1995
Oklahoma City bombing, two terrorist-motivated attacks on U.S. soil, three separate
government commissions were established to investigate terrorist attacks employing
WMD in the United States. As 9/11 would prove, the commissions found the nation
unprepared to respond let alone thwart a catastrophic attack, and ultimately
recommended the establishment of a homeland security agency to address such
threats. [2, p. vi] In the process, they also conflated the concepts of “terrorism” and
“domestic catastrophic attack”, consequently confusing the concept of “homeland
security”. The purpose of this chapter is to examine the definition of “homeland
security”, and make a clear understanding of what it is, and what it is not.
Pre-9/11
The Hart-Rudman Commission was chartered by Secretary of Defense William Cohen in
1998 to provide a comprehensive review of U.S. national security requirements for the
21st century. The U.S. Commission on National Security/21st Century was tasked “to
analyze the emerging international security environment; to develop a U.S. national
security strategy appropriate to that environment; and to assess the various security
institutions for their current relevance to the effective and efficient implementation of
that strategy, and to recommend adjustments as necessary”. [3] Phase I concluded in
September 1999 with the publication of “New World Coming: American Security in the
21st Century”. Phase II produced the April 2000 publication, “Seeking a National
Strategy: A Concert for Preserving Security and Promoting Freedom”. Phase III,
presented in February 2001 was titled “Road Map for National Security: Imperative for
Change”. [2, pp. v-vi]
Six months before 9/11, the Hart-Rudman Commission summarized its previous
findings with this chilling prediction:
“The combination of unconventional weapons proliferation with the
persistence of international terrorism will end the relative invulnerability of
the U.S. homeland to catastrophic attack. A direct attack against American
citizens on American soil is likely over the next quarter century. The risk is not
only death and destruction but also a demoralization that could undermine
U.S. global leadership. In the face of this threat, our nation has no coherent or
integrated governmental structures.” [2, p. viii]
Part II: HS, DHS, & HS Enterprise
“A direct attack against
American citizens on
American soil is likely
over the next quarter
century.”
– Hart-Rudman
Commission, February
2001
137
In recognition of this perceived threat, the Commission Phase III report recommended
establishing an independent National Homeland Security Agency “with responsibility
for planning, coordinating, and integrating various U.S. government activities involved
in homeland security.” The report went on to recommend building the proposed new
agency on the foundation of the Federal Emergency Management Agency and
incorporating the Coast Guard, Customs Service, and Border Patrol. Additionally, the
agency would have responsibility for protecting the nation’s critical infrastructure. [2,
p. viii]
The Phase III report is interesting for what it does: 1) it accurately predicts a
catastrophic attack on the U.S., 2) it proposes a cabinet-level agency foreshadowing
establishment of the Department of Homeland Security, and 3) it anticipates the
composition and functions of the future DHS. The report is also interesting for what it
does not do: it doesn’t define “homeland security”. The Hart-Rudman Commission
first makes reference to homeland security in its Phase II report, yet does not define it
there either. [4, p. 14] While the Commission fails to give an outright definition of
“homeland security”, it does make it clear that it is about domestic catastrophic attack
involving weapons of mass destruction or disruption employed by non-state actors.
Because the expected target was U.S. territory, the Commission saw homeland security
as central to national security, not peripheral to it. [2, p. 10] It also saw that homeland
security was a mission too broad for any single agency, but requiring the coordination
of many agencies at the Federal, State, and Local levels. [2, pp. 11-22]
Post-9/11
The first definition of “homeland security” appeared after 9/11. On October 8, 2001,
only weeks after the 9/11 attacks, President Bush issued Executive Order 13228
establishing an Office of Homeland Security (OHS) within the White House. The
purpose of OHS was to coordinate the executive branch’s efforts to “detect, prepare
for, prevent, protect against, respond to, and recover from terrorist attacks within the
United States.” One of OHS’ first priorities was to develop “a comprehensive national
strategy to secure the United States from terrorist attacks.” [5] It is in this document
that the first definition of homeland security was published:
“Homeland security is a concerted national effort to prevent terrorist attacks within
the United States, reduce America’s vulnerability to terrorism, and minimize the
damage and recover from attacks that do occur.”
– 2002 National Strategy for Homeland Security
Chapter 9: Homeland Security
The first definition of
homeland security is
found in the 2002
National Strategy for
Homeland Security.
138
Terrorism is defined in 18 USC S2331, as ““Acts dangerous to human life that are a
violation of the criminal laws of the United States or of any State, that appear to be
intended to intimidate or coerce a civilian population; influence the policy of a
government by intimidation or coercion; or to affect the conduct of a government by
mass destruction, assassination, or kidnapping.” Terrorism is a specific crime
distinguished by a specific motive, that of intimidating or coercing the U.S.
government. Though it may not be the only motive that might prompt domestic
catastrophic attack, it was certainly the motive behind the 9/11 attacks. Thus, given its
directive, OHS defined homeland security in terms of terrorism. This definition was
retained in the 2007 update to homeland security strategy, [6, p. 3] but was changed in
2010 as a result of Hurricane Katrina.
In recognition that homeland security is an integral part of national security, in 2010
the Obama Administration merged homeland security strategy with national security
strategy. Unlike the previous homeland security strategies, the 2010 National Security
Strategy did not define homeland security but described its functions instead. [7, p. 15]
Similarly, the 2015 National Security Strategy did not define homeland security either.
[8] The task of defining homeland security had been removed by Congress from
strategy formulation to mission formulation. In August 2007, Congress passed Public
Law 110-53, “Implementing Recommendations of the 9/11 Commission Act”. Among
its provisions, the law required DHS to conduct a comprehensive examination of the
nation’s homeland security strategy every four years starting in fiscal year 2009. In
February 2010, DHS released its first Quadrennial Homeland Security Review (QHSR)
defining homeland security. [9, p. 13] The same definition was not included, but
affirmed in the 2014 QHSR. [10, p. 94]
“Homeland security is a concerted national effort to ensure a homeland that is safe,
secure, and resilient against terrorism and other hazards where American interests,
aspirations, and way of life can thrive.”
– 2010 Quadrennial Homeland Security Review
Analysis
While the focus on “terrorism” is understandable, it is also dangerously misleading
because it is peripheral to the problem that launched three separate government
commission investigations: domestic catastrophic destruction. The Gilmore
Commission was established to investigate the potential for “mass destruction” or
“mass casualties” as the result of domestic employment of WMD. [1, pp. i-xi] The Hart-
Rudman Commission independently came to this conclusion when it determined that
“America will become increasingly vulnerable to hostile attack on our homeland, and
our military superiority will not entirely protect us.” [11, p. 4] The Bremer Commission
was also motivated by concerns of “mass casualties”. [12, p. iv] Yet, the three
Part II: HS, DHS, & HS Enterprise
The second and reigning
definition of homeland
security was advanced
in the 2010 QHSR, and
affirmed (though not
stated) in the 2014
QHSR.
139
commissions investigated domestic catastrophic destruction in connection with
terrorism, which is how the two concepts became conflated. As defined in 18 USC
S2331, terrorism is a crime distinguished by a specific motive to affect change in U.S.
government actions. In the universe of potential motives for causing domestic
catastrophic destruction, terrorism is but one possibility among countless others. In
fact, the destruction caused by Hurricane Katrina proved that no motive is necessary at
all.
The current definition of homeland security is also incomplete. The current definition
is focused on initiators of catastrophic destruction related to terrorist motive, natural
means, and accidental opportunity. It does not address other motives, cyber means,
or infrastructure opportunities. Certainly they could be included, but this would be
cumbersome and also incomplete. Instead of trying to enumerate all possible
“initiators” of the problem, why not focus on the problem itself? Why not make the
definition about the effect, regardless of the cause? Why not make a more clear and
concise definition of homeland security?
Working Definition
It is good to know the official definition of homeland security as promulgated by the
U.S. government. Unfortunately, knowing this definition is not helpful to
understanding homeland security. As such, the following working definition is offered
to help guide study in this textbook:
“Safeguard the United States from domestic catastrophic destruction.”
The stated working definition is as insightful as it is direct. It is direct because it
directly identifies “domestic catastrophic destruction” as the central concern of
homeland security. Yet, it is not restricted by specifying either the cause or scale of
destruction. Because it’s unspecified, the destruction may be measured either in terms
of deaths or damages, or a combination of both. Moreover, the destruction is not
confined to first-order effects, but may include second- or third-order effects resulting
from mass disruption. The ultimate determinant is the impact on society, which is
clearly “catastrophic”, distinguishing the destruction from other incidents by its
magnitude. Similarly, because the cause of destruction is not specified, it can
encompass all means, motives, and opportunities that might result in catastrophic
destruction. These include both natural and manmade means, as well as terrorist and
other motives, and accidental as well as intentional opportunities.
Chapter 9: Homeland Security
The current definition
confuses causes with
effects. Consequently,
we offer a working
definition of homeland
security focusing on
effect to eliminate such
confusion: “Safeguard
the U.S. from domestic
catastrophic
destruction.”
140
Regarding manmade means, the working definition is insightful as to the relationship
between homeland security and national security. If the threat is a sovereign state,
then the homeland security concern is addressed by national security measures. If the
threat is a non-state actor, then the homeland security concern is addressed by legal
measures under U.S. law. In both circumstances, the threat remains a homeland
security concern.
The word “safeguard” was also carefully chosen. It was chosen in recognition of the
fact that no defense is invulnerable to a determined attacker, and you can’t stop
natural disasters. Consequently, the word “safeguard” encompasses actions during
the four phases of any catastrophe: 1) prevent, 2) protect, 3) respond, and 4) recover.
Prevention measures necessarily include detection, and deterrence and interception in
the case of manmade threats, and mitigation and sheltering in the case of natural
hazards. Protection measures may be similar for both manmade threats and natural
hazards, including isolation, hardening, redundancy, and a host of other actions.
Prevention and protection measures are typically implemented before an incident.
Response and recovery measures are typically implemented after an incident.
Response measures include resources and actions necessary to save lives and protect
property. Recovery measures include resources and actions necessary to restore living
conditions to their pre-incident status or better. Most importantly, the word
“safeguard” means that nothing is ever completely safe. Everything is a matter of risk,
and all measures taken before and after an incident are about risk management.
Understanding the working definition provides a lens through which you can gain
insight and perspective on homeland security. We will now use this lens to examine
events following 9/11.
Ultimatum
By late in the evening of September 11, the President had addressed the nation on the
terrible events of the day. The long day was not yet over. When the larger meeting that
included his domestic department heads broke up, President Bush chaired a smaller
meeting of top advisers, a group he would later call his “war council.” This group
usually included Vice President Cheney, Secretary of State Powell, Secretary of Defense
Donald Rumsfeld, General Hugh Shelton, Vice Chairman of the Joint Chiefs (later to
become chairman) General Myers, Director of Central Intelligence (DCI) George Tenet,
Attorney General Ashcroft, and FBI Director Robert Mueller. From the White House
staff, National Security Advisor Condoleezza Rice and Chief of Staff Card were part of
the core group, often joined by their deputies, Stephen Hadley and Joshua Bolten. In
this restricted National Security Council meeting, the President said it was a time for
self-defense. The United States would punish not just the perpetrators of the attacks,
but also those who harbored them. [13, p. 330]
Part II: HS, DHS, & HS Enterprise
The word “safeguard”
was chosen in
recognition of the fact
that no defense is
invulnerable, and you
can’t stop natural
disasters.
141
A cross check of the 9/11 flight manifests implicated al Qaeda in the attacks. On
September 13, The State Department proposed delivering an ultimatum to the Taliban:
produce bin Laden and his deputies and shut down al Qaeda camps within 24 to 48
hours, or the United States will use all necessary means to destroy the terrorist
infrastructure. The State Department did not expect the Taliban to comply. President
Bush recalled that he quickly realized that the administration would have to invade
Afghanistan with ground troops. [13, p. 332]
The State and Defense departments would have to build an international coalition to
go into Afghanistan. Both departments would consult with NATO and other allies and
request intelligence, basing, and other support from countries, according to their
capabilities and resources. All these diplomatic and military plans were reviewed over
the weekend of September 15–16, as President Bush convened his war council at
Camp David. After hearing from his senior advisers, President Bush discussed with Rice
the contents of the directives he would issue to set all the plans into motion. Rice
prepared a paper that President Bush then considered with principals on Monday
morning, September 17. “The purpose of this meeting,” he recalled saying,“ is to assign
tasks for the first wave of the war against terrorism. It starts today.” [13, p. 333]
In a speech before Congress on September 21, President Bush delivered the U.S.
ultimatum to the Taliban: “Deliver to U.S. authorities all the leaders of al Qaeda… or
share in their fate.” He said: “Either you are with us, or you are with the terrorists.”
The terms were non-negotiable. [14] That same day, the Taliban ambassador to
Pakistan, Abdul Salam Zaeef, insisted his country would not hand over Osama bin
Laden. He told a news conference in the capital, Islamabad: “Our position on this is
that if America has proof, we are ready for the trial of Osama bin Laden in light of the
evidence.” Asked if he was ready to hand Bin Laden over, he replied: “No.” [15]
On September 22, the United Arab Emirates, and later Saudi Arabia, withdrew
recognition of the Taliban as Afghanistan’s legal government, leaving neighboring
Pakistan as the only remaining country with diplomatic ties. On October 4, the Taliban
agreed to turn bin Laden over to Pakistan for trial in an international tribunal that
operated according to Islamic Sharia law, but Pakistan blocked the offer as it was not
possible to guarantee his safety. On October 7, the Taliban ambassador to Pakistan
offered to detain bin Laden and try him under Islamic law if the U.S. made a formal
request and presented the Taliban with evidence. The offer was rejected on grounds
there would be no negotiating. Plus, the U.S. had begun military operations in
Afghanistan. [16]
Chapter 9: Homeland Security
9/11 was a criminal act.
Any assault against U.S.
citizens or territory is a
crime, no matter what
the nationality of the
perpetrator. Osama bin
Laden was guilty of
planning and
committing murder on
U.S. soil.
142
Enduring Freedom
President Bush approved military plans to attack Afghanistan in meetings with Central
Command’s General Tommy Franks and other advisers on September 21 and October
2. Originally titled “Infinite Justice,” the operation’s code word was changed—to avoid
the sensibilities of Muslims who associate the power of infinite justice with God
alone—to “Enduring Freedom.” [13, p. 337]
On October 7, less than one month after the September 11 attacks, the U.S., aided by
the United Kingdom, Canada, and other countries including several from the NATO
alliance, initiated military action, bombing Taliban and Al-Qaeda-related camps. The
stated intent of military operations was to remove the Taliban from power, and
prevent the use of Afghanistan as a terrorist base of operations. [16]
The CIA’s elite Special Activities Division (SAD) units were the first U.S. forces to enter
Afghanistan. They joined with the Afghan United Front, also known as the Northern
Alliance, to prepare for the subsequent arrival of U.S. Special Operations forces. [16]
The CIA provided intelligence, experience, cash, covert action capabilities, and liaison
with tribal allies. In turn, the U.S. military offered combat expertise, firepower,
logistics, and communications. [13, p. 338] Together, the Northern Alliance and SAD
and Special Forces combined to overthrow the Taliban with minimal coalition
casualties, and without the use of international conventional ground forces. [16]
On October 14, the Taliban offered to discuss handing over Osama bin Laden to a
neutral country in return for a bombing halt, but only if the Taliban were given
evidence of bin Laden’s involvement. The U.S. rejected this offer, and continued
military operations. Mazar-i-Sharif fell to United Front troops of Ustad Atta
Mohammad Noor and Abdul Rashid Dostum on November 9, triggering a cascade of
provinces falling with minimal resistance. [16]
On the night of November 12, the Taliban retreated south from Kabul. On November
15, they released eight Western aid workers after three months in captivity. By
November 13, the Taliban had withdrawn from both Kabul and Jalalabad. Finally, in
early December, the Taliban gave up Kandahar, their last stronghold, dispersing
without surrendering. [16]
Part II: HS, DHS, & HS Enterprise
When the Taliban
government of
Afghanistan refused to
extradite Osama bin
Laden and turn him over
to the FBI, President
Bush sent in the U.S.
military to take down
the Taliban government
for abetting terrorism,
and capture or kill
Osama bin Laden.
143
Within about two months of the start of combat operations, several hundred CIA
operatives and Special Forces soldiers, backed by the striking power of U.S. aircraft and
a much larger infrastructure of intelligence and support efforts, had combined with
Afghan militias and a small number of other coalition soldiers to destroy the Taliban
regime and disrupt al Qaeda. They had killed or captured about a quarter of the
enemy’s known leaders. Mohammed Atef, al Qaeda’s military commander and a
principal figure in the 9/11 plot, had been killed by a U.S. air strike. [13, p. 338]
At the Bonn Conference in December 2001, Hamid Karzai was selected to head the
Afghan Interim Administration, which after a 2002 loya jirga in Kabul became the
Afghan Transitional Administration. In the popular elections of 2004, Karzai was
elected president of the country, now named the Islamic Republic of Afghanistan. [17]
Escape
The U.S. and its allies drove the Taliban from power and built military bases near major
cities across the country. Most al-Qaeda and Taliban, however, were not captured,
escaping to neighboring Pakistan or retreating to rural or remote mountainous regions.
[17] Among the escapees was Osama bin Laden.
In December 2001, Afghan forces, with limited U.S. support, engaged al Qaeda
elements in a cave complex called Tora Bora. It was later determined that bin Laden
was present, and the failure by the United States to commit enough ground troops
allowed him to escape. [18]
In March 2002, the largest engagement of the war was fought, in the mountainous
Shah-i-Kot area south of Gardez, against a large force of al Qaeda jihadists. Almost all
remaining al Qaeda forces fled across the border and took refuge in Pakistan’s equally
mountainous and lightly governed frontier provinces. [13, p. 338]
As the U.S. turned its attention to Iraq, the Taliban began to reorganize under their
former leader Mohammed Omar, and in 2003 launched an insurgency against the
newly established Afghan government and its supporting allies. The insurgency drew
the United States into its longest lasting military engagement in history. After 13 years,
the United States officially ended combat operations in Afghanistan on October 26,
2014. Despite Mohammed Omar’s death in April 2013, the insurgency continued. As of
2015, U.S. forces still maintained a presence in Afghanistan and supported the Afghan
military with air strikes and Special Operations raids. [17]
Chapter 9: Homeland Security
In less than two months,
the U.S. military
succeeded in toppling
the Taliban. However,
in the midst of action,
both the Taliban leader,
Mohammed Omar, and
Osama bin Laden
managed to escape and
evade capture.
144
Captured or Killed
Beginning on September 11, Immigration and Naturalization Service agents working in
cooperation with the FBI began arresting individuals for immigration violations.
Eventually, 768 aliens were arrested as “special interest” detainees. Some, such as
Zacarias Moussaoui, were already in INS custody before 9/11. [13, p. 327] Moussaoui
had been arrested by the FBI for immigration violation in August 2001 after arousing
suspicion over his flight training courses in Eagan, Minnesota. On December 11, 2001,
Moussaoui was indicted by a federal grand jury in United States District Court for the
Eastern District of Virginia on six felony charges: conspiracy to commit acts of terrorism
transcending national boundaries, conspiracy to commit aircraft piracy, conspiracy to
destroy aircraft, conspiracy to use weapons of mass destruction, conspiracy to murder
United States employees, and conspiracy to destroy property. Moussaoui was alleged
by federal prosecutors to have been a replacement for the “first” 20th hijacker,
possibly Ramzi bin al-Shibh who was denied a visa. Moussaoui pleaded guilty in federal
court for which he was found guilty in May 2006. As a result of his conviction, he is
serving six life sentences without parole at the Federal Supermax prison in Florence,
Colorado. [19]
On March 1, 2003, Khalid Sheikh Mohammed, the mastermind behind the 9/11 plot,
was captured in hiding in Rawalpindi, Pakistan, by a combined force from the CIA and
Pakistan Inter-Services Intelligence (ISI) agency. Over the next several years, KSM was
interrogated by the CIA in secret prison camps located in Europe. In 2006 he was
transferred to military custody and Guantanamo Bay detention camp in Cuba. In
February 2008, KSM was charged with war crimes and murder by a U.S. military
commission. He remains in Guantanamo awaiting trial. [20]
After bin Laden fled Tora Bora in 2001, numerous speculative press reports were
issued about his whereabouts or even death. Some placed bin Laden in different
locations during overlapping time periods. None were ever definitively proven. After
military offensives in Afghanistan failed to uncover his whereabouts, Pakistan was
regularly identified as his suspected hiding place. [18]
In April 2011, various intelligence outlets pinpointed bin Laden’s suspected location
near Abbottabad, Pakistan. It was previously believed that bin Laden was hiding near
the border between Afghanistan and Pakistan’s Federally Administered Tribal Areas,
but he was found 100 miles away in a three-story mansion in Abbottabad, less than a
mile from the Pakistan Military Academy. [18]
Part II: HS, DHS, & HS Enterprise
After bin Laden fled Tora
Bora in 2001, numerous
speculative press reports
were issued about his
whereabouts or even
death. In April 2011,
various intelligence
outlets pinpointed bin
Laden’s suspected
location near
Abbottabad, Pakistan.
145
On April 29, 2011, President Obama authorized a team of Navy SEALs to raid the
compound in Abbottabad. On May 2, 2011, Operation NEPTUNE SPEAR launched from
Afghanistan into Pakistan aboard specially modified stealth helicopters. They were
supported by multiple additional aircraft, including Air Force fighters and drones. As
the helicopters maneuvered to discharge the SEALs, one lost lift and crash landed
inside the compound. None of the team was seriously injured, and they quickly
regained their composure. The other helicopter landed outside the compound and the
SEALs scaled the walls to get inside. The SEALs then advanced into the house,
breaching walls and doors with explosives. The interior was pitch dark because CIA
operatives had cut the power to the neighborhood. However, the SEALs wore night
vision goggles. They made their way to the third floor where bin Laden lived with his
family. Bin Laden peered through his bedroom door at the Americans advancing up
the stairs, and then retreated into the room as the lead SEAL fired a shot at him, which
either missed or hit him in the side. Bounding into the room, they found bin Laden with
one of his wives. Bin Laden was shot twice in the forehead, and once more as he
crumpled to the floor. He was dead. The SEAL team leader radioed, “For God and
country—Geronimo, Geronimo, Geronimo”, using a call sign to confirm they had found
bin Laden. After being prompted for confirmation, the SEAL team leader announced
“Geronimo E.K.I.A.”, military-speak for “enemy killed in action”. Watching the
operation in the White House Situation Room, Obama said, “We got him.” [18]
From entry to exit, the SEALS spent no more than 38 minutes in the Abbottabad
compound. The helicopter damaged in the crash was destroyed to safeguard its
classified equipment. A standby Chinook was sent in to pick up the SEALS together
with bin Laden’s body and evidence gathered in the raid. The team flew back to
Afghanistan where bin Laden’s body was transferred to a waiting V-22 Osprey and
flown out to the aircraft carrier Carl Vinson. Muslim religious rites were performed
and the body wrapped in a white sheet and placed in a weighted plastic bag. At
approximately 11:00 am, bin Laden’s body was buried at sea, to be gone forever. [18]
But the threat did not end with him.
Chapter 9: Homeland Security
“For God and country—
Geronimo, Geronimo,
Geronimo.”
146
Conclusion
Homeland security is about safeguarding the United States from domestic catastrophic
destruction. Osama bin Laden was indicted by the FBI for capital crimes related to the
1998 embassy bombings and 9/11 attacks. When the Taliban government of
Afghanistan refused to extradite him, the United States initiated military action to
remove the Taliban and capture bin Laden. In the confusion of battle, both bin Laden
and Mohammed Omar managed to escape and become fugitives. Mohammed Omar
instigated the Taliban insurgency which continued after his death in 2013. Osama bin
Laden was eventually located inside Pakistan, and killed in a special operations raid in
2011. The U.S. remains engaged in Afghanistan as part of U.S. national security
strategy to prevent that country from again harboring agents who would pose a
homeland security threat. By the same token, the U.S. federal government undertook
sweeping changes to close the gaps exposed by 9/11, and establish homeland security
as an essential component of national security.
Part II: HS, DHS, & HS Enterprise
147
Chapter 9: Homeland Security
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. When and where did the term “homeland security” originate?
2. What was the first definition of “homeland security”?
3. What was the second definition of “homeland security”?
4. What are the basic differences between the first and second definitions?
5. What precipitated the change in definitions?
6. Which of the following incidents would be considered a homeland security concern by the first definition? Explain.
a. 9/11 Attacks
b. Hurricane Katrina
c. 2003 Northeast Blackout
7. Which of the previous incidents would be considered a homeland security concern by the second definition? Explain.
8. Which of the previous incidents would be considered a homeland security concern by the working definition? Explain.
9. Why are the 9/11 attacks considered a crime, but not the 1941 attacks on Pearl Harbor?
10. What is the relationship between Osama bin Laden and the U.S. invasion of Afghanistan in October 2001?
148
Part II: HS, DHS, & HS Enterprise
149
DHS Formation
Careful study of this chapter will help a student do the following:
Explain why Congress was already considering homeland security legislation before 9/11.
Describe measures taken by the White House to coordinate homeland security immediately after 9/11.
Explain why the White House advocated an executive department for homeland security after 9/11.
Assess the organization and mission of the new Department of Homeland Security.
Chapter 10
Learning Outcomes
Chapter 10: DHS Formation
150
“The combination of unconventional weapons proliferation with the persistence of
international terrorism will end the relative invulnerability of the U.S. homeland to
catastrophic attack. We therefore recommend the creation of an independent National
Homeland Security Agency with responsibility for planning, coordinating, and
integrating various U.S. government activities involved in homeland security.”
– Phase III Report of the Hart-Rudman Commission, February 15, 2001
Introduction
The United States Department of Homeland Security (DHS) is a Cabinet department of
the Federal government of the United States that is concerned with protecting the
American homeland and the safety of American citizens. The department was created
from a conglomeration of twenty-two existing federal agencies in response to the
terrorist attacks of September 11th, 2001. It was established on November 25th, 2002,
by the Homeland Security Act and officially began operation on January 24th, 2003.
The formation of the Department of Homeland Security was the largest government
reorganization in 50 years since the establishment of the Department of Defense in
1947.
Organizing for Homeland Security
In the immediate aftermath of 9/11, White House Deputy chief of Staff, Joshua Bolten,
chaired a temporary “domestic consequences” group to address problems of how to
help victims and stanch the flowing losses to the American economy stemming from
the closure of American airspace and the stock market. The very process of reviewing
these issues underscored the absence of an effective government organization
dedicated to assessing vulnerabilities and handling problems of protection and
preparedness. Though a number of agencies had some part of the task, none had
security as its primary mission. [1, p. 327]
By September 14, Vice President Cheney had decided to recommend, at least as a first
step, a new White House entity to coordinate all the relevant agencies rather than
tackle the challenge of combining them in a new department. This new White House
entity would be a homeland security adviser and Homeland Security Council—
paralleling the National Security Council system. Vice President Cheney reviewed the
proposal with President Bush and other advisers. President Bush announced the new
post and its first occupant— Pennsylvania governor Tom Ridge—in his address to a
joint session of Congress on September 20. [1, p. 327]
Part II: HS, DHS, & HS Enterprise
151
Office of Homeland Security
On October 8, 2001, President Bush issued Executive Order 13228 establishing both an
Office of Homeland Security and Homeland Security Council. Both would be headed by
the Assistant to the President for Homeland Security. The mission of the Office was to
develop and implement a comprehensive national strategy to secure the United States
from terrorist attacks. To fulfill its mission, OHS was assigned functions necessary to
detect, prepare for, prevent, protect against, respond to, and recovery from terrorist
attacks within the United States. [2]
Detection. The Homeland Security Advisor was to work with the National Security
Advisor in setting priorities for collection of intelligence outside the United States
regarding threats of terrorism inside the United States. Furthermore, the Homeland
Security Advisor was to facilitate collection from State and Local government of
information pertaining to terrorist threats or activities within the United States, and
ensure that such information was legally disseminated among all appropriate and
necessary law enforcement agencies. [2]
Preparedness. The Office of Homeland Security was to coordinate national efforts to
prepare for and mitigate the consequences of terrorist attacks within the United
States. This meant updating federal emergency response plans, developing a national
exercise program, reviewing vaccination policies (for biological attack), and lending
federal assistance to State and Local governments to help them prepare for and
respond to terrorist attacks. [2]
Prevention. The Office of Homeland Security was to coordinate national efforts to
prevent terrorist attacks within the United States. To facilitate this, the Homeland
Security Advisor was to strengthen border security to prevent entry of terrorists and
terrorist materials and supplies into the United States. All suspected terrorists already
in the United States were to be removed, and monitoring and surveillance increased
along the land, air, and sea approaches. [2]
Protection. Office of Homeland Security was to coordinate efforts to protect the
United States and its critical infrastructure from terrorist attack. This included
strengthening measures for protecting high-value assets, services, and events;
developing plans for protecting critical infrastructure; and preventing unauthorized
access to, development of, and unlawful importation into the United States, of
chemical, biological, radiological, nuclear, explosive, or other related materials that
have the potential to be used in terrorist attacks. [2]
Chapter 10: DHS Formation
On October 8, 2001,
President Bush issued
Executive Order 13228
establishing both an
Office of Homeland
Security and Homeland
Security Council.
152
Response and Recovery. The Office of Homeland Security was to coordinate efforts to
respond to and recover from terrorist attacks within the United States. This included
working with Federal, State, and Local governments, and private entities as
appropriate to rapidly restore essential services following an attack. The Office was to
develop plans and programs to provide medical, financial, and other assistance to
victims and their families. The Office was also to coordinate the containment and
removal of chemical, biological, radiological, explosive, or other hazardous materials
resulting from a terrorist attack. [2]
Additionally, EO 13228 designated the Homeland Security Advisor the primary official
responsible for coordinating the federal response to domestic attack, and ensuring
continuity of the Federal government following an attack. [2]
The Office of Homeland Security was formed as a matter of expediency to assist the
President with the urgent task of securing the nation immediately following 9/11.
Congress, in the meantime, began debating the necessity of fundamentally
restructuring the Federal government to assure a more permanent solution.
Department of Homeland Security
Congress’s deliberations on reorganizing the government’s homeland security
functions were largely built on the recommendations of the U.S. Commission on
National Security for the 21st Century (Hart-Rudman Commission), which submitted its
last report to Congress in February 2001. This commission proposed creating a new
federal agency by consolidating the Coast Guard, the Customs Service, the Immigration
and Naturalization Service (INS), and FEMA into a new National Homeland Security
Agency. [3]
In April 2001, Representative William (Mac) Thornberry (R-TX) introduced H.R. 1158 to
create that agency. Shortly after September 11, Senator Joseph Lieberman (D-CT)
proposed similar legislation (S. 1534) to create a National Homeland Security
Department (NHSD). Other Members, such as Representative Alcee Hastings (D-FL) and
Senator Bob Graham (D-FL), promoted the findings of the Advisory Panel to Assess
Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction
(Gilmore Commission) in H.R. 3078. The Gilmore Commission had concluded that a
White House office with detailed statutory authority, modeled after the Office of
National Drug Control Policy (ONDCP), would be best situated to solve the federal
government’s coordination problems. [3]
Part II: HS, DHS, & HS Enterprise
The Office of Homeland
Security was formed as
a matter of expediency
to assist the President
with the urgent task of
securing the nation
immediately following
9/11. Congress, in the
meantime, began
debating the necessity
of fundamentally
restructuring the
Federal government to
assure a more
permanent solution.
153
After the introduction of H.R. 1158 and S. 1534, Representative Thornberry and
Senator Lieberman refined their proposals to gain the support of more Members of
Congress, and in May 2002 introduced the National Homeland Security and Combating
Terrorism Act of 2002 (H.R. 4660). Before debate could proceed much further, on June
6, 2002, the White House issued a presidential proposal for a new cabinet-level
Department of Homeland Security. [3]
In the eight months after its creation, the Office of Homeland Security was hindered by
the fragmentation of responsibilities among federal agencies, as well overlapping
authorities and insufficient resources within agencies. [3] According to the White
House, responsibilities for homeland security were dispersed among more than 100
different government organizations. No one single government agency had homeland
security as its primary mission. [4] The President’s initiative called for consolidating
most federal agencies with homeland security missions in one department to focus the
government’s resources more efficiently and effectively on domestic security. The
President’s plan built on the recommendations of various national commissions as well
as some of the legislative proposals placed before Congress. Creating a Department of
Homeland Security would solve such organizational problems and facilitate the OHS’
coordination role. [3]
The President’s proposal combined existing federal agencies and offices with homeland
security responsibilities under one authority. For example, the proposal transferred
Transportation Security Administration and the Coast Guard to the DHS, removing all
direct homeland security duties from the U.S. Department of Transportation. The
proposal also folded the Federal Emergency Management Agency (FEMA) and the
Department of Agriculture’s Animal and Plant Health Inspection Service (APHIS) into
DHS. The functions of the offices relocated to the DHS would be distributed among
four major divisions:
1. Border and Transportation Security;
2. Emergency Preparedness and Response;
3. Chemical, Biological, Radiological and Nuclear Countermeasures; and
4. Information Analysis and Infrastructure Protection. [3]
Acting on the President’s proposal, on June 24, 2002, Representative Richard Armey (R
-TX) submitted House Resolution 5005 (H.R. 5005) calling for the establishment of a
Department of Homeland Security. HR 5005 incorporated most of the provisions set
forth in H.R. 4660. H.R. 5005 passed the House July 26, 2002, and was handed over to
the Senate on July 30th. [5] H.R. 5005 wasn’t without its detractors, and stalled in the
Senate.
Chapter 10: DHS Formation
On June 24, 2002,
Representative Richard
Armey (R-TX) submitted
House Resolution 5005
(H.R. 5005) calling for
the establishment of a
Department of
Homeland Security.
154
Controversy centered on whether the Federal Bureau of Investigation and the Central
Intelligence Agency should be incorporated in part or in whole (neither were included).
The bill itself was also controversial for the presence of unrelated “riders”, as well as
for eliminating standard civil service and labor protections for department employees.
Without these protections, employees could be expeditiously reassigned or dismissed
on grounds of security, incompetence or insubordination. [6]
The impasse was broken when both the House and Senate agreed to a compromise
resolution, H.R. 5710 incorporating provisions by Senator Joseph Lieberman
authorizing the President to bypass traditional civil service procedures provided he first
consult with Congress and mediate with the federal employees union. [7]
On November 20, 2002, the Senate passed H.R. 5005 by a vote of 90-9 authorizing the
creation of a Department of Homeland Security consolidating twenty-two federal
agencies under a single executive department. President Bush signed the bill into law,
Public Law 107-296, the Homeland Security Act, on November 25, 2002. Tom Ridge
was made secretary of the new department.
Pulling It Together
Pursuant to section 1502 of the of the Homeland Security Act, on November 25, 2002,
the White House submitted to the House of Representatives a Reorganization Plan for
the Department of Homeland Security. The plan identified what agencies would be
transferred to the new Department, and how and when they would be transferred. [8]
According to the plan, all transfers were to be completed no later than March 1, 2003.
[9] Approximately 169,000 personnel were transferred to the Department of
Homeland Security from the organizations shown in Table 1. [10]
Organizing Concept
The organization of the Department of Homeland Security was designed to realign the
previous patchwork of government activities into a single department with the primary
mission to protect the homeland. [11, p. 1] The Department of Homeland Security
would make the country safer because the nation would have:
One department whose primary mission is to protect the American homeland;
One department to secure borders, the transportation sector, ports, and critical
infrastructure;
One department to synthesize and analyze homeland security intelligence from
multiple sources;
One department to coordinate communications with state and local governments,
private industry, and the American people about threats and preparedness;
Part II: HS, DHS, & HS Enterprise
On November 25, 2002,
President Bush signed
into law the Homeland
Security Act establishing
the Department of
Homeland Security.
Tom Ridge, the former
governor of
Pennsylvania, was
appointed the first
Secretary of Homeland
Security.
155
One department to coordinate efforts to protect the American people against
bioterrorism and other weapons of mass destruction;
One department to help train and equip for first responders;
One department to manage federal emergency response activities; and
More security officers in the field working to stop terrorists and fewer resources in
Washington managing duplicative and redundant activities that drain critical
homeland security resources. [11, p. 1]
DHS Organization
In the final version of H.R. 5005 signed into law as the Homeland Security Act, the
Department of Homeland Security would be comprised of five directorates:
1. Border and Transportation Security;
2. Emergency Preparedness and Response;
3. Information Analysis and Infrastructure Protection;
4. Science and Technology; and
5. Management [12]
Chapter 10: DHS Formation
Table 10-1: Organizations Transferred to DHS [10]
DHS Directorate Transferred Organization Transferring
Agency
1 Border & Transportation Security U.S. Customs Service Treasury
2 Immigration and Naturalization Service Justice
3 Federal Protective Service
4 Transportation Security Administration Transportation
5 Federal Law Enforcement Training Center Treasury
6 Animal and Plant Health Inspection Service Agriculture
7 Office for Domestic Preparedness Justice
8 Emergency Preparedness &
Response
FEMA FEMA
9 Strategic National Stockpile & National Disaster
Medical System
HHS
10 Nuclear Incident Response Team Energy
11 Domestic Emergency Support Teams Justice
12 National Domestic Preparedness Office FBI
13 Science & Technology Directorate CBRN Countermeasures Programs Energy
14 Environmental Measurements Laboratory Energy
15 National BW Defense Analysis Center Defense
16 Plum Island Animal Disease Center Agriculture
17 Information Analysis & Infrastructure
Protection
Federal Computer Incident Response Center GSA
18 National Communications System Defense
19 National Infrastructure Protection Center FBI
20 Energy Security and Assurance Program Energy
21 U.S. Secret Service U.S. Secret Service Treasury
22 U.S. Coast Guard U.S. Coast Guard Transportation
156
Border and Transportation Security Directorate. BTS was designed to ensure the
security of the nation’s borders and transportation systems. Its first priority was to
prevent the entry of terrorists and the instruments of terrorism while simultaneously
ensuring the efficient flow of lawful traffic and commerce. BTS managed and
coordinated port of entry activities and led efforts to create borders that feature
greater security through better intelligence, coordinated national efforts and
international cooperation against terrorists and the instruments of terrorism and other
international threats. BTS was comprised of the Customs and Border Protection (CBP),
Immigration and Customs Enforcement (ICE), the Transportation Security
Administration (TSA), Federal Law Enforcement Training Center (FLETC), and the Office
of Domestic Preparedness (ODP). [8, p. 8]
U.S. Customs and Border Protection provided security at the borders and ports of entry
as well as extending the zone of security beyond physical borders so that they are the
last line of defense, not the first. CBP was also responsible for apprehending individuals
attempting to enter the United States illegally, stemming the flow of illegal drugs and
other contraband; protecting the nation’s agricultural and economic interests from
harmful pests and diseases; protecting American businesses from theft of intellectual
property; regulating and facilitating international trade; collecting import duties; and
enforcing United States trade laws. [8, p. 8]
U.S. Immigration and Customs Enforcement enforced federal immigration, customs
and air security laws. ICE’s primary mission was to detect vulnerabilities and prevent
violations that threatened national security. ICE was the largest investigative arm of
the new department. ICE deterred, interdicted and investigated threats arising from
the movement of people and goods into and out of the United States; and by policing
and securing federal government facilities across the Nation. [8, p. 8]
The Transportation Security Administration was a new government agency created in
the wake of 9/11 because airline security screeners had failed to spot weapons carried
by the hijackers. Congress moved quickly to pass the Aviation and Transportation
Security Act in November 2001 creating the Transportation Security Administration
mandating a federalized workforce of security screeners to inspect airline passengers
and their baggage. The act gave the TSA broad authority to assess vulnerabilities in
aviation security and take steps to mitigate these risks. [8, p. 8] [13, p. iii]
Federal Law Enforcement Training Center (FLETC) was the Federal Government’s
leader for law enforcement training. FLETC prepared new and experienced law
enforcement professionals to fulfill their responsibilities safely and at the highest level
of proficiency. [8, p. 9]
Part II: HS, DHS, & HS Enterprise
The same day President
Bush signed the
Homeland Security Act,
he submitted a
Reorganization Plan for
the Department of
Homeland Security,
identifying what
agencies would be
transferred to the new
Department, and how
and when they would be
transferred. All transfers
were to be completed
no later than March 1,
2003.
157
Office of Domestic Preparedness ensured the United States was prepared for acts of
terrorism by providing training and funds for the purchase of equipment, support for
the planning and execution of exercises, and technical assistance and other support to
assist State and Local jurisdictions in preventing, planning for, and responding to acts
of terrorism. [8, p. 9]
Emergency Preparedness and Response. EP&R was designed to ensure that the nation
was prepared for, and able to recover from terrorist attacks and natural disasters.
EP&R provided domestic disaster preparedness training and coordinated government
disaster response. The core of emergency preparedness was the Federal Emergency
Management Agency, responsible for reducing the loss of life and property and
protecting our nation’s institutions from all types of hazards through a comprehensive,
emergency management program of preparedness, prevention, response and
recovery. [8, p. 9]
Information Analysis and Infrastructure Protection. IAIP was designed to identify and
assesses a broad range of intelligence information concerning threats to the homeland,
issue timely warnings and take appropriate preventive and protective action.
Information Analysis was meant to provide actionable intelligence for preventing acts
of terrorism and, with timely and thorough analysis and dissemination of information
about terrorists and their activities, improve the government’s ability to disrupt and
prevent terrorist acts and to provide useful warning to state and local government, the
private sector and citizens. Infrastructure Protection was meant to coordinate national
efforts to secure America’s critical infrastructure, including vulnerability assessments,
strategic planning efforts and exercises. Protecting America’s critical infrastructure was
the shared responsibility of federal, state and local governments, in active partnership
with the private sector, the owners and operators of the majority of the nation’s
critical infrastructure. [8, p. 8]
Science and Technology Directorate. S&T provided federal, state and local operators
with the technology and capabilities needed to protect the nation from catastrophic
terrorist attacks, including threats from weapons of mass destruction. The S&T
Directorate would develop and deploy state-of-the-art, high performance, low
operating cost systems to detect and rapidly mitigate the consequences of terrorist
attacks, including those that may use chemical, biological, radiological and nuclear
materials. [8, p. 9]
Chapter 10: DHS Formation
The Department of
Homeland Security was
formed from the
consolidation of twenty-
two Federal agencies
and transfer of
approximately 169,000
personnel.
