The Center for Public Integrity has published an insightful study of the abomination known as "congressional oversight" of the Department of Homeland Security. While terrorists adapt quickly and nimbly, and North Korea and Iran thumb their noses at us, and illegal immigrants flagrantly cross U.S. borders, the leadership of DHS is strangling under the need for Congress to get in front of a television camera so they can grab a sound bite or video and tell their constituents what a great job they're doing protecting the country.

A little rough, you say? Consider this. According to the study Congress has held more than 900 hearings since DHS was stood up in March, 2003. I remember those days well. Almost as much time was spent on the Hill as at disaster sites or with first responders.

Don't misunderstand me. This dysfunctional system is a result of both the Bush Administration's against-then-for-then-against-then-for the creation of DHS and Congress' inability to consolidate jurisdiction because of politics. Everyone needs to be able to be called "Mr. Chairman" so Congress creates subcommittee upon subcommittee to exercise jurisdiction and oversight.

The purpose of oversight should be accountability, not politics.

Still think I'm being too tough on Congress? Consider this:

Estimates on the number of committees overseeing DHS have always varied, but no one is arguing that the Capitol Hill reshuffling substantially reduced the number of panels asserting some claim on DHS. “As a practical matter, any committee that has any part of jurisdiction is going to try to assert it, in order to get a shot on the news back home,” says Representative Peter King of New York, ranking Republican member of the House Homeland Security committee. “Congress is like kids in school; you have to have rules.”

Kids in school. Yes, Peter King is right. They're acting like kids in school while threats grow around the world.

The problem of convoluted oversight is that those within DHS who truly want to make it work and be effective are often stymied in those efforts. You can spend almost all of your time on the Hill making your case and when the parochial interests supersede the national security interests, effective change becomes unlikely, if not impossible.

What does a chart like the one above mean in the "real world" of Washington? The report sums it up best:

Under pressure from powerful committee chairs, congressional leaders allowed a system of widely distributed oversight to remain largely intact. As a result, the Department of Homeland Security is still coping with an extraordinary number of demands from Capitol Hill, which are tripping up a fledgling organization. And the crazy quilt of oversight is making it difficult for Congress to provide cogent guidance on budgeting, organization, or priorities for a department still struggling on all those fronts.

“When you have oversight conducted by numerous committees and subcommittees you tend not to get the rigor you need in oversight,” 9/11 Commission vice-chair Lee Hamilton told the Center last week. “The more [committees] you have engaged in the topic, the less robust it is. We think the executive branch needs very rigorous, independent oversight that can only really come from the Congress.”

If you're interested in effective public policy, especially as it relates to homeland security, read the Center's report here.

The media - and Congress - are all over the recent Government Accounting Office (GAO) report about the security breaches effected by GAO's testing of the Federal Protective Service (FPS) work protecting federal buildings. Politicians are preening for the cameras and pontificating about how bad it is. Here's tonight's news before we go to the other part of this story that's not been reported:

Here is how the Associated Press reported the story:

Report: Probe found weaknesses in federal security

By JIM ABRAMS, Associated Press Writer Jim Abrams, Associated Press Writer

WASHINGTON – Federal investigators had no trouble smuggling bomb-making materials past ill-trained and poorly supervised guards at federal buildings, senators were told at a hearing Wednesday.

"This is the broadest indictment of a federal agency I have ever heard," Sen. Joseph Lieberman, I-Conn., said at a Homeland Security Committee hearing on the performance of the Federal Protective Service, the office responsible for the safety of some 9,000 federal facilities. "This is really serious stuff."

The committee, chaired by Lieberman, heard how Government Accountability Office investigators on 10 occasions carried the components for an improvised explosive device through checkpoints monitored by FPS guards. In all 10 cases the bomb-making materials went undetected.

Mark Goldstein, the GAO's director for physical infrastructure issues, said the investigators proceeded to assemble the material — made up of a liquid explosive and a low-yield detonator — in restrooms and walked freely around the facilities with the IED in a briefcase.

He said that in some cases the bathrooms were locked but employees working in the buildings opened them up for the visitors.