158
The Management Directorate oversaw the budget; appropriations; expenditure of
funds; accounting and finance; procurement; human resources and personnel;
information technology systems; facilities, property, equipment and other material
resources; and identification and tracking of performance measures aligned with the
mission of the Department. The Chief Financial Officer, Chief Information Officer, Chief
Human Capital Officer, Chief Procurement Officer and the Chief of Administrative
Services reported to the Undersecretary for Management as allowed by the Homeland
Security Act of 2002. [8, p. 9]
In addition to the five major directorates, the Department of Homeland Security was in
charge of the United States Coast Guard (USCG), United States Secret Service (USSS),
and U.S. Citizenship and Immigration Services (USCIS). [8, p. 9]
The United States Coast Guard ensured maritime safety, mobility and security and
protected natural marine resources. Its mission was to protect the public, the
environment and the United States economic interests in the nation’s ports and
waterways, along the coast, on international waters, or in any maritime region as
required to support national security. The Coast Guard also prevented maritime
terrorist attacks; halted the flow of illegal drugs and contraband; prevented individuals
from entering the United States illegally; and prevented illegal incursion into exclusive
economic zones. The Coast Guard had dual responsibility. Upon declaration of war, or
when the President so directed, the USCG would operate as an element of the
Department of Defense. [8, p. 9]
The United States Secret Service protected the President and Vice President, their
families, heads of state and other designated individuals; investigated threats against
these protectees; protected designated buildings within Washington, D.C.; and
planned and implemented security for designated National Special Security Events. The
USSS also investigated violations of laws relating to counterfeiting and financial crimes,
including computer fraud and computer-based attacks on the nation’s financial,
banking, and telecommunications infrastructure. [8, p. 9]
The U.S. Citizenship and Immigration Services directed the nation’s immigration system
and promoted citizenship values by providing immigration services such as immigrant
and nonimmigrant sponsorship; adjustment of status; work authorization and other
permits; naturalization of qualified applicants for United States citizenship; and asylum
or refugee processing. USCIS made certain that America continues to welcome visitors
and those who seek opportunity while excluding terrorists and their supporters. [8, p.
9]
Part II: HS, DHS, & HS Enterprise
The establishment of the
Department of
Homeland Security was
the largest
reorganization of
Federal government
since the 1947 National
Security Act created the
National Security
Council, Department of
Defense, and Central
Intelligence Agency.
159
Chapter 10: DHS Formation
Figure 10-1: DHS Organization [8, p. 10]
Where is the Department of Homeland Security Located?
DHS personnel are currently located in 50 different offices across the Washington DC metropolitan area.
Headquarters is located at 3801 Nebraska Avenue, NW, Washington, DC. The Nebraska Avenue Complex (NAC)
is a 37-acre site with 30 buildings and 653,400 square feet of office space. The campus is a secure facility with an
established security perimeter and on-site generators. Unfortunately, the NAC only accommodates about 2,390
of the 28,000 employees in the DC region. [7, p. i] It also wastes millions of dollars in leased office space and
transportation costs. According to former DHS Secretary Michael Chertoff, the attendant logistical difficulties of a
dispersed workforce slowed the government response to Hurricane Katrina in 2005, and a terrorist plot to blow
up transatlantic airliners with liquid explosives in 2006. Chertoff recalled “People were shuttling back and forth
in those critical days after the plot was exposed, and that just made it much more difficult and time-consuming,”
he said. Calling it urgent, Chertoff released a plan in 2006 to begin construction of a new centralized
headquarters to be completed by 2015. The new headquarters would cost about $3 billion and accommodate
14,000 DHS employees. With the exception of the new Coast Guard building, little progress has been made,
while cost estimates have risen to $4.5 billion and completion pushed out to 2026. One of the main reasons for
the cost overruns and schedule delays is that the chosen site for DHS headquarters is the former St. Elizabeth’s
Hospital, a national historic landmark. Built in 1852 on a 176-acre hilltop site east of the Anacostia River, St.
Elizabeth’s was the first federal psychiatric institution. Its grounds were once home to patients like Ezra Pound,
the poet, and John Hinckley Jr., the attempted assassin of President Reagan. St. Elizabeth’s was among 14
possibilities because it was the only location that met size and security requirements. More than 50 historic
buildings would need to be renovated and new ones erected for DHS’ new home. Even before costs began to
soar, planners were aware they would face millions of dollars in outlays for historic preservation and
rehabilitation of antiquated utilities and infrastructure. A decade after work began, St. Elizabeth’s venture – the
capital region’s largest planned construction project since the Pentagon – has become a monumental example of
Washington inefficiency and drift. [8]
160
Conclusion
In the immediate aftermath of 9/11, on October 8, 2001, President Bush issued E.O.
13228 establishing an Office of Homeland Security and Homeland Security Council
under the direction of a new Assistant to the President for Homeland Security. Former
Pennsylvania Governor, Tom Ridge, was appointed the first Homeland Security
Advisor. OHS was responsible for developing and coordinating the implementation of
a comprehensive national strategy to secure the United States from terrorist attacks.
HSC was responsible for advising and assisting the President with respect to all aspects
of homeland security. In his June 2002 proposal for a Department of Homeland
Security, President Bush appeared to anticipate the continued operation of both OHS
and HSC. When the Homeland Security Act was signed into law November 25, 2002, it
created the Department of Homeland Security and rechartered the HSC as an agency
within the Executive Office of the President [14, pp. CRS-1] Tom Ridge was appointed
the new Secretary of Homeland Security. Many of the functions of the Office of
Homeland Security transferred to the new Department together with the new
Secretary. [15, p. 9] OHS was closed and the remnants transferred to HSC. [14, pp. CRS-
3] The Department of Homeland Security was formed by realigning the previous
patchwork of twenty-two government activities into a single department with the
primary mission to protect the homeland. President Bush signed Executive Order
13284 activating the Department of Homeland Security effective January 23rd, 2003.
Part II: HS, DHS, & HS Enterprise
161
Chapter 10: DHS Formation
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. What findings from the Hart-Rudman Commission report prompted a bill to be submitted before Congress in April
2001 to form a National Homeland Security Department?
2. List and describe the two organizations created immediately after 9/11 to assist the President with developing and
managing homeland security policy.
3. Why did the White House feel the need to propose an executive department for homeland security?
4. List and describe two arguments for, and two arguments against creating a Department of Homeland Security.
5. What was the primary mission proposed by the White House for the Department of Homeland Security?
6. How was the new Department of Homeland Security going to improve domestic security?
7. Do you think it would’ve been a good idea to integrate either or both the CIA and FBI within DHS? Explain.
8. What do you notice when you compare DHS’ original organization to the Critical Mission Areas listed in the 2002
National Strategy for Homeland Security (written before DHS was formed)?
9. Which DHS directorate do you think had the most important mission? Explain your answer.
10. Where did FEMA fit into the new Department of Homeland Security?
162
Part II: HS, DHS, & HS Enterprise
163
DHS Evolution
Careful study of this chapter will help a student do the following:
Explain how and why the DHS mission and organization were oriented when it was created in 2003.
Explain how and why the DHS mission and organization significantly changed after Hurricane Katrina.
Describe both internal and external initiatives that re-oriented DHS’ mission between 2005 and 2007.
Evaluate the evolution of the DHS cybersecurity mission between 2003 and 2010.
Debate the merits of merging homeland security strategy and national security strategy.
Discuss the purpose and value of the Quadrennial Homeland Security Review.
Chapter 11
Learning Outcomes
Chapter 11: DHS Evolution
164
“The most serious mistakes are not being made as a result of wrong answers. The true
dangerous thing is asking the wrong question.”
– Peter F. Drucker
Introduction
Peter Drucker is hailed as “the man who invented management”. His writings are
highly regarded for predicting major business trends and influencing successful
corporations through much of the 20th century. [1] Among his key insights was the
need to continually reassess core assumptions and ensure that an organization’s
missions are properly aligned with their objectives. Accordingly, the Department of
Homeland Security’s mission and organization have evolved since it first became
operational, January 23, 2003. This chapter examines the evolution of DHS’ mission
and organization, and the factors that influenced that change.
2002 Homeland Security Strategy
On October 8, 2001, President Bush issued Executive Order 13228 establishing the
Office of Homeland Security within the Executive Office of the President. The mission
of the office was to develop and implement a comprehensive national strategy to
secure the United States from terrorist attacks. [2]
In July 2002, the Office of Homeland Security released the first National Strategy for
Homeland Security. The 2002 Strategy set the stage by defining homeland security,
and explaining its terms:
“Homeland security is a concerted national effort to prevent terrorist attacks within
the United States, reduce America’s vulnerability to terrorism, and minimize the
damage and recover from attacks that do occur.”
– 2002 National Strategy for Homeland Security [3, p. 2]
The 2002 Strategy explained that a “concerted national effort” meant that homeland
security was not just the job of the anticipated new Department of Homeland Security,
but the shared responsibility of all branches at all levels of government, and the private
sector. The fact that DHS could not accomplish the mission alone would lead to the
concept of a “homeland security enterprise” presented later in this book. The 2002
Strategy explained that “prevention” is the first priority, obviously to avoid the
consequences of a domestic catastrophic attack. It noted that “detection” is an
essential precondition for “prevention”, suggesting the need for intelligence
Part II: HS, DHS, & HS Enterprise
The 2002 National
Strategy for Homeland
Security defined
homeland security as “a
concerted national
effort to prevent
terrorist attacks within
the United States,
reduce America’s
vulnerability to
terrorism, and minimize
the damage and recover
from attacks that do
occur.”
165
surveillance both at home and abroad. In explaining the definition of homeland
security, the 2002 Strategy made it clear that the central risk was “mass casualties,
massive property loss, and immense social disruption.” It further identified the
potential means for inflicting domestic catastrophic destruction in the form of
“weapons of mass destruction, strategic information warfare, attacks on critical
infrastructure, and attacks on the highest leadership of government.” These are the
types of attacks homeland security seeks to prevent by terrorists. Additionally, the
2002 Strategy defined “terrorist attacks” as “any premeditated, unlawful act
dangerous to human life or public welfare that is intended to intimidate or coerce
civilian populations or governments.” According to the 2002 Strategy, this definition
covered kidnappings; hijackings; shootings; conventional bombings; attacks involving
chemical, biological, radiological, or nuclear weapons; cyber attacks; and any number
of other forms of malicious violence. The 2002 Strategy also noted that terrorists could
be U.S. citizens or foreigners, acting in concert with others, on their own, or on behalf
of a hostile state. Detection was again singled out as a method of reducing the nation’s
vulnerability to terrorist attack. But the 2002 Strategy also noted the specific
vulnerability of critical infrastructure, as exposed by 9/11, and prescribed the need for
the government to work with the private sector to identify and protect it. The difficulty
of reducing vulnerabilities, as noted in the 2002 Strategy, is that it requires an
imprecise and constant adjusting of the balance between safety and security, and cost
and liberty. The 2002 Strategy was also insightful, noting that as defenses are shored
up in one area, terrorists might exploit vulnerabilities in others. By this observation
the 2002 Strategy tacitly acknowledged the impossibility of preventing all terrorist
attacks. Thus, the definition also addressed minimizing damages and quickly
recovering from attacks that do occur. To minimize damages, the 2002 Strategy
proposed improving coordination and helping prepare First Responders for
catastrophic incidents. Similarly, rapid recovery was deemed necessary to restoring
economic growth and public confidence. [3, pp. 2-3]
The 2002 Strategy further explained that homeland security is an exceedingly complex
mission. It involves efforts both at home and abroad, and demands a range of
government and private sector capabilities. It also calls for coordinated and focused
effort from many agencies who are not otherwise required to work together and for
whom security is not always a primary mission. In order to provide clear direction
amidst this confusion, the 2002 Strategy recast the definition of homeland security into
a set of three objectives to help prioritize actions:
1. Prevent terrorist attacks within the United States;
2. Reduce America’s vulnerability to terrorism; and
3. Minimize the damage and recover from attacks that do occur. [3, p. 3]
Chapter 11: DHS Evolution
The corresponding
objectives from the 2002
National Strategy for
Homeland Security
were:
1. Prevent terrorist
attacks within the
U.S.;
2. Reduce America’s
Vulnerability to
terrorism; and
3. Minimize the
damage and
recovery from
attacks that do
occur.
166
From the preceding definition of homeland security, the 2002 Strategy also derived six
critical mission areas for aligning and focusing homeland security functions: this is
what the new Department was expected to do:
1. Intelligence & Warning
2. Border & Transportation Security
3. Domestic Counterterrorism
4. Protecting Critical Infrastructure
5. Defending Against Catastrophic Terrorism
6. Emergency Preparedness and Response [3, p. viii]
The first three mission areas focus primarily on preventing terrorist attacks (objective
#1); the next two on reducing the nation’s vulnerabilities (objective #2); and the final
one on minimizing the damage and recovering from attacks that do occur (objective
#3).
Intelligence & Warning. The essential function of I&W is to detect terrorist activity
before it manifests itself into an attack so that proper preemptive, preventative, and
protective action can be taken. The 2002 Strategy identified five major initiatives in
this area:
1. Enhance the analytic capabilities of the FBI for domestic intelligence;
2. Conduct vulnerability assessments and risk analysis of critical infrastructure;
3. Implement a Homeland Security Advisory System;
4. Cross reference and correlate terrorist activity with “dual-use” items;
5. Employ “red team” techniques. [3, p. viii]
Border & Transportation Security. The essential function of BTS is to promote the
efficient and reliable flow of people, goods, and services across borders while keeping
out terrorists and terrorist weapons. The 2002 Strategy identified six major initiatives
in this area:
1. Ensure accountability in border and transportation security;
2. Create “smart borders” through better intelligence and coordination;
3. Increase security of international shipping containers;
4. Implement the Aviation and Transportation Security Act of 2001;
5. Recapitalize the U.S. Coast Guard; and
6. Reform immigration services. . [3, p. viii]
Part II: HS, DHS, & HS Enterprise
From the 2002 definition
and objectives for
homeland security were
derived six critical
mission areas:
1. Intelligence &
Warning
2. Border &
Transportation
Security
3. Domestic
Counterterrorism
4. Protecting Critical
Infrastructure
5. Defending Against
Catastrophic
Terrorism
6. Emergency
Preparedness &
Response
167
Domestic Counterterrorism. While law enforcement agencies will continue to
investigate and prosecute criminal activity, they should now assign priority to
preventing and interdicting terrorist activity within the United States. All legal means—
both traditional and nontraditional—will be used to identify, halt, and, prosecute
terrorists in the United States. The 2002 Strategy identified six major initiatives under
this area:
1. Improve intergovernmental law enforcement coordination;
2. Facilitate apprehension of potential terrorists;
3. Continue ongoing investigations and prosecutions;
4. Complete FBI restructuring to emphasize prevention of terrorist attacks;
5. Target and attack terrorist financing; and
6. Track foreign terrorists and bring them to justice. [3, p. ix]
Protecting Critical Infrastructure. This function seeks to improve protection of the
individual pieces and interconnecting systems that make up our critical infrastructure.
The 2002 Strategy identified eight major initiatives under this area:
1. Unify America’s infrastructure protection effort in the Department of Homeland
Security;
2. Build and maintain a complete and accurate assessment of America’s critical
infrastructure and key assets;
3. Enable effective partnership with state and local governments and the private
sector;
4. Develop a national infrastructure protection plan;
5. Secure cyberspace;
6. Harness the best analytic and modeling tools to develop effective protective
solutions;
7. Guard America’s critical infrastructure and key assets against “inside” threats; and
8. Partner with the international community to protect our transnational
infrastructure. [3, p. ix]
Chapter 11: DHS Evolution
168
Defending Against Catastrophic Threats. This function seeks a unified approach to
preventing, preparing, responding, and recovering from the deployment of chemical,
biological, radiological, or nuclear weapons in the United States. The 2002 Strategy
identified six major initiatives in this area:
1. Prevent terrorist use of nuclear weapons through better sensors and procedures;
2. Detect chemical and biological materials and attacks;
3. Improve chemical sensors and decontamination techniques;
4. Develop broad spectrum vaccines, antimicrobials, and antidotes;
5. Harness the scientific knowledge and tools to counter terrorism; and
6. Maintain the Select Agent Program regulating the shipment of hazardous biological
organisms and toxins. [3, p. ix]
Emergency Preparedness and Response. The EP&R function seeks to build a
comprehensive national system to bring together and coordinate all necessary
response assets quickly and effectively. This function also includes planning,
equipping, training, and exercising First Responders to mobilize without warning for
any emergency. The 2002 Strategy identified twelve major initiatives in this area:
1. Integrate separate federal response plans into a single all-discipline incident
management plan;
2. Create a national incident management system;
3. Improve tactical counterterrorist capabilities;
4. Enable seamless communication among all responders;
5. Prepare health care providers for catastrophic terrorism;
6. Augment America’s pharmaceutical and vaccine stockpiles;
7. Prepare for chemical, biological, radiological, and nuclear decontamination;
8. Plan for military support to civil authorities;
9. Build the Citizen Corps;
10. Implement the First Responder Initiative of the Fiscal Year 2003 Budget;
11. Build a national training and evaluation system; and
12. Enhance the victim support system.
Part II: HS, DHS, & HS Enterprise
169
DHS Formation
The Department of Homeland Security was established by the Homeland Security Act,
signed by President Bush November 25, 2002. Former Pennsylvania Governor Tom
Ridge relinquished his position as Homeland Security Advisor to become the first
Secretary of Homeland Security. Between November 2002 and January 2003,
Secretary Ridge consolidated 180,000 personnel from twenty-two federal agencies to
form the new Department of Homeland Security. On January 23, 2003, President Bush
issued Executive Order 13284 activating the new Department. [4, p. 7]
When it began operations, DHS was largely organized like a hand — the palm being the
office of the Secretary/Deputy Secretary with the thumb and fingers being individual
directorates for (1) Management, (2) Science and technology, (3) information Analysis
and Infrastructure protection, (4) Border and Transportation Security, and (5)
Emergency preparedness and response. In addition, however, approximately two
dozen other units within the department, but not located within one of the
directorates, reported directly to the Secretary. These included program entities, such
as the United States Coast Guard and United States Secret Service, and units within the
office of the Secretary, such as the Office of International Affairs and Office of State
and Local Government Coordination, as well as some Assistant Secretaries. At the time
of its creation, only 18,000 DHS employees worked in the Washington, DC, area,
indicating that the new department had a considerable field organization. [5, pp. CRS-
2]
As the former director of the Office of Homeland Security responsible for developing
the 2002 National Strategy for Homeland Security, Secretary Ridge strove to
implement the critical mission initiatives within the new Department. But the 2002
Strategy was based on the President’s proposed organization for DHS, and the actual
organization as stipulated in the 2002 Homeland Security Act was slightly different as
shown in Table 1.
Chapter 11: DHS Evolution
Table 11-1: DHS Initial Operating Organization
President’s Proposal, June 24, 2002 [6, p. 2] Homeland Security Act, November 25, 2002
1. Border & Transportation Security Border & Transportation Security
2. Emergency Preparedness & Response Emergency Preparedness & Response
3. CBRN Countermeasures Science & Technology
4. Information Analysis & Infrastructure Protection Information Analysis & Infrastructure Protection
5. U.S. Coast Guard U.S. Coast Guard
6. U.S. Secret Service U.S. Secret Service
7. Office of State & Local Coordination Office of State & Local Coordination
8. U.S. Citizenship & Immigration Services
On January 23, 2003,
President Bush issued
Executive Order 13284
activating the new
Department.
170
The most significant difference between the President’s proposed structure for DHS
and the organization resulting from the Homeland Security Act was replacement of the
CBRN Countermeasures Directorate with the Science and Technology Directorate. The
President’s proposed CBRN Countermeasures Directorate would have led the federal
government’s efforts in preparing for and responding to the full range of threats
involving weapons of mass destruction. According to the President’s proposal, this
would have required setting national policy and establishing guidelines for State and
Local governments. It would direct exercises and drills for Federal, State, and Local
CBRN response teams and plans. [6, p. 2] The Homeland Security Act conceived a
greater role for the Science & Technology Directorate. In addition to formulating
national policy and plans to prepare and respond to WMD, S&T would also develop
countermeasures for CBRN agents. Moreover, it would support basic and applied
research to develop, demonstrate, test, and evaluate activities relevant to any or all
elements of the Department. [4]
The Department of Homeland Security, as initially established, was designed to have a
clear and efficient relationship between its organization and function. [6, p. 2]
2003 Reorganization Plan
Although Section 442 of the Homeland Security Act established a Bureau of Border
Security within the Border and Transportation Security Directorate, it did not fully
delineate its responsibilities. On January 30, 2003, President Bush submitted a
modification to the November 2002 reorganization plan that established and described
new organizational units in the Border and Transportation Security Directorate. [9, p.
12]
Part II: HS, DHS, & HS Enterprise
Table 11-2: Mapping DHS Organization & Critical Mission Areas
DHS Agency Assigned Critical Mission Areas
1. Border & Transportation Security Border & Transportation Security
2. Emergency Preparedness & Response Emergency Preparedness & Response
3. Science & Technology Defending Against Catastrophic Threats
4. Information Analysis & Infrastructure Protection Intelligence & Warning
Domestic Counterterrorism
Protecting Critical Infrastructure
5. U.S. Coast Guard Border & Transportation Security
Protecting Critical Infrastructure
6. U.S. Secret Service Domestic Counterterrorism
Protecting Critical Infrastructure
7. Office of State & Local Coordination Domestic Counterterrorism
Emergency Preparedness & Response
8. U.S. Citizenship & Immigration Services Border & Transportation Security
The most significant
difference between the
President’s proposed
structure for DHS and
the organization
resulting from the
Homeland Security Act
was replacement of the
CBRN Countermeasures
Directorate with the
Science and Technology
Directorate.
171
The January 2003 Plan renamed the Bureau of Border Security as the Bureau of
Immigration and Customs Enforcement, incorporating parts of the Immigration and
Naturalization Service (INS), the Customs Service, and the Federal Protective Service
(FPS) and outlined its functions: to enforce immigration and customs laws within the
interior of the United States and to protect specified federal buildings. [9, p. 12]
The January 2003 plan also renamed the U.S. Customs Service as the Bureau of
Customs and Border Protection (now known as U.S. Customs and Border Protection, or
CBP). The new Bureau incorporated the border and ports of entry functions of the
Customs Service, inspection responsibilities and the Border Patrol from INS, and
agricultural inspection functions from the Department of Agriculture. [9, p. 12]
These changes were made after the Department became operational, but before
marking its official inception date of March 1, 2003. On that date, the majority of the
previously existing agencies, such as the Federal Emergency Management Agency, the
Transportation Security Administration, the Coast Guard, the Customs Service, and the
United States Secret Service transferred to the new Department. [9, p. 12]
Chapter 11: DHS Evolution
Table 11-2: Mapping DHS Organization & Critical Mission Areas
DHS Agency Assigned Critical Mission Areas
1. Border & Transportation Security Border & Transportation Security
2. Emergency Preparedness & Response Emergency Preparedness & Response
3. Science & Technology Defending Against Catastrophic Threats
4. Information Analysis & Infrastructure Protection Intelligence & Warning
Domestic Counterterrorism
Protecting Critical Infrastructure
5. U.S. Coast Guard Border & Transportation Security
Protecting Critical Infrastructure
6. U.S. Secret Service Domestic Counterterrorism
Protecting Critical Infrastructure
7. Office of State & Local Coordination Domestic Counterterrorism
Emergency Preparedness & Response
8. U.S. Citizenship & Immigration Services Border & Transportation Security
Figure 11-1: 2003 DHS Organization [4, p. 10]
The Department of
Homeland Security, as
initially established,
maintained clear
alignment between its
missions and
organization.
172
2004 Adjustments
In 2004, Secretary Ridge exercised his authority under Section 872 of the 2002
Homeland Security Act to adjust the Department’s organization [10], adding two new
reports to the Secretary: The Headquarters Operational Integration Staff (I-Staff) and
the Office of State and Local Government Coordination and Preparedness (SGLCP). [9,
p. 14]
On March 26, 2004, the Department consolidated the Office for Domestic
Preparedness and the Office of State and Local Government Coordination to form the
Office of State and Local Government Coordination and Preparedness, reporting
directly to the Secretary. [9, p. 14]
On January 15, 2004, the I-Staff was formed to assist DHS leadership with coordinating
and Department missions and operational activities, including threat response and
preparedness, within DHS Headquarters. I-Staff also took the lead on drafting the
National Response Plan (NRP) and National Incident Management System (NIMS) and
implementing coordination between Headquarters and field offices as part of the
Regions plan. I-Staff activities were discontinued with the implementation of the
Second Stage Review (2SR) reorganization in October 2005. [9, p. 14]
2005 Second Stage Review
Tom Ridge was Secretary of Homeland Security for two years before resigning on
November 30, 2004. [11] In January 2005, President Bush nominated Michael Chertoff
to replace Tom Ridge as Secretary of Homeland Security. Michael Chertoff was a
distinguished attorney who was serving as a Judge on the U.S. Court of Appeals when
Secretary Ridge resigned. [12] Secretary Chertoff took office on February 15, 2005, and
launched the Second Stage Review, or 2SR, a systematic evaluation of the
department’s operations, policies, and structures. [9, p. 16]
More than 250 members of the department, formed into 18 action teams,
participated. The teams also consulted with public and private partners at the federal,
state, local, tribal, and international levels. Based on the findings, on July 13, 2005,
Secretary Chertoff proposed to Congress the following six point agenda: [9, p. 16]
1. Increase preparedness, with particular focus on catastrophic events.
2. Strengthen border security and interior enforcement and reform immigration
processes.
3. Harden transportation security without sacrificing mobility.
Part II: HS, DHS, & HS Enterprise
Within provisions
authorized in the 2002
Homeland Security Act,
Secretary Ridge
continued until the end
of his term to make
minor adjustments to
the Department’s
organization.
173
4. Enhance information sharing with our partners, particularly with state, local and
tribal governments and the private sector.
5. Improve DHS stewardship, particularly with stronger financial, human resource,
procurement and information technology management.
6. Re-align the DHS organization to maximize mission performance. [5, pp. CRS-3]
Spurred in part by the flawed response to Hurricane Katrina, Congress formally
approved the 2SR recommendations October 18, 2005. [13, p. 259] The subsequent
reorganization abolished the Directorates for Border and Transportation Security,
Information Analysis and Infrastructure Protection, and Emergency Response and
Preparedness. With the abolition of these Directorates, the Director of the Federal
Emergency Management Agency (FEMA), the Commissioner of Customs and Border
Protection, the Assistant Secretary for the Transportation Security Administration,
Director of Operations Coordination, Assistant Secretary for Intelligence and Analysis
and the Assistant Secretary for Immigration and Customs Enforcement now reported
directly to the Secretary. [9, p. 16]
The reorganization created two new directorates. The Policy Directorate took on most
of the policy responsibilities from the former Assistant Secretary for Policy and
Planning in the Border and Transportation Security Directorate, as well as newly
created Assistant Secretaries for Legislative and Intergovernmental Affairs, Strategic
Plans, the Private Sector, and International Affairs. The Preparedness Directorate
consisted of preparedness functions transferred from FEMA and also included the U.S.
Fire Administration, the Office of National Capitol Region, the Office of Infrastructure
Preparedness, functions of the Office of State and Local Government Coordination, and
the new offices of the Assistant Secretary for Grants and Training and the Chief
Medical Officer. [9, p. 16]
The reorganization also created four new offices. The Office of Policy was created to
serve as the primary Department-wide coordinator for policies, regulations, and other
initiatives. These functions were previously performed under the Border and
Transportation Security Directorate. The Office of Intelligence and Analysis was created
to gather, analyze, and report information from relevant field operations and
information from other parts of the intelligence community. These functions were
previously performed, in part, under the Information Analysis and Infrastructure
Protection Directorate. The Office of Operations Coordination was established to
Chapter 11: DHS Evolution
Shortly after assuming
office in February 2005,
Secretary Chertoff
announced his intention
to reorganize DHS
according to a plan he
called the Second Stage
Review (2SR).
174
conduct joint operations across the Department, coordinate incident management and
the management of the Homeland Security Operations Center. The Office of Legislative
and Intergovernmental Affairs was created to merge similar functions previously
provided by the Office of Legislative Affairs and the Office of State and Local
Government Coordination. [13, p. 259]
2006 Post-Katrina Reform Act
Hurricane Katrina struck Florida and the Gulf Coast states in the last days of August
2005, followed within weeks by Hurricanes Rita and Wilma. These disasters will long be
remembered for disrupting families, changing and ending lives, and forcing Americans
to rethink vulnerability and risk assumptions. In addition to these impacts, the
hurricanes served as catalysts for significant changes in federal policy and the
organization of responsible federal entities, notably within the Department of
Homeland Security. [14, p. 1]
Reports issued by committees of the 109th Congress, the White House, federal offices
of Inspector General, and the Government Accountability Office (GAO), among others,
concluded that the losses caused by Hurricane Katrina were due, in part, to
deficiencies such as questionable leadership decisions and capabilities, organizational
failures, overwhelmed preparation and communication systems, and inadequate
statutory authorities. As a result, the 109th Congress revised federal emergency
management policies vested in the President; reorganized the Federal Emergency
Management Agency; and enhanced and clarified the mission, functions, and
authorities of the agency, as well as those of its parent, the Department of Homeland
Security. [14, p. i]
After FEMA was established in 1979, it was charged with carrying out activities to
enable Federal, State, and Local governments to address a broad spectrum of
emergency management functions. In carrying out its mission, FEMA 1) funded and
coordinated emergency preparedness activities, 2) provided and coordinated
immediate federal response to save lives and property, 3) funded the reconstruction of
damaged homes and infrastructure to help stricken families and communities recover,
and 4) supported hazard mitigation activities to ensure that future disasters do not
recur, or are less destructive in the future. These four elements of preparedness,
response, recovery, and hazard mitigation constitute what has been generally referred
to as the Comprehensive Emergency Management (CEM) system. [14, p. 3]
Part II: HS, DHS, & HS Enterprise
As a result of the flawed
response to Hurricane
Katrina, Congress
approved the 2SR
reorganization and
added its own
adjustments with the
2006 Post-Katrina
Emergency Reform Act.
175
When the Homeland Security Act transferred FEMA to DHS in 2003, some CEM
responsibilities were transferred to the Border and Transportation Security
Directorate. As part of the Second Stage Review, CEM functions were further divided
between FEMA and the new Preparedness Directorate. As part of its investigation into
Hurricane Katrina, Congress concluded that these mission and organizational shifts
deteriorated FEMA’s capabilities as functions, resources, and responsibilities moved to
other DHS units. Others argued that an emphasis on terrorist-caused incidents within
DHS dominated planning and allocation decisions and contributed to FEMA’s
diminished capabilities for all hazards. These findings led to congressional enactment
of significant revisions to FEMA’s structure and mission in the Post-Katrina Act. [14, pp.
3-4]
On October 4, 2006, as part of the Homeland Security FY2007 Appropriations Bill
(Public Law 109-295), the President signed into law the Post-Katrina Emergency
Reform Act. The Act established new leadership positions within the Department,
brought additional functions into the Federal Emergency Management Agency (FEMA),
and created and reallocated functions within the Department. [9, p. 25]
The Post-Katrina Emergency Management Reform Act of 2006 established new
leadership positions and position requirements within the Federal Emergency
Management Agency, brought new missions into FEMA and restored some that had
previously been removed, and enhanced the agency’s authority by directing the FEMA
Administrator to undertake a broad range of activities before and after disasters occur.
The Post-Katrina Act contained provisions that set out new law, amended the
Homeland Security Act, and modified the Robert T. Stafford Disaster Relief and
Emergency Assistance Act (the Stafford Act). [14, p. 1]
Specifically, the Act renamed the Under Secretary for Federal Emergency Management
as the Administrator of FEMA and elevated the position to the deputy secretary level.
The Administrator was designated the principal advisor to the President, the Homeland
Security Council, and the Secretary for all matters relating to emergency management
and can be designated by the President to serve as a member of the Cabinet in the
event of disasters. FEMA was legislatively protected as a distinct entity in the
Department and is subject to reorganization only by statute. [9, p. 25]
Chapter 11: DHS Evolution
One of the most
significant changes
brought about by the
Post-Katrina Reform Act
was that it expanded
and elevated FEMA as a
distinct entity within the
Department of
Homeland Security.
176
The Post-Katrina Emergency Management Reform Act transferred to FEMA all
functions of the Preparedness Directorate, including the Office of Grants and Training,
the United States Fire Administration (USFA), and the Office of National Capital Region
Coordination. The Office of Infrastructure Protection, the National Communications
System, the National Cybersecurity Division, and the Office of the Chief Medical Officer
remained in the Preparedness Directorate. [9, p. 25]
The Post-Katrina Act reorganized DHS with a reconfigured FEMA with consolidated
emergency management functions, elevated status within the department, and
enhanced organizational autonomy. Effective March 31, 2007, the Post-Katrina Act
restored to FEMA the responsibility to lead and support efforts to reduce the loss of
life and property and protect the nation from all hazards through a risk-based system
that focuses on expanded CEM components. The statute also added a fifth
component—protection—to the four CEM components, but did not define the term.
[14, pp. 5-6]
2006 SAFE Port Act
On October 13, 2006, Congress passed the Security Accountability for Every Port Act,
or SAFE Port Act of 2006 (Public Law 109-347). The act authorized the Domestic
Nuclear Detection Office (DNDO) and completed the reorganization of FEMA,
transferring the Radiological Preparedness Program and the Chemical Stockpile
Emergency Preparedness Program to FEMA. [9, p. 25]
To implement and complement the changes in FEMA mandated by the Post-Katrina
Management Reform Act of 2006 and the SAFE Port Act of 2006, the Department
reorganized FEMA and made other organizational changes. [9, p. 25]
After the Post-Katrina Emergency Reform Act transferred many functions to FEMA, the
Preparedness Directorate was renamed the National Protection and Programs
Directorate (NPPD) and retained some Preparedness elements not transferred to
FEMA, including the Office of Infrastructure Protection; the Office of Cyber Security
and Telecommunications combined with National Communications System and new
Office of Emergency Communications and renamed the Office of Cyber Security and
Communications; and the Office for State and Local Government Coordination,
renamed the Office of Intergovernmental Programs. Additionally the new Directorate
contained US-VISIT and the Office of Risk Management and Analysis, formerly a part of
the Office of Infrastructure Protection. An Office of Health Affairs was also established
within NPPD, led by an Assistant Secretary/Chief Medical Officer. These changes
became effective March 21, 2007. [9, pp. 25-26]
Part II: HS, DHS, & HS Enterprise
The 2006 SAFE Port Act
completed the
reorganization of FEMA,
and authorized the
creation of a Domestic
Nuclear Detection
Office. After the Post-
Katrina Emergency
Reform Act transferred
many functions to
FEMA, the Preparedness
Directorate was
renamed the National
Protection and
Programs Directorate
(NPPD).
177
2007 National Strategy for Homeland Security
Hurricane Katrina resulted in a fundamental change to homeland security strategy,
adding natural disasters to the list of domestic catastrophic threats together with
manmade disasters. This change was reflected in the 2007 National Strategy for
Homeland Security. In addition to hurricanes, the 2007 Strategy identified
earthquakes, floods, tornadoes, wildfires, and infectious disease as significant hazards.
[15, p. 10] While this recognition did not change the definition of homeland security
according to the 2007 Strategy, [15, p. 3] it did lead to the introduction of a new term,
that of “all-hazards”. [15, p. 32] FEMA defines “all-hazards” as: “Any incident or event,
natural or human caused, that requires an organized response… in order to protect
life, public health, and safety… and to minimize any disruption to governmental, social,
and economic services.” [16] Accordingly, to accommodate this expanded mission set,
the 2007 Strategy identifies four primary goals of homeland security:
1. Prevent and disrupt terrorist attacks;
2. Protect the American people, our critical infrastructure, and key resources;
3. Respond and recover from incidents that do occur;
4. Continue to strengthen the foundation to ensure our long-term success. [15, p. 1]
As shown in Table 3, the 2007 Strategy Objectives compare very similar to the 2002
Strategy Objectives. The primary difference is subtle word changes that shift the focus
away from the exclusive concern over terrorism. Objective #2 in the 2007 Strategy is
still concerned with reducing vulnerability, but it replaces the threat to vulnerability
with the targets of vulnerability, allowing broader interpretation beyond just terrorism.
Objective #3 replaces “attacks” with “incidents” so it too can encompass a broader
range of threats and hazards besides terrorism.
Chapter 11: DHS Evolution
Table 11-3: Comparison of Strategy Objectives
2007 Strategy 2002 Strategy
1. Prevent and disrupt terrorist attacks Prevent terrorist attacks within the U.S.
2. Protect the American people, & CI/KR Reduce America’s vulnerability to terrorism
3. Respond and recover from incidents that do occur Minimize the damage and recover from attacks
that do occur
4. Continue to strengthen the foundation to ensure our long-
term success
The second National
Strategy for Homeland
Security released in
2007 adjusted its
homeland security
objectives, now called
“goals”, to
accommodate lessons
learned from Hurricane
Katrina and encompass
“all hazards”, not just
terrorist threats.
178
Similar to the 2002 Strategy Objectives, the first three objectives of the 2007 Strategy
were designed to organize and prioritize national efforts. Objective #4 of the 2007
Strategy was different in that it was aimed at creating and transforming homeland
security principles, systems, structures, and institutions. This included applying a
comprehensive approach to risk management, building a culture of preparedness,
improving incident management, better utilizing science and technology, and
leveraging all instruments of national power and influence. [15, p. 1] In short, Objective
#4 was meant to put the Department on a path of continuous and systematic
improvement. That objective was met when Congress passed and the President signed
the Implementing Recommendations of the 9/11 Commission Act of 2007.
Implementing Recommendations of the 9/11 Commission Act of 2007
Months after the 9/11 Commission had officially issued its seminal report and ceased
its functions, Chairman Kean and other commissioners toured the country to draw
attention to the recommendations of the commission for reducing the terror risk,
claiming that some of their recommendations were being ignored. Co-chairs Kean and
Hamilton wrote a book about the constraints they faced as commissioners titled
Without Precedent: The Inside Story of the 9/11 Commission. The book was released
August 15, 2006 and chronicled the work of Kean (Commission Chairman) and
Hamilton (Commission Vice-Chairman) of the 9/11 Commission. [17] Congress
responded in January 2007 by introducing a bill titled “Implementing
Recommendations of the 9/11 Commission Act”. The bill was finally approved and
signed into law (PL 110-53) on August 3, 2007. [18] The Act built on the Post-Katrina
Emergency Management Reform Act of 2006, focusing on the reorganization of the
grant process as administered by FEMA. The Act also reorganized intelligence
operations at the Department, elevating the Assistant Secretary for Intelligence and
Analysis to the Under Secretary level, requiring Senate confirmation. [9, p. 30] Among
the many provisions impacting DHS programs and organization, Section 707 required
the Department to conduct a comprehensive examination of its mission and
organization every four years starting in 2009. These periodic introspectives were
designated the Quadrennial Homeland Security Review (QHSR). [19]
Part II: HS, DHS, & HS Enterprise
The Implementing
Recommendations of
the 9/11 Commission
Act of 2007 further
empowered FEMA,
elevated Intelligence
and Analysis within the
Department, and
directed the Secretary
to systematically
examine its mission and
organization in a
Quadrennial Homeland
Security Review (QHSR).
179
Quadrennial Homeland Security Review
In 2009, DHS conducted its first Quadrennial Homeland Security Review under the
auspices of its new Secretary, Janet Napolitano. Former Governor of Arizona, Janet
Napolitano was appointed by the incoming Obama Administration and later confirmed
by Congress as Secretary of Homeland Security on January 20, 2009. [21] The first
QHSR was released in February 2010. The QHSR was a comprehensive examination of
the homeland security strategy of the nation and included recommendations regarding
the long-term strategy and priorities of the nation for homeland security. The QHSR
Report included the results of the QHSR, a national homeland security strategy, a
description of the critical homeland security missions of the nation, and an explanation
of the underlying assumptions used in conducting the review. [22, p. v]
The 2010 QHSR revised the definition of homeland security first established in the
2002 National Strategy for Homeland Security. The new definition of homeland
security according to the 2010 QHSR:
“Homeland security is a concerted national effort to ensure a homeland that is
safe, secure, and resilient against terrorism and other hazards where American
interests, aspirations, and way of life can thrive.”
– 2010 Quadrennial Homeland Security Review [23, p. 13]
Chapter 11: DHS Evolution
Figure 11-2: 2008 DHS Organization [20]
180
From this new definition, the 2010 QHSR derived five homeland security missions and
associated goals listed in Table 4.
The most notable difference between the QHSR and 2002 and 2007 homeland security
strategy mission sets was the elevation of Cybersecurity. Cybersecurity is defined as
“The activity or process, ability or capability, or state whereby information and
communications systems and the information contained therein are protected from
and/or defended against damage, unauthorized use or modification, or
exploitation.” [24] The potential for using the Internet as an avenue for attacking the
nation’s critical infrastructure was first raised by the President’s Commission on Critical
Infrastructure Protection in October 1997. [25] This concern was not forgotten even
though the 9/11 attacks were precipitated through physical subversion of the nation’s
critical infrastructure. Even so, cybersecurity was subordinated as a function of critical
infrastructure protection in both the 2002 and 2007 Strategies, [3, p. ix] [15, p. 27]
although a separate National Strategy to Secure Cyberspace was issued in February
2003. [26] By the time the QHSR was conducted in 2009, the U.S. had been subject to
cyber attacks of increasing frequency and severity [27]. Because much of the nation’s
critical infrastructure was interconnected through the Internet, safeguarding and
securing it became one of homeland security’s most important missions. [23, p. 29]
The elevation of the cybersecurity mission in the 2010 QHSR was preceded by the
establishment of the National Cyber Security Center (NCSC) in DHS. On January 8,
2008, President Bush issued Homeland Security Presidential Directive 23 (HSPD-23),
creating NCSC, making it responsible for coordinating cybersecurity efforts and
improving situational awareness and information sharing across the Federal
government. [9, p. 32]
Part II: HS, DHS, & HS Enterprise
Table 11-4: QHSR Missions & Goals [23, p. x]
Mission 1: Preventing Terrorism and Enhancing Security
Goal 1.1: Prevent Terrorist Attacks
Goal 1.2: Prevent the Unauthorized Acquisition or Use of CBRN Materials and Capabilities
Goal 1.3: Manage Risks to Critical Infrastructure, Key Leadership, and Events
Mission 2: Securing and Managing Our Borders
Goal 2.1: Effectively Control U.S. Air, Land, and Sea Borders
Goal 2.2: Safeguard Lawful Trade and Travel
Goal 2.3: Disrupt and Dismantle Transnational Criminal Organizations
Mission 3: Enforcing and Administering Our Immigration Laws
Goal 3.1: Strengthen and Effectively Administer the Immigration System
Goal 3.2: Prevent Unlawful Immigration
Mission 4: Safeguarding and Securing Cyberspace
Goal 4.1: Create a Safe, Secure, and Resilient Cyber Environment
Goal 4.2: Promote Cybersecurity Knowledge and Innovation
Mission 5: Ensuring Resilience to Disasters
Goal 5.1: Mitigate Hazards
Goal 5.2: Enhance Preparedness
Goal 5.3: Ensure Effective Emergency Response
Goal 5.4: Rapidly Recover
The first QHSR
conducted in 2010 under
Secretary Napolitano
provided a new
definition of homeland
security and
reformulation of
missions. The most
notable difference
between the QHSR and
2002 and 2007
homeland security
strategy mission sets
was the elevation of
Cybersecurity.
181
As a result of the findings from the QHSR, DHS initiated a bottom-up review (BUR) in
November 2009. The BUR included an assessment of the organizational alignment of
the Department with the homeland security missions set forth in the QHSR, including
the Department’s organizational structure, management systems, procurement
systems, and physical and technical infrastructure. The BUR also included a review and
assessment of the effectiveness of the mechanisms of the Department for turning the
requirements developed in the QHSR into an acquisition strategy and expenditure plan
within the Department. [22, p. v]
The BUR resulted in a comprehensive catalogue of DHS activities across the homeland
security missions, as well as a list of over 300 potential initiatives and enhancements.
The resulting report detailed the results of the analysis, describing the alignment of the
Department with the homeland security missions, and setting forth the Department’s
priority initiatives and enhancements to increase mission performance, improve
Departmental management, and increase accountability over the next four years. The
BUR Report also included recommendations for improving the organizational
alignment of the Department and enhancing its business processes. DHS subsequently
included these recommended changes in its FY 2012 budget request to Congress. [22,
p. v]
In 2014, DHS conducted its second QHSR under the auspices of its fourth Secretary Jeh
Charles Johnson. Jeh Johnson was serving as General Counsel for the Department of
Defense when he was nominated by President Obama to replace Secretary Napolitano
after she resigned in August 2013. Secretary Johnson was confirmed by the Senate on
December 16, 2013. [28] The 2014 QHSR built upon the 2010 QHSR to provide an
updated view of the nation’s homeland security mission goals and objectives. While
the missions remained unchanged, the 2014 QHSR introduced five strategic priorities
impacting them:
1. An updated posture to address the increasingly decentralized terrorist threat;
2. A strengthened path forward for cybersecurity that acknowledges the increasing
interdependencies among critical systems and networks;
3. A homeland security strategy to manage the urgent and growing risk of biological
threats and hazards;
4. A risk segmentation approach to securing and managing flows of people and goods
into and out of the United States; and
5. A new framework for improving the efficiency and effectiveness of DHS mission
execution through public-private partnerships. [29, p. 16]
Chapter 11: DHS Evolution
Table 11-4: QHSR Missions & Goals [23, p. x]
Mission 1: Preventing Terrorism and Enhancing Security
Goal 1.1: Prevent Terrorist Attacks
Goal 1.2: Prevent the Unauthorized Acquisition or Use of CBRN Materials and Capabilities
Goal 1.3: Manage Risks to Critical Infrastructure, Key Leadership, and Events
Mission 2: Securing and Managing Our Borders
Goal 2.1: Effectively Control U.S. Air, Land, and Sea Borders
Goal 2.2: Safeguard Lawful Trade and Travel
Goal 2.3: Disrupt and Dismantle Transnational Criminal Organizations
Mission 3: Enforcing and Administering Our Immigration Laws
Goal 3.1: Strengthen and Effectively Administer the Immigration System
Goal 3.2: Prevent Unlawful Immigration
Mission 4: Safeguarding and Securing Cyberspace
Goal 4.1: Create a Safe, Secure, and Resilient Cyber Environment
Goal 4.2: Promote Cybersecurity Knowledge and Innovation
Mission 5: Ensuring Resilience to Disasters
Goal 5.1: Mitigate Hazards
Goal 5.2: Enhance Preparedness
Goal 5.3: Ensure Effective Emergency Response
Goal 5.4: Rapidly Recover
As a result of the
findings from the QHSR,
DHS initiated a bottom-
up review (BUR) in
November 2009. The
BUR included an
assessment of the
organizational
alignment of the
Department with the
homeland security
missions set forth in the
QHSR.
182
Beyond these strategic priorities, the 2014 QHSR also highlighted ongoing areas of
priority and renewed areas of emphasis based on risk and other considerations—
countering nuclear threats, strengthening the immigration system, and enhancing
national resilience. [29, p. 16] The Department’s current organization is depicted in
Figure 3.
Homeland Security Strategy
In order to be effective, an organization must not only be aligned internally, but
externally as well. In the case of the Department of Homeland Security, its missions
and organization must align with nationally promulgated homeland security strategy.
Strategy, in general, is defined as a plan of action design to achieve a particular aim.
[31] The 2002 National Strategy for Homeland Security articulated five critical mission
areas to attain the strategic objectives of 1) Prevent terrorist attacks within the United
States; 2) Reduce America’s vulnerability to terrorism; and 3) Minimize the damage
and recover from attacks that do occur. [3, p. vii] Following Hurricane Katrina in 2005,
homeland security strategy was adjusted to account for natural as well as manmade
disasters. The 2007 National Strategy for Homeland Security revised the previous
strategy objectives to 1) Prevent and disrupt terrorist attacks; 2) Protect the American
People, critical infrastructure, and key resources; and 3) Respond to and recover from
incidents that do occur. [15, p. 13]
Part II: HS, DHS, & HS Enterprise
Figure 11-3: 2015 DHS Organization [30]
The second QHSR,
conducted under
Secretary Johnson in
2014, introduced
“strategic priorities”
giving precedence to the
missions and goals
formulated under the
2010 QHSR.
183
Both the 2002 and 2007 homeland security strategies were crafted separate from
national security strategy. The 2002 Strategy was written by the Office of Homeland
Security before the Department of Homeland Security was established. The 2007
Strategy was written by the Homeland Security Council after the Department was
established. The Homeland Security Council was established shortly after 9/11 to
advise the President and coordinate homeland security actions among Federal
agencies. While homeland security was always recognized as a part of national
security, [3, p. 5] the split in staff raised concerns about effective coordination. Shortly
after assuming office, on February 23, 2009 President Obama launched a 60-day
organizational review of White House staff. Based on this review, on May 26, 2009,
President Obama announced the merging of the Homeland Security Council with the
National Security Council. [32] As a result, homeland security strategy was
incorporated into the Obama Administration’s 2010 National Security Strategy.
Section 603 of the 1986 Goldwater-Nichols Act (P.L. 99-433) requires the President to
submit a report of national security strategy annually to Congress. [33] The 2010
National Security Strategy recast homeland security strategy objectives as shared
efforts to 1) identify and interdict threats; 2) deny hostile actors the ability to operate
within our borders; 3) maintain effective control of our physical borders; 4) safeguard
lawful trade and travel into and out of the United States; 5) disrupt and dismantle
transnational terrorist, and criminal organizations; and 6) ensure national resilience in
the face of the threat and hazards. [34, p. 15]
In February 2015, the Obama Administration issued a revised National Security
Strategy. In a highly abbreviated form, the 2015 National Security Strategy essentially
affirmed the strategic objectives enumerated in the 2010 National Security Strategy.
[35, p. 8] Perhaps most notably, the 2015 National Security Strategy addressed the
threat of catastrophic terrorist attack, [35, p. 9] spread and use of Weapons of Mass
Destruction, [35, p. 11] and cybersecurity [35, p. 12] outside the confines of homeland
security, together with more traditional national security objectives. The changes mark
the most intensive attempt yet to integrate homeland security strategy and national
security strategy.
Chapter 11: DHS Evolution
After 9/11, President
Bush created a separate
Homeland Security
Council and separate
homeland security
strategy to ensure
dedicated treatment to
the mission. In 2009
President Obama re-
integrated the HSC into
the NSC, and in 2010 he
merged homeland
security into national
security strategy to
ensure both missions
were interlocked and
aligned.
184
Conclusion
According to the management guru Peter Drucker, the hallmark of an effective
organization is when its people and policies are aligned with its mission. The mission
of the Department of Homeland Security has evolved since it was first founded in
January 2003. The original mission set was founded on a definition of which, in turn,
was shaped by the events of 9/11. Thus, when it was first founded DHS was primarily
focused on the threat of domestic catastrophic damage resulting from manmade
actions associated with terrorist motives. The Department’s flawed response to
Hurricane Katrina in August 2005 prompted a fundamental change in its focus, adding
natural disasters to the list of threats that could create domestic catastrophic damage.
Between 2005 and 2007, DHS underwent a number changes, initiated both internally
and externally to re-align its mission sets accordingly. Included in these changes was a
mandate by Congress for the Department to periodically review its missions and
organization. The first Quadrennial Homeland Security Review in 2010 revised the
definition of homeland security to include both natural and manmade threats. Both
the Department’s organization and mission support the nation’s overall homeland
security strategy. Initially, homeland security strategy was devised by the Homeland
Security Council established after 9/11. In 2009, the Homeland Security Council was
absorbed into the National Security Council. Since 2010, homeland security strategy
has been combined and published as part of National Security Strategy. In one sense,
the effectiveness of the Department of Homeland Security may be measured by
alignment of its organization to mission, strategy, and definition of homeland security.
Another measure of the Department’s effectiveness is by what is has accomplished.
Part II: HS, DHS, & HS Enterprise
185
Chapter 11: DHS Evolution
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. How did the 2002 National Strategy for Homeland Security influence the organization and missions of DHS?
2. Identify three significant changes the Second Stage Review made to the Department of Homeland Security.
3. Identify the single most significant change the 2006 Post-Katrina Reform Act made to DHS.
4. Identify the single most significant change the 2006 Safe Port Act made to DHS.
5. Describe the motivation behind the 2007 Implementing Recommendations of the 9/11 Commission Act.
6. What was the major difference between the 2002 and 2007 homeland security strategies?
7. Summarize the Department’s change in mission and organization between 2003 and 2008.
8. What is the purpose of the Quadrennial Homeland Security Review?
9. Why was homeland security strategy merged into national security strategy in 2009?
10. Summarize how the cybersecurity mission evolved from 2003 to 2010.
186
Part II: HS, DHS, & HS Enterprise
187
DHS Progress
Careful study of this chapter will help a student do the following:
Describe the findings from the 2007 GAO Assessment of DHS performance.
Describe the findings from the 2011 GAO Assessment of DHS performance.
Evaluate the collective findings from the 2007 and 2011 GAO assessments.
Assess for yourself whether you think DHS has made the nation safer.
Chapter 12
Learning Outcomes
Chapter 12: DHS Progress
188
“Measurement is the first step that leads to control and eventually to improvement. If
you can’t measure something, you can’t understand it. If you can’t understand it, you
can’t control it. If you can’t control it, you can’t improve it.”
– H. James Harrington
Introduction
The Department of Homeland Security was formed from 22 different federal agencies
to consolidate many separate homeland security activities under a single agency. Since
DHS began operations in March 2003, it has implemented various policies and
programs to meet its mission requirements and taken actions to integrate its
management functions and to transform its component agencies into an effective
cabinet department. [1, p. 2] Often it takes years for the consolidated functions in new
organizations to effectively build on their combined strengths, and it is not uncommon
for management challenges to remain for decades. For example, the 1947 legislation
creating the Department of Defense was amended by Congress in 1949, 1953, 1958,
and 1986 to improve the department’s structural effectiveness. Despite these and
other changes made by DOD, sixty years after its establishment, DOD continues to face
a number of serious management challenges. [1, p. 1] Thus the Government
Accountability Office (GAO) designated the implementation and transformation of DHS
as high-risk because it represented an enormous undertaking that would require time
to achieve in an effective and efficient manner. Additionally, the components merged
into DHS already faced a wide array of existing challenges, and any DHS failure to
effectively carry out its mission would expose the nation to potentially serious
consequences. Accordingly, DHS has remained on GAO’s high-risk list since 2003. [1, p.
2] In the meantime, GAO has conducted periodic assessments of DHS’ progress. This
chapter examines DHS’ progress in performing assigned homeland security missions by
way of reviewing findings from GAO’s assessments.
2007 GAO Assessment
In November 2002, the Homeland Security Act of 2002 was enacted into law, creating
DHS. This act defined the department’s missions to include preventing terrorist attacks
within the United States; reducing U.S. vulnerability to terrorism; and minimizing the
damages, and assisting in the recovery from, attacks that occur within the United
States. The act also specified major responsibilities for the department, including
analyzing information and protecting infrastructure; developing countermeasures
against chemical, biological, radiological, and nuclear, and other emerging terrorist
threats; securing U.S. borders and transportation systems; and organizing emergency
preparedness and response efforts. DHS officially began operations on March 1, 2003.
[1, pp. 6-7]
Part II: HS, DHS, & HS Enterprise
189
Based on the notion it takes 5 to 7 years to complete a successful merger, GAO
performed a comprehensive assessment of DHS’ progress four years after the
Department was activated. [1, p. ii] The 2007 GAO investigation examined DHS
progress across 14 areas:
For each mission and management area, GAO identified performance expectations and
vetted them with DHS officials. Performance expectations were a composite of the
responsibilities or functions—derived from legislation, homeland security presidential
directives and executive orders, DHS planning documents, and other sources—that the
department was to achieve. GAO analysts and subject matter experts reviewed prior
GAO work, DHS Inspector General work, and evidence DHS provided between March
and July 2007, including DHS officials’ assertions when supported by documentation.
On the basis of this analysis and expert judgment, GAO then assessed the extent to
which DHS had achieved each of the expectations identified. If DHS generally achieved
more than 75 percent of the identified performance expectations, GAO identified its
overall progress as substantial. When the number achieved was more than 50 percent
but 75 percent or less, GAO identified its overall progress as moderate. If DHS generally
achieved more than 25 percent but 50 percent or less, GAO identified its overall
progress as modest. For mission and management areas in which DHS generally
achieved 25 percent or less of the performance expectations, GAO identified overall
progress as limited. [1, pp. 9-10]
Chapter 12: DHS Progress
1. Border Security
2. Immigration Enforcement
3. Immigration Services
4. Aviation Security
5. Surface Transportation Security
6. Maritime Security
7. Emergency Preparedness and Response
8. Critical Infrastructure Protection
9. Science and Technology
10. Acquisition Management
11. Financial Management
12. Human Capital Management
13. Information Technology Management
14. Real Property Management [1, p. 8]
For each mission and
management area, GAO
identified performance
expectations and vetted
them with DHS officials.
GAO then assessed the
extent to which DHS had
achieved each of the
expectations identified.
190
Border Security. This mission includes detecting and preventing terrorists and terrorist
weapons from entering the United States; facilitating the orderly and efficient flow of
legitimate trade and travel; interdicting illegal drugs and other contraband;
apprehending individuals who are attempting to enter the United States illegally;
inspecting inbound and outbound people, vehicles, and cargo; and enforcing laws of
the United States at the border. GAO identified 12 performance expectations for DHS
in the area of border security and found that DHS generally achieved 5 of them and
generally did not achieve 7 others. [1, p. 12]
Part II: HS, DHS, & HS Enterprise
Table 12-1: 2007 GAO Assessment of Border Security [1, p. 12]
191
Immigration Enforcement. This mission includes apprehending, detaining, and
removing criminal and illegal aliens; disrupting and dismantling organized smuggling of
humans and contraband as well as human trafficking; investigating and prosecuting
those who engage in benefit and document fraud; blocking and removing employers’
access to undocumented workers; and enforcing compliance with programs to monitor
visitors. GAO identified 16 performance expectations for DHS in the area of
immigration enforcement and found that DHS has generally achieved 8 of them and
generally did not achieve 4 others. For performance expectations, GAO could not make
an assessment. [1, pp. 12-13]
Chapter 12: DHS Progress
Table 12-2: 2007 GAO Assessment of Immigration Enforcement [1, p. 13]
192
Immigration Services. This mission includes administering immigration benefits and
working to reduce immigration benefit fraud. GAO identified 14 performance
expectations for DHS in the area of immigration services and found that DHS generally
achieved 5 of them and generally did not achieve 9 others. [1, p. 13]
Part II: HS, DHS, & HS Enterprise
Table 12-3: 2007 GAO Assessment of Immigration Services [1, p. 14]
193
Aviation Security. This mission includes strengthening airport security; providing and
training a screening workforce; prescreening passengers against terrorist watch lists;
and screening passengers, baggage, and cargo. GAO identified 24 performance
expectations for DHS in the area of aviation security and found that DHS generally
achieved 17 of them and generally did not achieve 7 others. [1, p. 14]
Chapter 12: DHS Progress
Table 12-4: 2007 GAO Assessment of Aviation Security [1, p. 15]
194
Surface Transportation Security. This mission includes establishing security standards
and conducting assessments and inspections of surface transportation modes, which
include passenger and freight rail; mass transit; highways, including commercial
vehicles; and pipelines. GAO identified 5 performance expectations for DHS in the area
of surface transportation security and found that DHS generally achieved 3 of them
and generally did not achieve 2. [1, pp. 15-16]
Part II: HS, DHS, & HS Enterprise
Table 12-5: 2007 GAO Assessment of Surface Transportation Security [1, p. 16]
195
Maritime Security. This mission includes port and vessel security, maritime intelligence,
and maritime supply chain security. GAO identified 23 performance expectations for
DHS in the area of maritime security and found that DHS generally achieved 17 of them
and generally did not achieve 4 others. For 2 performance expectations, GAO could not
make an assessment. [1, p. 16]
Chapter 12: DHS Progress
Table 12-6: 2007 GAO Assessment of Maritime Security [1, p. 17]
196
Emergency Preparedness and Response. This mission includes preparing to minimize
the damage and recover from terrorist attacks and disasters; helping to plan, equip,
train, and practice needed skills of first responders; and consolidating federal response
plans and activities to build a national, coordinated system for incident management.
GAO identified 24 performance expectations for DHS in the area of emergency
preparedness and response and found that DHS generally achieved 5 of them and
generally did not achieve 18 others. For 1 performance expectation, GAO could not
make an assessment. [1, pp. 17-18]
Part II: HS, DHS, & HS Enterprise
Table 12-7: 2007 GAO Assessment of Emergency Preparedness & Response [1, p. 18]
197
Critical Infrastructure Protection. This mission includes developing and coordinating
implementation of a comprehensive national plan for critical infrastructure protection,
developing partnerships with stakeholders and information sharing and warning
capabilities, and identifying and reducing threats and vulnerabilities. GAO identified 7
performance expectations for DHS in the area of critical infrastructure and key
resources protection and found that DHS generally achieved 4 of them and generally
did not achieve 3 others. [1, p. 19]
Chapter 12: DHS Progress
Table 12-8: 2007 GAO Assessment of Critical Infrastructure Protection [1, p. 19]
198
Science and Technology. This mission includes coordinating the federal government’s
civilian efforts to identify and develop countermeasures to chemical, biological,
radiological, nuclear, and other emerging terrorist threats. GAO identified 6
performance expectations for DHS in the area of science and technology and found
that DHS generally achieved 1 of them and generally did not achieve 5 others. [1, p. 19]
Overall, the 2007 GAO report determined that DHS made more progress in its mission
areas than in its management areas, reflecting an understandable focus on
implementing efforts to secure the nation. Even so, GAO concluded that while DHS
made progress in developing plans and programs, it faced difficulties in implementing
them. [1, p. 2] GAO acknowledged that DHS had to undertake its missions while also
working to transform itself into a fully functioning cabinet department—a difficult task
for any organization. Still, GAO noted the importance for the Department to continue
to develop more measurable goals to guide implementation efforts and to enable
better accountability. GAO also urged DHS to continually reassess its mission and
management goals, measures, and milestones to evaluate progress made, identify past
and emerging obstacles, and examine alternatives to effectively address those
obstacles.
Part II: HS, DHS, & HS Enterprise
Table 12-9: 2007 GAO Assessment of Science and Technology [1, p. 20]
Table 12-10: Comparison of 2011 & 2007 GAO Mission Area Assessments
2010 GAO Mission Area Assessments 2007 GAO Mission Area Assessments
1. Aviation Security 4. Aviation Security
2. CBRN Threats
3. Critical Infrastructure Protection – Physical 8. Critical Infrastructure Protection
4. Surface Transportation Security 5. Surface Transportation Security
5. Border Security 1. Border Security
6. Maritime Security 6. Maritime Security
7. Immigration Enforcement 2. Immigration Enforcement
8. Immigration Services 3. Immigration Services
9. Critical Infrastructure Protection – Cyber Assets
10. Emergency Preparedness and Response 7. Emergency Preparedness & Response
9. Science and Technology
Overall, the 2007 GAO
report determined that
DHS made more
progress in its mission
areas than in its
management areas,
reflecting an
understandable focus on
implementing efforts to
secure the nation.
199
2011 GAO Assessment
Ten years after 9/11, GAO took another look at DHS’ progress. By 2011, DHS had
grown to become the third-largest Federal department, with more than 200,000
employees and an annual budget of more than $50 billion. [2, p. 2] In February 2010,
DHS issued its first Quadrennial Homeland Security Review (QHSR). The report
identified five homeland security missions—Preventing Terrorism and Enhancing
Security; Securing and Managing Our Borders; Enforcing and Administering Our
Immigration Laws; Safeguarding and Securing Cyberspace; and Ensuring Resilience to
Disasters—and goals and objectives to be achieved within each mission. The ensuing
Bottom-Up Review (BUR) made recommendations to align DHS’s programs and
organization with missions and goals identified in the QHSR. [2, pp. 4-5]
Since the 2007 GAO assessment, DHS continued to take action to strengthen its
operations and the management of the department, including enhancing its
performance measurement efforts. In 2011, GAO was again asked to review the
progress made by DHS in implementing its homeland security missions since its
creation. Accordingly, the 2011 assessment was based on past GAO reviews plus DHS
Inspector General reports, but with an emphasis on work completed since 2008. GAO
drew their 2011 mission areas from the 2010 QHSR. With the exception of Science and
Technology, the 2011 assessment addresses all the mission areas from the 2007
assessment, plus CBRN Threats and Cybersecurity. [2, pp. 6-7]
Chapter 12: DHS Progress
Table 12-10: Comparison of 2011 & 2007 GAO Mission Area Assessments
2010 GAO Mission Area Assessments 2007 GAO Mission Area Assessments
1. Aviation Security 4. Aviation Security
2. CBRN Threats
3. Critical Infrastructure Protection – Physical 8. Critical Infrastructure Protection
4. Surface Transportation Security 5. Surface Transportation Security
5. Border Security 1. Border Security
6. Maritime Security 6. Maritime Security
7. Immigration Enforcement 2. Immigration Enforcement
8. Immigration Services 3. Immigration Services
9. Critical Infrastructure Protection – Cyber Assets
10. Emergency Preparedness and Response 7. Emergency Preparedness & Response
9. Science and Technology
The 2011 assessment
was based on past GAO
reviews plus DHS
Inspector General
reports, but with an
emphasis on work
completed since 2008.
200
For the 2011 assessment, GAO began with the expectations identified in the August
2007 report, and updated or added to them by analyzing requirements and plans set
forth in homeland security-related laws, presidential directives and executive orders,
national strategies related to homeland security, and DHS’s and components’ strategic
plans and documents. The 2011 assessment further grouped the expectations into
“sub areas” to account for criteria that pertained to more than one mission area.
Otherwise, the analysis was conducted similar to the 2007 assessment, from April to
September 2011. Unlike the 2007 assessment, however, the 2011 assessment does not
assign a measure of progress, such as “substantial”, “moderate”, “modest”, or
“limited”. Instead, the 2011 assessment provides a narrative description of what
progress DHS made in implementing a given mission function since operations began,
together with a narrative description of what work, if any, remains. [2, pp. 7-9]
Consequently, it is difficult to compare progress between the 2007 and 2011
assessments. Perhaps a direct comparison between the two assessments would be
fruitless, given that DHS mission and performance have always been subject to change
by external influencing factors. Figure 1 identifies some of the significant influencing
factors affecting DHS in the first ten years following 9/11.
Part II: HS, DHS, & HS Enterprise
Figure 12-1: Selected Factors Influencing DHS Mission and Performance Ten Years Following 9/11 [2, p. 15]
The 2011 GAO
Assessment began with
the expectations
identified in the 2007
GAO Assessment.
Unlike the 2007 GAO
Assessment, however,
the 2011 GAO
Assessment does not
assign a measure of
progress.
201
Aviation Security. DHS developed and implemented Secure Flight, a program for
screening airline passengers against terrorist watchlist records. DHS also developed
new programs and technologies to screen passengers, checked baggage, and air cargo.
However, DHS does not yet have a plan for deploying checked baggage screening
technologies to meet recently enhanced explosive detection requirements, a
mechanism to verify the accuracy of data to help ensure that air cargo screening is
being conducted at reported levels, or approved technology to screen cargo once it is
loaded onto a pallet or container. [2, p. ii]
Key Progress: DHS has enhanced aviation security in key areas related to the aviation
security workforce, passenger prescreening, passenger checkpoint screening, checked
baggage security, air cargo screening, and security of airports. For example, DHS
developed and implemented Secure Flight, a passenger prescreening program through
which the federal government now screens all passengers on all domestic and
international commercial flights to, from, and within the United States. DHS also
deployed technology to screen passengers and checked baggage at airports. For
example, in response to the December 25, 2009, attempted attack on Northwest flight
253, DHS revised the advanced imaging technology procurement and deployment
strategy, increasing the planned deployment of advanced imaging technology from 878
to between 1,350 and 1,800 units. Further, DHS is screening passengers using staff
trained in behavior detection principles and has deployed about 3,000 Behavior
Detection Officers to 161 airports as part of its Screening of Passengers by Observation
Techniques program. Moreover, DHS reported, as of August 2010, that it had
established a system to screen 100 percent of domestic air cargo (cargo transported
within and outbound from the United States) transported on passenger aircraft by,
among other things, creating a voluntary program to facilitate screening throughout
the air cargo supply chain and taking steps to test technologies for screening air cargo.
[2, p. 19]
Remaining Work: DHS should take additional action to strengthen its aviation security
efforts. For example, a risk-based strategy and a cost/benefit analysis of airport
checkpoint technologies would improve passenger checkpoint screening. TSA’s
strategic plan to guide research, development, and deployment of passenger
checkpoint screening technologies was not risk-based and did not reflect some of the
key risk management principles, such as conducting a risk assessment based on the
three elements of risk— threat, vulnerability, and consequence—and including a cost-
benefit analysis and performance measures. Further, in March 2010, GAO reported
that it was unclear whether the advanced imaging technology would have detected the
weapon used in the December 25, 2009, attempted terrorist attack based on the
preliminary testing information received. DHS also had not validated the science
supporting its Screening of Passengers by Observation Techniques program, or
determined if behavior detection techniques could be successfully used across the
aviation system to detect threats before deploying the program. DHS completed a
Chapter 12: DHS Progress
202
program validation study in April 2011 which found that the program was more
effective than random screening, but that more work was needed to determine
whether the science could be used for counterterrorism purposes in the aviation
environment. Moreover, DHS does not yet have a plan and schedule for deploying
checked baggage screening technologies to meet recently enhanced explosive
detection requirements. In addition, DHS does not yet have a mechanism to verify the
accuracy of domestic and inbound air cargo screening data to help ensure that
screening is being conducted at reported levels, and DHS does not yet have approved
technology to screen cargo once it is loaded onto a pallet or container—both of which
are common means of transporting air cargo on passenger aircraft, thus requiring that
screening occur before incorporation into pallets and containers. [2, p. 19]
Part II: HS, DHS, & HS Enterprise
Table 12-11: 2011 GAO Expectations for Aviation Security [2, pp. 40-41]
203
CBRN Threats. DHS assessed risks posed by CBRN threats and deployed capabilities to
detect CBRN threats. However, DHS should work to improve its coordination of CBRN
risk assessments, and identify monitoring mechanisms for determining progress made
in implementing the global nuclear detection strategy. [2, p. iii]
Key Progress: DHS made progress in assessing risks posed by CBRN threats, developing
CBRN detection capabilities, and planning for nuclear detection. For example, DHS
develops risk assessments of CBRN threats and has issued seven classified CBRN risk
assessments since 2006.b DHS also assessed the threat posed by specific CBRN agents
in order to determine which of those agents pose a material threat to the United
States, known as material threat assessments. With regard to CBRN detection
capabilities, DHS implemented the BioWatch program in more than 30 metropolitan
areas to detect specific airborne biological threat agents. Further, DHS established the
National Biosurveillance Integration Center to enhance the federal government’s
capability to identify and track biological events of national concern. In addition, DHS
coordinated the development of a strategic plan for the global nuclear detection
architecture—a multidepartment effort to protect against terrorist attacks using
nuclear and radiological materials through coordinated activities—and has deployed
radiation detection equipment. [2, p. 20]
Remaining Work: More work remains for DHS to strengthen its CBRN assessment,
detection, and mitigation capabilities. For example, DHS should better coordinate with
the Department of Health and Human Services in conducting CBRN risk assessments by
developing written policies and procedures governing development of the
assessments. Moreover, the National Biosurveillance Integration Center lacks
resources necessary for operations, such as data and personnel from its partner
agencies. Additionally, work remains for DHS in its implementation of the global
nuclear detection architecture. Specifically, the strategic plan for the architecture did
not include some key components, such as funding needed to achieve the strategic
plan’s objectives, or monitoring mechanisms for determining programmatic progress
and identifying needed improvements. DHS officials told us that they will address these
missing elements in an implementation plan, which they plan to issue by the end of
2011. [2, p. 20]
Chapter 12: DHS Progress
Table 12-12: 2011 GAO Expectations for CBRN Threats [2, p. 41]
204
Critical Infrastructure Protection of Physical Assets.
Key Progress: DHS expanded its efforts to conduct risk assessments and planning,
provide for protection and resiliency, and implement partnerships and coordination
mechanisms for physical critical assets. For example, DHS updated the National
Infrastructure Protection Plan to include an emphasis on resiliency (the capacity to
resist, absorb, or successfully adapt, respond to, or recover from disasters), and an
enhanced discussion about DHS risk management. Moreover, DHS components with
responsibility for critical infrastructure sectors, such as transportation security, have
begun to use risk based assessments in their critical infrastructure related planning and
protection efforts. Further, DHS has various voluntary programs in place to conduct
vulnerability assessments and security surveys at and across facilities from the 18
critical infrastructure sectors, and uses these assessments to develop and disseminate
information on steps asset owners and operators can take to protect their facilities. In
addition, DHS coordinated with critical infrastructure stakeholders, including other
federal regulatory authorities to identify overlaps and gaps in critical infrastructure
security activities. [2, p. 20]
Remaining Work: Additional actions are needed for DHS to strengthen its critical
infrastructure protection programs and efforts. For example, DHS has not fully
implemented an approach to measure its effectiveness in working with critical asset
owners and operators in their efforts to take actions to mitigate resiliency gaps
identified during various vulnerability assessments. Moreover, DHS components have
faced difficulties in incorporating risk-based assessments in critical infrastructure
planning and protection efforts, such as in planning for security in surface
transportation modes like highway infrastructure. Further, DHS should determine the
feasibility of developing an approach to disseminating information on resiliency
practices to its critical infrastructure partners to better position itself to help asset
owners and operators consider and adopt resiliency strategies, and provide them with
information on potential security investments. [2, p. 21]
Part II: HS, DHS, & HS Enterprise
Table 12-13: 2011 GAO Expectations for CIP of Physical Assets [2, p. 41]
205
Surface Transportation Security.
Key Progress: DHS expanded its efforts in key surface transportation security areas,
such as risk assessments and strategic planning; the surface transportation inspector
workforce; and information sharing. For example, DHS conducted risk assessments of
surface transportation modes and developed a transportation sector security risk
assessment that assessed risk within and across the various modes. Further, DHS more
than doubled its surface transportation inspector workforce and, as of July 2011,
reported that its surface inspectors had conducted over 1,300 site visits to mass transit
and passenger rail stations to complete station profiles, among other things.
Moreover, DHS allocates transit grant funding based on risk assessments and has taken
steps to measure performance of its Transit Security Grant Program, which provides
funds to owners and operators of mass transit and passenger rail systems. In addition,
DHS expanded its sharing of surface transportation security information by, among
other things, establishing information networks. [2, p. 21]
Remaining Work: DHS should take further action to strengthen its surface
transportation security programs and operations. For example, DHS’s efforts to
improve elements of risk assessments of surface transportation modes are in the early
stages of implementation. Moreover, DHS noted limitations in its transportation sector
security risk assessment—such as the exclusion of threats from lone wolf operators—
that could limit its usefulness in guiding investment decisions across the transportation
sector as a whole. Further, DHS has not yet completed a long-term workforce plan that
identifies future needs for its surface transportation inspector workforce. It also has
not yet issued regulations for a training program for mass transit, rail, and bus
employees, as required by the Implementing Recommendations of the 9/11
Commission Act of 2007. Additionally, DHS’s information sharing efforts would benefit
from improved streamlining, coordination, and assessment of the effectiveness of
information sharing mechanisms. [2, p. 21]
Chapter 12: DHS Progress
Table 12-14: 2011 GAO Expectations for Surface Transportation Security [2, pp. 41-42]
206
Border Security. DHS implemented the U.S. Visitor and Immigrant Status Indicator
Technology program to verify the identities of foreign visitors entering and exiting the
country by processing biometric and biographic information. However, DHS has not yet
determined how to implement a biometric exit capability and has taken action to
address a small portion of the estimated overstay population in the United States
(individuals who legally entered the country but then overstayed their authorized
periods of admission). DHS also deployed infrastructure to secure the border between
ports of entry, including more than 600 miles of fencing. However, DHS experienced
schedule delays and performance problems with the Secure Border Initiative Network,
which led to the cancellation of this information technology program. [2, p. ii]
Key Progress: DHS expanded its efforts in key border security areas, such as inspection
of travelers and cargo at ports of entry, security of the border between ports of entry,
visa adjudication security, and collaboration with stakeholders. Specifically, DHS has
undertaken efforts to keep terrorists and other dangerous people from entering the
country. For example, DHS implemented the US-VISIT program to verify the identities
of foreign visitors entering and exiting the United States by storing and processing
biometric and biographic information. DHS established plans for, and had begun to
interact with and involve stakeholders in, developing an exit capability. DHS deployed
technologies and other infrastructure to secure the border between ports of entry,
including more than 600 miles of tactical infrastructure, such as fencing, along the
border. DHS also improved programs designed to enhance the security of documents
used to enter the United States. For example, DHS deployed the Visa Security Program,
in which DHS personnel review visa applications to help prevent individuals who pose a
threat from entering the United States, to 19 posts in 15 countries, and developed a 5-
year expansion plan for the program. In addition, DHS improved collaboration with
federal, state, local, tribal, and international partners on northern border security
efforts through, among other things, the establishment of interagency forums. [2, p.
22]
Part II: HS, DHS, & HS Enterprise
207
Remaining Work: More work remains for DHS to strengthen its border security
programs and operations. For example, although it has developed a plan, DHS has not
yet adopted an integrated approach to scheduling, executing, and tracking the work
needed to deliver a comprehensive biometric exit solution as part of the US-VISIT
program. Further, DHS experienced schedule delays and performance problems with
its information technology program for securing the border between ports of entry—
the Secure Border Initiative Network—which led to its cancellation. Because of the
program’s decreased scope, uncertain timing, unclear costs, and limited life cycle
management, it was unclear whether DHS’s pursuit of the program was cost-effective.
DHS is transitioning to a new approach for border technology, which GAO is assessing.
With regard to the Visa Security Program, DHS did not fully follow or update its 5-year
expansion plan. For instance, it did not establish 9 posts identified for expansion in
2009 and 2010, and had not taken steps to address visa risk at posts that did not have
a Visa Security Program presence. Additionally, DHS should strengthen its oversight of
interagency forums operating along the northern border. [2, p. 22]
Chapter 12: DHS Progress
Table 12-15: 2011 GAO Expectations for Border Security [2, p. 42]
208
Maritime Security.
Key Progress: DHS expanded its efforts in key maritime security areas, such as port
facility and vessel security, maritime security domain awareness and information
sharing, and international supply chain security. For example, DHS strengthened risk
management through the development of a risk assessment model, and addressed
risks to port facilities through annual inspections in which DHS identified and corrected
deficiencies, such as facilities failing to follow security plans for access control. Further,
DHS took action to address risks posed by foreign seafarers entering U.S. seaports by,
for example, conducting advance screening before the arrival of vessels at U.S. ports,
inspections, and enforcement operations. DHS developed the Transportation Worker
Identification Credential program to manage the access of unescorted maritime
workers to secure areas of regulated maritime facilities. DHS also implemented
measures to help secure passenger vessels including cruise ships, ferries, and energy
commodity vessels such as tankers, including assessing risks to these types of vessels.
Moreover, for tracking vessels at sea, the Coast Guard uses a long-range identification
and tracking system, and a commercially provided long-range automatic identification
system. For tracking vessels in U.S. coastal areas, inland waterways, and ports, the
Coast Guard operates a land-based automatic identification system, and also either
operates, or has access to, radar and cameras in some ports. DHS also developed a
layered security strategy for cargo container security, including deploying screening
technologies and partnering with foreign governments. [2, p. 23]
Remaining Work: DHS should take additional action to strengthen its maritime security
efforts. For example, because of a lack of technology capability, DHS does not
electronically verify identity and immigration status of foreign seafarers, as part of its
onboard admissibility inspections of cargo vessels, thus limiting the assurance that
fraud could be identified among documents presented by them. In addition, the
Transportation Worker Identification Credential program’s controls were not designed
to provide reasonable assurance that only qualified applicants acquire credentials. For
example, during covert tests of the Transportation Worker Identification Credential at
several selected ports, their investigators were successful in accessing ports using
counterfeit credentials and authentic credentials acquired through fraudulent means.
Moreover, DHS has not assessed the costs and benefits of requiring cruise lines to
provide passenger reservation data for screening, which could help improve
identification and targeting of potential terrorists. Further, the vessel tracking systems
used in U.S. coastal areas, inland waterways, and ports had more difficulty tracking
Part II: HS, DHS, & HS Enterprise
209
smaller and noncommercial vessels because these vessels were not generally required
to carry automatic identification system equipment, and because of the technical
limitations of radar and cameras. In addition, DHS has made limited progress in
scanning containers at the initial ports participating in the Secure Freight Initiative, a
program at selected ports with the intent of scanning 100 percent of U.S.-bound
container cargo for nuclear and radiological materials overseas, leaving the feasibility
of 100 percent scanning largely unproven. CBP has not yet developed a plan for full
implementation of a statutory requirement that 100 percent of U.S.-bound container
cargo be scanned by 2012. [2, p. 23]
Chapter 12: DHS Progress
Table 12-16: 2011 GAO Expectations for Maritime Security [2, pp. 42-43]
210
Immigration Enforcement.
Key Progress. DHS expanded its immigration and customs enforcement programs and
activities in key areas such as overstay enforcement, compliance with workplace
immigration laws, alien smuggling, and firearms trafficking. For example, DHS
increased its resources for investigating overstays (unauthorized immigrants who
entered the United States legally on a temporary basis then overstayed their
authorized periods of admission) and alien smuggling operations, and deployed border
enforcement task forces to investigate illicit smuggling of people and goods, including
firearms. In addition, DHS took action to improve the E-Verify program, which provides
employers a voluntary tool for verifying an employee’s authorization to work in the
United States, by, for example, increasing the program’s accuracy by expanding the
number of databases it can query. Further, DHS expanded its programs and activities
to identify and remove criminal aliens in federal, state, and local custody who are
eligible for removal from the United States by, for example, entering into agreements
with state and local law enforcement agencies to train officers to assist in identifying
those individuals who are in the United States illegally. [2, p. 24]
Remaining Work: Key weaknesses remain in DHS’s immigration and customs
enforcement efforts. For example, DHS took action to address a small portion of the
estimated overstay population in the United States, and lacks measures for assessing
its progress in addressing overstays. In particular, DHS field offices had closed about
34,700 overstay investigations assigned to them from fiscal year 2004 through 2010, as
of October 2010; these cases resulted in approximately 8,100 arrests, relative to a total
estimated overstay population of 4 million to 5.5 million. Additionally, GAO reported
that since fiscal year 2006, U.S. Immigration and Customs Enforcement within DHS
allocated about 3 percent of its investigative work hours to overstay investigations.
Moreover, DHS should better leverage opportunities to strengthen its alien smuggling
enforcement efforts by assessing the possible use of various investigative techniques,
such as those that follow cash transactions flowing through money transmitters that
serve as the primary method of payment to those individuals responsible for smuggling
aliens. Further, weaknesses with the E-Verify program, including challenges in
accurately estimating E-Verify costs, put DHS at an increased risk of not making
informed investment decisions. [2, p. 24]
Part II: HS, DHS, & HS Enterprise
211
Chapter 12: DHS Progress
Table 12-17: 2011 GAO Expectations for Immigration Enforcement [2, pp. 43-44]
212
Immigration Services.