The IEDs, which Goldstein said contained actual bomb components but with concentrations below trigger points, were smuggled into 10 level IV facilities — buildings housing more than 450 employees with a high volume of public contact — in four major cities. They included offices of a U.S. senator and representative and agencies such as the departments of Homeland Security, State and Justice.

"In this post-9/11 world that we are now living in, I cannot fathom how security breaches of this magnitude were allowed to occur," Sen. Susan Collins of Maine, top Republican on the committee, said.

The FPS, Goldstein concluded, "is an agency in crisis." In addition to the smuggling operations, the GAO cited examples of a night guard being found asleep after taking the pain killer prescription drug Percocet, and a guard failing to recognize or properly x-ray a box containing handguns at the loading dock of a facility. One guard supposed to have been at his post was caught using government computers to manage a private for-profit adult website.

The report also found that 411 of the 663 guards deployed to a federal facility had at least one expired firearm qualification, background check, domestic violence declaration or CPR-first aid training certificate.

While the FPS requires that all prospective guards complete 128 hours of training, including eight hours of x-ray and magnetometer training, in one region the service had not provided the x-ray or metal detector training to its 1,500 guards since 2004.

Gary Schenkel, the FPS director, said the report "caused us all grave concern" and that within three hours of receiving the study he had ordered regional directors to increase inspections and outline steps they would take to improve guard performance. "It's purely a lack of oversight on our part," he acknowledged.

He also explained that the FPS's full-time workforce had decreased from 1,400 in 2003, when it became part of the new Department of Homeland Security, to 1,236 today, and that the agency had had to reschedule training and equipment purchases to avoid greater cuts. The FPS has a budget of about $1 billion and, in addition to full-time employees, uses about 13,000 contract security guards.

Schenkel said his office would also require the FPS's 11 regional directors to conduct more random searches of packages, increase oversight of contract guards, and carry out overt and cover inspections of screening processes.

Lieberman said the committee had originally planned to go public with the findings after the GAO issues a second report later this summer, but the conclusions "were so disturbing that we decided to air them immediately to accelerate the critical work of turning the FPS around." He said he planned to introduce legislation responding to the service's shortcomings.

Let's recap the mainstream media's reporting:  GAO is able to get bomb-making material into federal buildings.  Congress is outraged that this could happen.  FPS must be an agency in crisis.  People working for the FPS are incompetent.

Not everyone who works for the FPS is incompetent. FPS provided my security detail when I was the Under Secretary of Homeland Security and they were among the most professional, competent individuals I have ever dealt with in my career.  Kenny, Orlandus and the others were excellent.

What we should be asking Senator Collins and Senator Lieberman is this.  When you conducted your oversight of the Department of Homeland Security, did you ever ask about the FPS budget?  Did you ask why the organization was being moved into DHS in the first place?  After FPS was moved into DHS did you inquire about their budget and personnel?  After DHS was moved from one component of DHS to another, did you inquire about the costs of these moves and whether or not DHS was bleeding the FPS budget of needed funding and personnel?

The problem is FPS, like many other agencies consumed by DHS, saw their budgets and personnel counts dwindle as DHS siphoned off money to "integrate" these agencies into the new department.  When Congress and the Bush Administration mandated the creation of DHS to be budget neutral, either they were deceiving themselves and the public, or they were blissfully ignorant of the costs of consolidating 22 agencies into one department.  FPS, much like FEMA and other organizations within DHS, saw the loss of money and manpower.

So, before we jump to the conclusion that FPS is a bunch of incompetents (and obviously from the reporting there are serious problems) we should also ask Congress, how did you allow this to happen?

Your answer?

Last week the Wall Street Journal's Homeland Security reporter Siobham Gorman filed a report that has received very little attention, but which points out so many problems within the federal government, including problems that I had in DHS and that most departments and agencies suffer. The report also highlights the increasing vulnerability of the federal government to cyber attacks, the next frontier of terrorism.

I fly in excess of 100,000 miles per year on United Airlines. Occasionally I fly on private aircraft, too. That's just me. Consider these statistics from the National Air Traffic Controllers Association:

On any given day, more than 87,000 flights are in the skies in the United States. Only one-third are commercial carriers [like United Airlines]. On an average day, air traffic controllers handle 28,537 commercial flights (major and regional airlines), 27,178 general aviation flights (private planes), 24,548 air taxi flights (planes for hire), 5,260 military flights and 2,148 air cargo flights (Federal Express, UPS, etc.). At any given moment, roughly 5,000 planes are in the skies above the United States. In one year, controllers handle an average of 64 million takeoffs and landings.