Key Progress: DHS improved the quality and efficiency of the immigration benefit
administration process, and expanded its efforts to detect and deter immigration
fraud. For example, DHS initiated efforts to modernize its immigration benefit
administration infrastructure; improve the efficiency and timeliness of its application
intake process; and ensure quality in its benefit adjudication processes. Further, DHS
designed training programs and quality reviews to help ensure the integrity of asylum
adjudications. Moreover, in 2004 DHS established the Office of Fraud Detection and
National Security, now a directorate, to lead immigration fraud detection and
deterrence efforts, and this directorate has since developed and implemented
strategies for this purpose. [2, p. 24]
Remaining Work: More work remains in DHS’s efforts to improve its administration of
immigration benefits. For example, DHS’s program for transforming its immigration
benefit processing infrastructure and business practices from paper-based to digital
systems missed its planned milestones by more than 2 years, and has been hampered
by management challenges, such as insufficient planning and not adhering to DHS
acquisition guidance before selecting a contractor to assist with implementation of the
transformation program. Additionally, while the Fraud Detection and National Security
Directorate put in place strategies for detecting and deterring immigration fraud, DHS
should take additional action to address vulnerabilities identified in its assessments
intended to determine the extent and nature of fraud in certain applications. Further,
despite mechanisms DHS had designed to help asylum officers assess the authenticity
of asylum claims, such as identity and security checks and fraud prevention teams,
asylum officers surveyed cited challenges in identifying fraud as a key factor affecting
their adjudications. For example, 73 percent of asylum officer survey respondents
reported it was moderately or very difficult to identify document fraud. [2, p. 25]
Part II: HS, DHS, & HS Enterprise
213
Chapter 12: DHS Progress
Table 12-18: 2011 GAO Expectations for Immigration Services [2, p. 44]
214
Critical Infrastructure Protection of Cyber Assets.
Key Progress: DHS expanded its efforts to conduct cybersecurity risk assessments and
planning, provide for the protection and resilience of cyber assets, and implement
cybersecurity partnerships and coordination mechanisms. For example, DHS developed
the first National Cyber Incident Response Plan in September 2010 to coordinate the
response of multiple federal agencies, state and local governments, and hundreds of
private firms, to incidents at all levels. DHS also took steps to secure external network
connections in use by the federal government by establishing the National
Cybersecurity Protection System, operationally known as Einstein, to analyze computer
network traffic information to and from agencies. In 2008, DHS developed Einstein 2,
which incorporated network intrusion detection technology into the capabilities of the
initial version of the system. Additionally, the department made progress in enhancing
its cyber analysis and incident warning capabilities through the establishment of the
U.S. Computer Emergency Readiness Team, which, among other things, coordinates
the nation’s efforts to prepare for, prevent, and respond to cyber threats to systems
and communications networks. Moreover, since conducting a major cyber attack
exercise, called Cyber Storm, DHS demonstrated progress in addressing lessons it had
learned from this exercise to strengthen public and private incident response
capabilities. [2, p. 25]
Remaining Work: Key challenges remain in DHS’s cybersecurity efforts. For example, to
expand its protection and resiliency efforts, DHS needs to lead a concerted effort to
consolidate and better secure Internet connections at federal agencies. Further, DHS
faced challenges regarding deploying Einstein 2, including understanding the extent to
which its objective was being met because the department lacked performance
measures that addressed whether agencies report whether the alerts represent actual
incidents. DHS also faces challenges in fully establishing a comprehensive national
cyber analysis and warning capability. For example, the U.S. Computer Emergency
Readiness Team did not fully address 15 key attributes of cyber analysis and warning
capabilities. These attributes are related to (1) monitoring network activity to detect
anomalies, (2) analyzing information and investigating anomalies to determine
whether they are threats, (3) warning appropriate officials with timely and actionable
threat and mitigation information, and (4) responding to the threat. For instance, the
U.S. Computer Emergency Readiness Team provided warnings by developing and
distributing a wide array of notifications; however, these notifications were not
consistently actionable or timely. Additionally, expectations of private sector
stakeholders are not being met by their federal partners in areas related to sharing
information about cyber-based threats to critical infrastructure. [2, p. 26]
Part II: HS, DHS, & HS Enterprise
215
Chapter 12: DHS Progress
Table 12-19: 2011 GAO Expectations for CIP of Cyber Assets [2, p. 44]
216
Emergency Preparedness and Response. DHS issued the National Preparedness
Guidelines that describe a national framework for capabilities- based preparedness,
and a Target Capabilities List to provide a national-level generic model of capabilities
defining all-hazards preparedness. DHS is also finalizing a National Disaster Recovery
Framework, and awards preparedness grants based on a reasonable risk methodology.
However, DHS needs to strengthen its efforts to assess capabilities for all-hazards
preparedness, and develop a long-term recovery structure to better align timing and
involvement with state and local governments’ capacity. DHS should also improve the
efficacy of the grant application process by mitigating duplication or redundancy within
the various preparedness grant programs. [2, pp. ii-iii]
Key Progress: DHS expanded its efforts to improve national emergency preparedness
and response planning; improved its emergency assistance services; and enhanced
emergency communications. For example, DHS developed various plans for disaster
preparedness and response. In particular, in 2004 DHS issued the National Response
Plan and subsequently made revisions to it, culminating in the issuance of the National
Response Framework in January 2008, which outlines the guiding principles and major
roles and responsibilities of government, nongovernmental organizations, and private
sector entities for response to disasters of all sizes and causes. Further, DHS issued the
National Preparedness Guidelines that describe a national framework for capabilities-
based preparedness, and a Target Capabilities List, designed to provide a national-level
generic model of capabilities defining all-hazards preparedness. DHS also assisted local
communities with developing long-term disaster recovery plans as part of its post-
disaster assistance. For example, DHS assisted Iowa City’s recovery from major floods
in 2008 by, among other things, identifying possible federal funding sources for specific
projects in the city’s recovery plan, and advising the city on how to prepare effective
project proposals. DHS is also finalizing a National Disaster Recovery Framework,
intended to provide a model to identify and address challenges that arise during the
disaster recovery process. Moreover, DHS issued the National Emergency
Communications Plan—the first strategic document for improving emergency
communications nationwide. [2, p. 26]
Remaining Work: More work remains in DHS’s efforts to assess capabilities for all-
hazards preparedness and provide long-term disaster recovery assistance. For
example, DHS has not yet developed national preparedness capability requirements
based on established metrics to provide a framework for assessing preparedness.
Further, the data DHS collected to measure national preparedness were limited by
reliability and measurement issues related to the lack of standardization. Until a
framework for assessing preparedness is in place, DHS will not have a basis on which to
operationalize and implement its conceptual approach for assessing local, state, and
federal preparedness capabilities against capability requirements and identify
capability gaps for prioritizing investments in national preparedness. Moreover, with
regard to long-term disaster recovery assistance, DHS’s criteria for when to provide the
Part II: HS, DHS, & HS Enterprise
217
assistance were vague, and, in some cases, DHS provided assistance before state and
local governments had the capacity to work effectively with DHS. Additionally, DHS
should improve the efficacy of the grant application and review process by mitigating
duplication or redundancy within the various preparedness grant programs. Until DHS
evaluates grant applications across grant programs, DHS cannot ascertain whether or
to what extent multiple funding requests are being submitted for similar purposes. [2,
p. 27]
Chapter 12: DHS Progress
Table 12-20: 2011 GAO Expectations for Emergency Preparedness and Response [2, pp. 45-46]
218
Overall, the 2011 GAO assessment found that since it began operations in 2003, DHS
has implemented key homeland security operations and achieved important goals and
milestones in many areas to create and strengthen a foundation to reach its potential.
As it continues to mature, however, more work remains for DHS to address gaps and
weaknesses in its current operational and implementation efforts, and to strengthen
the efficiency and effectiveness of those efforts to achieve its full potential. DHS’s
accomplishments include developing strategic and operational plans; deploying
workforces; and establishing new, or expanding existing, offices and programs. Such
accomplishments are noteworthy given that DHS has had to work to transform itself
into a fully functioning department while implementing its missions—a difficult
undertaking that can take years to achieve. While DHS has made progress, its
transformation remains high risk due to its management challenges. [2, p. ii]
2015 GAO Assessment
By 2015, DHS had grown to 240,000 employees and approximately $60 billion in
budget authority. [3, p. 1] In 2003, GAO designated implementing and transforming
DHS as high risk because DHS had to transform 22 agencies into one department, and
failure to address associated risks could have serious consequences for U.S. national
and economic security. As a result, in its 2013 high-risk update, GAO narrowed the
scope of the high-risk area to focus on strengthening and integrating DHS management
functions (human capital, acquisition, financial, and information technology). At the
request of Congress, in February 2015 GAO took another look at DHS’s progress and
actions remaining in strengthening and integrating its management functions. [3, p. ii]
Key to addressing the department’s management challenges is DHS demonstrating the
ability to achieve sustained progress across 30 actions and outcomes that GAO
identified and DHS agreed were needed to address the high-risk area. GAO found in its
2015 high-risk update report that DHS fully addressed 9 of these actions and
outcomes, while work remains to fully address the remaining 21. Of the 9 actions and
outcomes that DHS has addressed, 5 have been sustained as fully implemented for at
least 2 years. For example, DHS fully met 1 outcome for the first time by obtaining a
clean opinion on its financial statements for 2 consecutive years. DHS has also mostly
addressed an additional 5 actions and outcomes, meaning that a small amount of work
remains to fully address them. However, DHS has partially addressed 12 and initiated 4
of the remaining actions and outcomes. For example, DHS does not have modernized
financial management systems, a fact that affects its ability to have ready access to
reliable information for informed decision making. Addressing some of these actions
and outcomes, such as modernizing the department’s financial management systems
Part II: HS, DHS, & HS Enterprise
Overall, the 2011 GAO
Assessment found that
since it began
operations in 2003, DHS
has implemented key
homeland security
operations and achieved
important goals and
milestones in many
areas to create and
strengthen a foundation
to reach its potential.
219
and improving employee morale, are significant undertakings that will likely require
multiyear efforts. In GAO’s 2015 high-risk update report, GAO concluded that in the
coming years, DHS needs to continue to show measurable, sustainable progress in
implementing its key management initiatives and achieving the remaining 21 actions
and outcomes. [3, p. ii]
While challenges remain for DHS across its range of missions, it has made considerable
progress. DHS efforts to strengthen and integrate its management functions have
resulted in the Department meeting two and partially meeting three of GAO’s criteria
for removal from the high-risk list. [3, p. ii]
Chapter 12: DHS Progress
Table 12-21: 2015 GAO Assessment of DHS Management Functions [3, p. ii]
220
Conclusion
Since DHS’ activation in March 2003, the General Accountability Office, the “watch
dog” arm of U.S. government, has made approximately 2,200 recommendations to
DHS to strengthen program management, performance measurement efforts, and
management processes, among other things. DHS has implemented more than 69
percent of these recommendations and has actions under way to address others. [3, p.
1] As generally acknowledged, DHS remains a “work in progress”. The key question,
“are we safer” is undoubtedly a resounding “yes”. Unfortunately, the nature of the
threat makes it impossible to ever be completely safe, leading to the ultimate question
about homeland security: “how safe at what cost?” The answer at present is
unknown, and likely will never be answered conclusively.
Part II: HS, DHS, & HS Enterprise
221
Chapter 12: DHS Progress
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. What was the focus of the 2007 GAO Assessment?
2. According to the 2007 GAO Assessment, which DHS mission demonstrated the most progress?
3. According to the 2007 GAO Assessment, which DHS mission demonstrated the least progress?
4. Given the broad changes in organization and mission between 2003and 2007, do you think the GAO Assessment
was accurate? Explain your answer.
5. How did the 2011 GAO Assessment differ from the 2007 GAO Assessment?
6. How did the highest performing mission in the 2007 GAO Assessment compare in the 2011 GAO Assessment?
7. How did the lowest performing mission in the 2007 GAO Assessment compare in the 2011 GAO Assessment?
8. Given the less expansive changes in organization and mission between 2007 and 2011, do you think the GAO
Assessment was accurate? Explain your answer.
9. Do you think a member of Congress, trying to assess the return on taxpayer investment, would find the GAO
assessments useful? Explain your answer.
10. Do you think yourself that the GAO assessments answer the question, “are we safer?”
222
Part II: HS, DHS, & HS Enterprise
223
HS Enterprise
Careful study of this chapter will help a student do the following:
Explain the purpose of the homeland security enterprise.
Describe the role of DHS with respect to the homeland security enterprise.
Identify the roles and responsibilities of different members of the homeland security enterprise.
Chapter 13
Learning Outcomes
Chapter 13: HS Enterprise
224
“This Nation can protect itself. But we must all play a role—and in the commitment of
each, we will secure the homeland for all.”
– 2010 Quadrennial Homeland Security Review
Introduction
9/11 marked a watershed in national security. 9/11 demonstrated the ability of small
groups to wreak destructive power on a scale once only wielded by the military might
of nations. Whereas national security was focused on protecting United States
sovereignty among the community of nations, homeland security became necessary to
protect United States citizens from the catastrophic designs of non-state actors, both
foreign and domestic. This required an unprecedented level of cooperation between
Federal, State, and Local law enforcement and the national security apparatus. With
the addition of natural disasters to the list of catastrophic agents following Hurricane
Katrina, it also required an unprecedented level of integration with the emergency
response community. In order to safeguard the nation from domestic catastrophic
incidents, the Department of Homeland Security must work together in close
coordination with other Federal, State, and Local public and private agencies
comprising the Homeland Security Enterprise.
Homeland Security Enterprise
The Department of Homeland Security is one among many components of the
Homeland Security Enterprise. In some areas, like securing borders or managing the
immigration system, the Department possesses unique capabilities and, hence,
responsibilities. In other areas, such as critical infrastructure protection or emergency
management, the Department’s role is largely one of leadership and stewardship on
behalf of those who have the capabilities to get the job done. In still other areas, such
as counterterrorism, defense, and diplomacy, other Federal departments and agencies
have critical roles and responsibilities, including the Departments of Justice, Defense,
and State, the Federal Bureau of Investigation, and the National Counterterrorism
Center. Homeland security can only be optimized when the distributed and
decentralized nature of the enterprise is oriented in pursuit of common goals. [1, p. iii]
The term “enterprise” refers to the collective efforts and shared responsibilities of
Federal, State, Local, Tribal, Territorial, nongovernmental, and private-sector
partners—as well as individuals, families, and communities—to maintain critical
homeland security capabilities. It connotes a broad-based community with a common
interest in the public safety and well-being of America and American society and is
Part II: HS, DHS, & HS Enterprise
Whereas national
security was focused on
protecting United States
sovereignty among the
community of nations,
homeland security
became necessary to
protect United States
citizens from the
catastrophic designs of
non-state actors, both
foreign and domestic.
225
composed of multiple partners and stakeholders whose roles and responsibilities are
distributed and shared. Yet it is important to remember that these partners and
stakeholders face diverse risks, needs, and priorities. The challenge for the enterprise,
then, is to balance these diverse needs and priorities, while focusing on shared
interests and responsibilities to collectively secure the homeland. [1, p. 12]
With the establishment of homeland security, and the linking of domestic security
concerns to broader national security interests and institutions, there is a temptation
to view homeland security so broadly as to encompass all national security and
domestic policy activities. This is not the case. Homeland security is deeply rooted in
the security and resilience of the nation, and facilitating lawful interchange with the
world. As such, it intersects with many other functions of government. Homeland
security is built upon critical law enforcement functions, but is not about preventing all
crimes or administering our Nation’s judicial system. It is deeply embedded in trade
activities, but is neither trade nor economic policy. It requires international
engagement, but is not responsible for foreign affairs. Rather, homeland security is
meant to connote a concerted, shared effort to ensure a homeland that is safe, secure,
and resilient against terrorism and other hazards where American interests,
aspirations, and way of life can thrive. [1, p. 13]
Homeland security spans the authorities and responsibilities of Federal departments
and agencies, State, Local, Tribal and Territorial governments, the private sector, as
well as private citizens and communities. For this reason, coordination and cooperation
are essential to successfully carrying out and accomplishing the homeland security
missions. Documents such as the National Infrastructure Protection Plan (NIPP) and
National Response Framework (NRF), as well as documents produced by the National
Counterterrorism Center, spell out roles and responsibilities for various aspects of
homeland security. The following discussion highlights key current roles and
responsibilities of the many actors across the Homeland Security Enterprise. They are
derived largely from statutes, Presidential directives, and other authorities, as well as
from the NIPP and NRF. [1, pp. A-1]
President of the United States
The President of the United States is the Commander in Chief and the leader of the
Executive Branch of the Federal Government. The President, through the National
Security Council and the National Security Staff, provides overall homeland security
policy direction and coordination. [1, pp. A-1]
Chapter 13: HS Enterprise
Homeland security
spans the authorities
and responsibilities of
Federal departments
and agencies, State,
Local, Tribal and
Territorial governments,
the private sector, as
well as private citizens
and communities. For
this reason,
coordination and
cooperation are
essential to successfully
carrying out and
accomplishing the
homeland security
missions.
226
Secretary of Homeland Security
The Secretary of Homeland Security leads the Federal agency as defined by statute
charged with homeland security: preventing terrorism and managing risks to critical
infrastructure; securing and managing the border; enforcing and administering
immigration laws; safeguarding and securing cyberspace; and ensuring resilience to
disasters. [1, pp. A-1]
United States Attorney General
The Attorney General has lead responsibility for criminal investigations of terrorist acts
or terrorist threats by individuals or groups inside the United States, or directed at
United States citizens or institutions abroad, as well as for related intelligence
collection activities within the United States. Following a terrorist threat or an actual
incident that falls within the criminal jurisdiction of the United States, the Attorney
General identifies the perpetrators and brings them to justice. The Attorney General
leads the Department of Justice, which also includes the Federal Bureau of
Investigation, Drug Enforcement Administration, and Bureau of Alcohol, Tobacco,
Firearms, and Explosives, each of which has key homeland security responsibilities. [1,
pp. A-1]
Secretary of State
The Secretary of State has the responsibility to coordinate activities with foreign
governments and international organizations related to the prevention, preparation,
response, and recovery from a domestic incident, and for the protection of U.S.
citizens and U.S. interests overseas. The Department of State also adjudicates and
screens visa applications abroad. [1, pp. A-1]
Secretary of Defense
The Secretary of Defense leads the Department of Defense, whose military services,
defense agencies, and geographic and functional commands defend the United States
from direct attack, deter potential adversaries, foster regional stability, secure and
assure access to sea, air, space, and cyberspace, and build the security capacity of key
partners. DOD also provides a wide range of support to civil authorities at the direction
of the Secretary of Defense or the President when the capabilities of State and Local
authorities to respond effectively to an event are overwhelmed. [1, pp. A-2]
Part II: HS, DHS, & HS Enterprise
227
Secretary of Health and Human Services
The Secretary of Health and Human Services leads the coordination of all functions
relevant to Public Health Emergency Preparedness and Disaster Medical Response.
Additionally, the Department of Health and Human Services (HHS) incorporates steady-
state and incident-specific activities as described in the National Health Security
Strategy. HHS is the coordinator and primary agency for Emergency Support Function
(ESF) #8 – Public Health and Medical Services, providing the mechanism for
coordinated Federal assistance to supplement State, local, tribal, and territorial
resources in response to a public health and medical disaster, potential or actual
incident requiring a coordinated Federal response, and/or during a developing
potential health and medical emergency. HHS is also the Sector-Specific Agency for the
Healthcare and Public Health Sector. [1, pp. A-2]
Secretary of the Treasury
The Secretary of the Treasury works to safeguard the U.S. financial system, combat
financial crimes, and cut off financial support to terrorists, WMD proliferators, drug
traffickers, and other national security threats. [1, pp. A-2]
Secretary of Agriculture
The Secretary of Agriculture provides leadership on food, agriculture, natural
resources, rural development, and related issues based on sound public policy, the
best available science, and efficient management. The Department of Agriculture
(USDA) is the Sector-Specific Agency for the Food and Agriculture Sector, a
responsibility shared with the Food and Drug Administration with respect to food
safety and defense. In addition, USDA is the coordinator and primary agency for two
Emergency Support Functions: ESF #4 – Firefighting and ESF #11 – Agriculture and
Natural Resources. USDA, together with the Department of the Interior, also operates
the National Interagency Fire Center. [1, pp. A-2]
Director of National Intelligence
The Director of National Intelligence serves as the head of the Intelligence Community
(IC), acts as the principal advisor to the President and National Security Council for
intelligence matters relating to national security, and oversees and directs
implementation of the National Intelligence Program. The IC, composed of 16
elements across the U.S. Government, functions consistent with law, Executive order,
regulations, and policy to support the national security-related missions of the U.S.
Government. It provides a range of analytic products that assess threats to the
homeland and inform planning, capability development, and operational activities of
homeland security enterprise partners and stakeholders. In addition to IC elements
with specific homeland security missions, the Office of the Director of National
Intelligence maintains a number of mission and support centers that provide unique
Chapter 13: HS Enterprise
228
Part II: HS, DHS, & HS
capabilities for homeland security partners, including the National Counterterrorism
Center (NCTC), National Counterproliferation Center, and National Counterintelligence
Executive. NCTC serves as the primary U.S. government organization for analyzing and
integrating all intelligence pertaining to terrorism and counterterrorism, and conducts
strategic operational planning for integrated counterterrorism activities. [1, pp. A-3]
Secretary of Commerce
The Secretary of Commerce, supportive of national economic security interests and
responsive to Public Law and Executive direction, is responsible for promulgating
Federal information technology and cybersecurity standards; regulating export of
security technologies; representing U.S. industry on international trade policy and
commercial data flow matters; security and privacy policies that apply to the Internet’s
domain name system; protecting intellectual property; conducting cybersecurity
research and development; and assuring timely availability of industrial products,
materials, and services to meet homeland security requirements. [1, pp. A-3]
Secretary of Education
The Secretary of Education oversees discretionary grants and technical assistance to
help schools plan for and respond to emergencies that disrupt teaching and learning.
The Department of Education is a supporting Federal agency in the response and
management of emergencies under the National Response Framework. [1, pp. A-3]
Secretary of Energy
The Secretary of Energy maintains stewardship of vital national security capabilities,
from nuclear weapons to leading edge research and development programs. The
Department of Energy (DOE) is the designated Federal agency to provide a unifying
structure for the integration of Federal critical infrastructure and key resources
protection efforts specifically for the Energy Sector. It is also responsible for
maintaining continuous and reliable energy supplies for the United States through
preventive measures and restoration and recovery actions. DOE is the coordinator and
primary agency for ESF #12 – Energy when incidents require a coordinated Federal
response to facilitate the restoration of damaged energy systems and components. [1,
pp. A-3]
Environmental Protection Agency
The Administrator of the Environmental Protection Agency (EPA) leads the EPA, which
is charged with protecting human health and the environment. For certain incidents,
EPA is the coordinator and primary agency for ESF #10 – Oil and Hazardous Materials
Response, in response to an actual or potential discharge and/or uncontrolled release
of oil or hazardous materials. EPA is the Sector-Specific Agency for securing the Water
Sector. [1, pp. A-4]
229
Secretary of Housing and Urban Development
The Secretary of Housing and Urban Development is the coordinator and primary
agency for ESF #14 – Long-Term Community Recovery, which provides a mechanism
for coordinating Federal support to State, tribal, regional, and local governments,
nongovernmental organizations (NGOs), and the private sector to enable community
recovery from the long-term consequences of extraordinary disasters.
Secretary of the Interior
The Secretary of the Interior develops policies and procedures for all types of hazards
and emergencies that impact Federal lands, facilities, infrastructure, and resources;
tribal lands; and insular areas. The Department of the Interior (DOI) is also a primary
agency for ESF #9 – Search and Rescue, providing specialized lifesaving assistance to
State, tribal, and local authorities when activated for incidents or potential incidents
requiring a coordinated Federal response. DOI, together with the Department of
Agriculture, also operates the National Interagency Fire Center. [1, pp. A-4]
Secretary of Transportation
The Secretary of Transportation collaborates with DHS on all matters relating to
transportation security and transportation infrastructure protection and in regulating
the transportation of hazardous materials by all modes (including pipelines). The
Secretary of Transportation is responsible for operating the national airspace system.
[1, pp. A-4]
Other Federal Agencies
Other Federal Agencies are also part of the homeland security enterprise and
contribute to the homeland security mission in a variety of ways. This includes
agencies with responsibilities for regulating elements of the Nation’s critical
infrastructure to assure public health, safety, and the common defense, developing
and implementing pertinent public policy, supporting efforts to assure a resilient
homeland, and collaborating with those departments and agencies noted above in
their efforts to secure the homeland. [1, pp. A-4]
Critical Infrastructure Owners and Operators
Critical Infrastructure and Key Resource (CIKR) Owners and Operators develop
protective programs and measures to ensure that systems and assets, whether
physical or virtual, are secure from and resilient to cascading, disruptive impacts.
Protection includes actions to mitigate the overall risk to CIKR assets, systems,
networks, functions, or their interconnecting links, including actions to deter the
threat, mitigate vulnerabilities, or minimize the consequences associated with a
Chapter 13: HS Enterprise
230
terrorist attack or other incident. CIKR owners and operators also prepare business
continuity plans and ensure their own ability to sustain essential services and
functions. [1, pp. A-5]
Major and Multinational Corporations
Major and Multinational Corporations operate in all sectors of trade and commerce
that foster the American way of life and support the operation, security, and resilience
of global movement systems. They take action to support risk management planning
and investments in security as a necessary component of prudent business planning
and operations. They contribute to developing the ideas, science, and technology that
underlie innovation in homeland security. During times of disaster, they provide
response resources (donated or compensated)—including specialized teams, essential
service providers, equipment, and advanced technologies—through public-private
emergency plans/partnerships or mutual aid and assistance agreements, or in
response to requests from government and nongovernmental-volunteer initiatives. [1,
pp. A-5]
Small Business
Small Businesses contribute to all aspects of homeland security and employ more than
half of all private-sector workers. They support response efforts by developing
contingency plans and working with local planners to ensure that their plans are
consistent with pertinent response procedures. When small businesses can survive and
quickly recover from disasters, the Nation and economy are more secure and more
resilient. They perform research and development, catalyze new thinking, and serve as
engines of innovation for development of new solutions to key challenges in homeland
security. [1, pp. A-5]
Governors
Governors are responsible for overseeing their State’s threat prevention activities as
well the State’s response to any emergency or disaster, and take an active role in
ensuring that other State officials and agencies address the range of homeland security
threats, hazards, and challenges. During an emergency, Governors will play a number
of roles, including the State’s chief communicator Critical Infrastructure and Key
Resource (CIKR) Owners and Operators develop protective programs and measures to
ensure that systems and assets, whether physical or virtual, are secure from and
resilient to cascading, disruptive impacts. Protection includes actions to mitigate the
overall risk to CIKR assets, systems, networks, functions, or their interconnecting links,
including actions to deter the threat, mitigate vulnerabilities, or minimize the
consequences associated with a terrorist attack or other incident. CIKR owners and
operators also prepare business continuity plans and ensure their own ability to
sustain essential services and functions. [1, pp. A-5]
Part II: HS, DHS, & HS Enterprise
231
State and Territorial Governments
State and Territorial Governments coordinate the activity of cities, counties, and
intrastate regions. States administer Federal homeland security grants to local and
tribal (in certain grant programs) governments, allocating key resources to bolster their
prevention and preparedness capabilities. State agencies conduct law enforcement
and security activities, protect the Governor and other executive leadership, and
administer State programs that address the range of homeland security threats,
hazards, and challenges. States government officials lead statewide disaster and
mitigation planning. During response, States coordinate resources and capabilities
throughout the State and are responsible for requesting and obtaining resources and
capabilities from surrounding States. States often mobilize these substantive resources
and capabilities to supplement the local efforts before, during, and after incidents. [1,
pp. A-6]
Tribal Leaders
Tribal Leaders are responsible for the public safety and welfare of their membership.
They can serve as both key decision makers and trusted sources of public information
during incidents. [1, pp. A-6]
Tribal Governments
Tribal Governments, which have a special status under Federal laws and treaties,
ensure the provision of essential services to members within their communities, and
are responsible for developing emergency response and mitigation plans. Tribal
governments may coordinate resources and capabilities with neighboring jurisdictions,
and establish mutual aid agreements with other tribal governments, local jurisdictions,
and State governments. Depending on location, land base, and resources, tribal
governments provide law enforcement, fire, and emergency services as well as public
safety to their members. [1, pp. A-6]
Mayors and Other Elected Officials
Mayors and other local elected and appointed officials (such as city managers) are
responsible for ensuring the public safety and welfare of their residents, serving as
their jurisdiction’s chief communicator and a primary source of information for
homeland security-related information, and ensuring their governments are able to
carry out emergency response activities. They serve as both key decision makers and
trusted sources of public information during incidents. [1, pp. A-6]
Chapter 13: HS Enterprise
232
Local Governments
Local Governments provide front-line leadership for local law enforcement, fire, public
safety, environmental response, public health, and emergency medical services for all
manner of hazards and emergencies. Through the Urban Areas Security Initiative
(UASI) program, cities (along with counties in many cases) address multijurisdictional
planning and operations, equipment support and purchasing, and training and
exercises in support of high-threat, high-density urban areas. UASI grants assist local
governments in building and sustaining homeland security capabilities. Local
governments coordinate resources and capabilities during disasters with neighboring
jurisdictions, NGOs, the State, and the private sector. [1, pp. A-7]
County Leaders
County Leaders serve as chief operating officers of county governments, both rural and
urban. This includes supporting and enabling the county governments to fulfill their
responsibilities to constituents, including public safety and security. In some States,
elected county officials such as sheriffs or judges also serve as emergency managers,
search and rescue officials, and chief law enforcement officers. [1, pp. A-7]
County Governments
County Governments provide front-line leadership for local law enforcement, fire,
public safety, environmental response, public health, and emergency medical services
for all manner of hazards and emergencies. In many cases, county government officials
participate in UASIs with other urban jurisdictions to assist local governments in
building and sustaining capabilities to prevent, protect against, respond to, and recover
from threats or acts of terrorism. County governments coordinate resources and
capabilities during disasters with neighboring jurisdictions, NGOs, the State, and the
private sector. [1, pp. A-7]
American Red Cross
The American Red Cross is a supporting agency to the mass care functions of ESF #6 –
Mass Care, Emergency Assistance, Housing, and Human Services under the NRF. As the
Nation’s largest mass care service provider, the American Red Cross provides
sheltering, feeding, bulk distribution of needed items, basic first aid, welfare
information, and casework, among other services, at the local level as needed. In its
role as a service provider, the American Red Cross works closely with local, tribal, and
State governments to provide mass care services to victims of every disaster, large and
small, in an affected area. [1, pp. A-7]
Part II: HS, DHS, & HS Enterprise
233
Voluntary Organizations Active in Disaster
National Voluntary Organizations Active in Disaster (National VOAD) is a consortium of
approximately 50 national organizations and 55 State and territory equivalents that
typically send representatives to the Federal Emergency Management Agency’s
National Response Coordination Center to represent the voluntary organizations and
assist in response coordination. Members of National VOAD form a coalition of
nonprofit organizations that respond to disasters as part of their overall mission. [1,
pp. A-8]
Nongovernmental Organizations
Nongovernmental Organizations (NGOs) provide sheltering, emergency food supplies,
counseling services, and other vital support services to support response and promote
the recovery of disaster victims. They often provide specialized services that help
individuals with special needs, including those with disabilities, and provide
resettlement assistance and services to arriving refugees. NGOs also play key roles in
engaging communities to integrate lawful immigrants into American society and
reduce the marginalization or radicalization of these groups. [1, pp. A-8]
Community Organizations
Communities and community organizations foster the development of organizations
and organizational capacity that act toward a common goal (such as Neighborhood
Watch, Community Emergency Response Teams, or providing emergency food or
shelter). These groups may possess the knowledge and understanding of the threats,
local response capabilities, and special needs within their jurisdictions and have the
capacity necessary to alert authorities of those threats, capabilities, or needs.
Additionally, during an incident these groups may be critical in passing along vital
incident communications to individuals and families, and to supporting critical
response activities in the initial stages of a crisis. [1, pp. A-8]
Individuals and Families
Individuals and Families take the basic steps to prepare themselves for emergencies,
including understanding the threats and hazards that they may face, reducing hazards
in and around their homes, preparing an emergency supply kit and household
emergency plans (that include care for pets and service animals), monitoring
emergency communications carefully, volunteering with established organizations,
mobilizing or helping to ensure community preparedness, enrolling in training courses,
and practicing what to do in an emergency. These individual and family preparedness
activities strengthen community resilience and mitigate the impact of disasters. In
addition, individual vigilance and awareness can help communities remain safer and
bolster prevention efforts. [1, pp. A-8]
Chapter 13: HS Enterprise
234
Conclusion
In order to safeguard the nation from domestic catastrophic incidents requires the
collective and coordinated efforts of many agencies, organizations, and individuals.
While the nation looks to the Department of Homeland Security to lead the way,
homeland security is an enterprise. Each of us—government, business, and individual
alike—has a role to play in contributing to the collective strength of this country. [1, p.
78]
Part II: HS, DHS, & HS Enterprise
235
Chapter 13: HS Enterprise
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. Why is a homeland security “enterprise” necessary?
2. What are the essential elements required to make the homeland security enterprise work?
3. Which member of the enterprise is responsible for overseeing their State’s threat prevention activities as well the State’s
response to any emergency or disaster?
4. Which member of the enterprise serves as the head of the Intelligence Community, acts as the principal advisor to the
President and National Security Council for intelligence matters relating to national security?
5. Which member of the enterprise provides sheltering, emergency food supplies, counseling services, and other vital services to
support response and promote the recovery of disaster victims?
6. Which member of the enterprise provides front-line leadership for local law enforcement, fire, public safety, environmental
response, public health, and emergency medical services for all manner of hazards and emergencies?
7. Which member of the enterprise is responsible for criminal investigations of terrorist acts inside the United States, or directed
at United States citizens or institutions abroad, as well as for related intelligence collection activities within the United States?
8. Which member of the enterprise defends the United States from direct attack, deters potential adversaries, fosters regional
stability, secures and assures access to sea, air, space, and cyberspace?
9. Which member of the enterprise is responsible for taking basic steps to prepare themselves for emergencies and
understanding the threats and hazards that they may face?
10. Which member of the enterprise is the coordinator and primary agency in response to an actual or potential discharge and/or
uncontrolled release of oil or hazardous materials?
236
237
Part III:
Mission Areas
In this section we will examine the missions performed by the Department of Homeland Security to safeguard the U.S.
from domestic catastrophic destruction. These missions are defined in the 2014 Quadrennial Homeland Security
Review and are re-evaluated every four years under the QHSR process. As was seen in Chapter 11, these missions have
evolved since DHS’ activation in 2003. Still, they remain grounded in the strategic implications and tactical lessons
learned from 9/11. From a strategic standpoint, they address the means for committing domestic catastrophic
destruction by protecting critical infrastructure, countering weapons of mass destruction, and securing cyberspace.
From a tactical perspective, they seek to plug the holes exposed on 9/11, and subsequent attacks in Madrid (2004) and
London (2007), by rooting out those with malicious intent, preventing them from entering the country or otherwise
smuggling in WMD, and tightening security within our mass transit systems. However, because no defense is
invulnerable and we cannot stop the destructive forces of nature, the ability to mount a coordinated response and
recovery remains critical to saving lives and alleviating suffering. In order to facilitate understanding, each chapter is
organized to 1) describe the problem, 2) explain what’s being done to address it, 3) what has been accomplished and,
4) what remains to be done.
238
Part III: Mission Areas
239
Chapter 14: Critical Infrastructure Protection
Critical Infrastructure
Protection
Careful study of this chapter will help a student do the following:
Explain how the importance of critical infrastructure protection was realized before 9/11.
Describe how critical infrastructure protection has been shaped and evolved since PDD-63.
Explain the role of the Federal government in critical infrastructure protection.
Assess the importance of various steps in the Risk Management Framework.
Chapter 14
Learning Outcomes
240
“We did find widespread capability to exploit infrastructure vulnerabilities. The
capability to do harm—particularly through information networks—is real; it is growing
at an alarming rate; and we have little defense against it.”
– 1997 President’s Commission on Critical Infrastructure Protection
Introduction
9/11 thrust critical infrastructure protection to the forefront of US security concerns.
Previously, in July 1996 President Clinton appointed a Commission on Critical
Infrastructure Protection to report the scope and nature of vulnerabilities and threats
to the nation’s critical infrastructure, and recommend a comprehensive national plan
for protecting them including any necessary regulatory changes. The Commission was
chartered in response to growing concerns stemming from the 1993 attack on the
World Trade Center in New York City, 1995 bombing of the Murrah Federal Building in
Oklahoma City, and 1996 bombing of the Khobar Towers US military barracks in
Dhahran Saudi Arabia. Examining both the physical and cyber vulnerabilities, the
Commission found no immediate crisis threatening the nation’s infrastructures.
However, it did find reason to take action, especially in the area of cybersecurity. The
rapid growth of a computer-literate population (implying a greater pool of potential
hackers), the inherent vulnerabilities of common protocols in computer networks, the
easy availability of hacker “tools” (available on many websites), and the fact that the
basic tools of the hacker (computer, modem, telephone line) were the same essential
technologies used by the general population indicated to the Commission that both
threat and vulnerability exist. The Commission Report, released in October 1997, led to
Presidential Decision Directive No. 63 (PDD-63) issued in May 1998. PDD-63 set as a
national goal the ability to protect the nation’s critical infrastructure from intentional
attacks (both physical and cyber) by the year 2003. According to the PDD, any
interruptions in the ability of these infrastructures to provide their goods and services
must be “brief, infrequent, manageable, geographically isolated, and minimally
detrimental to the welfare of the United States”. [1, p. 4]
PDD-63
PDD-63 identified a set of twelve infrastructure “sectors” whose assets should be
protected: information and communications; banking and finance; water supply;
aviation, highways, mass transit, pipelines, rail, and waterborne commerce; emergency
and law enforcement services; emergency, fire, and continuity of government services;
public health services; electric power, oil and gas production, and storage. A federal
Lead Agency (LA) was assigned to each of these “sectors”. Each Lead Agency was
directed to appoint a Sector Liaison Official to interact with appropriate private sector
organizations. The private sector was encouraged to select a Sector Coordinator to
work with the agency’s sector liaison official. Together, the liaison official, sector
coordinator, and all affected parties were to contribute to a Sector Security Plan (SSP)
which was to be integrated into a National Infrastructure Assurance Plan. [1, p. 4]
Part III: Mission Areas
In July 1996, President
Clinton appointed a
Commission on Critical
Infrastructure Protection
to report on the scope
and nature of
vulnerabilities and
threats to the nation’s
critical infrastructure.
The Commission found
concern for cyber attack.
As a result, in May 1998,
President Clinton issued
PDD-63 setting a
national goal to protect
the nation’s critical
infrastructure from
intentional attack.
241
Following the attacks of September 11, 2001, critical infrastructure protection became
a high priority. On October 16, 2001, President Bush signed Executive Order (EO)
13231 stating that it is US policy “to protect against the disruption of the operation of
information systems for critical infrastructure … and to ensure that any disruptions
that occur are infrequent, of minimal duration, and manageable, and cause the least
damage possible.” On October 26, 2001, President Bush signed into law the USA
PATRIOT Act, defining critical infrastructure as “systems and assets, whether physical
or virtual, so vital to the United States that the incapacity or destruction of such
systems and assets would have a debilitating impact on security, national economic
security, national public health or safety, or any combination of those matters”. In July
2002, the Office of Homeland Security released the first National Strategy for
Homeland Security. It identified protecting the nation’s critical infrastructures and key
assets as one of six critical mission areas. The Strategy also expanded upon the list of
sectors considered to comprise critical infrastructure to include public health, the
chemical industry and hazardous materials, postal and shipping, the defense industrial
base, and agriculture and food. Key assets were defined later to include national
monuments and other historic attractions, dams, nuclear facilities, and large
commercial centers, including office buildings and sport stadiums, where large
numbers of people congregate to conduct business, personal transactions, or enjoy
recreational activities. Then on December 17, 2003, the Bush Administration released
Homeland Security Presidential Directive No. 7 (HSPD-7). HSPD-7 essentially updated
the policy of the United States and the roles and responsibilities of various agencies in
regard to critical infrastructure protection as outlined in previous documents, national
strategies, and the Homeland Security Act of 2002. For example, the Directive
reiterated the Secretary of Homeland Security’s role in coordinating the overall
national effort to protect critical infrastructure. It also reiterated the role of Sector-
Specific Agencies (formerly “Lead Agencies”) to work with their sectors to identify,
prioritize, and coordinate protective measures. The Directive captured the expanded
set of critical infrastructures and key assets and Sector-Specific Agencies assignments
made in the National Strategy for Homeland Security. One major difference between
PDD-63 and the Bush Administration’s efforts was a shift in focus. PDD-63 focused on
cybersecurity. While the post-September 11 effort was still concerned with
cybersecurity, its focus on physical threats, especially those that might cause mass
casualties, was greater than the pre-September 11 effort. [1, p. 12]
HSPD-7
HSPD-7 directed development of a National Plan for Critical Infrastructure and Key
Resources Protection to outline national goals, objectives, milestones, and key
initiatives. Previously, PDD-63 had called for development of a National Infrastructure
Assurance Plan. The corresponding focus on cybersecurity resulted in the National
Plan for Information Systems Protection released in January 2000. While this plan
formed the basis for the 2003 National Strategy to Secure Cyberspace, it did not
support the revised focus on physical security stemming from 9/11. After two furtive
Chapter 14: Critical Infrastructure Protection
In December 2003,
President Bush issued
HSPD-7 updating
national policy on
critical infrastructure
protection, following the
same pattern
established in PDD-63.
Because 9/11 had
succeeded in subverting
critical infrastructure in
a physical attack, HSPD-
7 gave greater emphasis
to physical protection
compared to PDD-63’s
emphasis on
cybersecurity.
242
attempts in 2005, the Department of Homeland Security (DHS) released the National
Infrastructure Protection Plan (NIPP) in June 2006. The NIPP identified and integrated
specific processes to guide an integrated national risk management effort. It defined
and standardized, across all sectors, a Risk Management Framework (RMF) process for
identifying and selecting assets for further analysis, identifying threats and conducting
threat assessments, assessing vulnerabilities to those threats, analyzing consequences,
determining risks, identifying potential risk mitigation activities, and prioritizing those
activities based on cost effectiveness. The NIPP also called for implementation plans
for these risk reduction activities, with timelines and responsibilities identified, and
tied to resources. Each Sector-Specific Agency (SSA) was to work with its sector to
generate Sector Specific Plans, utilizing the processes outlined in the NIPP. DHS was to
use these same processes to integrate the sector specific plans into a national plan
identifying those assets and risk reduction plans that require national level attention
because of the risk the incapacitation of those assets pose to the nation as a whole.
The NIPP was updated in 2009 to adopt an “all-hazards” approach to risk management,
and again in 2013 to emphasize the importance of resilience. [1, p. 24]
PPD-21
In February 2013, the Obama Administration issued Presidential Policy Directive No. 21
(PPD-21), Critical Infrastructure Security and Resilience, superseding HSPD-7. PPD-21
made no major changes in policy, roles and responsibilities, or programs, but did order
an evaluation of the existing public-private partnership model, the identification of
baseline data and system requirements for efficient information exchange, and the
development of a situational awareness capability (a continuous policy objective since
President Clinton’s PDD- 63). PPD-21 reflected an increased interest in resilience and
all-hazard approach that has evolved in critical infrastructure policy over the years. It
also updated sector designations, but made no major changes in Sector-Specific
Agency designations. However, PPD-21 did give the energy and communications
sectors a higher profile, due to the Administration’s assessment of their importance to
the operations of the other infrastructures. To date, the Obama Administration has
kept or slowly evolved the policies, organizational structures, and programs governing
physical security of critical infrastructure assets. It has focused much more effort to
expand upon the cybersecurity policies and programs associated with critical
infrastructure protection. [1, pp. 13-14]
Part III: Mission Areas
Table 14-1: CIP Directives, Strategies, & Plans
HS Law HS Directives HS Strategies CIP Plans
2002 HSA 1998 PDD-63 2002 NSHS 2005 Interim NIPP
2003 HSPD-7 2007 NSHS 2005 Draft NIPP
2013 PPD-21 2010 NSS 2006 NIPP
2015 NSS 2009 NIPP
2013 NIPP
In February 2013,
President Obama issue
PPD-21 again updating
national policy on
critical infrastructure
protection. PPD-21
restored emphasis on
cybersecurity, and
introduced the concept
of resilience.
243
Risk Management Framework
The Risk Management Framework has evolved since it was first introduced in the 2005
Interim National Infrastructure Protection Plan. [2, p. 8] Yet it remains, as currently
prescribed in the 2013 National Infrastructure Protection Plan, a continuous process
for incrementally reducing vulnerability within critical infrastructure. The Risk
Management Framework is conducted in voluntary cooperation between the
Department of Homeland Security and public and private partners organized into
Sector Coordinating Councils representing the sixteen infrastructure sectors listed in
Table 2. [3, pp. 10-11] The Risk Management Framework is conducted in five steps
comprised of 1) Set Goals and Objectives, 2) Identify Infrastructure, 3) Assess and
Analyze Risks, 4) Implement Risk Management Activities, and 5) Measure Effectiveness.
[3, p. 15]
Chapter 14: Critical Infrastructure Protection
Table 14-1: CIP Directives, Strategies, & Plans
HS Law HS Directives HS Strategies CIP Plans
2002 HSA 1998 PDD-63 2002 NSHS 2005 Interim NIPP
2003 HSPD-7 2007 NSHS 2005 Draft NIPP
2013 PPD-21 2010 NSS 2006 NIPP
2015 NSS 2009 NIPP
2013 NIPP
Table 14-2: Infrastructure Sectors and Lead/Sector-Specific Agencies
1998
PDD-63
2003
HSPD-7
2013
PPD-21
# Sector LA # Sector SSA # Sector SSA
1. Intelligence CIA 1. Chemical DHS 1. Chemical DHS
2. Information &
Communications
DOC 2. Commercial
Facilities
DHS 2. Commercial
Facilities
DHS
3. National Defense DOD 3. Communications DHS 3. Communications DHS
4. Electric, Power,
Gas, & Oil
DOE 4. Critical
Manufacturing
DHS 4. Critical
Manufacturing
DHS
5. Emergency Law
Enforcement
DOJ 5. Dams DHS 5. Dams DHS
6. Law Enforcement &
Internal Security
DOJ 6. Emergency
Services
DHS 6. Emergency
Services
DHS
7. Foreign Affairs DOS 7. Government
Facilities
DHS 7. Information
Technology
DHS
8. Transportation DOT 8. Information
Technology
DHS 8. Nuclear Reactors,
Materials, & Waste
DHS
9. Water EPA 9. Nuclear Reactors,
Materials, & Waste
DHS 9. Transportation
Systems
DHS &
DOT
10. Emergency Fire
Service
FEMA 10. Postal & Shipping DHS 10. Government
Facilities
DHS &
GSA
11. Emergency
Medicine
HHS 11. Defense Industrial
Base
DOD 11. Defense Industrial
Base
DOD
12. Banking & Finance TREAS 12. Energy DOE 12. Energy DOE
13. National
Monuments & Icons
DOI 13. Water &
Wastewater
Systems
EPA
14. Transportation
Systems
DHS &
DOT
14. Healthcare & Public
Health
HHS
15. Water EPA 15. Financial Services TREAS
16. Healthcare & Public
Health
HHS 16. Food & Agriculture USDA
17. Banking & Finance TREAS
18. Agriculture & Food USDA
244
RMF Step 1: Set Goals and Objectives. The risk reduction priorities for each sector are
established in Sector Specific Plans (SSPs). [3, p. 16] The first SSPs were released in
May 2007, after the first official National Infrastructure Protection Plan was issued in
2006. Of the 17 plans drafted, 7 were made available to the public. The other 11 plans
were designated “For Official Use Only” and withheld from public release. A review by
the Government Accountability Office found that while all the plans complied, more or
less, with NIPP requirements, some were more developed and comprehensive than
others. The Sector Security Plans were revised in 2010 after the NIPP was revised in
2009. HSPD-7 stipulated that the SSPs should be updated annually. However, in 2010,
DHS and its sector partners decided that a four-year cycle was sufficient for updating
the SSPs. [1, pp. 23-24] As of 2015, the SSPs had yet to be updated and the most
recent versions were dated 2010.
RMF Step 2: Identify Infrastructure. Despite the definition in the USA PATRIOT Act,
critical infrastructure identification has been fraught with difficulties. While the
National Infrastructure Protection Plan was still under development, the Department
of Homeland Security undertook Operation Liberty Shield to catalog the nation’s
critical infrastructure in advance of the U.S. invasion of Iraq. Over the summer of 2003,
DHS personnel cataloged 160 assets across various sectors it determined needed
additional protection or mitigation against potential attack. Under pressure from
Congress, the list was expanded to 1,849 assets and called the Protected Measures
Target list (PMTL). At the same time it was conducting Operation Liberty Shield, DHS
issued a grant asking states to conduct a critical infrastructure self-assessment. The
resulting data call added another 26,359 assets to the PMTL, including zoos, festivals,
shopping centers, and other “out-of-place” assets. [4, p. 6] The dubious results were
attributed to “minimal guidance” given to the states. Accordingly, in July 2004 DHS
issued a second data call to correct the problems from the 2003 data call. The 2004
data call included more precise instructions in the form of separate Guidelines for
Identifying National Level Critical Infrastructure and Key Resources. States responded
by submitting 47,701 additional assets to the PMTL. Together, the combined data
from Operation Liberty Shield and 2003 and 2004 data calls comprised 77,069 assets of
what DHS called the National Asset Database (NADB). Still, the DHS Inspector General
noted that the list contained too many “out-of-place” assets, making subsequent
prioritization difficult. [4, pp. 8-10] Congress intervened with the Implementing
Recommendations of the 9/11 Commission Act which mandated the establishment of
Part III: Mission Areas
Figure 14-1: 2013 NIPP Risk Management Framework [3, p. 15]
The DHS Risk
Management
Framework is the
implementing procedure
of the National
Infrastructure Protection
Plan.
245
a second database containing a prioritized list of assets. [5] DHS complied with
Congress by initiating the National Critical Infrastructure Prioritization Program (NCIPP)
working with public and private partners to identify and classify critical infrastructure
as either Level 1 or Level 2 priority based on the consequences associated with the
asset’s disruption or destruction. [6, p. 4] In 2006, the NADB was replaced by the
Infrastructure Information Collection System (IICS) available from the DHS
Infrastructure Protection Gateway. [7] According to the 2013 NIPP, the National Critical
Infrastructure Prioritization Program remains the primary program for prioritizing
critical infrastructure at the national level. [6, p. 17] The number and identity of assets
collected by NCIPP is protected information unavailable to the public.
RMF Step 3: Assess and Analyze Risks. DHS Protective Security Advisors (PSAs) located
in all fifty States and Puerto Rico conduct Security Surveys and Resilience Assessments
under the Enhanced Critical Infrastructure Protection (ECIP) and Regional Resiliency
Assessment Program (RRAP). [8] According to DHS guidance, PSAs are to conduct Site
Assistance Visits (SAVs) with infrastructure owners and operators within their districts
giving priority to Level 1 assets. PSAs use an Infrastructure Survey Tool to gather
information on 1,500 variables covering six major components and forty-two
subcomponents. The results are compiled by Argonne National Laboratory into a
“dashboard” indicating the asset’s overall protective measure score and compare it
with the scores of similar assets that have previously undergone a Security Survey. The
interactive dashboard allows owners to consider alternative security upgrades and see
how they affect the overall security of the asset as shown in Figure 2. PSA Security
Surveys are done in voluntary cooperation with infrastructure owner/operators. [9, pp.
9-10] Out of 2,195 Security Surveys and 655 Vulnerability Assessments conducted
during fiscal years 2009 through 2011, GAO identified a total of 135 Security Surveys
and 44 Vulnerability Assessments that matched assets on the NCIPP list of high-priority
assets. GAO also identified an additional 106 Security Surveys and 23 Vulnerability
Assessments that were potential matches with assets on the NCIPP lists of priority
assets, but could not be certain that the assets were the same because of
inconsistencies in the way the data were recorded in the two different databases. All
told, GAO determined that in two years DHS had conducted 241 Security Surveys and
67 Vulnerability Assessments on high-priority assets listed in the NCIPP database. [9,
pp. 15-17]
Chapter 14: Critical Infrastructure Protection
The Risk Management
Framework is a risk-
based methodology for
prioritizing allocation of
scarce national
resources to reducing
vulnerabilities among
critical infrastructure.
246
The Infrastructure Survey Tool is but one method for performing risk analysis on critical
infrastructure. Over the years, each sector has developed its own set of risk analysis
tools. The 2010 Sector Security Plan for Water identifies three assessment tools: 1)
Risk Assessment Methodology-Water (RAM-W), 2) Security and Environmental
Management System (SEMS); and 3) Vulnerability Self-Assessment Tool (VSAT). [10, p.
27] Similarly, the 2010 Transportation Systems Sector Specific Plan cites the use of the
Aviation Modal Risk Assessment (AMRA) as part of a broader Transportation Systems
Sector Security Risk Assessment (TSSRA) program. [11, pp. 135-136] The PSA Site
Assistance Visit is listed as the method for conducting risk assessments in the 2010
Sector Specific Plan for Energy. [12, p. 32] Originally, DHS intended for every sector to
use the same risk analysis tool in order to facilitate risk comparison across not only
Part III: Mission Areas
Figure 14-2: PSA Security Survey Example “Dashboard” Results
247
infrastructure assets, but also across infrastructure sectors. In the 2006 National
Infrastructure Protection Plan DHS announced it was sponsoring development of a
suite of tools based on the Risk Analysis and Management for Critical Asset Protection
(RAMCAP). [13, p. 36] RAMCAP was developed at the request of the White House by
the American Society of Mechanical Engineers (ASME). [14, p. xiii] The 2006 NIPP
deemed RAMCAP to satisfy the “baseline criteria for risk assessment”. This “baseline
criteria” assessed risk as a function of consequence, vulnerability, and threat,
expressed as R=f(C,V,T). [13, pp. 35-36] The 2013 NIPP affirmed this formulation as
part of Step 3 in the Risk Management Framework, [3, p. 17] but RAMCAP was no
longer the preferred method. It was not mentioned in either the 2009 or 2013
National Infrastructure Protection Plans. It did survive, however, as the American
Water Works Association (AWWA) J100-10 standard for Risk and Resilience
Management of Water and Wastewater Systems. [14]
RMF Step 4: Implement Risk Management Activities. As a result of risk analysis,
owners/operators are expected to take actions to increase resilience and reduce their
vulnerability to potential consequences. [3, p. 18] However, infrastructure owner/
operators are very sensitive to costs, in many instances regulated, and cannot afford to
take all measures on their own. Accordingly, DHS may lend assistance through the
FEMA Grants Program Directorate State and Local Grant Programs. Specific grant
programs include the State Homeland Security Formula-based Grants, the Urban Area
Security Initiative (UASI) Grants (both of which primarily support first responder needs,
but include certain infrastructure protection expenditures), Port Security Grants, Rail
and Transit Security Grants, Intercity Bus Security Grants, and Highway (Trucking)
Security Grants, and Buffer Zone Protection Plan. [1, pp. 27-28] Ostensibly, the results
from risk analysis are included in a Critical Infrastructure National Annual Report [3, p.
26] submitted each year with the DHS budget to the Executive Office of the President.
[15, p. 2]
RMF Step 5: Measure Effectiveness. The 1993 Government Performance and Results
Act, as amended, requires all Federal programs to develop “outcome measures” and
report them annually to Congress to guide and assess effective investment of taxpayer
funds. [16] The Risk Management Framework incorporates this principle in Step 5,
before starting all over again with Step 1 in an incremental, continuous improvement
process. [3, p. 20]
Chapter 14: Critical Infrastructure Protection
The Risk Management
Framework has proven
problematic at every
step. DHS has yet to
make the system work
as envisioned. Until
these problems are
solved, the nation’s
critical infrastructure
will remain vulnerable
to malicious attack.
248
Conclusion
While supporting aspects of the National Infrastructure Protection Plan including
Information Sharing and Analysis Centers (ISACs) and Sector Coordinating Councils
have increased awareness and security among participating infrastructure sectors, the
core of the plan, the Risk Management Framework, has yet to live up to expectations.
Various GAO reports detail fundamental problems with each step of the process
including 1) inability to adequately identify infrastructure assets (mobile assets, such as
aircraft, are not included in NCIPP criteria), 2) matching PSA Site Assistance Visits with
priority assets listed on NCIPP, 3) deploying a standard formulation to uniformly assess
risk across all infrastructure sectors, 4) applying risk results to determine Federal grant
priorities, and 5) providing an objective risk measure to guide and assess taxpayer
investments. While these problems remain, the nation will remain vulnerable to the
potential catastrophic effects inherent in critical infrastructure as demonstrated on
9/11.
Part III: Mission Areas
249
Chapter 14: Critical Infrastructure Protection
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. What is the scope and authority of a presidential executive order or directive?
2. What was the finding by the Commission on Critical Infrastructure Protection that prompted President Clinton to
issue PDD-63?
3. How did HSPD-7 issued by President Bush change the emphasis on critical infrastructure protection from PDD-63?
4. How did PPD-21 issued by President Obama again change the emphasis on critical infrastructure protection from
HSPD-7?
5. Why can’t owners/operators protect their own infrastructure?
6. What is the purpose of the Risk Management Framework?
7. How does it affect the RMF if you can’t correctly identify critical infrastructure?
8. How does it affect the RMF if you can’t assess risk uniformly across different infrastructures?
9. As a member of Congress, what would be your priority in allocating funding to protect critical infrastructure?
10. What do you suppose might be a moral hazard of funding infrastructure protection programs?
250
Part III: Mission Areas
251
Chapter 15: Counter WMD Strategy
Counter WMD
Strategy
Careful study of this chapter will help a student do the following:
Describe the various prohibitions against WMD agents.
Explain how the 1995 Tokyo subway attack changed the WMD threat.
Explain the different roles of agencies in national counter WMD strategy.
Chapter 15
Learning Outcomes
252
“The potential proliferation of weapons of mass destruction, particularly nuclear
weapons, poses a grave risk. Even as we have decimated al-Qa’ida’s core leadership,
more diffuse networks of al-Qa’ida, ISIL, and affiliated groups threaten U.S. citizens,
interests, allies, and partners.”
– 2015 National Security Strategy
Introduction
The history of human warfare may be characterized as an escalating development of
tactics and weapons designed to kill more people more quickly. As the industrial
revolution accelerated the production and refinement of weapons on an
unprecedented scale, the Geneva Conventions were begun in 1864 to contain the
carnage and bound the limits of warfare [1]. Similar attempts were made with the
Hague Conventions to place limits on the types of weapons that could be employed.
As early as 1899, the Hague Conventions sought to outlaw the use of chemical
weapons by warring nations. [2] After Germany breached this agreement in 1915, the
British retaliated in kind, and every major belligerent was guilty of employing chemical
weapons by the end of World War I. [3] After the war, nations continued to maintain
and expand their stocks of chemical weapons as a deterrent to their future use. It
wasn’t until the Chemical Weapons Convention of 1997 that nations agreed to destroy
their stocks, but the task is only 85% complete as nations remain wary of relinquishing
their deterrent capability against the possibility of hidden caches. [4] The prohibition
against chemical weapons came after a similar agreement prohibiting the
development, production, and stockpiling of biological weapons in the 1975 Biological
Weapons Convention. [5] This was preceded by the 1968 Non-Proliferation Treaty in
which nations agreed to prevent the spread of nuclear weapons and weapons
technology. [6] The most difficult problem with all these treaties is enforcement.
Despite monitoring and surveillance provisions written into them, the ultimate
guarantor of compliance is the threat of retaliation by similar means. While this threat
may work on nations, it does not work as well on individuals. The 1995 Tokyo subway
attacks demonstrated the ability of non-state actors to employ weapons of mass
destruction. And while Title 18 U.S. Code Section 2332a makes it illegal to use,
threaten, attempt, or conspire to use a weapon of mass destruction in the United
States, arresting the perpetrator after the fact is too little too late. Thus the nation’s
security today relies on an unprecedented cooperation between military, intelligence,
and law enforcement agencies, between Federal, State, and Local governments to
combat weapons of mass destruction (CWMD).
Part III: Mission Areas
WMD agents are
prohibited under Title 18
USC, S2332a, and
international
conventions, including
the 1968 (nuclear) Non-
Proliferation Treaty,
1975 Biological
Weapons Convention,
and 1997 Chemical
Weapons Convention.
253
Combating WMD
The Department of Homeland Security is member of the Counterproliferation Program
Review Committee (CPRC) together with the Department of Defense (DoD),
Department of Energy (DoE), Department of State (DoS), Office of the Director of
National Intelligence (ODNI), and Office of the Chairman of the Joint Chiefs of Staff
(CJCS). Together, they represent the primary Federal agencies responsible for
safeguarding the U.S. from WMD attack. In 1994, Congress commissioned the CPRC to
report on their combined efforts to combat WMD and its means of delivery. [7, p. 1]
The missions and objectives of CPRC members are guided by the 2002 National
Strategy to Combat Weapons of Mass Destruction. The 2002 Strategy prescribes three
primary mission areas: 1) Nonproliferation (NP), 2) Counterproliferation (CP), and 3)
Consequence Management (CM). [7, p. 3] Nonproliferation seeks to dissuade or
impede both state and non-state actors from acquiring chemical, biological,
radiological, and nuclear (CBRN) weapons. Counterproliferation seeks to develop both
active and passive measures to deter and defend against the employment of CBRN
weapons. Consequence management seeks to develop measures to quickly respond
and recover against a domestic CBRN attack. [8, p. 2] This basic strategy is further
refined by supplemental guidance listed in Table 1. These assist departments and
agencies with developing goals and objectives, identifying capability requirements, and
ultimately providing material and nonmaterial solutions for combating weapons of
mass destruction. [9, p. 2]
Department of Defense
DoDD 2060.2 establishes policy, assigns responsibilities, and formalizes relationships
among DoD components to combat weapons of mass destruction. [9, p. 15] DODD
2060.2 refers to CWMD mission areas described in the 2006 National Military Strategy
to Combat WMD. [10, p. 2] This was replaced in 2014 by the Defense Strategy to
Chapter 15: Counter WMD Strategy
Table 15-1: CWMD Guidance Documents [9, p. 2]
2012 Sustaining U.S. Global Leadership: Priorities for 21
st
Century Defense
2012 National Strategy for Biosurveillance
2011 National Strategy for Counterterrorism
2010 Nuclear Posture Review
2009 National Strategy for Countering Biological Threats
2006 National Strategy for Strategic Interdiction
2002 National Strategy to Combat Weapons of Mass Destruction
The Department of
Defense, Department of
Energy, Department of
State, and Office of the
Director of National
Intelligence together
represent the primary
Federal agencies
responsible for
safeguarding the U.S
from WMD attack.
254
Combat WMD. According to the 2014 Defense Strategy, DoD works towards three
CWMD end states: 1) no new WMD possession (NP), 2) no WMD use (CP), and 3)
minimization of WMD effects (CM). The end states are pursued through three main
lines of effort: 1) Prevent Acquisition, 2) Contain and Reduce Threats, and 3) Respond
to Crises. According to this strategy, DoD will seek to dissuade those who do not
possess WMD from acquiring them by promoting transparency, security, and
disarmament; convincing aspirants that their activities will be detected, attributed, and
mitigated; taking action to delay, disrupt, or complicate WMD acquisition; and when
necessary, undertake direct actions to prevent WMD acquisition. DoD will contain and
reduce threats by supporting arms control initiatives; working with partners to guard
against accidental or unintentional WMD employment; maintaining an effective
defense and retaliatory deterrent; and when necessary, undertaking operations to
secure, exploit, and destroy WMD. DoD will also remain prepared to locate, disrupt,
disable neutralize, or destroy an adversary’s WMD assets before they can be used;
however, if employed, DoD is prepared to support civil authorities with CBRN response
capabilities to mitigate consequences. [11, pp. 9-12] DoD capabilities supporting
CWMD policy reside with DoD agencies, commands, and components. The Defense
Threat Reduction Agency (DTRA) leads the Department’s nonproliferation efforts by
implementing provisions of the Nunn-Lugar Global Cooperation Program and
promoting arms control. United States Strategic Command directs the nation’s air,
land, and sea based nuclear forces. [9, pp. 15-17] United States Northern Command
maintains defense of the nation’s air, land, sea, and space approaches. United States
Special Operations Command is prepared to undertake precise missions around the
Part III: Mission Areas
Figure 15-1: DoD Geographic Combatant Commands [12]
According to the 2014
Defense Strategy, DoD
works to 1) prevent
acquisition of WMD
(nonproliferation), 2)
contain and reduce the
threat of WMD
employment
(counterproliferation),
and 3) respond to crises
(consequence
management).
255
world. The remaining geographic combatant commands, Southern Command, Central
Command, European Command, Pacific Command, and Africa Command, maintain
stabilizing relations within their areas of responsibility, but are prepared to conduct
military operations with assigned Army, Navy, Marine, and Air Force units when
directed by the President. [12] In the event WMD is employed within the U.S., the
National Guard maintains 10 regional Homeland Response Forces (HRFs) that may be
tasked to a State governor to assist with CBRN mitigation. [13]
Department of Energy
DOE contributes to national CWMD efforts by ensuring energy security, producing and
maintaining the nation’s nuclear stockpile, promoting nuclear nonproliferation,
providing specialized nuclear and radiological emergency response, assisting nuclear
and radiological counterterrorism and counterproliferation efforts, and fostering
fundamental science, advanced computing, and technological innovation. [14, pp. III-
10] DOE supports CWMD missions through its nuclear proliferation prevention and
counter-terrorism activities as well as through access to the many sites engaged by its
scientific cadre. DOE plays a critical role, through its core nuclear work, in addressing
inspection and monitoring activities of arms control agreements and regimes;
protection of WMD and WMD-related materials and components; detection and
tracking of these materials and components; removal of materials from compliant
nation states; export control activities; and responding to nuclear and radiological
emergencies in the United States and abroad. DOE works closely with DoD, DHS, DOS,
and the Intelligence Community to detect, characterize, and defeat WMD and WMD-
related facilities. [7, p. 18] Within DOE, the National Nuclear Security Administration
(NNSA) is responsible for performing these missions. The NNSA works together with
the Group of Eight (G8) Global Partnership and the International Atomic Energy Agency
to perform its missions abroad. Within the NNSA, responsibility for countering nuclear
terrorism resides principally with the Office of Counterterrorism and
Counterproliferation, designated NA-80. NA-80’s purpose is to advance government’s
technical understanding of the terrorist nuclear threat and advocate for technically
informed policies across Federal agencies. [9, p. 18] The NNSA also maintains Nuclear
Emergency Response Teams (NERTs) capable of 1) searching for radiological devices, 2)
rendering them safe, and 3) mapping radiological contamination that might be spread.
[15]
Department of State
Central to DOS’s responsibility for diplomatic engagement on international security,
DOS aims to build international consensus on arms control and nonproliferation based
on common concern and shared responsibility. The Under Secretary for Arms Control
and International Security leads interagency policy development on nonproliferation
and manages global US security policy, principally in the areas of nonproliferation,
arms control, regional security and defense relations, and arms transfers and security
Chapter 15: Counter WMD Strategy
DOE contributes to
national CWMD efforts
by ensuring energy
security, producing and
maintaining the nation’s
nuclear stockpile,
promoting nuclear
nonproliferation,
providing specialized
nuclear and radiological
emergency response,
assisting nuclear and
radiological
counterterrorism and
counterproliferation
efforts, and fostering
fundamental science,
advanced computing,
and technological
innovation.
256
assistance. This entails overseeing the negotiation, implementation, and verification of
international agreements in arms control and international security. Other specific
responsibilities include directing and coordinating export control policies and policies
to prevent missile, nuclear, chemical, biological, and conventional weapons
proliferation. All of these contribute to the DOS’s strategic goal of countering threats
to the US and the international order. DOS CWMD responsibilities are primarily
planned and executed via: the Bureau of Arms Control, Verification, and Compliance
(AVC); the Bureau of International Security and Nonproliferation (ISN); and the Bureau
of Political-Military Affairs (PM); all of which report to the Under Secretary for Arms
Control and International Security. [14, pp. III-7]
Office of the Director of National Intelligence
ODNI directs the activities of the Intelligence Community to provide high-value
intelligence supporting U.S. policies and actions to discourage, prevent, rollback, deter,
and mitigate the consequences of WMD. ODNI leads the nation’s CWMD intelligence
efforts through various interagency groups and centers: [9, p. 20]
CBRN Counterterrorism Group (CCTG). ODNI manages the CCTG formed by the merger
of the Central Intelligence Agency’s (CIA’s) Counterterrorism Center and National
Counterterrorism Center’s CBRN analysis group. The CCTG pools analytical experts
from CIA, NCTC, the Defense Intelligence Agency (DIA), FBI, and other U.S. Government
organizations to support a wide range of intelligence activities focused on CWMD. [9,
p. 20]
National Counterproliferation Center (NCPC). The NCPC helps the U.S counter threats
caused by the development and spread of WMD. NCPC works with the Intelligence
Community to identify critical gaps in WMD knowledge resulting from shortfalls in
collection, analysis, or exploitation and then develop solutions to reduce or close these
gaps. The NCPC does this by analyzing, integrating, and disseminating comprehensive
all-source WMD proliferation intelligence; providing all-source intelligence support
needed for the execution of counterproliferation plans or activities; and performing
independent WMD proliferation analyses. It may also play a role in the nuclear
attribution process by fusing law enforcement and intelligence information with
nuclear forensics conclusions provided by national technical nuclear forensics center.
The NCPC also provides WMD briefs and analyses to the President, Congress, and the
appropriate Federal departments and agencies, as required. The majority of the NCPC
staff are detailees from the intelligence community, as well as DoD and the DOE
national laboratories. [14, pp. III-6 – III-7]
Part III: Mission Areas
ODNI directs the
activities of the
Intelligence
Community to
provide high-value
intelligence
supporting U.S.
policies and actions to
discourage, prevent,
rollback, deter, and
mitigate the
consequences of
WMD.
257
National Counterterrorism Center (NCTC). The NCTC is the primary organization in the
U.S. Government that integrates and analyzes intelligence pertaining to terrorism and
counterterrorism, including all intelligence related to terrorist use of WMD. The CT
community lead for identifying critical intelligence problems, key knowledge gaps, and
major resource constraints is the NCTC. The NCTC combines intelligence, military, law
enforcement, and homeland security networks to facilitate information sharing across
government departments and agencies. In addition to its information sharing role, the
NCTC provides a strategic-level operational planning function for CT activities and is
responsible for integrating all elements of national power toward successful
implementation of the national CT strategy. [14, pp. III-6]
Department of Homeland Security
The 2010 Quadrennial Homeland Security Review identified three CWMD-related
mission areas: 1) Preventing Terrorism and Enhancing Security; 2) Securing and
Managing Borders; and 3) Ensuring Resilience to Disasters. [9, pp. 18-19] DHS also
maintains the National Response Framework (NRF) for guiding how U.S. Government
departments and agencies should work together to prepare for and respond to WMD
events. DHS agencies, along with the Federal Bureau of Investigation (FBI), DOE, the
Department of the Treasury (TREAS), the Department of Commerce (DOC), and the
intelligence community, play a vital role in supporting national CWMD efforts. Agencies
within the DHS that contribute to the CWMD mission include: [14, pp. III-8]
United States Coast Guard (USCG). The USCG may play an integral role in WMD
interdiction operations by protecting US economic and security interests in maritime
regions, including international waters, U.S. coastal regions, ports, and waterways.
USCG personnel can be used to enforce U.S. laws anywhere in the world, with certain
restrictions, and can participate in regular DoD-led interdiction operations under their
Title 14, USC authorities, even if assigned DoD forces. [14, pp. III-8]
Customs and Border Protection (CBP). To prevent WMD smuggling, the CBP works
through existing partnerships with customs and law enforcement agencies in partner
nations to protect U.S. borders, ports of entry, and screen admissibility of persons,
cargo, and vessels arriving into U.S. ports. CBP also supports a National Targeting
Center and operates the Container Security Initiative with the DOE. [14, pp. III-8]
Federal Emergency Management Agency. The Federal Emergency Management Agency
provides support to our nation’s critical infrastructure in response to CBRN hazards
through comprehensive emergency management programs including risk reduction,
preparedness, response, and recovery. [14, pp. III-8]
Chapter 15: Counter WMD Strategy
The Department of
Homeland Security also
plays a role in national
CWMD strategy by: 1)
Preventing Terrorism
and Enhancing Security;
2) Securing and
Managing Borders; and
3) Ensuring Resilience to
Disasters.
258
Domestic Nuclear Detection Office (DNDO). DNDO improves the Nation’s ability to
detect and report transportation of nuclear or radiological material. Additionally,
DNDO operates the National Technical Nuclear Forensics Center, which has two
primary missions. The first provides centralized planning, integration, assessment, and
stewardship of the nation’s nuclear forensics capabilities to ensure a ready, robust, and
enduring capability in coordination with other U.S. Government departments and
agencies who have assigned responsibilities for national technical nuclear forensics.
These include the Department of Justice and FBI, who is the lead federal agency
responsible for the criminal investigation of terrorist events and the nuclear forensic
investigation of planned or actual attack; DoD, DOE, DOS, ODNI, and DHS. The second
mission is to advance the capability to perform nuclear forensics on nuclear and
radiological materials in a pre-detonation (intact) state. [14, pp. III-8]
Immigration and Customs Enforcement (ICE). ICE enforces US immigration and customs
regulations. One of its highest priorities is to prevent illicit procurement networks,
terrorist groups, and hostile nations from illegally obtaining U.S. military products,
sensitive dual-use technology, WMD, or CBRN materials. The ICE homeland security
investigation’s counterproliferation investigations program oversees a broad range of
investigative activities related to such violations. The counterproliferation
investigations program enforces US laws involving the export of military items,
controlled dual-use goods, firearms, and ammunition, as well as exports to sanctioned
or embargoed countries. [14, pp. III-9]
Conclusion
The effects of U.S. CWMD policy range from the mundane to the profound. Patients of
nuclear medicine are routinely pulled aside after tripping Radiation Portal Monitors
installed in airports and other major U.S. ports of entry. [16] Citing the need to disarm
Iraq of suspected caches of WMD, President Bush in March 2003 launched the U.S.-led
invasion of Iraq. The invasion and subsequent eight-year occupation cost the nation
$1.7 trillion, 4,488 U.S. casualties, and 32,223 U.S. wounded. Iraq itself suffered an
estimated 189,000 casualties and counting as it continues to struggle with internal
strife. [17] No definitive caches of WMD were found.
Part III: Mission Areas
259 Chapter 15: Counter WMD Strategy
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. Which WMD agent was first used in warfare?
2. Which WMD agent emerged during World War One?
3. Which WMD agent emerged during World War Two?
4. How did the 1995 Tokyo subway attacks change the WMD threat?
5. What is DoD’s role in national counter WMD strategy?
6. What is DOS’s role in national counter WMD strategy?
7. What s DOE’s role in national counter WMD strategy?
8. What is ODNI’s role in national counter WMD strategy?
9. What is DHS’s role in national counter WMD strategy?
10. Which WMD agent do you think is easiest to obtain? Explain your answer.
260
Part III: Mission Areas
261
Chapter 16: Cybersecurity
Cybersecurity
Careful study of this chapter will help a student do the following:
Explain the relationship between cybersecurity and critical infrastructure protections.
Explain why cyber attack holds so much destructive potential.
Describe Internet ownership and management relationships.
Identify key components of the Internet.
Discuss potential Internet vulnerabilities.
Evaluate computer crime.
Describe DHS’s cybersecurity roles and responsibilities.
Chapter 16
Learning Outcomes
262
“Because our economy is increasingly reliant upon interdependent cyber-supported
infrastructures, non-traditional attacks on our infrastructure and information systems
may be capable of significantly harming both our military power and our economy.”
– 1998 Presidential Decision Directive No. 63
Introduction
Cybersecurity goes hand-in-hand with critical infrastructure protection, because 1)
cyberspace provides an avenue for attacking critical infrastructure from anywhere
around the world; 2) cyber components make critical infrastructure susceptible to
subversion, disruption, or destruction; and 3) cyberspace itself is a critical
infrastructure on which many other critical infrastructures depend. What keeps the
experts awake at night is the knowledge that the potential consequences of a
coordinated cyber attack could dwarf any previous disaster in U.S. history, either
natural or manmade. This chapter will take a look at some of those nightmare
scenarios and examine what the Department of Homeland Security is doing to keep
them from becoming reality.
Worst Case Scenarios
The worst disaster in U.S. history was the 1900 hurricane that hit Galveston Texas; as
many as 12,000 people are thought to have perished in that disaster. The worst
manmade disaster in U.S. history was 9/11 in which 3,000 people lost their lives. [1]
Yet the death and damages resulting from these disasters might pale in comparison to
the destruction that could conceivably be wrought by a coordinated cyber attack on
selected infrastructure. We present just three plausible scenarios that have been
considered, at one time or another, at the highest levels of U.S. leadership.
Shutdown the North American Electric Grid.
In August 2003, an electricity blackout affected 50 million people in the northeastern
United States and Canada, causing an estimated $4-$10 billion in economic losses.
Though it lasted only a week, the outage resulted in a 0.7% drop in Canada’s gross
domestic product. [2, p. 2] A John Hopkins study determined that New York City
experienced a 122% increase in accidental deaths and 25% increase in disease-related
deaths, and that ninety people died as a direct result of the power outage. [3] Though
the 2003 outage was an accident, it raised concerns whether an even wider outage
could be induced deliberately. In 2006, DHS and the Department of Energy conducted
a joint experiment named Project Aurora. In this experiment, researchers proved that
a generator could be remotely commanded over the Internet to physically self-
destruct. [4, p. 21] The implications were shocking because the time necessary to
replace a generator can range from months to years. [5, p. 12] Of course the North
American electric grid is designed and monitored to sustain service in the event a given
component fails. It is not designed, however, to sustain large-scale damages that
Part III: Mission Areas
Cybersecurity Concerns:
1) cyberspace provides
an avenue for attacking
critical infrastructure
from anywhere around
the world; 2) cyber
components make
critical infrastructure
susceptible to
subversion, disruption,
or destruction; and 3)
cyberspace itself is a
critical infrastructure on
which many other
critical infrastructures
depend.
263
might result from a coordinated attack. If such an attack was successful, a significant
portion of the United States could lose power for periods lasting months, not weeks.
Unlike the aftermath of Hurricane Katrina, there would be no “islands of power” from
which to stage recovery or seek refuge. The affected regions would go dark, and their
supporting infrastructure would collapse. The cascading effects would be disastrous.
No doubt the nation would survive, but it would be deeply wounded as no other
experience since the Civil War.
Multiple Simultaneous Meltdowns.
In March 1979, a series of incidents almost resulted in a meltdown of reactor number
two at the Three Mile Island nuclear power plant in Dauphin County Pennsylvania.
Though a meltdown was averted, and only a slight amount of radiation released,
140,000 people were evacuated from a 20-mile radius before the situation was
contained. [6] By comparison, the residents of Pripyat in the Ukraine were not so lucky
when in April 1986, reactor number four at the Chernobyl Nuclear Power Plant
exploded. Though a different design than the plant at Three Mile Island, the Chernobyl
nuclear accident amply demonstrates the dangers of a nuclear meltdown: 350,400
people were permanently evacuated from a radius extending 19-miles in all directions
from the plant. Radiation from the fallout is so intense inside the “zone of alienation”
that it will remain unsafe for human habitation for another 20,000 years (though a
stalwart contingent of 300 residents refuse to leave and remain in the area). [7] Again,
these were accidents, but as the Stuxnet attack in 2010 proved, they could conceivably
become deliberate. In 2010, the Iranian nuclear program was set back due to
production losses at the Natanz uranium enrichment facility. The problem was
eventually traced to a piece of malware inserted in Siemens equipment controlling the
separation centrifuges. Later called Stuxnet, the malware was extraordinary not only
for the damage it caused, but also for how it was implanted. The equipment was not
connected to the Internet. The malware had been introduced in the supply chain,
somewhere between manufacture and delivery. [8] Stuxnet demonstrates how a
similar virus could be concealed inside critical components and timed to initiate a
simultaneous meltdown at multiple nuclear power plants. It certainly wouldn’t be
easy, but it’s certainly not improbable.
Shutting Down the Federal Reserve.
The Federal Reserve is the central banking system of the United States. The system is
comprised of a Board of Governors, a Federal Open Market Committee, and twelve
regional Federal Reserve Banks located in major cities throughout the nation. The
Federal Reserve was established in 1913 in response to the financial crisis of 1907 in
which payments were disrupted across the country because many banks refused to
clear checks drawn on other banks, eventually leading to their failure. To preclude
similar panics, the Federal Reserve was formed as a “banker’s bank” to facilitate
transactions between commercial institutions. Through its actions, the Federal
Chapter 16: Cybersecurity
The death and damages
resulting from past
national disasters might
pale in comparison to
the destruction that
could conceivably be
wrought by a
coordinated cyber
attack on selected
infrastructure.
264
Reserve influences the availability of money and credit, transacting trillions of dollars
underpinning the U.S. economy. [9] The vast majority of these transactions are
conducted electronically, between the Reserve Banks and their corporate clients. The
system is mostly closed and very well protected, but no defense is invulnerable.
Conceivably it could be compromised through a Stuxnet-like attack or by an “insider”
attack. An “insider” attack is perpetrated by someone with legitimate access
conducting unauthorized actions. Alternatively, a “phishing” attack might trick an
authorized user into divulging their access codes to a criminal agent. This last
approach is particularly disconcerting because it means system security is only as
strong as the weakest person in the chain (of course the computer system has internal
as well as external access controls, but accomplished hackers will use their initial
access to gain higher authorizations). The potential consequences of a hostile agent
shutting down the Federal Reserve are too broad to contemplate. Like electricity,
monetary transactions pervade every aspect of society, from ordering a latte to paying
the mortgage. What would happen if all forms of electronic payment halted? While
you might not be evicted for missing a mortgage payment, you also could not buy that
latte, or more importantly, buy gas for your car or groceries for your family. How long
would the Federal Reserve have to be down before panic ensued? Not long at all.
Again, it’s not easy, but it’s not impossible.
Cyberspace
As explained in the introduction, cyberspace serves as both an avenue of attack and a
means of support for other critical infrastructure. Understanding what it is, therefore,
is an important precondition to protecting it. According to the DHS Glossary of
Common Cybersecurity Terminology, cyberspace is “the interdependent network of
information technology infrastructures, that includes the Internet, telecommunications
networks, computer systems, and embedded processors and controllers.” [10]
Essentially “cyberspace” is a broad term encompassing the Internet and everything
connected to it. So what is the Internet? By definition the Internet is a “network of
networks”. The key enabling technologies are links, standards, protocols, and routers.
A link is a physical communications path between two points. A link may be wired
(copper or fiber) or wireless (light or radio), depending on required cost, distance, and
bandwidth. A link serves to transmit electronic data packets conforming to the Open
System Interconnection (OSI) standard. The source and destination of each data
packet are internally encoded in a globally unique Internet Protocol (IP) address. A link
may terminate at a router, which, in turn, may be connected to two or more links. A
router examines the destination address of each arriving packet and forwards it on to
another link to convey it closer or quicker to its final destination. It may require many
packets to transmit a single text, graphic, sound, or video object. The Transmission
Control Protocol (TCP) ensures that all packets are properly re-assembled into the
Part III: Mission Areas
The Internet is a
connected graph of links
and routers. What is
fundamentally
important to the
Internet is that each
component is
independently owned
and operated by
different public and
private agencies: the
Internet does not belong
to any single entity.
265
original object at their intended destination1. While greatly simplified and highly
abstract, the preceding description provides a physical conception of the Internet,
which may be schematically represented as shown in Figure 1.