For every one flight you see listed on an airport monitor, two you don't see show up on air traffic controllers' screens. It would take approximately 7,300 airport terminal monitors to show all the flights controllers handle in a single day and approximately 460 monitors to show the number of flights being handled at any one time.

That is a lot of airplanes in the air at any one time.

But we can all rest assured that all of the air traffic controllers are doing everything they can to keep us safe.  Except that, they have outdated equipment, not enough controllers, and hackers from around the world and in our own country are constantly attacking the Federal Aviation Administration's (FAA) systems.

So what did the Wall Street Journal report?  Let's take a look.

The FAA Inspector General released a report last Wednesday (May 6, 2009) which cited a cyber attack on the FAA's computer systems that "partially shut down air-traffic data systems in Alaska" and the FAA's attempts to modernize its systems are "introducing new vulnerabilities that could increase the risk of cyber attacks on air-traffic control systems.

So the FAA is under attack at the same time it's trying to modernize its systems and that modernization itself is increasing the FAA's (and thus the flying public's) vulnerability to cyber attacks.

The FAA has "administrative" networks (for email, data, et al) and "operational" networks (ATC, flight controllers et al) and those in charge at the FAA claim that the systems are separate.  Yet, the Inspector General (IG) identified more than 763 "high risk" vulnerabilities in the administrative networks that could provide hackers a path to the sensitive operational systems. 

The natural tendency of those in charge of different departments and agencies is to defend their employees, programs and systems.  No one wants to be accused of a faulty system that's subject to vulnerabilities.  So, we shouldn't be surprised by this response of the FAA spokeswoman:  "We have specific orders that prohibit them [the administrative and operational networks] from being connected.

Orders?

That's all?  Orders?  Well, that'll certainly stop the hackers, won't it? I can see the hackers sitting in Moscow, Beijing or San Francisco just laughing at that statement. 

Those administrative systems only control items such as air-traffic flow, electric power, flight and weather data for the pilots.  Yeah, I don't care if the pilots know any of that stuff, do you?  But it gets worse.  According to Tom Kellermann of Core Security Technologies the "integrity of the data on which ground control is relying can be manipulated, much as seen in '24.'"

The IG also found that when cyber attack intrusions were detected they weren't necessarily addressed quickly by the FAA. For example it found 50 unresolved incidents that had been open for more than three months "including critical incidents in which hackers may have taken over control" of the FAA's operations wing.

The Wall Street Journal report and the IG's report caught my attention not only because it is one more example of the cyber warfare attack on the United States, but it also outlines the underlying problems inside the federal government:  turf wars, impediments to adoption of new technologies because of outdated procurement rules, an unwillingness to admit to systemic problems in one's department, lack of accountability, and Congressional oversight that is nominal or parochial or overbearing. 

Whether it's my United pilot landing on this runway at Anchorage, or Customs & Border Patrol inspecting cargo or cars coming across our borders, or FEMA trying to get water and ice through flood waters, we need the best technology we can get.  Procurement offices, congressional overseers, inspectors general, all of us, need to find ways to speed adoption of new technologies. 

Otherwise, we'll miss the runway or a hacker will steer us into the mountain.

See the Wall Street Journal's report here.

Update on Monday, May 11, 2009 at 7:36PM by Michael Brown

A couple of the photographs in this post are from a great site called FlightAware.  It is great for all things aviation, including real-time flight monitoring.  Check it out:  FlightAware.

Update on Thursday, May 21, 2009 at 9:41PM by Michael Brown

The Associated Press is reporting that a virus has struck computers at the FBI.  Read the story here.

As President (then-Candidate) Obama and Massachusetts Governor Deval have told us, "words matter:"

Apparently, Secretary of Homeland Security Janet Napolitano didn't get the message or didn't see the speeches. In an interview with the German newspaper, Der Spiegel, Secretary Napolitano was quoted:

SPIEGEL: Madame Secretary, in your first testimony to the US Congress as Homeland Security Secretary you never mentioned the word "terrorism." Does Islamist terrorism suddenly no longer pose a threat to your country?