As shown in Figure 1, the Internet is a connected graph of links and routers. What is
not shown, and what is fundamentally important to the Internet, is that each
component is independently owned and operated by different public and private
agencies: the Internet does not belong to any single entity. It is a collection of diverse
Chapter 16: Cybersecurity
1A “message” may be digitized text, graphics, sound, or video. Sound and video packets may be
transmitted using the User Datagram Protocol (UDP) which trades speed for reliability compared to TCP. A
few lost sound or video packets will not be discernable to the human ear or eye.
Figure 16-1: Schematic Representation of a Portion of the Internet
266
components conforming to an agreed set of engineering standards. The individual
owners are collectively called Internet Service Providers (ISPs). The Internet is built and
grows as ISPs join their networks with those of other ISPs.
ISPs are unofficially classified into “Tiers” based on the size of their networks and how
they connect with other ISPs. ISPs connect to each other through either a “peering” or
“transit” agreement. Peering is when a pair of ISPs establish a reciprocal agreement to
connect with each other and exchange traffic without charge. On the other hand, a
transit relationship requires some form of fee based on the amount of traffic shared
between the ISPs. [11] Accordingly, ISPs are classified as Tier 1, Tier 2, or Tier 3. Tier 1
ISPs are the largest, and peer with other Tier 1 ISPs to reach every other ISP on the
Internet without purchasing transit. Table 1 lists the seven U.S. Tier 1 ISPs. Tier 2 ISPs
peer with some ISPs, but purchase transit to reach at least some portion of the
Internet. Examples of Tier 2 ISPs are major cable, Digital Service Link (DSL), and mobile
providers. Tier 3 ISPs must purchase transit from other ISPs to access the Internet.
Examples of Tier 3 ISPs are small regional providers, small mobile providers, and
university networks. [12]
Part III: Mission Areas
Table 16-1: U.S. Tier 1 ISPs [13]
1. AT&T 5. Level 3
2. Verizon 6. NTT/Verio
3. Spring 7. Cogent
4. Century Link
Figure 16-2: Internet ISP Tiers
The individual owners
are collectively called
Internet Service
Providers (ISPs). The
Internet is built and
grows as ISPs join their
networks with those of
other ISPs.
267
Transiting and peering between ISPs is facilitated by Internet Exchange Points (IXPs).
The primary role of an IXP is to keep local traffic local and reduce the costs associated
with traffic exchange between Internet providers. IXPs are a vital part of the Internet.
Without them, the Internet would not function efficiently because the different
networks that make up the Internet would need to directly interconnect with every
other network in order to be able to exchange traffic with each other. [15]
The compelling benefits of IXPs spurred their rapid global growth. As of 2012, there
were 350 IXPs operational worldwide. The US has about 86 IXPs strategically located
across the country. Other countries with more than 10 IXPs are: Australia (11), Brazil
(19), France (15), Germany (14), Japan (16), Russia (14), Sweden (12), and United
Kingdom (12). [15]
As mentioned previously, the Internet is not owned by any single entity, however, it
does rely on central services to ensure unique Internet Protocol addresses for each
component connected to it. IP addresses are controlled by the Internet Corporation
for Assigned Names and Numbers (ICANN). ICANN is a global non-profit agency
operating out of Los Angeles California. IP addresses come in two forms: 1) human-
readable, i.e., “alias”, and 2) machine-readable, i.e., “numeric”. While the human-
readable address is easier for people to remember (e.g., facebook.com, Google.com,
Amazon.com), the machine-readable address is the form required by routers (e.g.,
173.252.120.6, 74.125.70.102, 72.21.215.232). Accordingly, the Internet relies on
Chapter 16: Cybersecurity
Figure 16-3: IXP Role in Today’s Internet [16]
Internet Exchange
Points (IXPs) are a vital
part of the Internet.
Without them, the
Internet would not
function efficiently
because the different
networks that make up
the Internet would need
to directly interconnect
with every other
network in order to be
able to exchange traffic
with each other.
268
Domain Name Services (DNS) to translate one form of IP address into another and help
route traffic along the Internet. DNS is maintained by a department of ICANN called
the Internet Assigned Numbers Authority (IANA). IANA operates and maintains DNS
services provided by hundreds of computers known as root servers located in many
countries in every region of the world. Root servers contain the IP addresses of all the
Top-Level Domain (TLD) registry name servers; e.g., “.com” and “.de”. Root servers
“translate” aliases into numbers. They perform a critical if somewhat “back-office”
role in ensuring the continuity and therefore reliability of the Internet. [17]
Cyber Attack
The 1984 Counterfeit Access Device and Computer Fraud & Abuse Act (18 USC S1030)
prohibits unauthorized access to computers used by the Federal government, banks,
and otherwise used for interstate or international commerce. Due to the inter-state
nature of the Internet, the law is interpreted to mean most all computers including cell
phones. A 1986 amendment further criminalized the distribution of malicious code,
trafficking in passwords, and denial of service attacks. [18] According to the U.S.
National Research Council, a cyber attack is any “deliberate action to alter, disrupt,
deceive, degrade, or destroy computer systems or networks or the information and /or
programs resident in or transiting these systems or networks.” [19, p. 9] There are
many different ways to mount a cyber attack as illustrated in Figure 4. According to a
2014 report by the Center for Strategic and International Studies, the two most
common attack methods are social engineering and vulnerability exploitation.
According to the Center, social engineering is where an attacker tricks a user into
granting access, and vulnerability exploitation is where an attacker takes advantage of
a programming or implementation failure to gain access. [20, p. 10] According to the
report, cybercrime is a growth industry because the returns are great and the risks are
low. The Center estimates that the annual cost to the global economy is more than
$400 billion, yet most cybercrime goes unreported, and few cybercriminals are caught
or even identified. [20, p. 2&4]
Cyber Security
The DHS Glossary of Common Cybersecurity Terminology defines cybersecurity as “the
activity or process, ability or capability, or state whereby information and
communications systems and the information contained therein are protected from
and/or defended against damage, unauthorized use or modification, or exploitation.
[10] Cybersecurity is also a growth industry. According to the Center for Strategic and
International Studies, the global market for cybersecurity products and services is $58
billion and growing annually. [20, p. 17] In concept, cybersecurity is very simple. All you
have to do is ensure the confidentiality, integrity, and availability of the computer
system and its data. Confidentiality ensures the system and data are not accessed by
an unauthorized agent. Integrity ensures that the system and data are not corrupted
by an unauthorized agent. Availability ensures that the system and data are always
Part III: Mission Areas
The 1984 Counterfeit
Access Device and
Computer Fraud &
Abuse Act (18 USC
S1030) prohibits
unauthorized access to
computers used by the
Federal government,
banks, and otherwise
used for interstate or
international commerce.
Due to the inter-state
nature of the Internet,
the law is interpreted to
mean most all
computers including cell
phones.
269
accessible when needed. [21, pp. 1-2] These seemingly simple goals, however, are
very difficult to attain because computers are inherently stupid and fragile. Computers
are stupid, because unlike humans, computers are incapable of making value
judgments regarding their actions and will perform as directed regardless of outcome,
even if the consequences are catastrophic. Computers are also fragile; a single wrong
character can disrupt millions of lines of code, compared to buildings which do not
collapse because one brick fails. Finding such flaws is impossible. Even a small 100-
line program with some nested paths and a single loop executing less than twenty
times may contain 100 trillion paths. Assuming each path could be evaluated in a
millisecond (one-thousandth of a second), testing would take 3170 years. [22] The
cumulative effect makes computers inherently vulnerable to diversion from their
intended purpose, either through oversight or tampering.
Chapter 16: Cybersecurity
Figure 16-4: AVOIDIT Cyber Attack Taxonomy [23]
270
Protecting Cyberspace
Section 103 of the Homeland Security Act made the Department of Homeland Security
responsible for cybersecurity at the same time it made it responsible for critical
infrastructure protection. [24] As an infrastructure, the Internet underpins the
functioning of most other infrastructures, making it essential to the economy and
security of the United States. [25, p. 1] Although the Internet is comprised of billions of
components globally, it depends on only a thousand to maintain proper functioning,
offering a relatively small set of lucrative targets capable of incapacitating the Internet.
These include the Internet Exchange Points and DNS Root Servers. Any number of
attacks could possibly be launched and some have already been attempted against
these high-value assets. In October 2002, a Distributed Denial of Service (DDoS) attack
succeeded in affecting 9 of 13 root servers, and at least two root servers “suffered
badly” from another attack in February 2007. [26] Because IXPs are designed to
manage large traffic loads, a specific type of DDoS attack called a Cross-Plane Session
Termination (CXPST) attack employing about 250,000 “bots” would be needed. It is
surmised that a well targeted and well timed attack could take down significant parts
of the Internet. [16, p. 48]
As an infrastructure, the Internet is included in the DHS National Infrastructure
Protection Plan (NIPP). The DHS National Cyber Security Division (NCSD) under the
Office of Cybersecurity and Communications (CS&C) is the Sector Specific Agency (SSA)
for the Information Technology (IT) Sector. DHS has no regulatory authority over the IT
sector. NCSD, therefore, works in voluntary cooperation with private partners in the
Sector Coordinating Council (SCC), including some Tier 1 Internet Service Providers
listed in Table 1. As part of the NIPP, DHS supports an IT Information Sharing and
Analysis Center (IT-ISAC) to promote the exchange of threat and security information
among SCC partners. Private organizations may also report cyber incidents to the DHS
National Incident Coordinating Center (NICC). In 2010, NCSD worked with sector
partners to produce the IT Sector Specific Plan (IT-SSP). The 2010 IT-SSP reported the
results of a 2008-2009 IT Sector Baseline Risk Assessment (ITSRA), noting concerns
about DNS root services. [27] ITSRA appears to be a one-off study, conducted as the
NIPP Risk Management Framework (RMF) was still gaining traction. In May 2013, DHS
noted the use of an NCSD-developed Cyber Assessment Risk Management Approach
(CARMA) for conducting risk assessment of cyber assets in conjunction with the NIPP
Risk Management Framework. [28]
The basic problem of the Internet is that it is a victim of its own success. Originally
designed as a research tool for a trusted community of researchers, the Internet has
expanded well beyond its original design specifications and must today operate in an
environment that cannot be trusted.
Part III: Mission Areas
Although the Internet is
comprised of billions of
components globally, it
depends on only a
thousand to maintain
proper functioning,
offering a relatively
small set of lucrative
targets capable of
incapacitating the
Internet. These include
the Internet Exchange
Points and DNS Root
Servers.
271
Protecting Infrastructure from Cyberspace
Many critical infrastructures including electricity transmission systems, gas pipelines,
and water distribution systems rely on Industrial Control Systems (ICSs) to monitor and
control physical objects and devices, such as switches and valves that are often located
in remote locations. Industrial Control Systems include Supervisory Control and Data
Acquisition (SCADA) systems, Distributed Control Systems (DCSs), Programmable Logic
Controllers (PLCs), and General-Purpose Controllers (GPCs). Most ICSs began as
proprietary, stand-alone systems that were separated from the rest of the world and
isolated from most external sources. Today, widely available software applications,
Internet-enabled devices and other nonproprietary information technology offerings
have been integrated into most ICSs. This connectivity has delivered many benefits,
but it also has increased the vulnerability of these systems to malicious attacks,
equipment failures, and other threats. ICS disruptions or failure can result in death or
injury, property damage, and loss of critical services. [29]
In 2004, the Department of Homeland Security’s National Cybersecurity Division
established the Control Systems Security Program (CSSP), which was chartered to work
with control systems security stakeholders through awareness and outreach programs
that encourage and support coordinated control systems security enhancement
efforts. In 2009, the CSSP established the Industrial Control System Joint Working
Group (ICSJWG) as a coordination body to facilitate the collaboration of control system
stakeholders and to encourage the design, development and deployment of enhanced
security for control systems. In 2011, the ICSJWG released a Cross-Sector Roadmap for
Cybersecurity. [29]
Industrial Control Systems present a particularly worrisome problem as a coordinated
attack might result in some form of worst case scenario examined at the beginning of
this chapter. Accordingly, in 2010 DHS released a National Cyber Incident Response
Plan (NCIRP) describing how it would prepare for, respond to, and begin to coordinate
recovery from a significant cyber incident. A significant cyber incident is classified as a
Level 2, “substantial” incident on the National Cyber Risk Alert Level (NCRAL) shown in
Table 2. Threat levels are monitored at the DHS National Cybersecurity and
Communications Integration Center (NCCIC), a 24-hour operations center ready to
coordinate a national cyber incident response. Among its assets, the NCCIC has access
to both the US-CERT and ICS-CERT. [30]
Chapter 16: Cybersecurity
Industrial Control
Systems present a
particularly worrisome
problem as a
coordinated attack
might result in some
form of worst case
scenario. Accordingly,
in 2010 DHS released a
National Cyber Incident
Response Plan (NCIRP)
describing how it would
prepare for, respond to,
and begin to coordinate
recovery from a
significant cyber
incident.
272
U.S. Computer Emergency Readiness Team (US-CERT). US-CERT is a partnership
between DHS and the public and private sectors. US-CERT is charged with providing
response support and defense against cyber attacks for the Federal Civil Executive
Branch (.gov) and information sharing and collaboration among State, Local, Tribal and
Territorial governments, industry, and international partners. US-CERT interacts with
Federal agencies, industry, the research community, State, Local, Tribal and Territorial
governments, and other entities to disseminate reasoned and actionable cybersecurity
information to the public. US-CERT also provides a way for citizens, businesses, and
other institutions to communicate and coordinate directly with the U.S. Government
about cybersecurity. [30, pp. N-2]
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). ICS-CERT
provides focused operational capabilities for defending control system environments
against emerging cyber threats. ICS-CERT provides efficient coordination of control
systems-related security incidents and information sharing with Federal, State, Local,
Tribal and Territorial agencies and organizations; the Intelligence Community (IC);
private sector constituents, including vendors, owners, and operators; and
international and private sector CERTs. ICS-CERT leads this effort by responding to and
analyzing control systems-related incidents, conducting vulnerability and malware
analysis, providing onsite support for forensic investigations, and providing situational
awareness in the form of actionable intelligence and reports. [30, pp. N-2]
Part III: Mission Areas
Table 16-2: DHS National Cyber Risk Alert Levels
Level Label Risk Response
1 Severe Highly disruptive levels of
consequences are occurring or
imminent
Response functions are overwhelmed, and top-level
national executive authorities and engagements are
essential. Exercise of mutual aid agreements and
Federal/non-Federal assistance is essential
2 Substantial Observed or imminent degradation
of critical functions with moderate to
significant level of consequences,
possibly coupled with indicators of
higher levels of consequences
impending
Surged posture becomes indefinitely necessary, rather
than only temporarily. The DHS Secretary is engaged,
and appropriate designation of authorities and
activation of Federal capabilities such as the Cyber
Unified Command Group take place. Other similar
non-Federal incident response mechanisms are
engaged
3 Elevated Early indications of, or the potential
for but no indicators of, moderate to
severe levels of consequences
Upward shift in precautionary measures occurs.
Responding entities are capable of managing
incidents/events within the parameters of normal, or
slight enhanced, operational posture
4 Guarded Baseline of risk acceptance Baseline operations, regular information sharing,
exercise of processes and procedures, reporting, and
mitigation strategy continue without undue disruption or
resource allocation
273
The DHS NCCIC primarily serves as a warning and alerting system. While the US-CERT
and ICS-CERT may provide analysis and recommendations, DHS does not have
deployable cyber units that will show up onsite and fix your cyber problems. The
closest such capability is being built by the Department of Defense (DoD) as part of
their National Cyber Mission Force (CMF) promulgated under the DoD’s Cyber
Strategy. The DoD Cyber Strategy has three missions: 1) defend DoD networks,
systems, and information; 2) defend the U.S. homeland and U.S. national interests
against cyber attacks of significant consequence; and 3) provide cyber support to
military operational and contingency plans. Towards this end, DoD will develop 68
Cyber Protection Teams (CPTs) to perform the first mission; 13 National Mission Teams
(NMTs) for the second mission; 27 Combat Mission Teams (CMTs) for the third mission;
and 25 National Support Teams (NSTs) to assist them all. [31]
The 13 National Mission Teams comprising the National Mission Force (NMF) will be
supported by 8 NSTs (also called Direct Support Teams), and will be designed to defend
the nation against strategic cyber attacks on U.S. interests. Reportedly, the NMTs will
employ counter-cyber force to stop cyber attacks and malicious cyber activity of
significant consequences against the nation. [32, p. 9]
While details remain sketchy, it appears the NMTs will only be employed in the case of
foreign cyber attack. Attribution is a thorny problem when it comes to cyber attack. As
was already mentioned, few cyber criminals are identified let alone caught. The
implication is that NMTs will have very limited domestic utility, and there will be no
cyber cavalry coming to the rescue in the event of a significant domestic cyber attack.
Ultimately, infrastructure owners/operators must rely on their own devices to protect
their assets.
Protecting Cyber Assets
In February 2013, President Obama signed EO 13636, Improving Critical Infrastructure
Cybersecurity, assigning the National Institute of Standards and Technology (NIST)
responsibility for developing a Cybersecurity Framework. The framework was to form
the basis for a Voluntary Critical Infrastructure Cybersecurity Program that would
encourage critical infrastructure owners and operators to improve the security of their
information networks. NIST released Version 1.0 of the Framework February 12, 2014.
[33, p. 13]
Chapter 16: Cybersecurity
The DHS National
Cybersecurity and
Communications
Integration Center
(NCCIC) primarily serves
as a warning and
alerting system. While
the US-CERT and ICS-
CERT may provide
analysis and
recommendations, DHS
does not have
deployable cyber units
that will show up onsite
and fix your cyber
problems.
274
EO 13636 also required those agencies with regulatory authority over certain critical
infrastructure owner and operators to evaluate whether “the agency has clear
authority to establish requirements… to sufficiently address current and project cyber
risks to critical infrastructure.” Although DHS has no regulatory authority over Internet
Service Providers, as the Sector Specific Agency DHS recommended voluntary
application of cybersecurity measures for the Information Technology sector. [34]
The NIST Cybersecurity Framework is a risk-based approach to managing cybersecurity
risk, and is composed of three parts: the Framework Core, the Framework
Implementation Tiers, and the Framework Profiles. Each Framework component
reinforces the connection between business drivers and cybersecurity activities. [35]
The Framework Core is a set of cybersecurity activities, desired outcomes, and
applicable references that are common across critical infrastructure sectors. The Core
presents industry standards, guidelines, and practices in a manner that allows for
communication of cybersecurity activities and outcomes across the organization from
the executive level to the implementation/operations level. The Framework Core
consists of five concurrent and continuous Functions—Identify, Protect, Detect,
Respond, Recover. When considered together, these Functions provide a high-level,
strategic view of the lifecycle of an organization’s management of cybersecurity risk.
The Framework Core then identifies underlying key Categories and Subcategories for
each Function, and matches them with example Informative References such as
existing standards, guidelines, and practices for each Subcategory. [35]
Framework Implementation Tiers (“Tiers”) provide context on how an organization
views cybersecurity risk and the processes in place to manage that risk. Tiers describe
the degree to which an organization’s cybersecurity risk management practices exhibit
the characteristics defined in the Framework (e.g., risk and threat aware, repeatable,
and adaptive). The Tiers characterize an organization’s practices over a range, from
Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal,
reactive responses to approaches that are agile and risk-informed. During the Tier
selection process, an organization should consider its current risk management
practices, threat environment, legal and regulatory requirements, business/mission
objectives, and organizational constraints. [35]
Part III: Mission Areas
In February 2013,
President Obama signed
EO 13636 directing the
National Institute of
Standards and
Technology (NIST) to
develop a Cybersecurity
Framework. A year
later, NIST released v1.0
of a framework that was
to form the basis of a
Voluntary Cybersecurity
Program encouraging
critical infrastructure
owners and operators to
improve the security of
their information
networks.
275
A Framework Profile (“Profile”) represents the outcomes based on business needs that
an organization has selected from the Framework Categories and Subcategories. The
Profile can be characterized as the alignment of standards, guidelines, and practices to
the Framework Core in a particular implementation scenario. Profiles can be used to
identify opportunities for improving cybersecurity posture by comparing a “Current”
Profile (the “as is” state) with a “Target” Profile (the “to be” state). To develop a
Profile, an organization can review all of the Categories and Subcategories and, based
on business drivers and a risk assessment, determine which are most important; they
can add Categories and Subcategories as needed to address the organization’s risks.
The Current Profile can then be used to support prioritization and measurement of
progress toward the Target Profile, while factoring in other business needs including
cost-effectiveness and innovation. Profiles can be used to conduct self-assessments
and communicate within an organization or between organizations. [35]
While the NIST Cybersecurity Framework doesn’t explain how, it is assumed that an
asset’s profile can be mapped to a tier level. Presumably the higher the tier level, the
more secure the asset. But this is all about risk management, so there are no
guarantees.
Conclusion
Cybersecurity as a mission of homeland security has come full circle. Recognizing that
the growing use of the Internet portended a potential avenue of attack, the 1997
Report of the President’s Commission on Critical Infrastructure can be considered the
beginning of homeland security. PDD-63 laid the foundation for the critical
infrastructure protection mission. Whereas PDD-63 was focused on cyber threats to
infrastructure, HSPD-7 understandably gave priority to physical threats after the
example of 9/11. In response to the growing frequency and ferocity of cyber attacks
on the nation, PPD-21 restored the primacy of cybersecurity to homeland security.
Cybersecurity and critical infrastructure protection are inseparable. Aware of the
potential worst case scenarios, today we remain an ever vigilant nation against cyber
attack.
Chapter 16: Cybersecurity
276
Part III: Mission Areas
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. How is cybersecurity related to critical infrastructure protection?
2. Why does cyber attack hold so much destructive potential?
3. Of the possible worst case scenarios, which do you think would be most devastating? Explain.
4. Of the possible worst case scenarios, which do you think would be most long lasting? Explain.
5. Who owns the Internet?
6. Who manages the Internet?
7. According to the 1984 Counterfeit Access Device and Computer Fraud & Abuse Act, which of the following actions
constitute a crime?
a. Accessing a computer without the owner’s consent.
b. Probing a network to assess its security measures.
c. Disconnecting the Internet to contain a virus.
8. List and describe two potential targets that could shutdown the Internet.
9. What is DHS’s role in cybersecurity?
10. How many cyber teams does DHS have ready to deploy in the event of a national emergency?
277
Chapter 17: Counterterrorism
Counterterrorism
Careful study of this chapter will help a student do the following:
Explain how terrorism uniquely distinguishes the crime of assault.
Explain why Islamic extremism is considered a terrorist threat.
Evaluate the 2011 National Strategy for Counterterrorism.
Assess the different roles of the FBI and DHS under PDD-39/HSPD-5.
Discuss the primary means for dealing with known terrorists, foreign or domestic.
Compare different options for dealing with foreign terrorists.
Chapter 17
Learning Outcomes
278
“Those who would give up essential Liberty, to purchase a little temporary Safety,
deserve neither Liberty nor Safety.”
– Benjamin Franklin, November 11, 1755
Introduction
9/11 was largely seen as a failure of coordination between Law Enforcement and the
Intelligence Community. While debating the role and structure of the new Department
of Homeland Security, Congress briefly considered subordinating the Intelligence
Community under the direction of the new Department. Concerns over potential
abuses infringing on civil liberties, however, quickly ended this consideration. Instead,
DHS was assigned a role of bridging the gap between the Law Enforcement and
Intelligence Communities to prevent future such attacks. While the Department of
Homeland Security plays an integral role filling the gaps exposed by 9/11, primary
responsibility for counterterrorism remains with the Federal Bureau of Investigation.
This chapter will briefly examine the threat, the roles and relationships of the
responsible Federal agencies, and what they’re doing to counter it.
Terrorism
As has already been seen, terrorism is a crime distinguished by motive. Terrorism is
defined in Title 18 United States Code, Section 2331, as “Acts dangerous to human life
that are a violation of the criminal laws of the United States or of any State, that
appear to be intended to intimidate or coerce a civilian population; influence the policy
of a government by intimidation or coercion; or to affect the conduct of a government
by mass destruction, assassination, or kidnapping.” The particular crime is assault.
There are many different types of assault, all of them generally illegal. What
distinguishes terrorism is the motive behind the assault; an intention to intimidate or
coerce the U.S. population or government.
Terrorists, accordingly, are people guilty of the crime of terrorism. They need not
execute the crime to be guilty of it. Merely planning the crime makes them guilty of
criminal conspiracy, which makes the planners terrorists. Similarly, even though
terrorism is a crime under U.S. law, it does not just apply to U.S. citizens. Anybody
guilty of planning or committing a crime on U.S. territory is subject to U.S. law, and
may therefore be brought before U.S. justice.
Terrorism, as a motive, is a homeland security concern. Unfortunately, terrorism and
homeland security have become synonymous. It is important to understand the
difference. Certainly the 9/11 hijackers were terrorists by every means of the
definition. So was Timothy McVeigh, the criminal behind the 1995 Oklahoma City
Bombing. While terrorism is a concern for homeland security, it is not the homeland
Part III: Mission Areas
Assault of any type is
generally illegal. What
distinguishes terrorism
is the motive behind the
assault; an intention to
intimidate or coerce the
U.S. population or
government.
279
security concern. As has been shown, the homeland security concern is about
domestic catastrophic destruction. While terrorism may be one motivating factor, it is
not the only motivating factor. As Hurricane Katrina demonstrated, homeland security
threats need have no motive whatsoever.
A similar confusion seems to relate terrorism to mass murder. The two are not the
same. The act of “mass killing” is defined by the 2012 Investigative Assistance for
Violent Crimes Act (28 USC 530C) as “three or more killings in a single incident”. Thus
the 1999 shootings that killed 13 at Columbine High School CO, 2012 shootings that
killed 26 at Sandy Hook Elementary School CT, and 2007 shootings that killed 32 at
Virginia Technical University, VA may be labeled “mass killings”, but no evidence
indicates that the shooters harbored terrorist motives. They were not terrorist
incidents.
The Terrorist Threat
From a legal standpoint, the terrorist threat is nothing more than criminal assault
undertaken for the purpose of extorting the U.S. government. Of course all crime is to
be discouraged, but what makes this particular class of crime a national priority? The
short answer is 9/11; Oklahoma City too. In both cases, terrorist motives drove the
perpetrators to extreme measures. Their crimes were shocking in both their
magnitudes and proportions. It is concern about preventing another 9/11 that
distinguishes terrorism. And because of their anti-government sentiment, domestic
militias and radical Islamists are a particular concern.
The militia movement is a relatively new right-wing extremist movement consisting of
armed paramilitary groups, both formal and informal, with an anti-government,
conspiracy-oriented ideology. Militia groups began to form not long after the deadly
standoff at Waco, Texas, in 1993; by the spring of 1995, they had spread to almost
every state. Many members of militia groups have been arrested since then, usually on
weapons, explosives and conspiracy charges. Although the militia movement has
declined in strength from its peak in early 1996, it remains an active movement,
especially in the Midwest, and continues to cause a number of problems for law
enforcement and the communities in which militia groups are active. [1]
Radical Islamists, also known as Fundamental Islamists, Islamic Extremists, and Militant
Islamists, came to be represented by Osama bin Laden’s organization, al Qaeda,
following the 9/11 attacks. Al Qaeda became a rallying point for disaffected Muslims
who sought to strike at the United States directly during operations in Iraq and
Afghanistan. Founded on the writings of Sayyid Qutb, Al Qaeda fought to restore Islam
by establishing “true Islamic states”, implementing sharia, and eliminating non-Muslim
influences and the enemies of Islam, which in their view the United States figured
Chapter 17: Counterterrorism
Terrorism is a crime
under Title 18 USC,
S2331. Anybody guilty
of planning or
committing a terrorist
act on U.S. territory, or
against a U.S. citizen
anywhere , is subject to
U.S. law and may be
brought before U.S.
justice.
280
prominently. [2] The al Qaeda movement continued long after bin Laden went into
hiding and was eventually killed. Then in 2013, al Qaeda was eclipsed by the Islamic
State (IS). The movement consolidated various opposition forces, including elements
of al Qaeda, to support armed insurgencies in Iraq and Syria. Two years after U.S.
troops withdrew from Iraq in 2011, IS forces overran western Iraq and parts of Syria
and claimed the territory as part of a new Islamic Caliphate. IS became notorious for
broadcasting executions of captured western prisoners. IS also claimed responsibility
for the November 2015 attacks that killed 130 people in Paris. [3] The U.S. accordingly
renewed its commitment of military support to assist Iraq in driving back IS, and
similarly strengthened military operations against IS in Syria. Given their past records
of attack and avowed enmity towards the United States, the prevailing concern is that
either al Qaeda or IS might seek to mount another 9/11 or similar attack against the
U.S.
Counterterrorism
Following the Tokyo Subway and Oklahoma City attacks, on June 21 1995 President
Clinton issued Presidential Decision Directive No. 39 (PDD-39) stating U.S. Policy on
Counterterrorism: “The United States regards all such terrorism as a potential threat to
national security as well as a criminal act and will apply all appropriate means to
combat it. In doing so, the U.S. shall pursue vigorously efforts to deter and preempt,
apprehend and prosecute, or assist other governments to prosecute, individuals who
perpetrate or plan to perpetrate such attacks.” [4] The shorthand description for these
activities is “counterterrorism”, abbreviated “CT”. Counterterrorism is defined in Joint
Publication 3-26 as “Activities and operations taken to neutralize terrorists and their
organizations and networks in order to render them incapable of using violence to
instill fear and coerce governments or societies to achieve their goals.” [5, pp. GL-3]
National Strategy for Counterterrorism
The 2011 National Strategy for Counterterrorism articulates the U.S. Government’s
approach to countering terrorism and identifies the range of tools employed by the
strategy. Though specifically directed against the threat of al Qaeda, the same
approach applies to IS. [6, p. 2] The 2011 Strategy identified eight overarching goals:
1. Protect the American People, Homeland, and American Interests. The most solemn
responsibility of the President and the United States Government is to protect the
American people, both at home and abroad. This includes eliminating threats to
their physical safety, countering threats to global peace and security, and
promoting and protecting U.S. interests around the globe. [6, p. 8]
Part III: Mission Areas
Because of their anti-
government sentiment,
domestic militias and
radical Islamists are a
particular terrorist
concern.
281
2. Disrupt, Degrade, Dismantle, and Defeat al-Qa‘ida and Its Affiliates and Adherents.
The American people and interests will not be secure from attacks until this threat
is eliminated—its primary individuals and groups rendered powerless, and its
message relegated to irrelevance. [6, p. 8]
3. Prevent Terrorist Development, Acquisition, and Use of Weapons of Mass
Destruction. The danger of nuclear terrorism is the greatest threat to global
security. Terrorist organizations, including al-Qa‘ida, have engaged in efforts to
develop and acquire weapons of mass destruction (WMD)—and if successful, they
are likely to use them. Therefore, the United States will work with partners around
the world to deter WMD theft, smuggling, and terrorist use; target and disrupt
terrorist networks that engage in WMD-related activities; secure nuclear,
biological, and chemical materials; prevent illicit trafficking of WMD-related
materiel; provide multilateral nonproliferation organizations with the resources,
capabilities, and authorities they need to be effective; and deepen international
cooperation and strengthen institutions and partnerships that prevent WMD and
nuclear materials from falling into the hands of terrorists. Success will require us to
work with the international community in each of these areas while establishing
security measures commensurate with the threat, reinforcing counter-smuggling
measures, and ensuring that all of these efforts are sustained over time. [6, pp. 8-
9]
4. Eliminate Safehavens. Al-Qa‘ida and its affiliates and adherents rely on the physical
sanctuary of ungoverned or poorly governed territories, where the absence of
state control permits terrorists to travel, train, and engage in plotting. In close
coordination with foreign partners, the United States will continue to contest and
diminish al-Qa‘ida’s operating space through mutually reinforcing efforts designed
to prevent al-Qa‘ida from taking advantage of these ungoverned spaces. We will
also build the will and capacity of states whose weaknesses al-Qa‘ida exploits.
Persistent insecurity and chaos in some regions can undermine efforts to increase
political engagement and build capacity and provide assistance, thereby
exacerbating chaos and insecurity. Our challenge is to break this cycle of state
failure to constrict the space available to terrorist networks. [6, p. 9]
5. Build Enduring Counterterrorism Partnerships and Capabilities. Foreign partners
are essential to the success of our CT efforts; these states are often themselves the
target of—and on the front lines in countering—terrorist threats. The United
States will continue to rely on and leverage the capabilities of its foreign partners
even as it looks to contribute to their capacity and bolster their will. To achieve our
objectives, partners must demonstrate the willingness and ability to operate
independently, augmenting and complementing U.S. CT efforts with their unique
insights and capabilities in their countries and regions. Building strong enduring
partnerships based on shared understandings of the threat and common
objectives is essential to every one of our overarching CT objectives. Assisting
partners to improve and expand governance in select instances is also critical,
including strengthening the rule of law so that suspected terrorists can be brought
Chapter 17: Counterterrorism
Radical Islamists, also
known as Fundamental
Islamists, Islamic
Extremists, and Militant
Islamists, came to be
represented by al
Qaeda. Founded on the
writings of Sayyid Qutb,
Al Qaeda fought to
restore Islam by
establishing “true
Islamic states”,
implementing sharia,
and eliminating non-
Muslim influences and
the enemies of Islam,
which in their view the
United States figured
prominently.
282
to justice within a respected and transparent system. Success will depend on our
ability to work with partners bilaterally, through efforts to achieve greater regional
integration, and through multilateral and international institutions. [6, p. 9]
6. Degrade Links between al-Qa‘ida and its Affiliates and Adherents. Al-Qa‘ida senior
leaders in Pakistan continue to leverage local and regional affiliates and adherents
worldwide through formal and informal alliances to advance their global agenda.
Al-Qa‘ida exploits local grievances to bolster recruitment, expand its operational
reach, destabilize local governments, and reinforce safehavens from which it and
potentially other terrorist groups can operate and attack the United States.
Together with our partners, we will degrade the capabilities of al-Qa‘ida’s local and
regional affiliates and adherents, monitor their communications with al-Qa‘ida
leaders, drive fissures between these groups and their bases of support, and
isolate al-Qa‘ida from local and regional affiliates and adherents who can augment
its capabilities and further its agenda. [6, p. 9]
7. Counter al-Qa‘ida Ideology and Its Resonance and Diminish the Specific Drivers of
Violence that al-Qa‘ida Exploits. This Strategy prioritizes U.S. and partner efforts to
undercut al-Qa‘ida’s fabricated legitimization of violence and its efforts to spread
its ideology. As we have seen in the Middle East and North Africa, al-Qa‘ida’s calls
for perpetual violence to address longstanding grievances have met a devastating
rebuke in the face of nonviolent mass movements that seek solutions through
expanded individual rights. Along with the majority of people across all religious
and cultural traditions, we aim for a world in which al-Qa‘ida is openly and widely
rejected by all audiences as irrelevant to their aspirations and concerns, a world
where al-Qa‘ida’s ideology does not shape perceptions of world and local events,
inspire violence, or serve as a recruiting tool for the group or its adherents.
Although achieving this objective is likely to require a concerted long-term effort,
we must retain a focus on addressing the near-term challenge of preventing those
individuals already on the brink from embracing al-Qa‘ida ideology and resorting to
violence. We will work closely with local and global partners, inside and outside
governments, to discredit al-Qa‘ida ideology and reduce its resonance. We will put
forward a positive vision of engagement with foreign publics and support for
universal rights that demonstrates that the United States aims to build while al-
Qa‘ida would only destroy. We will apply focused foreign and development
assistance abroad. At the same time, we will continue to assist, engage, and
connect communities to increase their collective resilience abroad and at home.
These efforts strengthen bulwarks against radicalization, recruitment, and
mobilization to violence in the name of al-Qa‘ida and will focus in particular on
those drivers that we know al-Qa‘ida exploits. [6, pp. 9-10]
Part III: Mission Areas
The 2011 National
Strategy for
Counterterrorism
articulates the U.S.
Government’s approach
to countering terrorism
and identifies the range
of tools employed by the
strategy. Though
specifically directed
against the threat of al
Qaeda, the same
approach applies to
Islamic State (IS).
283
8. Deprive Terrorists of their Enabling Means. Al-Qa‘ida and its affiliates and
adherents continue to derive significant financial support from donors in the
Persian Gulf region and elsewhere through kidnapping for ransom and from
exploitation of or control over lucrative elements of the local economy. Terrorist
facilitation extends beyond the financial arena to those who enable travel of
recruits and operatives; acquisition and movement of materiel; and electronic and
non-electronic communication. The United States will collaborate with partner
nations around the world to increase our collective capacity to identify terrorist
operatives and prevent their travel and movement of supplies across national
borders and within states. We will continue to expand and enhance efforts aimed
at blocking the flow of financial resources to and among terrorist groups and to
disrupt terrorist facilitation and support activities, imposing sanctions or pursuing
prosecutions to enforce violations and dissuade others. We will also continue our
focus on countering kidnapping for ransom, which is an increasingly important
funding source for al-Qa‘ida and its affiliates and adherents. Through our
diplomatic outreach, we will continue to encourage countries—especially those in
Europe—to adopt a policy against making concessions to kidnappers while using
tailored messages unilaterally and with our partners to delegitimize the taking of
hostages. Mass media and the Internet in particular have emerged as enablers for
terrorist planning, facilitation, and communication, and we will continue to
counter terrorists’ ability to exploit them. [6, p. 10]
Counterterrorism Responsibilities
PDD-39 placed responsibility for U.S. counterterrorism efforts with the Department of
Justice (DOJ) and the Department of State (DOS). PDD-39 made the Federal Bureau of
Investigation (FBI) under DOJ responsible for preventing and responding to domestic
terrorist attacks. Conversely, PDD-39 made the State Department responsible through
its ambassadors for coordinating response to attacks on U.S. interests overseas. [4]
Following 9/11, Homeland Security Presidential Directive No. 5 modified these roles
making the Department of Homeland Security responsible for coordinating the Federal
response to domestic incidents, including terrorist attacks. Otherwise, HSPD-5
preserved the FBI’s role with investigating and prosecuting acts of terrorism, and DOS
retained its role of protecting U.S. interests overseas. [7]
FBI Counterterrorism
The FBI is the lead federal law enforcement agency charged with counterterrorism
investigations. This includes terrorist acts committed within and outside U.S. national
boundaries. Since the 9/11 attacks, the FBI has implemented a series of reforms
intended to transform itself from a largely reactive law enforcement agency focused
on investigations of criminal activity into a more proactive, agile, flexible, and
intelligence-driven agency that can prevent acts of terrorism. [8, p. ii] The FBI’s post-
9/11 transformation is particularly evident in four areas: The USA PATRIOT Act
Chapter 17: Counterterrorism
PDD-39 made the FBI
responsible for
preventing and
responding to domestic
terrorist attacks. In
2003, after
establishment of the
Department of
Homeland Security,
HSPD-5 amended PDD-
39 making DHS
responsible for
coordinating the Federal
response to domestic
incidents, including
terrorist attacks.
284
provided the FBI additional authorities and enhanced investigative tools. The FBI and
DOJ altered the way the Bureau investigated terrorism with the 2008 revision of The
Attorney General’s Guidelines for Domestic FBI Operations. The FBI expanded
operationally via a proliferation of Joint Terrorism Task Forces (JTTFs) across the United
States. In so doing, it also increased its cooperation with state, local, and federal
agencies. Finally, watershed changes were made in the Bureau’s intelligence program.
[8, p. 3]
Historically, there have been differences between electronic surveillance (wiretaps)
conducted for intelligence and for law enforcement purposes. Among these is the
protection of the constitutional rights of persons under criminal investigation. The
Foreign Intelligence Surveillance Act (FISA) regulates intelligence collection directed at
foreign powers and agents of foreign powers in the United States to include those
engaged in international terrorism. FISA required the government to certify that “the
purpose” of surveillance was to gather foreign intelligence information. Prior to the
USA PATRIOT Act, DOJ turned the “primary purpose” standard into written policy that
had the effect of limiting the coordination between intelligence and criminal
investigators. This came to be known as “the Wall” between intelligence and law
enforcement and the “unfortunate consequences” of this barrier to information
sharing were noted by the 9/11 Commission in its report on the 9/11 attacks. Section
218 of the USA PATRIOT Act amended FISA to replace the phrase “the purpose” with
the phrase “a significant purpose.” As one legal scholar described it, by moving the
FISA requirement from the purpose to a significant purpose, the USA PATRIOT Act
“knocked out the foundation for ‘the Wall.’” This removed impediments to the
exchange of information about terrorism or other national security threats between
intelligence and law enforcement personnel. [8, pp. 3-4]
The FBI and DOJ also emphasized their forward-leaning approach with the September
29, 2008, revision of the Attorney General’s Guidelines for Domestic FBI Operations,
which they claim “make the FBI’s operations in the United States more effective by
providing simpler, clearer, and more uniform standards and procedures.” Referred to
as the “Mukasey Guidelines” after Michael B. Mukasey, who was Attorney General at
the time of their release, this is the latest in a series of guidelines stretching back to
1976 that govern the FBI’s investigative activities. The Mukasey Guidelines went into
effect on December 1, 2008. In large part, these guidelines sprang from the post-9/11
national security context, in which the FBI surmised that it could not simply react to
crimes. It had to preemptively search for criminal, counterintelligence, and terrorist
threats to the homeland. The most prominent changes in the Mukasey Guidelines
concern “assessments.” Agents and analysts may now use assessments outside of the
more traditional preliminary and full investigations, which require some level of factual
predication. Preliminary investigations can be opened with “any ‘allegation or
information’ indicative of possible criminal activity or threats to the national security.”
Opening a full investigation requires an “‘articulable factual basis’ of possible criminal
Part III: Mission Areas
Since the 9/11 attacks,
the FBI has implemented
a series of reforms
intended to transform
itself from a largely
reactive law
enforcement agency
focused on
investigations of
criminal activity into a
more proactive, agile,
flexible, and intelligence
-driven agency that can
prevent acts of
terrorism.
285
or national threat activity.” On the other hand, opening an assessment does not
require particular factual predication. Assessments are not to be “pursued for frivolous
or improper purposes and are not based solely on First Amendment activity or on the
race, ethnicity, national origin, or religion of the subject of the assessment, or a
combination of only such factors.” Assessments offer terrorism investigators a variety
of techniques, including public surveillance and the use of confidential informants to
penetrate conspiracies. The Bureau has incorporated assessments into its investigative
processes. According to numbers made publicly available in March 2011, the FBI
initiated 11,667 assessments to check leads on individuals, activities, groups, or
organizations between December 2008 and March 2009. These, in turn, led to 427
preliminary or full investigations. Officials noted that about one-third of the
assessments resulted from vague tips. Reportedly, between March 2009 and March
2011, the Bureau opened 82,325 assessments. About half of the assessments from this
time frame focused on determining whether specific groups or individuals were spies
or terrorists. This pool of 42,888 assessments produced just under 2,000 full or
preliminary investigations. [8, pp. 11-12]
JTTFs are locally based, multi-agency teams of investigators, analysts, linguists, SWAT
experts, and other specialists who investigate terrorism and terrorism-related crimes.
Seventy-one of the more than 100 JTTFs operated by DOJ and the FBI were created
since 9/11. Over 4,400 federal, state, and local law enforcement officers and agents—
more than four times the pre-9/11 total— work in them. These officers and agents
come from more than 600 state and local agencies and 50 federal agencies. The FBI
considers the JTTFs “the nation’s front line on terrorism.” They “investigate acts of
terrorism that affect the U.S., its interests, property and citizens, including those
employed by the U.S. and military personnel overseas.” As this suggests, their
operations are highly tactical and focus on investigations, developing human sources
(informants), and gathering intelligence to thwart terrorist plots. JTTFs also offer an
important conduit for the sharing of intelligence developed from FBI-led
counterterrorism investigations with outside agencies and state and local law
enforcement. To help facilitate this, especially as the threat of homegrown jihadists
has emerged, the number of top-secret security clearances issued to local police
working on JTTFs has increased from 125 to 878 between 2007 and 2009. There is also
a National JTTF, which was established in July 2002 to serve as a coordinating
mechanism with the FBI’s partners. Some 40 agencies are now represented in the
National JTTF, which has become a focal point for information sharing and the
management of large-scale projects that involve multiple partners. [8, pp. 13-14]
Chapter 17: Counterterrorism
The FBI’s post-9/11
transformation was
facilitated by 1)
enhanced authorities
provided under the USA
PATRIOT Act; 2) new
General Guidelines
making it easier to
develop a terrorist case;
3) expansion of Joint
Terrorism Task Forces
(JTTFs) increasing
cooperation with State
and Local law
enforcement; and 4)
watershed changes to
the Bureau’s intelligence
program.
286
DOS Counterterrorism
The Department of State has six regional bureaus that address foreign policy
considerations on a regional basis. The assistant secretaries of the regional bureaus are
key actors in CT activities and operations policy in their assigned regions. Furthermore,
the DOS Bureau of Counterterrorism publishes an annual country report on terrorism
and manages US policy for a whole-of-government approach to CT. The DOS Bureau of
Counterterrorism maintains the Foreign Terrorist Organizations List that provides
justification for the President to block or freeze tangible property and freeze financial
accounts of individuals or terrorist organizations pursuant to Executive Order 13224,
Blocking Property and Prohibiting Transactions With Persons Who Commit, Threaten
to Commit, or Support Terrorism. This tool is designed to sever terrorists’ organizations
logistics and resources. These efforts are worked through Partner Nations (PNs) where
the United States maintains country teams under the leadership of the local
ambassador, technically known as the Chief of Mission (COM). [5, pp. III-2]
The COM is the personal representative of the President and the official U.S.
Government (USG) representative in the host country. The COM is responsible for the
conduct of relations with the host government and is the primary channel for
communications with that government. The COM directs, coordinates, and supervises
all USG executive branch employees in that effort, except those under the command of
a U.S. military commander. CT activities and operations conducted by the Department
of Defense (DoD) and other USG departments and agencies require COM concurrence
prior to execution, unless otherwise directed by the President. [5, pp. III-2]
The FBI, in coordination with the Secretary of State and the COM, will assume lead
responsibility for law enforcement investigation of terrorist or WMD incidents abroad.
The FBI’s tasks may include taking custody of suspected terrorists, lawful transfer of
custody of suspected terrorists, forensic examination of material collected of possible
intelligence or criminal prosecution value, and hostage negotiation support. [5, pp. III-
2]
DHS Counterterrorism
The 2002 Homeland Security Act made it the mission of the Department of Homeland
Security to “prevent terrorist attacks within the United States.” [9] Since its inception
in 2003, DHS has had an intelligence component to support this mission and has been
a member of the U.S. Intelligence Community (IC). The Homeland Security Act of 2002,
assigned the original DHS intelligence component—the Directorate of Information
Part III: Mission Areas
DHS does not generally
engage in traditional
foreign intelligence
collection activities such
as imagery intelligence,
signals intelligence,
human intelligence,
measurement and
signatures intelligence,
and foreign open source
intelligence.
287
Analysis and Infrastructure Protection—with responsibility to receive, analyze, and
integrate law enforcement and intelligence information in order to— “(A) identify and
assess the nature and scope of terrorist threats to the homeland; (B) detect and
identify threats of terrorism against the United States; and (C) understand such threats
in light of actual and potential vulnerabilities of the homeland.” [10, pp. ii-1]
Following the Second Stage Review (2SR) in July 2005, former Secretary of Homeland
Security, Michael Chertoff established a strengthened Office of Intelligence and
Analysis (I&A) and made the Assistant Secretary for Information Analysis the Chief
Intelligence Officer (CINT) for the Department. He also tasked I&A with ensuring that
intelligence is coordinated, fused, and analyzed within the Department to provide a
common operational picture; provide a primary connection between DHS and the IC as
a whole; and to act as a primary source of information for state, local and private
sector partners. [10, p. ii]
Today, the DHS Intelligence Enterprise (DHS IE) consists of those elements within DHS
that have an intelligence mission. These include I&A, the Office of Cyber and
Infrastructure Analysis (OCIA), and the Intelligence Division of the Office of Operations
Coordination and Planning (all located at DHS headquarters), and the intelligence
elements of six DHS operational components: U.S. Customs and Border Protection
(CBP), U.S. Immigration and Customs Enforcement (ICE), U.S. Citizenship and
Immigration Services (USCIS), the Transportation Security Administration (TSA), U.S.
Coast Guard (USCG), and U.S. Secret Service (USSS). [10, p. 3]
The heads of the DHS intelligence components do not report to the I&A Under
Secretary, but to their respective component chiefs. However, pursuant to the
Implementing Recommendations of the 9/11 Commission Act of 2007, they are
required to advise and coordinate closely with the Under Secretary on their activities in
support of the intelligence mission of the Department. In order to provide senior-level
direction for Department-wide intelligence activities, a Homeland Security Intelligence
Council (HSIC) was formed. The HSIC is comprised of the key intelligence officials from
applicable DHS components. [10, p. 7]
DHS does not generally engage in traditional foreign intelligence collection activities
such as imagery intelligence, signals intelligence, human intelligence, measurement
and signatures intelligence, and foreign open source intelligence. I&A combines the
unique information collected by DHS components as part of their operational activities
(e.g., at airports, seaports, and the border) with foreign intelligence from the
Intelligence Community; law enforcement information from Federal, state, local, and
tribal sources; private sector data about critical infrastructure and key resources; and
information from domestic open sources to develop homeland security intelligence.
Chapter 17: Counterterrorism
DHS I&A combines the
unique information
collected by DHS
components as part of
their operational
activities (e.g., at
airports, seaports, and
the border) with foreign
intelligence from the
Intelligence Community;
law enforcement
information from
Federal, state, local, and
tribal sources; private
sector data about
critical infrastructure
and key resources; and
information from
domestic open sources
to develop homeland
security intelligence.
288
This encompasses a broad range of homeland security threats. It includes border
security information to counter human smuggling and trafficking, cargo data to
prevent the introduction of dangerous items, information to protect critical
infrastructure against all hazards, information about infectious diseases, and
demographic data and other research about ‘violent radicalization.’ [10, p. 5]
Nevertheless, I&A is a full partner within the Intelligence Community and represents
DHS on several IC committees. The Under Secretary, for example, is a member of the
Director of National Intelligence (DNI) Executive Committee. I&A contributes analytic
staff to the National Counterterrorism Center (NCTC). The office also contributes items
to the President’s Daily Brief providing a unique homeland security perspective on
terrorism and other threats to the United States to the nation’s leaders. [10, p. 6]
I&A produces numerous intelligence products including the Homeland Security Threat
Assessment, an annual report identifying major threats to the homeland. I&A also
produces Intelligence Notes, Intelligence Warnings, Homeland Security Assessments,
etc. I&A makes the products of its analysis available to state and local officials through
the Homeland Security Information Network (HSIN), a web-based platform that
facilitates Sensitive But Unclassified information sharing and collaboration between
federal, state, local, tribal, private sector, and international partners. HSIN provides
real-time, interactive connectivity between states and major urban areas and the DHS
National Operations Center (NOC). [10, pp. 9-10]
Congress made information sharing a top priority of the Department’s intelligence
component in the Homeland Security Act of 2002 and underscored its importance
through the Intelligence Reform and Terrorism Prevention Act of 2004. Since the 2SR
reorganization, Congress imposed additional requirements for intelligence analysis;
information sharing; department-wide intelligence integration; and support to state,
local, tribal governments, and the private sector through the Implementing
Recommendations of the 9/11 Commission Act of 2007. [10, p. ii]
In an effort to strengthen intelligence and information sharing and analysis capabilities
with states and major urban areas, DHS established intelligence fusion centers.
Congress defines fusion centers as a “collaborative effort of two or more Federal,
state, local, or tribal government agencies that combines resources, expertise, or
information with the goal of maximizing the ability of such agencies to detect, prevent,
investigate, apprehend, and respond to criminal or terrorist activity.” At the end of
2009, there were 72 DHS/FBI designated state and Urban Area Security Initiative (UASI)
fusion centers. I&A supports these centers by providing operational, analytic,
reporting, and management advice and assistance; training; information technology
systems and connectivity; and intelligence officers and analysts. [10, pp. 11-12]
Part III: Mission Areas
As terrorism is a crime,
the first order of action
is to apprehend and
arrest those suspected
of planning or executing
such crimes and
prosecuting them under
State and Federal law.
289
Direct Actions
As terrorism is a crime, the first order of action is to apprehend and arrest those
suspected of planning or executing such crimes and prosecuting them under State and
Federal law. For suspects beyond our borders, the Attorney General will attempt to
extradite them and render them to U.S. justice. In the case that a foreign government
refuses to surrender a suspect, the U.S. might conduct a rendition essentially
kidnapping the suspect and forcefully taking them into custody. In the case where a
foreign government is incapable of surrendering or otherwise controlling a terrorist
menace, the U.S. might employ military force to remove or eliminate the threat.
Persons suspected of criminal or terrorist activity may be transferred from one State
(i.e., country) to another for arrest, detention, and/or interrogation. Commonly, this is
done through extradition, by which one State surrenders a person within its
jurisdiction to a requesting State via a formal legal process, typically established by
treaty. Far less often, such transfers are effectuated through a process known as
“extraordinary rendition” or “irregular rendition.” These terms have often been used
to refer to the extrajudicial transfer of a person from one State to another. [11, p. ii]
The first well-known rendition case involved the Achille Lauro hijackers in 1985: after
they were given a plane and were enroute in international air space, they were forced
by United States Navy fighter planes to land at the Naval Air Station Sigonella, an
Italian military base in Sicily used by the US Navy and NATO. [12] Following the attacks
of September 11, 2001, however, what had been a limited program expanded
dramatically, with some experts estimating that 150 foreign nationals taken by the CIA.
Foreign nationals suspected of terrorism have been transported to detention and
interrogation facilities in Jordan, Iraq, Egypt, Diego Garcia, Afghanistan, Guantánamo,
and elsewhere. [13] Suspects were reportedly arrested, blindfolded, shackled, and
sedated, or otherwise kidnapped, and transported by private jet or other means to the
destination country. [12] The practice became controversial during the Bush
Administration because the destination countries were known to employ harsh
interrogation techniques rising to the level of torture, purportedly with the knowledge
or acquiescence of the United States. In January 2009, President Obama issued an
Executive Order creating a special task force to review U.S. transfer policies, including
the practice of rendition, to ensure compliance with applicable legal requirements. [11,
p. ii]
Terrorist suspects beyond the reach of rendition may be subject to U.S. military force.
In November 2002, Qaed Salim Sinan al-Harethi, an al-Qaeda operative and Yemeni
citizen suspected of involvement in the October 2000 bombing of the USS Cole, was
killed by the CIA using a Predator drone firing a Hellfire missile. The attack was
controversial because it also killed Kamal Derwish, a U.S. citizen accompanying al-
Harethi. The Bush Administration defended the action citing a presidential finding that
Chapter 17: Counterterrorism
For suspects beyond our
borders, the Attorney
General will attempt to
extradite them and
render them to U.S.
justice. In the case that
a foreign government
refuses to surrender a
suspect, the U.S. might
conduct a rendition
essentially kidnapping
the suspect and
forcefully taking them
into custody. In the case
where a foreign
government is incapable
of surrendering or
otherwise controlling a
terrorist menace, the
U.S. might employ
military force to remove
or eliminate the threat.
290
permitted worldwide covert actions against members of al-Qaeda. Despite the
controversy, the use of Predators to kill suspected terrorists has become common
practice. [14]
Military force may be delivered in all shapes and sizes, and not just by the Department
of Defense. The CIA has an extensive paramilitary capability of its own. By DoD
definition, paramilitary forces are distinct from the regular armed forces of any
country, but resembling them in organization, equipment, training or mission. In
addition to providing intelligence support US military operations from the Korean War
era to Iraq today, the CIA has also worked closely alongside DoD personnel in military
operations. The CIA typically takes on missions that must be clandestine or covert to
avoid directly implicating the U.S. Government. Examples of CIA covert operations
include the 1961 Bay of Pigs invasion of Cuba, and interdiction missions along the Ho
Chi Minh Trail in Laos, a neutral country during the Vietnam conflict. Despite these
mixed results, the CIA is credited with helping depose the Taliban government after
they refused to surrender Bin Laden following 9/11. [15, p. 1] Units from the CIA’s
Special Activities Division (SAD) were the first U.S. forces to enter Afghanistan in
September 2001. They joined with the Afghan United Front (Northern Alliance) to
prepare for the subsequent arrival of U.S. Special Operations Forces (SOF). Together,
the United Front, SAD, and SOF combined to overthrow the Taliban by November. The
campaign was noted for its minimal use of conventional military force and
correspondingly low casualty count among allies. [16] The CIA was also instrumental in
developing the Predator drone, which saw its first combat use in Afghanistan. Today,
the Predator is employed extensively to target suspected terrorist leaders around the
world. [17]
The DoD employs Special Operations Forces to deliver military capability in hostile,
denied, or politically sensitive areas of the world. Special operations are distinguished
from regular military operations by degree of physical and political risk, operational
techniques, and mode of employment. DoD special operations are frequently
clandestine, designed in such a say to conceal them, but not necessarily covert, that is,
designed to conceal the identity of the sponsor. [15, p. 1] SOF teams helped provide
the Afghan United Front with airpower during the early months of Operation
ENDURING FREEDOM. Joint Terminal Attack Controllers (JTACs) using laser range
finders helped direct precision guided munitions dropped from orbiting U.S. Air Force B
-1 and B-52 bombers onto Taliban targets. This use of airpower proved instrumental in
helping the United Front capture the northern city of Mazar-e-Sharif in November
2001. [18] Supported by CIA operatives on the ground, Navy SEALs mounted the raid
into Pakistan that succeeded in killing Osama bin Laden on May 2, 2011. [19]
Part III: Mission Areas
Military force may be
delivered in all shapes
and sizes, and not just
by the Department of
Defense. The CIA has an
extensive paramilitary
capability of its own.
291
Interagency Coordination
Interagency coordination for counterterrorism operations is accomplished through the
National Counterterrorism Center (NCTC). The National Counterterrorism Center was
established in 2004 to ensure that information from any source about potential
terrorist acts against the U.S. could be made available to analysts and that appropriate
responses could be planned. According to the NCTC Charter (P.S. 108-458), the NCTC
serves as the principal advisor to the Director of National Intelligence (DNI) on
intelligence operations relating to terrorism, and provides strategic operational plans
for military and civilian counterterrorism efforts and for effective integration of
counterterrorism intelligence and operations across agency boundaries within and
outside the United States. The NCTC Director is appointed by the President of the
United States. And though the Director reports to the DNI, in practice Director works
through the National Security Council and the White House staff. [20]
Interagency coordination for counterterrorism policy is orchestrated by the National
Security Council. The National Security Council is the key integrator of the President’s
whole-of-government CT policy and strategies, which requires interagency
coordination at the Principals Committee, Deputies Committee, and supporting
interagency policy committees, and the efforts of the National Security Council Staff.
The key interagency policy committee for CT is the Counterterrorist Security Group,
which is led by the Assistant to the President for Homeland Security and
Counterterrorism (i.e., the former Homeland Security Advisor). [5, pp. III-1]
Conclusion
The basic difficulty in capturing or killing terrorists is finding them, preferably before
they strike. The first problem is identifying potential terrorists. Psychological studies
have found no common factors among the profiles of past terrorists: they can be
anybody. Attempts by the National Security Agency to identify terrorists by studying
their contacts and communications also proved fruitless as well as illegal. And even if
they are identified, terrorists are not easy to locate: it took ten years to locate Bin
Laden even with a $25 million bounty on his head. The unspoken fact of the matter is
that the terrorist threat can never be eliminated. Given this realization, the question
arises whether it is more effective to pursue terrorists, or deny them the means for
inflicting catastrophic damage?
Chapter 17: Counterterrorism
Interagency
coordination for
counterterrorism
operations is
accomplished through
the National
Counterterrorism Center
(NCTC). Interagency
coordination for
counterterrorism policy
is orchestrated by the
National Security
Council (NSC).
292
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. How does terrorism uniquely distinguish the crime of assault?
2. Why does al Qaeda remain a terrorist threat after Osama bin Laden’s death?
3. Looking at the 2011 National Strategy for Counterterrorism, which short-term goal do you think most effective?
Explain.
4. Looking at the 2011 National Strategy for Counterterrorism, which long-term goal do you think most effective?
Explain.
5. According to PDD-39/HSPD-5, what is the counterterrorism role of the FBI?
6. According to HSPD-5, what is the counterterrorism role of DHS?
7. How did the USA PATRIOT Act improve the FBI’s ability to investigate terrorism?
8. What is the primary means for dealing with known terrorists, foreign or domestic?
9. Describe two options available to the President if foreign governments are unwilling or unable to render unto
justice terrorist elements within their country that threaten the United States.
10. As the Director of the National Counterterrorism Center, what circumstances might move you to recommend CIA
paramilitary forces over DoD special forces to perform a particular overseas counterterrorism mission?
Part III: Mission Areas
293
Emergency Preparedness &
Response
Careful study of this chapter will help a student do the following:
Explain the responsibility of State Governors to their citizens.
Explain why 9/11 raised concern about State and Local emergency preparedness.
Describe Stafford Act authorities to grant Federal disaster assistance to States.
Describe the FEMA process and means for delivering assistance to States.
Describe the considerable means available to States for responding to emergencies.
Evaluate the Incident Commander’s role and means for directing emergency response.
Evaluate the role of exercises for improving emergency preparedness.
Chapter 18
Learning Outcomes
Chapter 18: Emergency Preparedness & Response
294
“We must prepare to minimize the damage and recover from any future terrorist
attacks that may occur despite our best efforts at prevention.”
– 2002 National Strategy for Homeland Security
Introduction
9/11 forced the realization that the nation was unprepared to respond to a WMD
attack. While FEMA had been established in 1979 to streamline Federal support to
natural disasters, it had no corresponding capabilities to integrate Federal support to
manmade catastrophes. Moreover, the contrast between the local response at the
World Trade Center and the local response at the Pentagon on 9/11 proved that the
structured integration of responding agencies through the Incident Command System
saved lives. Accordingly, the Department of Homeland Security was commissioned by
Congress to begin strengthening the response capabilities of the nation, and make sure
they were integrated from the bottom-up through the Local, State, and Federal levels
of government.
Integrating the Federal Response
Following 9/11, the President and Congress sought to improve the nation’s ability to
respond and recover to domestic catastrophic attack. Of particular concern was the
potential employment of WMD. In 2002, few parts of the country had the ability to
respond to a WMD attack. Even the best prepared states and localities didn’t have
adequate resources to respond to the full range of potential threats exposed by 9/11.
Many did not have in place mutual aid agreements to facilitate cooperation with their
neighbors in time of emergency. The Federal government had done relatively little to
remedy the situation. What few domestic preparedness programs that existed were
spread across eight different Federal departments and agencies, and provided money
under a tangled web of grant programs. Accordingly, one of the first objectives for the
new Department of Homeland Security was to create a fully integrated national
emergency response system capable of dealing with most any catastrophe, both
natural and manmade. [1, p. 42]
The first order of business was consolidation. The 2002 Homeland Security Act
authorized the establishment of an Emergency Preparedness and Response
Directorate within the new Department of Homeland Security. [2] The new directorate
incorporated the Strategic National Stockpile and National Disaster Medical System
from Health and Human Services, the Nuclear Incident Response Team from the
Department of Energy, and the Domestic Emergency Support Teams from the
Department of Justice. [3] The Homeland Security Act also allowed the Federal
Emergency Management Agency to be incorporated as an independent agency under
the new directorate. With FEMA came the authority to distribute grants under the
Homeland Security Grant Program. [2]
Part III: Mission Areas
Following 9/11, the
President and Congress
sought to improve the
nation’s ability to
respond and recover to
domestic catastrophic
attack. Of particular
concern was the
potential employment of
WMD.
295
After consolidation, the next order of business was establishing clear lines of
responsibility and authority. On February 28, 2003, HSPD-5 was issued making the
Secretary of Homeland Security the Principal Federal Official (PFO) for domestic
incident management. It was the Secretary’s responsibility to see that executive
agencies were prepared to respond and to coordinate their response when Federal
assistance was needed in a disaster. HSPD-5 also directed the Secretary to develop a
National Response Plan (NRP) detailing how the Federal government would marshal its
resources for a disaster, and a National Incident Management System (NIMS) detailing
how those resources would be integrated into a local disaster response. [4]
The NIMS provides a standard command and management structure for coordinating a
multi-agency response to disaster. Much of NIMS is built upon the Incident Command
System (ICS), which was developed by Federal, State, and local wildland fire agencies
during the 1970s. ICS is a management system designed to enable effective incident
management by integrating a combination of facilities, equipment, personnel,
procedures and communications operating within a common organizational structure.
[5, pp. 48-49] To facilitate coordination between Federal, State, and Local agencies
responding to a disaster, HSPD-5 mandated NIMS for all Federal agencies starting in
2003, and made it a prerequisite for State and Local governments to receive Homeland
Security Grant Program funds starting in 2005. [4]
The Homeland Security Act mandated the creation of a National Response Plan to
replace the previous Federal Response Plan. [2] HSPD-5 assigned the task to the DHS
Secretary and provided further guidance on its preparation. [4] The subsequent NRP
was released in December 2004. It was a large document comprised of some 426
pages. It provided the basic plan how the Federal government would prepare and
respond to disaster at the request of State and Local government. The underlying
principle of the plan was that Federal capabilities would be packaged into fifteen
Emergency Support Functions (ESFs). Various Federal agencies were assigned
responsibility for preparing, maintaining, and providing these ESF capabilities when
requested. The Secretary of Homeland Security, under the authority of HSDP-5, was
responsible for seeing that the ESFs were ready and available when needed. [6, p. xi]
Because it was so big, the problem with the NRP was that few people were familiar
with it, let alone had read it by the time Hurricane Katrina struck in August 2005. The
flawed response to Hurricane Katrina was attributed, in part, to a failure to follow the
NRP. Congress acted by passing the 2006 Post-Katrina Emergency Management
Reform Act which elevated FEMA to report directly to the Secretary, and mandated
changes to the NRP. [7, pp. CRS-3-CRS-4] As a result, in January 2008, DHS issued the
National Response Framework (NRF) which remains the nation’s plan for responding to
disaster.
Chapter 18: Emergency Preparedness & Response
HSPD-5 issued in
February 2003 directed
the Secretary to develop
a National Response
Plan (NRP) detailing
how the Federal
government would
marshal its resources for
a disaster, and a
National Incident
Management System
(NIMS) detailing how
those resources would
be integrated into a
local disaster response.
296
Requesting Federal Assistance
Federal disaster assistance is provided upon request of the State Governor. Such a
request is made under the authority of the Robert T. Stafford Disaster Relief and
Emergency Assistance Act (P.L. 93-288, as amended, hereinafter “the Stafford Act”). To
request Federal assistance, the Governor must declare either a State emergency or
major disaster. Emergency declarations are made to protect property and public
health and safety and to lessen or avert the threat of a major disaster or catastrophe.
Emergency declarations are often made when a threat is recognized (such as
emergency declarations for hurricanes which may be made prior to landfall) and are
intended to supplement and coordinate local and state efforts prior to the event.
Emergency declarations are also made to provide direct federal assistance to protect
lives and property. This aids activities such as evacuations and the protection of public
assets. In contrast, a major disaster declaration is made as a result of the disaster or
catastrophic event and constitutes a broader authority that helps states and local
communities, as well as families and individuals, respond and recover from the
damage caused by the event. [8, pp. ii-1]
Ordinarily, only a Governor can initiate a request for a Presidential emergency or major
disaster declaration. In extraordinary circumstances, the President may unilaterally
declare a major disaster or emergency. This request is made through the FEMA
Regional Administrator and based on a finding that the disaster is of such severity and
magnitude that effective response is beyond the capabilities of the State and affected
local governments, and that Federal assistance is necessary. [5, p. 41]
The completed request, addressed to the President, is submitted through the FEMA
Regional Administrator, who evaluates the damage and requirements for Federal
assistance and makes a recommendation to the FEMA Administrator. The FEMA
Administrator, acting through the Secretary of Homeland Security, may then
recommend a course of action to the President. [5, p. 42] If the Governor’s request is
accepted, the President, in turn, will issue a corresponding declaration of emergency or
major disaster. This Presidential declaration triggers the release of funds from the
President’s Disaster Relief Fund, managed by FEMA under the Stafford Act. The
Presidential declaration will also activate disaster aid programs from other Federal
departments and agencies. A Presidential major disaster declaration triggers long-term
Federal recovery programs, some of which are matched by State programs, and
designed to help disaster victims, businesses, and public entities. An emergency
declaration is more limited in scope and without the long-term Federal recovery
programs of a major disaster declaration. Generally, Federal assistance and funding are
provided to meet a specific emergency need or to help prevent a major disaster from
occurring. [5, pp. 40-42]
Part III: Mission Areas
Federal disaster
assistance is provided
upon request of the
State Governor. Such a
request is made under
the authority of the
Robert T. Stafford
Disaster Relief and
Emergency Assistance
Act.
297
In many cases, assistance may be obtained from the Federal Government without a
Presidential declaration. For example, FEMA places liaisons in State EOCs and moves
commodities near incident sites that may require Federal assistance prior to a
Presidential declaration. Additionally, some types of assistance, such as Fire
Management Assistance Grants – which provide support to States experiencing severe
wildfires – are performed by Federal departments or agencies under their own
authorities and do not require Presidential approval. Finally, Federal departments and
agencies may provide immediate lifesaving assistance to States under their own
statutory authorities without a formal Presidential declaration. [5, p. 42]
Responding Federal departments and agencies respect the sovereignty and
responsibilities of local, tribal, and State governments while rendering assistance. The
intention of the Federal Government in these situations is not to command the
response, but rather to support the affected local, tribal, and/or State governments. [5,
p. 40]
NRF Response
The DHS National Operations Center (NOC) serves as the national fusion center,
collecting and synthesizing all-source information, including information from State
fusion centers, across all-threats and all-hazards information covering the spectrum of
homeland security partners. Federal departments and agencies report information
regarding actual or potential incidents requiring a coordinated Federal response to the
NOC. [5, p. 33]
When notified of a threat or an incident that potentially requires a coordinated Federal
response, the NOC evaluates the information and notifies appropriate senior Federal
officials and Federal operations centers: the FEMA National Response Coordination
Center (NRCC), the FBI Strategic Information Operations Center (SIOC), the National
Counterterrorism Center (NCTC), and the National Military Command Center (NMCC).
The NOC serves as the primary coordinating center for these and other operations
centers. [5, p. 34]
After being notified, departments and agencies should:
Identify and mobilize staff to fulfill their department’s or agency’s responsibilities,
including identifying appropriate subject-matter experts and other staff to support
department operations centers.
Chapter 18: Emergency Preparedness & Response
If the Governor’s request
is accepted, the
President, in turn, will
issue a corresponding
declaration of
emergency or major
disaster. This
Presidential declaration
triggers the release of
funds from the
President’s Disaster
Relief Fund, managed by
FEMA under the Stafford
Act.
298
Identify staff for deployment to the NOC, the NRCC, FEMA Regional Response
Coordination Centers (RRCCs), or other operations centers as needed, such as the
FBI’s Joint Operations Center. These organizations have standard procedures and
call-down lists, and will notify department or agency points of contact if
deployment is necessary.
Identify staff that can be dispatched to the Joint Field Office (JFO), including
Federal officials representing those departments and agencies with specific
authorities, lead personnel for the JFO Sections (Operations, Planning, Logistics,
and Administration and Finance) and the ESFs.
Begin activating and staging Federal teams and other resources in support of the
Federal response as requested by DHS or in accordance with department or agency
authorities.
Execute pre-scripted mission assignments and readiness contracts, as directed by
DHS. [5, p. 36]
The FEMA Regional Administrator deploys a liaison to the State Emergency Operations
Center (SEOC) to provide technical assistance and also activates the Regional Response
Coordination Center. Federal department and agency personnel, including Emergency
Support Function primary and support agency personnel, staff the RRCC as required.
The RRCCs:
Coordinate initial regional and field activities.
In coordination with State, tribal, and local officials, deploy regional teams to
assess the impact of the event, gauge immediate State needs, and make
preliminary arrangements to set up operational field facilities.
Coordinate Federal support until a Joint Field Office (JFO) is established.
Establish a Joint Information Center (JIC) to provide a central point for coordinating
emergency public information activities. [5, p. 44]
In coordination with the RRCC and the State, FEMA may deploy an Incident
Management Assistance Team (IMAT). IMATs are interagency teams composed of
subject-matter experts and incident management professionals. IMAT personnel may
be drawn from national or regional Federal department and agency staff according to
established protocols. IMAT teams make preliminary arrangements to set up Federal
field facilities and initiate establishment of the Joint Field Office. [5, p. 44]
Part III: Mission Areas
Once a Presidential
declaration is issued,
FEMA will establish a
Joint Field Office (JFO) in
proximity to the State
Emergency Operations
Center (SEOC), and send
a Federal Coordinating
Officer (FCO) to assist
the State Coordinating
Officer (SCO) with
ordering Federal
resources.
299
Emergency Support Functions
FEMA coordinates response support from across the Federal Government and certain
NGOs by calling up, as needed, one or more of fifteen Emergency Support Functions.
The ESFs are coordinated by FEMA through its NRCC. During a response, ESFs are a
critical mechanism to coordinate functional capabilities and resources provided by
Federal departments and agencies, along with certain private-sector and
nongovernmental organizations. They represent an effective way to bundle and funnel
resources and capabilities to local, tribal, State, and other responders. These functions
are coordinated by a single agency but may rely on several agencies that provide
resources for each functional area. The mission of the ESFs is to provide the greatest
possible access to capabilities of the Federal Government regardless of which agency
has those capabilities.
ESF #1 – Transportation
ESF #2 – Communications
ESF #3 – Public Works and Engineering
ESF #4 – Firefighting
ESF #5 – Emergency Management
ESF #6 – Mass Care, Emergency Assistance, Housing, and Human Services
ESF #7 – Logistics Management and Resource Support
ESF #8 – Public Health and Medical Services
ESF #9 – Search and Rescue
ESF #10 – Oil and Hazardous Materials Response
ESF #11 – Agriculture and Natural Resources
ESF #12 – Energy
ESF #13 – Public Safety and Security
ESF #14 – Long-Term Community Recovery
ESF #15 – External Affairs [5, p. 57]
ESFs may be selectively activated for both Stafford Act and non-Stafford Act incidents
under circumstances as defined in HSPD-5. Not all incidents requiring Federal support
result in the activation of ESFs. FEMA can deploy assets and capabilities through ESFs
into an area in anticipation of an approaching storm or event that is expected to cause
a significant impact and result. This coordination through ESFs allows FEMA to position
Federal support for a quick response, though actual assistance cannot normally be
provided until the Governor requests and receives a Presidential major disaster or
emergency declaration. Many States have also organized an ESF structure along this
approach. [5, p. 57]
Chapter 18: Emergency Preparedness & Response
FEMA coordinates
response support from
across the Federal
Government and certain
NGOs by calling up, as
needed, one or more of
fifteen Emergency
Support Functions.
300
When ESFs are activated, they may have a headquarters, regional, and field presence.
At FEMA headquarters, the ESFs support decision making and coordination of field
operations within the NRCC. The ESFs deliver a broad range of technical support and
other services at the regional level in the Regional Response Coordination Centers, and
in the Joint Field Office and Incident Command Posts, as required by the incident. At all
levels, FEMA issues mission assignments to obtain resources and capabilities from
across the ESFs in support of the State. [5, p. 57]
All ESF support is directed to the local Incident Commander operating under the
Incident Command System. The incident command structure enables the ESFs to work
collaboratively. For example, if a State requests assistance with a mass evacuation, the
Joint Field Office would request personnel from ESF #1 (Transportation), ESF #6 (Mass
Care, Emergency Assistance, Housing, and Human Services), and ESF #8 (Public Health
and Medical Services). These would then be integrated into a single branch or group
within the ICS Operations Section to ensure effective coordination of evacuation
services. [5, p. 57]
Bottom-Up Support
All disasters are local. Under the United States federal system of government, State,
County, Municipal, and Tribal governments are responsible for the safety and security
of the citizens within their jurisdiction. This separation of authorities is manifested in
Article X of the Constitution, which stipulates that “The powers not delegated to the
United States by the Constitution, nor prohibited by it to the States, are reserved to
the States respectively, or to the people.” From a more practical standpoint, local
jurisdictions are best suited to respond to incidents by virtue of their proximity.
Hence, the National Response Framework is a bottom-up system, designed to provide
assistance only when State and Local resources have been overwhelmed or exhausted.
Most jurisdictions maintain sufficient capability to respond to most incidents.
However, when an incident exceeds the capacity of the local jurisdiction, it may
request assistance from a neighboring or higher jurisdiction. This determination
typically originates with the on-scene Incident Commander (IC).
The Incident Commander is the individual responsible for all response activities,
including the development of strategies and tactics and the ordering and release of
resources. The Incident Commander has overall authority and responsibility for
conducting incident operations and is responsible for the management of all incident
operations at the incident site. The Incident Commander directs incident response
operations from an Incident Command Post (ICP). [5, p. 50]
Part III: Mission Areas
All ESF support is
directed to the local
Incident Commander
operating under the
Incident Command
System.
301
If the Incident Commander determines that additional resources or capabilities are
needed, he or she will contact the local Emergency Operations Center (EOC) and relay
requirements to the local Emergency Manager (EM). Local EOCs are the physical
locations where multiagency coordination occurs. EOCs help form a common operating
picture of the incident, relieve on-scene command of the burden of external
coordination, and secure additional resources. The core functions of an EOC include
coordination, communications, resource allocation and tracking, and information
collection, analysis, and dissemination. During an incident, the local Emergency
Manager ensures the EOC is staffed to support the Incident Command Post and
arranges needed resources. Resources may be provided in the form of Emergency
Support Functions, similar to the NRF. The EOC also serves to update and advise
elected or appointed officials so they may provide policy direction as needed to
support the incident response. [5, pp. 50-51]
The EOC might request additional resources from neighboring jurisdictions through a
Mutual Aid Agreement (MAA). An MAA is formed between neighboring jurisdictions
specifying the conditions under which assistance will be provided, and the terms for
remuneration. Because of the financial obligations involved with an MAA, the EOC
might first have to consult with fiduciary officials before invoking such an agreement.
Of course, time is most precious during an incident.
When multiple agencies become involved in the incident, as determined by the type of
incident or by invoking an MAA, then the Incident Commander might form a Unified
Command with other officials having legal authority over the responding assets.
Operating from the Incident Command Post, the Unified Command will exercise
direction and control over tactical operations through corresponding officials acting in
concert from a single Incident Action Plan (IAP). Under a Unified Command, each
participating agency retains its authority, responsibility and accountability for assigned
assets. [5, p. 48]
If the incident is of such magnitude or complexity that it exceed Local response
capacity, the EOC might have to defer to the State Emergency Operations Center
(SEOC) to request additional resources. In some cases, this might require the local
elected official to issue a declaration of emergency or disaster to gain access to State
funds or resources. The SEOC, in turn, might marshal resources under Mutual Aid
Agreements with other jurisdictions or even direct the use of the National Guard. All
responding assets report to the on-scene Incident Command Post and take direction
according to the Incident Action Plan.
Chapter 18: Emergency Preparedness & Response
If the Incident
Commander determines
that additional
resources are needed,
he or she will contact
the local Emergency
Operations Center (EOC)
and relay requirements
to the local Emergency
Manager (EM). In turn,
the EOC might request
additional resources
from neighboring
jurisdictions through a
Mutual Aid Agreement
(MAA).
302
If State resources prove insufficient to the task, the Governor might request assistance
from neighboring states under the Emergency Management Assistance Compact
(EMAC). Under the terms of the EMAC, neighboring States can provide civilian
resources and National Guard support under the direction of the local Incident
Command Post. [5, p. 6]
If the combined resources of the States are insufficient, or additional funds or special
capabilities are needed to contend with the incident, the Governor may appeal for
Federal assistance. The Governor may appoint a State Coordinating Officer (SCO) to
work with the local FEMA region official to prepare the corresponding declarations of
emergency or major disaster to request Stafford Act support. Upon the
recommendation of the FEMA Administrator and the Secretary of Homeland Security,
the President will appoint a Federal Coordinating Officer (FCO) to deploy to the SEOC.
[5, p. 67]
The FCO is a senior FEMA official trained, certified, and well experienced in emergency
management, and specifically appointed to coordinate Federal support in the response
to and recovery from emergencies and major disasters. The FCO executes Stafford Act
authorities, including commitment of FEMA resources and the mission assignment of
other Federal departments or agencies via ESFs. If a major disaster or emergency
declaration covers a geographic area that spans all or parts of more than one State, the
President may decide to appoint a single FCO for the entire incident, with other
individuals as needed serving as Deputy FCOs. [5, p. 67]
In all cases, the FCO represents the FEMA Administrator in the field to discharge all
FEMA responsibilities for the response and recovery efforts underway. For Stafford Act
events, the FCO is the primary Federal representative with whom the SCO and other
State, Tribal, and Local response officials interface to determine the most urgent needs
and set objectives for an effective response. [5, p. 67]
Strengthening Local Response
In 2003, FEMA initiated the State Homeland Security Grant Program (SHSGP) to
strengthen State and Local response capabilities, particularly in regard to WMD and
other terrorist incidents. It authorized purchase of specialized equipment to enhance
State and Local agencies’ capabilities in preventing and responding to WMD incidents
and other terrorist incidents, and provided funds for protecting critical infrastructure
of national importance. SHSGP provided funds for designing, developing, conducting,
and evaluating terrorism response exercises; developing and conducting counter-
terrorism training programs; and updating and implementing each state’s Homeland
Security Strategy (SHSS). SHSGP funds could also be used to plan, design, develop,
conduct, and evaluate exercises to train First Responders, and to assess the readiness
Part III: Mission Areas
If the incident exceeds
Local response capacity,
the EOC might defer to
the State Emergency
Operations Center to
request additional
resources. States can
marshal resources under
Mutual Aid Agreements
with other jurisdictions
or even direct the use of
the National Guard. All
responding assets report
to the on-scene Incident
Command Post (ICP) and
take direction according
to the Incident Action
Plan (IAP).
303
of State and Local jurisdictions to prevent and respond to terrorist attacks. Exercises
had to be threat- and performance-based, in accordance with FEMA’s Homeland
Security Exercise and Evaluation Program (HSEEP). [9, pp. CRS-4]
To help guide the incremental buildup of State and Local response capacity to WMD
and terrorist incidents, in December 2003 the Bush Administration issued HSPD-8
directing DHS to develop a National Preparedness Goal (NPG) establishing
preparedness objectives, measures, and priorities. In December 2005, DHS issued a
draft National Preparedness Goal as follows:
“To achieve and sustain capabilities that enable the nation to collaborate in
successfully preventing terrorist attacks on the homeland, and rapidly and
effectively responding to and recovering from any terrorist attack, major
disaster, or other emergency that does occur to minimize the impact on lives,
property, and the economy. This state of national preparedness will be
achieved by reaching risk-based target levels of capability, and sustained by
measuring readiness and directing resources to areas of greatest risk and
need.” [10, pp. CRS-3]
To help attain the NPG, DHS began work on a National Preparedness System (NPS).
The NPS began with identifying fifteen National Planning Scenarios providing examples
of potential catastrophic incidents. From these fifteen incidents, DHS worked with
Federal, State, and Local agencies to derive a Universal Task List (UTL). The UTL
identifies the operations and tasks expected to be performed in order to respond to
events similar to those set out in the National Planning Scenarios. The UTL was
comprised of hundreds of individual tasks set across four mission areas: 1) prevent, 2)
protect, 3) respond, and 4) recover. From the Universal Task List DHS then derived the
Target Capability List (TCL). The TCL identifies thirty-six areas in which responding
agencies would be expected to be proficient in order to meet the expectations set out
in the UTL. The National Preparedness System also included the National Response
Plan and National Incident Management System as the means for implementing these
capabilities. Starting in 2005, States had to demonstrate how they were meeting UTL
and TCL requirements in order to receive State Homeland Security Grant Program
funding. [10]
In March 2011, the Obama Administration issued PPD-8 calling for a new National
Preparedness Goal based on core capabilities. [11] In September 2011, DHS release its
new National Preparedness Goal as follows:
“A secure and resilient Nation with the capabilities required across the whole
community to prevent, protect against, mitigate, respond to, and recover from
the threats and hazards that pose the greatest risk.” [12, p. 1]
Chapter 18: Emergency Preparedness & Response
If State resources prove
insufficient to the task,
the Governor might
request assistance from
neighboring states
under the Emergency
Management Assistance
Compact (EMAC). Under
the terms of the EMAC,
neighboring States can
provide civilian
resources and National
Guard support under the
direction of the local
Incident Command Post.