Napolitano: Of course it does. I presume there is always a threat from terrorism. In my speech, although I did not use the word "terrorism," I referred to "man-caused" disasters. That is perhaps only a nuance, but it demonstrates that we want to move away from the politics of fear toward a policy of being prepared for all risks that can occur.

I happen to agree with President Obama.  Words matter.  Words set a tone.  Words are used to communicate.  Words mean things.  And in the world of international terrorism, or international economics, or domestic politics, words matter.

One of the first battles I undertook after the Federal Emergency Management Agency was subsumed into the Department of Homeland Security, was to retain the FEMA name.  FEMA is a brand, recognized worldwide.  The abandonment of the FEMA moniker would have been one more nail in the coffin of an otherwise well-known and effective agency.  Just as the depletion of money, manpower and resources was taking place as FEMA was absorbed by DHS, the loss of the name would have further diminished its stature.  Fortunately, I was able to win that battle and Secretary Tom Ridge rightly recognized that words matter and FEMA kept its name.

Secretary Napolitano should know that words matter.  Avoiding the word "terrorism" because she wants to move from "the politics of fear" to the "policy of preparedness" is shrewd because she has actually used words to now create an illusion of preparedness while ignoring the reality of risk.

I was and remain a strong advocate of the "all hazards" approach to consequence management.  We should prepare local, state and federal governments and our citizenry to be prepared for any hazard, regardless of the cause.  Thus, the "all hazards" approach long recognized by emergency management should be her policy.

To equate the word "terrorism" with the "politics of fear" is politics itself.  Terrorism is a real threat, no matter what she calls it.  If you don't believe me, ask those whose loved ones were killed in the Alfred P. Murrah Building bombing in Oklahoma City.  Or ask those families of the victims of the September 11th attacks.  Ask those families who had relatives killed by the Unabomber.  Ask the surviving relatives of those soldiers killed in the Beirut bombings or the USS Cole bombing.  Need I continue?

Terrorism is real.  It doesn't go away because we refuse to mention the word.

This isn't some building in Baghdad or Beirut.  This is downtown Oklahoma City just after Timothy McVeigh exploded the Ryder truck filled with ammonium nitrate fuel.  This is terrorism.

What we need from DHS is a focus on threats - terrorism, natural- and man-made disasters, biological threats, technological threats, not on politics.  I believe the American public is willing to hear what those threats are, and not some meaningless word or phrase like "man-caused disasters." 

Words matter.

Homeland Security Secretary Janet Napolitano testified before the House Homeland Security Committee. In an excellent summation of the testimony, Security Debrief's Rich Cooper provides this synopsis:

Future of FEMA
While she was questioned by at least three different Members about her thoughts on FEMA remaining inside DHS, Sec. Napolitano declined to offer her opinion on the subject other than to reinforce her pledge at her confirmation hearing to work with the organization she has and make it better. She did offer that she had not spoken to the President about his preferences on the subject and wanted to get his guidance on the matter. Rep. Cuellar (D-TX) shared that Rep. Oberstar (D-MN) was going to introduce legislation either today or some time this week to remove FEMA from DHS, fulfilling his pledge to so from some months back. Rep. Oberstar is the Chairman of the House Transportation & Infrastructure Committee which also has some oversight responsibilities over FEMA.

The Secretary also offered that central to FEMA’s success is its leadership and operational functions - not its placement on an organization chart. She also went at lengths to stress the fact that FEMA is not a first responder organization and that as a nation we needed to carefully examine our expectations of the agency to be up and operating in an instant.

This is both good and bad in my opinion.  This means there is still a possibility FEMA will be pulled out of DHS and the debate is still alive.  But, it also means that we still don't have a decision on this issue; and, we still don't have a nominee (at least as of 9:30 p.m. MST) yet. 

Hurricane season, spring floods, threats of terrorism or manmade disasters, all continue or are coming up soon.  President Obama needs to make both this decision and an appointment a top priority.

You can read Security Debrief's complete synopsis of Secretary Napolitano's testiimony here.