304
The 2011 NPG replaced the 36 Target Capabilities with 35 Core Capabilities. The
revised National Preparedness System issued in November 2011 now required States
to link HSGP funding requests towards achieving the Core Capabilities. They would
demonstrate this by annually conducting a Threat and Hazard Identification and Risk
Assessment (THIRA). [13]
The 2011 National Preparedness System also introduced the National Planning
Framework. Just as the NRP and NIMS were considered part of the 2005 National
Preparedness System, the National Planning Framework provided a family of plans, not
only updating the National Response Framework, and also adding a National
Prevention Framework, National Protection Framework, National Mitigation
Framework, and National Disaster Recovery Framework. [14, p. 1]
In September 2015, DHS issued a second National Preparedness Goal under the Obama
Administration. The 2015 version did not change the NPG itself, however, it did revise
the Core Capabilities, reducing their number from 35 to 32. Otherwise, the Disaster
Preparedness System remained unchanged. [15]
Homeland Security Exercises
To validate existing Core Capabilities, the 2011 National Preparedness System
advocates the use of homeland security exercises. [13, p. 5] In 2007, DHS issued
guidance in four volumes for conducting homeland security exercise in the form of the
Homeland Security Exercise and Evaluation Program. HSEEP offered a systematic
method for planning, executing, and documenting homeland security exercises. [16] In
2013, the four HSEEP volumes were slimmed down to one. [17] Otherwise, not much
had changed. The ultimate objective of HSEEP exercises is to identify deficiencies and
take actions to correct them. State and Local government may request funding to
conduct HSEEP exercises under the FEMA Homeland Security Grant Program.
At the Federal level, homeland security exercises are conducted more formally under
the National Exercise Program (NEP). In December 2003, the Bush Administration
issued HSPD-8 authorizing a National Exercise Program to train and test national
decision makers across multiple Federal departments. [18] The 2006 Post-Katrina
Emergency Management Reform Act required NEP to conform to HSEEP. NEP exercises
are planned and executed by the FEMA National Exercise Division under the guidance
and coordination of the White House Domestic Readiness Group. Prior to 2013, the
NEP consisted of two types of exercises: 1) National Level Exercises (NLEs), and 2)
Principal Level Exercises (PLEs). An NLE was an operations-based exercise conducted
annually addressing potential catastrophic scenarios involving Federal, State, and Local
agencies. A PLE was a quarterly discussion-based exercise designed to assist senior
policy makers with evaluating emerging threats. [19] Starting in 2013, the NEP began a
Part III: Mission Areas
First Responders may
apply to the FEMA
Homeland Security
Grant Program (HSGP)
to obtain funding for
equipment and training.
Funding needs are
determined by the
Threat and Hazard
Identification and Risk
Assessment (THIRA)
program that requires
States to assess their
readiness against a set
of Core Capabilities. The
idea is to achieve the
National Preparedness
Goal through
incremental
improvement.
305
two-year exercise cycle. Each NEP cycle includes various types of exercises at the
Federal, State, and Local levels, culminating in a capstone NLE at the end of the cycle.
The sequence of exercises is designed to become increasingly more complex during the
course of the NEP cycle. Some exercises may be classified. The number of exercises
executed during each cycle depend on the Principal Objectives recommended by the
White House Domestic Readiness Group and approved by the National Security Council
Principal’s Committee. Lessons learned during the exercise are evaluated and
disseminated to respective agencies to take appropriate corrective action as necessary.
[20]
The first series of national homeland security exercises were called TOPOFF, short for
TOP OFFICIALS. TOPOFF exercises were conducted from 2000 to 2009.
TOPOFF 1, May 2000, simulated biological and chemical attacks in Denver CO and
Portsmouth NH.
TOPOFF 2, May 2003, simulated WMD attacks in Chicago IL and Seattle WA.
TOPOFF 3, April 2005, simulated biological and chemical attacks in Connecticut and
New Jersey.
TOPOFF 4, October 2007, simulated dirty bomb attacks in Guam, Phoenix AZ, and
Portland OR. [21]
TOPOFF exercises were replaced by NLEs starting in 2009. Then in 2013, NLEs became
Capstone exercises ending the two-year NEP cycle.
NLE 09, July 2009, simulated terrorist attempts to enter U.S. after major overseas
attack.
NLE 10, May 2010, simulated terrorist attack using Improvised Nuclear Device
(IND).
NLE 11, May 2011, simulated earthquake along the New Madrid Seismic Zone
(NMSZ).
NLE 12, multiple exercises simulating cyber attacks on critical infrastructure.
NLE 14, multiple exercises simulating nuclear weapon accident in Alaska.
NLE 15, multiple exercises simulating earthquakes, nuclear accidents, and chemical
attacks. [21]
Chapter 18: Emergency Preparedness & Response
Exercises are a part of
the National
Preparedness System
which establishes a
continuous cycle of
equipping, training,
exercising, and
evaluating. At the
national level, Federal
agencies participate in
the National Exercise
Program (NEP) that now
culminate in a two-year
capstone National Level
Exercise (NLE).
306
Conclusion
Since 2003, the Department of Homeland Security has led efforts to integrate and
strengthen the nation’s ability to respond to catastrophic incidents. The failure of
Hurricane Katrina intensified those efforts. As a result, responding agencies across the
country have adopted the Incident Command System and acquired new capabilities
particularly with respect to WMD attack. Since hurricane Katrina, it is fair to say that
the nation has become proficient at responding to natural disasters. And though the
nation has mercifully not been put to the test, it may also be said that it is much better
prepared than it was on 9/11. This is a DHS success.
Part III: Mission Areas
307
Chapter 18: Emergency Preparedness & Response
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
questions may require additional research outside this book in order to provide a complete answer.
1. What is the responsibility of the State Governor?
2. How did 9/11 prompt Federal support for State and Local first responders?
3. List and describe the two major emergency response initiatives introduced by HSPD-5.
4. Under what authority may the President grant Federal assistance to State Governors?
5. Who does the FCO represent and who do they work with to coordinate Federal assistance?
6. In what form is Federal assistance provided to the States?
7. When Federal assistance arrives on-scene to the disaster, who do they work for?
8. How does the Incident Commander direct all elements towards a common objective?
9. What agreement allows States to request assistance from each other?
10. How do exercise programs help improve emergency preparedness?
308
Part III: Mission Areas
309
Chapter 19: Aviation Security
Aviation Security
Careful study of this chapter will help a student do the following:
Describe aviation security changes since 9/11.
Explain ongoing aviation security challenges.
Evaluate different aviation security measures.
Assess different aviation security priorities.
Chapter 19
Learning Outcomes
310
“The security and economic prosperity of the United States depend significantly upon
the secure operation of its Aviation Transportation System and safe use of the world’s
airspace.”
– 2010 Transportation Sector-Specific Plan
Introduction
In the aftermath of 9/11, the Federal government moved swiftly to plug the security
gaps exposed in the nation’s Aviation Transportation System. The chapter describes
the security apparatus entrusted with protecting the aviation subsector, and ensuing
programs and concerns that have evolved since 9/11.
Aviation Infrastructure
The aviation infrastructure is a subsector of the transportation infrastructure sector,
one of sixteen national critical infrastructure sectors identified in Presidential Policy
Directive No. 21. Aviation is one of seven subsectors in the Transportation Sector as
listed in Table 1. As such, the aviation subsector is covered under the Department of
Homeland Security National Infrastructure Protection Plan (NIPP). As part of the NIPP,
aviation security is coordinated through a Sector Coordinating Council (SCC) guided by
a U.S. Government Sector-Specific Agency (SSA). The Transportation Security
Administration (TSA), part of DHS, is the SSA for the overall transportation sector.
However, TSA works in conjunction with the Federal Aviation Administration (FAA)
which has regulatory authority over the aviation subsector. Under the NIPP, the SSA
works with the SCC to produce and periodically update a corresponding Sector-Specific
Plan (SSP). The first Transportation Systems SSP was produced in 2007. The
Transportation Systems SSP was last updated in 2010. Annex A to the 2010 SSP
addresses security measures undertaken within the aviation subsector. [1]
According to Annex A, the aviation subsector is formally identified as the Aviation
Transportation System (ATS). Furthermore, the ATS is said to be comprised of the
National Airspace System (NAS). The NAS, in turn, is comprised of more than 690 air
traffic control (ATC) facilities with associated systems and equipment to provide radar
and communication services; more than 19,800 general aviation and commercial
aviation airports capable of accommodating an array of aircraft operations; and
volumes of procedural and safety information necessary for users to operate in the
system. In addition, the NAS includes over 11,000 air navigation facilities and
approximately 13,000 flight procedures. [1, p. 129]
Part III: Mission Areas
Table 19-1: Transportation Subsectors
1 Aviation 5. Mass Transit
2. Freight Rail 6. Passenger Rail
3. Highway 7. Pipelines
4. Maritime
The National Airspace
System (NAS) is
comprised of more than
690 Air Traffic Control
(ATC) facilities; more
than 19,800 general
aviation and commercial
aviation airports; and
over 11,000 air
navigation facilities.
311
Under Title 49 of the Code of Federal Regulations (CFR), the FAA has regulatory
authority over aircraft operators, air cargo, foreign air carriers, indirect air carriers,
commercial airports, general aviation, and flight schools. Extensive rules and
regulations apply to aircraft operations in national airspace and around the globe. U.S.
security rules are also extended to those foreign airports and air carriers that fly to the
United States. [1, p. 130]
Aviation Security Partners
Aviation security and protection functions apply to non-travelers, travelers and their
carry-on items, checked baggage, cargo, and aviation industry personnel, including
staff, vendors, tenants, and flight crews. They impact the operation of foreign and
domestic airlines, airports, and the air cargo supply chain. Because various agencies
have jurisdictional authority over different components, aviation security entails a
complex choreography among both public and private stakeholders. [1, p. 131]
The Transportation Security Administration screens passengers and checked baggage;
deploys Federal Air Marshals (FAMs); assesses security at domestic and foreign
airports; performs vulnerability assessments of aviation assets; and provides training,
public education, and information sharing to enhance the protection of passengers,
cargo, and infrastructure. Additionally, TSA inspectors audit air carriers for compliance
with security programs, standards, and regulations. Furthermore, TSA deploys aviation
security specialists in response to high-threat situations and global security challenges.
TSA operations are monitored and coordinated nationally from the Transportation
Security Operations Center in Herndon, VA. [1, p. 132]
Customs and Border Protection (CBP) agents are law enforcement officers with legal
authority to arrest and apprehend unlawful travelers. CBP further maintains the Air
and Marine Operations Surveillance System (AMOSS) supporting counterterrorism and
counter-narcotics missions focused on general aviation aircraft. CBP coordinates these
actions nationally from its Air and Marine Operations Center (AMOC) in Riverside CA.
[1, p. 132]
The Federal Aviation Administration within the Department of Transportation (DOT) is
responsible for securing NAS facilities and systems supporting air navigation. The FAA
also monitors safe air transit from its National Operations Control Center (NOCC) in
Herndon, VA. [1, p. 132]
The Federal Bureau of Investigation (FBI) within the Department of Justice (DOJ) is
responsible for the ground-based tactical response to hijacking, air piracy, or other
terrorist threats; the investigation, enforcement, and prosecution of criminal law
Chapter 19: Aviation Security
The Transportation
Security Administration
(TSA) screens
passengers and checked
baggage; deploys
Federal Air Marshals
(FAMs); assesses
security at domestic and
foreign airports; and
performs vulnerability
assessments of aviation
assets.
312
violations within its jurisdiction that occur in the ATS; coordinating the law
enforcement community; and intelligence collection, counterintelligence, and foreign
intelligence sharing. [1, p. 132]
The Department of Defense (DoD) is responsible for deterring, defending against, and
defeating aviation threats to the United States and its global interests; airborne
response and resolution of nation-state threats within the ATS; and the operational
response to actual or potential airborne threats in U.S. airspace or the approaches to
the United States and the threat has either been resolved for defeated. [1, p. 132]
The Department of State (DOS) is responsible for coordinating U.S. Government
initiatives that involve foreign governments and international organizations, including
regional aviation security cooperation. [1, p. 132]
The Department of Commerce (DOC) is responsible for providing aviation industry and
trade policy expertise in both interagency policy efforts and international negotiations.
[1, p. 132]
Federal departments and agencies represent a segment of the aviation security
community. The large volume of cargo and number of passengers flying into the
United States from overseas increases the importance of strong partnerships at the
Federal level and with international and domestic aviation partners. Foreign
governments, State and Local law enforcement, and passengers play key roles in the
multi-layered protective posture that has been put in place since 9/11.
Post-9/11 Aviation Security
Following the 9/11 terrorist attacks, Congress took swift action to create the
Transportation Security Administration, federalizing all airline passenger and baggage
screening functions and deploying significantly increased numbers of armed air
marshals on commercial passenger flights. To this day, the federalization of airport
screening remains controversial. Some in Congress contended that, in hindsight, the
decision to create TSA as a federal agency functionally responsible for passenger and
baggage screening was a “big mistake,” and that frontline screening responsibilities
should have been left in the hands of private security companies. While airports have
the option of opting out of federal screening, alternative private screening under TSA
contracts has been limited to 21 airports out of approximately 450 commercial
passenger airports where passenger screening is required. While Congress has sought
to ensure that optional private screening remains available for those airports that want
to pursue this option, proposals seeking more extensive reforms of passenger
screening have not been extensively debated. Rather, the aviation security legislation
Part III: Mission Areas
DoD is responsible for
deterring, defending
against, and defeating
aviation threats to the
United States; It
provides airborne
response and resolution
of nation-state threats
within the Air
Transportation System
(ATS); and it responds to
actual or potential
airborne threats in U.S.
airspace or the
approaches to our
territory.
313
in the aftermath of the 9/11 attacks has largely focused on specific mandates to
comprehensively screen for explosives and carry out background checks and threat
assessments. [2, pp. 1-2]
Despite the extensive focus on aviation security for more than a decade, a number of
challenges remain, including
effectively screening passengers, baggage, and cargo for explosives threats;
developing effective risk-based methods for screening passengers and others with
access to aircraft and sensitive areas;
exploiting available intelligence information and watchlists to identify individuals
who pose potential threats to civil aviation;
effectively responding to security threats at airports and screening checkpoints;
developing effective strategies for addressing aircraft vulnerabilities to shoulder
fired missiles and other standoff weapons; and
addressing the potential security implications of unmanned aircraft operations in
domestic airspace. [2, p. 2]
Explosives Screening Strategy
Prior to the 9/11 attacks, explosives screening was limited in scope and focused on
selective screening of checked baggage placed on international passenger flights.
Immediately following the 9/11 attacks, the Aviation and Transportation Security Act
(ATSA; P.L. 107-71) mandated 100% screening of all checked baggage placed on
domestic passenger flights and on international passenger flights to and from the
United States. [2, p. 2]
In addition, the Implementing the 9/11 Commission Recommendations Act of 2007
(P.L. 110-53) mandated the physical screening of all cargo placed on passenger flights.
Unlike passenger and checked baggage screening, TSA does not routinely perform
physical inspections of air cargo. Rather, TSA satisfies this mandate through the
Certified Cargo Screening Program. Under the program, manufacturers, warehouses,
distributors, freight forwarders, and shippers carry out screening inspections using TSA
-approved technologies and procedures both at airports and at off-airport facilities in
concert with certified supply-chain security measures and chain of custody standards.
Internationally, TSA works with other governments, international trade organizations,
and industry to assure that all U.S.-bound and domestic cargo carried aboard
passenger aircraft meet the requirements of the mandate. [2, p. 2]
Chapter 19: Aviation Security
Despite the extensive
focus on aviation
security for more than a
decade, a number of
challenges remain.
314
Additionally, TSA works closely with Customs and Border Protection (CBP) to carry out
risk-based targeting of cargo shipments, including use of the CBP Advance Targeting
System-Cargo (ATS-C), which assigns risk-based scores to inbound air cargo shipments
to identify shipments of elevated risk. Originally designed to combat drug smuggling,
ATS-C has evolved and adapted over the years, particularly in response to the October
2010 cargo aircraft bomb plot that originated in Yemen, to assess shipments for
explosives threats or other terrorism-related activities. [2, pp. 2-3]
Given the focus on the threats to aviation posed by explosives, a significant focus of
TSA acquisition efforts has been on explosives screening technologies. However, in
2014, Congress found that TSA has continued to face numerous challenges in meeting
key performance requirements set for explosives detection, has only recently
developed a technology investment plan, and has not consistently implemented
Department of Homeland Security policy and best practices for procurement. The
Transportation Security Acquisition Reform Act (P.L. 113- 245) seeks to address these
concerns by requiring a five-year technology investment plan, and to increase
accountability for acquisitions through formal justifications and certifications that
technology investments are cost-beneficial. The act also requires tighter inventory
controls and processes to ensure efficient utilization of procured technologies, as well
as improvements in setting and attaining goals for small-business contracting
opportunities. [2, p. 3]
A major thrust of TSA’s acquisition and technology deployment strategy is improving
the capability to detect concealed explosives and bomb-making components carried by
airline passengers. On December 25, 2009, a passenger attempted to detonate an
explosive device concealed in his underwear aboard Northwest Airlines flight 253
during its approach to Detroit, MI. Al Qaeda in the Arabian Peninsula claimed
responsibility. Al Qaeda and its various factions have maintained a particular interest in
attacking U.S.-bound airliners. Since 9/11, Al Qaeda has also been linked to the Richard
Reid shoe bombing incident aboard American Airlines flight 63 enroute from Paris to
Miami on December 22, 2001, a plot to bomb several trans-Atlantic flights departing
the United Kingdom for North America in 2006, and the October 2010 plot to detonate
explosives concealed in air cargo shipments bound for the United States. [2, p. 3]
Part III: Mission Areas
Given the focus on the
threats to aviation
posed by explosives, a
significant focus of TSA
acquisition efforts has
been on explosives
screening technologies.
315
In response to the Northwest Airlines flight 253 incident, the Obama Administration
accelerated deployment of Advanced Imaging Technology (AIT) whole body imaging
(WBI) screening devices and other technologies at passenger screening checkpoints.
This deployment responds to the 9/11 commission recommendation to improve the
detection of explosives on passengers. In addition to AIT, next generation screening
technologies for airport screening checkpoints include advanced technology X-ray
systems for screening carry-on baggage, bottled liquids scanners, cast and prosthesis
imagers, shoe scanning devices, and portable explosives trace detection equipment. [2,
p. 3]
The use of AIT has raised a number of policy questions. Privacy advocates have
objected to the intrusiveness of AIT, particularly if used for primary screening. To allay
privacy concerns, TSA eliminated the use of human analysis of AIT images, and does
not store imagery. In place of human image analysts, TSA has deployed automated
threat detection capabilities using automated targeting recognition (ATR) software.
Another concern raised about AIT centered on the potential medical risks posed by
backscatter X-ray systems, but those systems are no longer in use for airport screening,
and current millimeter wave systems emit nonionizing millimeter waves not
considered harmful. [2, pp. 3-4]
Some have advocated for risk-based use of AIT. Past legislative proposals have
specifically sought to prohibit the use of WBI technology for primary screening,
although primary screening using AIT is now commonplace, at least at larger airports.
Checkpoints at many smaller airports, however, have not been furnished with AIT
equipment and other advanced checkpoint detection technologies. This raises
questions about TSA’s long-range plans to expand AIT to ensure more uniform
approaches to explosives screening across all categories of airports. Through FY2014,
TSA had deployed about 750 AIT units, roughly 86% of its projected full operating
capability of 870 units. Full operating capability, once achieved, will still leave many
smaller airports without this capability. TSA plans to manage this risk to a large extent
through risk-based passenger screening measures, primarily through increased use of
voluntary passenger background checks under the PreCheck trusted traveler program.
However, this program, likewise, has not been rolled out at many smaller airports:
currently, the program’s incentive of expedited screening is offered at less than one-
third of all commercial passenger airports. [2, p. 4]
Chapter 19: Aviation Security
In 2010, the Obama
Administration
accelerated deployment
of Advanced Imaging
Technology (AIT) whole
body imaging (WBI)
screening devices and
other technologies at
passenger screening
checkpoints. This
deployment responds to
the 9/11 commission
recommendation to
improve the detection of
explosives on
passengers.
316
Risk-Based Passenger Screening
TSA has initiated a number of risk-based screening initiatives to focus its resources and
apply directed measures based on intelligence-driven assessments of security risk.
These include a trusted traveler program called PreCheck, modified screening
procedures for children 12 and under, and a program for expedited screening of
known flight crew and cabin crew members. Programs have also been developed for
modified screening of elderly passengers similar to those procedures put in place for
children. [2, p. 4]
A cornerstone of TSA’s risk-based initiatives is the PreCheck program. PreCheck is TSA’s
latest version of a trusted traveler program that has been modeled after CBP programs
such as Global Entry, SENTRI, and NEXUS. Under the PreCheck program, participants
vetted through a background check process, as well as other passengers randomly
selected and deemed to be low-risk under a process known as “managed inclusion,”
are processed through expedited screening lanes where they can keep shoes on and
keep liquids and laptops inside carry-on bags. As of March 2015, PreCheck expedited
screening lanes were available at more than 130 airports. The cost of background
checks under the PreCheck program is recovered through application fees of $85 per
passenger for a five-year membership. TSA’s goal is to process 50% of passengers
through PreCheck expedited screening lanes, thus reducing the need for standard
security screening lanes. [2, p. 4]
A predecessor test program, called the Registered Traveler program, which involved
private vendors that issued and scanned participants’ biometric credentials, was
scrapped by TSA in 2009 because it failed to show a demonstrable security benefit.
Although initial evaluations and consumer response have suggested that PreCheck
offers an effective, streamlined screening process, some questions remain regarding
whether PreCheck is fully effective in directing security resources to unknown or
elevated-risk travelers. While questions remain regarding the security effectiveness of
risk-based screening measures like PreCheck, these approaches have demonstrated
improved screening efficiency, resulting in cost savings for TSA. TSA estimates annual
savings in screener workforce costs totaling $110 million as a result of risk-based
screening efficiencies. [2, pp. 4-5]
One concern raised over PreCheck, and the passenger screening process in general, is
the public dissemination of instructions, posted on Internet sites, detailing how to
decipher boarding passes to determine whether a passenger has been selected for
expedited screening, standard screening, or more thorough secondary screening. The
lack of encryption and the limited capability TSA has to authenticate boarding passes
and travel documents could be exploited to attempt to avoid detection of threat items
by more extensive security measures. Other concerns raised over the PreCheck
program include the lack of biometric identity authentication and the extensive use of
Part III: Mission Areas
A cornerstone of TSA’s
risk-based initiatives is
the PreCheck program.
Participants vetted
through a background
check process, as well as
other passengers
randomly selected and
deemed to be low-risk
under a process known
as “managed inclusion,”
are processed through
expedited screening
lanes where they can
keep shoes on and keep
liquids and laptops
inside carry-on bags.
317
managed inclusion to route travelers not enrolled in or vetted through the PreCheck
program through designated PreCheck expedited screening lanes based on random
selection or observations by Behavior Detection Officers (BDOs), canine explosives
detection teams, or explosives trace detection equipment. The Government
Accountability Office (GAO) found that TSA had not fully tested its managed inclusion
practices, and recommended that TSA take steps to ensure and document that testing
of the program adheres to established evaluation design practices. [2, p. 5]
In addition to passenger screening, TSA, in coordination with participating airlines and
labor organizations representing airline pilots, has developed a known crewmember
program to expedite security screening of airline flight crews. In July 2012, TSA
expanded the program to include flight attendants. [2, p. 5]
TSA has also developed a passenger behavior detection program to identify potential
threats based on observed behavioral characteristics. TSA initiated early tests of its
Screening Passengers by Observational Techniques (SPOT) program in 2003. By
FY2012, the program deployed almost 3,000 BDOs at 176 airports, at an annual cost of
about $200 million. Despite its significant expansion, questions remain regarding the
effectiveness of the behavioral detection program, and privacy advocates have
cautioned that it could devolve into racial or ethnic profiling of passengers despite
concerted efforts to focus solely on behaviors rather than individual passenger traits or
characteristics. While some Members of Congress have sought to shutter the program,
Congress has not moved to do so. For example, House Amendment 127 (113th
Congress), an amendment to the FY2014 DHS appropriations measure that sought to
eliminate funding for the program, failed to pass a floor vote. Congress also has not
taken specific action to revamp the program, despite the concerns raised by GAO and
the DHS Office of Inspector General. [2, p. 5]
Terrorist Watchlists
The failed bombing attempt of Northwest Airlines flight 253 on December 25, 2009,
raised policy questions regarding the effective use of terrorist watchlists and
intelligence information to identify individuals who may pose a threat to aviation.
Specific failings to include the bomber on either the no-fly or selectee list, despite
intelligence information suggesting that he posed a security threat, prompted reviews
of the intelligence analysis and terrorist watchlisting processes. Adding to these
concerns, on the evening of May 3, 2010, Faisal Shazad, a suspect in an attempted car
bombing in New York’s Times Square, was permitted to board an Emirates Airline flight
to Dubai at John F. Kennedy International airport, even though his name had been
added to the no-fly list earlier in the day. He was subsequently identified, removed
from the aircraft, and arrested after the airline forwarded the final passenger manifest
to CBP’s National Targeting Center just prior to departure. Subsequently, TSA modified
security directives to require airlines to check passenger names against the no-fly list
Chapter 19: Aviation Security
TSA has also developed
a passenger behavior
detection program to
identify potential
threats based on
observed behavioral
characteristics. TSA
initiated early tests of its
Screening Passengers by
Observational
Techniques (SPOT)
program in 2003. By
FY2012, the program
deployed almost 3,000
BDOs at 176 airports.
318
within two hours of being electronically notified of an urgent update, instead of
allowing 24 hours to recheck the list. The event also accelerated the transfer of
watchlist checks from the airlines to TSA under the Secure Flight program. [2, p. 6]
By the end of November 2010, DHS announced that 100% of passengers flying to or
from U.S. airports are being vetted using the Secure Flight system. Secure Flight
continues the no-fly and selectee list practices of vetting passenger name records
against a subset of the Terrorist Screening Database (TSDB). On international flights,
Secure Flight operates in coordination with the use of watchlists by CBP’s National
Targeting Center – Passenger, which relies on the Advance Passenger Information
System (APIS) and other tools to vet both inbound and outbound passenger manifests.
In addition to these systems, TSA also relies on risk-based analysis of passenger data
carried out by the airlines through use of the Computer-Assisted Passenger
Prescreening System (CAPPS). In January 2015, TSA gave notification that it would start
incorporating the results of CAPPS assessments, but not the underlying data used to
make such assessments, into Secure Flight, along with each passenger’s full name, date
of birth and PreCheck traveler number (if applicable). These data are used within the
Secure Flight system to perform risk-based analyses to determine whether passengers
receive expedited, standard, or enhanced screening at airport checkpoints. [2, p. 6]
Central issues surrounding the use of terrorist watchlists include the speed with which
watchlists are updated as new intelligence information becomes available; the extent
to which all information available to the federal government is exploited to assess
possible threats among passengers and airline and airport workers; the ability to
detect identity fraud or other attempts to circumvent terrorist watchlist checks; the
adequacy of established protocols for providing redress to individuals improperly
identified as potential threats; and the adequacy of coordination with international
partners. [2, p. 7]
Security Response to Incidents at Screening Checkpoints
On November 1, 2013, a lone gunman targeting TSA employees fired several shots at a
screening checkpoint at Los Angeles International Airport (LAX), killing one TSA
screener and injuring two other screeners and one airline passenger. The incident
raised concerns about the ability of TSA and airport security officials to mitigate and
respond to such threats. In a detailed post-incident action report, TSA identified
several proposed actions to improve checkpoint security, including enhanced active
shooter incident training for screeners; better coordination and dissemination of
information regarding incidents; expansion and routine testing of alert notification
capabilities; and expanded law enforcement presence at checkpoints during peak
times. TSA did not recommend mandatory law enforcement presence at checkpoints,
and did not support proposals to arm certain TSA employees or provide screeners with
bulletproof vests. [2, p. 7]
Part III: Mission Areas
By the end of November
2010, DHS announced
that 100% of passengers
flying to or from U.S.
airports are being vetted
using the Secure Flight
system. Secure Flight
continues the no-fly and
selectee list practices of
vetting passenger name
records against a subset
of the Terrorist
Screening Database
(TSDB).
319
The Gerardo Hernandez Airport Security Act of 2015 (H.R. 720), named in honor of the
TSA screener killed in the LAX incident, addresses security incident response at
airports. It would mandate airports to put in place working plans for responding to
security incidents including terrorist attacks, active shooters, and incidents targeting
passenger checkpoints. Such plans would be required to include details on evacuation,
unified incident command, testing and evaluation of communications, time frames for
law enforcement response, and joint exercises and training at airports. Additionally,
the bill would require TSA to create a mechanism for sharing information among
airports regarding best practices for airport security incident planning, management,
and training. The bill also would require TSA to identify ways to expand the availability
of funding for checkpoint screening law enforcement support through cost savings
from improved efficiencies. [2, p. 7]
Mitigating the Threat of Shoulder-Fired Missiles to Civilian Aircraft
The threat to civilian aircraft posed by shoulder-fired missiles or other standoff
weapons capable of downing an airliner remains a vexing concern for aviation security
specialists and policymakers. The State Department has estimated that, since the
1970s, over 40 civilian aircraft have been hit by shoulder-fired missiles, causing 25
crashes and more than 600 deaths. Most of these incidents involved small aircraft
operated at low altitudes in areas of ongoing armed conflicts, although some larger
jets have also been destroyed. Notably, on April 6, 1994, an executive jet carrying the
presidents of Rwanda and Burundi was shot down while on approach to Kigali,
Rwanda, and on October 10, 1998, a Boeing 727 was destroyed by rebels in the
Democratic Republic of Congo. The dangers of operating civil aircraft in and near
regions of armed conflict has recently been a topic of particular concern following the
July 17, 2014, downing of Malaysia Airlines Flight 17, a Boeing 777, over eastern
Ukraine after being struck by a much larger surface-to-air missile. [2, pp. 7-8]
The terrorist threat posed by small man-portable shoulder-fired missiles was brought
into the spotlight soon after the 9/11 terrorist attacks by the November 2002
attempted downing of a chartered Israeli airliner in Mombasa, Kenya, the first time
such an event took place outside of a conflict zone. In 2003, then Secretary of State
Colin Powell remarked that there was “no threat more serious to aviation.” Since then,
Department of State and military initiatives seeking bilateral cooperation and voluntary
reductions of man-portable air defense systems (MANPADS) stockpiles have reduced
worldwide inventories by at least 32,500 missiles. Despite this progress, such weapons
may still be in the hands of potential terrorists. This threat, combined with the limited
capability to improve security beyond airport perimeters and to modify flight paths,
leaves civil aircraft vulnerable to missile attacks. [2, p. 8]
Chapter 19: Aviation Security
The threat to civilian
aircraft posed by
shoulder-fired missiles
or other standoff
weapons capable of
downing an airliner
remains a vexing
concern for aviation
security specialists and
policymakers. The State
Department has
estimated that, since
the 1970s, over 40
civilian aircraft have
been hit by shoulder-
fired missiles, causing 25
crashes and more than
600 deaths.
320
The most visible DHS initiative to address the threat was the multiyear Counter-
MANPADS program carried out by the DHS Science & Technology Directorate. The
program concluded in 2009 with extensive operational and live-fire testing along with
Federal Aviation Administration certification of two systems capable of protecting
airliners against heat-seeking missiles. The systems have not been operationally
deployed on commercial airliners, however, due largely to high acquisition and life-
cycle costs. Some critics have also pointed out that the units do not protect against the
full range of potential weapons that pose a potential threat to civil airliners.
Proponents, however, argue that the systems do appear to provide effective
protection against what is likely the most menacing standoff threat to civil airliners:
heat-seeking MANPADS. Nonetheless, the airlines have not voluntarily invested in
these systems for operational use, and argue that the costs for such systems should be
borne, at least in part, by the federal government. Policy discussions have focused
mostly on whether to fund the acquisition of limited numbers of the units for use by
the Civil Reserve Aviation Fleet, civilian airliners that can be called up to transport
troops and supplies for the military. Other approaches to protecting aircraft, including
ground-based missile countermeasures and escort planes or drones equipped with
antimissile technology, have been considered on a more limited basis, but these
options face operational challenges that may limit their effectiveness. [2, p. 8]
While MANPADS are mainly seen as a security threat to civil aviation overseas, a
MANPADS attack in the United States could have a considerable, long-lasting impact on
the airline industry. At the airport level, improving security and reducing the
vulnerability of flight paths to potential MANPADS attacks continues to pose unique
challenges. While major U.S. airports have conducted vulnerability studies, and many
have partnered with federal, state, and local law enforcement agencies to reduce
vulnerabilities to some degree, these efforts face significant challenges because of
limited resources and large geographic areas where aircraft are vulnerable to attack.
While considerable attention has been given to this issue in years past, considerable
vulnerabilities remain, and any terrorist attempts to exploit those vulnerabilities could
quickly escalate the threat of shoulder-fired missiles to a major national security
priority. [2, pp. 8-9]
Cybersecurity
While much attention has been focused on physical security, there is a growing
concern about the emerging threat from cyber attack. New generation electronic-
enabled (e-enabled) aircraft (such as the Boeing 787, Airbus A380, Airbus A350,
Bombardier C-Series, Gulfstream 650, and others ) and retrofitted legacy aircraft
implement an unprecedented amount of new technologies such as IP-enabled
networks, commercial-off-the shelf (COTS) components, wireless connectivity (e.g.,
Bluetooth®), and global positioning systems (GPSs). Aircraft/avionics manufacturers
are implementing “wireless” systems to reduce the amount of wiring within an aircraft.
Part III: Mission Areas
The DHS Counter-
MANPADS program
concluded in 2009 with
extensive operational
and live-fire testing
along with Federal
Aviation Administration
certification of two
systems capable of
protecting airliners
against heat-seeking
missiles. The systems
have not been
operationally deployed
on commercial airliners,
however, due largely to
high acquisition and life-
cycle costs.
321
The reduction in weight helps an aircraft achieve lower fuel consumption and can also
reduce support costs by simplifying aircraft configurations; however, these wireless
systems are vulnerable to cybersecurity threats. [3, p. 12]
With the introduction of new generation e-enabled aircraft, a new era has begun
where aircraft navigation and communication functions are transitioning from
operating as isolated and independent system to being integrated into a centralized
network system that is dependent on exchanging digital information between the e-
enabled aircraft and external networks located on the ground and on other e-enabled
aircraft. Current aircraft systems architectures are relying heavily on IP-based networks
that interconnect aircraft systems such as flight controls, displays, avionics, engine, and
cabin systems. While providing unprecedented global connectivity, these e-enabled
aircraft technologies and COTS components introduce many access points to aircraft
networks; as a result, e-enabled security vulnerabilities not present in past aircraft
designs have the potential to significantly impact current aircraft safety. [3, p. 12]
At the same time, unprecedented access to aircraft systems and networks from
external systems—including GateLink, wireless local area networks (WLANs), Avionics
Full Duplex Switched Ethernet (AFDX) Networking, engine health and usage monitoring
systems (HUMSs), and electronic flight bags (EFBs)—are being introduced. While these
connections allow for the convenience of two-way transfer of critical information to
and from the airplane, this two-way information transfer makes it easier for inaccurate
information to be transferred—either by mistake or through malicious intent—to and
from the airplane. [3, pp. 12-13]
In April 2015, a passenger was removed from a United Airlines flight after tweeting a
joke about hacking the plane’s Inflight Entertainment System (IFE). In a deposition to
the FBI the passenger claimed he was able to access the Thrust Management
Computer (TMC) through the IFE. The TMC works with the autopilot to calculate the
optimum power setting for the engines. According to the affidavit, the passenger was
able to issue a “climb command”, which “caused one of the airplane engines to climb
resulting in a lateral or sideways movement of the plane.” Boeing and independent
aviation experts asserted that what the FBI affidavit described was technically
impossible. Whether the passenger hacked the plane or not, it is clear they were able
to gain access and prod where they shouldn’t. United Airlines took the precaution of
banning the passenger from subsequent flights. [4]
Chapter 19: Aviation Security
The introduction of new
e-enabled aircraft is
centralizing aircraft
navigation and
communication
functions into a network
system capable of
exchanging data with
the ground and other e-
enabled aircraft. This
technology is creating
security vulnerabilities
not present in past
aircraft designs, and has
the potential to
significantly impact
current aircraft safety.
322
Whatever the true circumstances of the previous incident, the implications are clear:
newer aircraft are becoming increasingly vulnerable to cyber threats. Some potential
attack vectors against aircraft are listed in Table 2, and some potential forms of cyber
attack listed in Table 3. [5]
In 2004, the Department of Homeland Security’s National Cybersecurity Division
(NCSD) established the Control Systems Security Program (CSSP), which was chartered
to work with control systems security stakeholders through awareness and outreach
programs that encourage and support coordinated control systems security
enhancement efforts. In 2009, the CSSP established the Industrial Control System Joint
Working Group (ICSJWG) as a coordination body to facilitate the collaboration of
control system stakeholders and to encourage the design, development and
deployment of enhanced security for control systems. In 2011, the ICSJWG released a
Cross-Sector Roadmap for Cybersecurity. Roadmaps develop near, mid, and long-term
perspectives to guide industry efforts toward common goals. Based on the ICSJWG
effort, in 2012, the Transportation Sector Working Group (TSWG) released its own
Roadmap to Secure Control Systems in the Transportation Sector. The TSWG Roadmap
describes a plan for voluntarily improving Industrial Control Systems cybersecurity
across all transportation modes, including aviation. [3, pp. 1-5]
Part III: Mission Areas
Table 19-2: Cyber Attack Vectors [5]
# Attack Vector
1. Remote Connections from Aircraft to Ground Websites
Anything traversing the internet is exposed to attack
2. Network Connections between Aircraft Systems and Vulnerable Equipment
Vulnerable due to external connections
Inherent vulnerabilities of laptops, tablets, & USB devices
3. Corrupted Services
Command Radio
Global Positioning System (GPS)
Aircraft Communications Addressing and Reporting System (ACARS)
Automatic Dependent Surveillance – Broadcast (ADS-B)
Digital Weather
Broadband Satellite
WiFi/Cellular Connections
In 2004, the Department
of Homeland Security’s
National Cybersecurity
Division (NCSD)
established the Control
Systems Security
Program (CSSP), which
was chartered to work
with control systems
security stakeholders
through awareness and
outreach programs that
encourage and support
coordinated control
systems security
enhancement efforts.
323
The TSWG Roadmap established four goals:
1. Build a Culture of Cybersecurity. End State: Cybersecurity and ICS are viewed as
inseparable and integrated throughout the Transportation Sector.
2. Assess and Monitor Risk. End State. The Transportation Sector has a robust
portfolio of ICS-recommended security analysis tools to effectively assess and
monitor ICS cybersecurity risk.
3. Develop and Implement Risk Reduction and Mitigation Measures. End State:
Security solutions for legacy systems, new architectural designs, and secured
communication systems in the Transportation Sector are readily available and
deployed across the Sector.
4. Manage Incidents. The Transportation Sector is quickly alerted of cybersecurity ICS
incidents, and sophisticated, effective, and efficient mitigation strategies are
implemented in operation. [3, p. 30]
When viewed together, the four goals are intended to capture the full spectrum of
activities needed for transportation control systems cybersecurity. To achieve these
goals within a ten-year timeframe, the TSWG Roadmap identifies subordinate
objectives with near-term (0-2 years), mid-term (2-5 years), and long-term (5-10 years)
milestones. The Transportation Roadmap milestones and metrics provide broad
quantification information that can be used to determine progress as a whole towards
achieving the corresponding objectives, and are presumably monitored under the
auspices of the corresponding National Infrastructure Protection Plan Sector
Coordinating Council and Sector-Specific Plan. [3, p. 30]
Chapter 19: Aviation Security
Table 19-3: Potential Types of Aircraft Cyber Attacks [6]
# Attack Type Examples
1. Spoofing
Modifying data that otherwise appears to be from a legitimate source
Uses protocol weaknesses, compromised security data or ground systems
Flight Plans
GPS Navigation
Data
2. Exploiting
Using a digital connection to execute malicious instructions on installed
equipment
Uses software vulnerabilities such as buffer overflows
Bots
Automated
Sabotage
3. Denial of Service
Using a digital connection to disrupt service
Often uses inherent protocol features
Flooding
ARP Poisoning
4. Counterfeiting
Inserting malicious content into a legitimate part, software component, or
database
Trojan Horse
Backdoor
RootKit
In 2012, the
Transportation Sector
Working Group (TSWG)
released its own
Roadmap to Secure
Control Systems in the
Transportation Sector.
The TSWG Roadmap
describes a plan for
voluntarily improving
Industrial Control
Systems cybersecurity
across all transportation
modes, including
aviation.
324
Conclusion
Despite much progress, many holes remain in securing the nation’s Aviation
Transportation System. From a physical standpoint, given that current security
measures are imperfect, the question remains “how much security at what price”?
And while TSA continues to search for the right balance, the emerging threat from
cyber attack may render most physical security measures meaningless. In the absence
of any specific solutions, the Department of Homeland Security can only do what it’s
already doing, and that’s to navigate a protective course guided by risk management.
Part III: Mission Areas
325
Chapter 19: Aviation Security
Challenge Your Understanding
The following questions are designed to challenge your understanding of the material presented in this chapter. Some
q