At its meeting on May 21, 2015, the Homeland Security Advisory Council (HSAC) issued a report by its DHS Employee Task Force, established in October 2014 following the Department’s poor rankings in the latest federal employee survey results, and formerly known as the “DHS Employee Morale Task Force” but renamed a few weeks prior to the issuance of the report. The report has been publicly released but is not yet available on the DHS website; I have posted a copy at this link.
The report includes a brief assessment of the relevant issues that affect DHS workforce morale, makes four primary recommendations, and includes twenty-seven specific action items that derive from these recommendations. The four primary recommendations are as follows:
1. Greatly increase the emphasis on leadership qualities when filling managerial positions and when assessing the performance of incumbents.
2. Significantly improve management training, particularly leadership training.
3. Adopt proven industrial standards for personnel development.
4. Significantly strengthen communications (upward, downward and outward), making greater use of modern communication technology.
Overall, the report provides a solid initial assessment of the challenges facing DHS leadership as it attempts to address morale issues, and suggests a number of common-sense management initiatives. But its analysis should be viewed as only a starting point. This is an issue that is difficult to generalize across the Department; the issues that affect the morale and satisfaction of the frontline officer at TSA or CBP are very different than the issues that affect an intelligence analyst or policy advisor at one of the headquarters offices. Moreover, it is necessary as part of such an assessment to make a distinction between issues that are within the span of control of the leadership of the Department (such as day-to-day operational policies and norms) and those that are outside of their control (such as civil service laws, or Congressional constraints on the Department’s organizational structure).
Two issues in particular are deserving of further analysis. The first is the set of procedures (formal and informal) related to decision-making and action-taking within DHS, and the incentive structure that underlies these procedures. My observation over a number of years and spanning multiple DHS leadership teams is that it is far too difficult for motivated and forward-looking individuals to take initiative and drive change within the Department. Instead, it is much easier for offices to stifle new initiatives that they do not like, a reality exacerbated by the fragmented Congressional oversight of the Department and by the existence of numerous internal oversight and compliance offices within DHS. This observation is supported by the results of Question #32 on the Federal Employee Viewpoint Survey: “Creativity and innovation are rewarded.” DHS employees express on average a much more negative response to this question than employees of other federal agencies. I would contend that the frustration and hopelessness captured in these responses is a major factor in low morale at DHS.
The second issue deserving of additional attention is reflected in the results to Question #22 of the Federal Employee Viewpoint Survey: “Promotions in my work unit are based on merit.” 55.6% of DHS employees disagreed with this statement in the 2014 survey – the most negative result of any agency surveyed by far, and much higher than the government-wide average of 39.3%. The apparent lack of meritocracy reflected in this result is a long-standing issue at DHS (as far back as the 2006 employee survey, DHS also had the most negative result) and needs to be rigorously assessed at the component level to determine the root causes of this, which likely includes issues related to organizational culture, personnel policies, and the lack of clear standards for promotions. Notably, the HSAC task force calls for a follow-on review of these issues, including an assessment of the Department’s promotion and compensation systems.
As noted earlier, the full HSAC report can be viewed at this link.
Yesterday ABC News broke a story about recent covert tests by the DHS Office of the Inspector General of TSA screening activities, highlighting the following results:
An internal investigation of the Transportation Security Administration revealed security failures at dozens of the nation’s busiest airports, where undercover investigators were able to smuggle mock explosives or banned weapons through checkpoints in 95 percent of trials, ABC News has learned.
The series of tests were conducted by Homeland Security Red Teams who pose as passengers, setting out to beat the system.
According to officials briefed on the results of a recent Homeland Security Inspector General’s report, TSA agents failed 67 out of 70 tests, with Red Team members repeatedly able to get potential weapons through checkpoints.
DHS Secretary Johnson responded to this media story by removing Mel Carraway from the position of acting TSA Administrator and by indicating that DHS and TSA would take a detailed set of actions in response to the results of these tests.
Neither the relevant news stories nor the responses to them have revealed the specific nature of the vulnerability (or vulnerabilities) that were tested; and hopefully this will remain a secret, given the sensitive nature of the information. But it is perhaps noteworthy that the Secretary’s statement places a great deal of emphasis on issues related to screening equipment:
Fourth, I have directed TSA, in phased fashion, to re-test and re-evaluate the screening equipment currently in use at airports across the United States. As a related matter, I personally intend to meet with senior executives of the contractors involved in the development of the equipment at issue to communicate to them the importance of their assistance in our efforts to investigate and remedy the deficiencies highlighted by the Inspector General.
….Longer term, in the coming months, I have directed TSA to ensure that all screening equipment is operating up to the highest possible standards. I have also directed TSA and the Department of Homeland Security Under Secretary for Science and Technology to examine adopting new technologies to address the vulnerabilities identified by the Inspector General’s testing.
This seems to indicate that there is a specific issue or set of issues with respect to the currently-deployed base of screening equipment at the passenger checkpoint. On a potentially related note, DHS Inspector General John Roth noted the following in testimony before a House committee last month:
We are currently conducting covert testing to evaluate the effectiveness of TSA’s Automated Target Recognition software and checkpoint screener performance in identifying and resolving potential security threats at airport checkpoints. Once that testing is completed and evaluated, we will report our results to the Secretary and Congress.
It is possible (but by no means certain) that this is the same testing on which ABC News is now reporting. If it is, it would suggest that there may be weaknesses with respect to the algorithms being used to flag potentially anomalous items in carry-on baggage and on one’s person. I expect that we will learn more as TSA pushes out information to the field in response to these covert tests.
Finally, it’s worth keeping in mind two things as this story continues to develop:
a) It is very important that DHS continues to conduct these covert tests; these types of failures in testing are embarrassing to the agency, but are necessary given the adaptive nature of aviation security threats, and can be used as the basis for making real improvements to security. If anything, there needs to be more covert testing within DHS than there is today, particularly at Customs and Border Protection (CBP), where GAO noted in 2014 that additional covert testing would be warranted.
b) Any decisions about new investments in screening equipment need to be made thoughtfully in response to this story, and not in a rush as part of a PR-driven damage control effort. Too often in its 14-year history, TSA has rushed to make large new investments in screening equipment without fully assessing the costs and benefits of such investments, factoring in the impact of such investments on other aspects of the aviation security system. We saw this most recently at TSA with the rush to acquire AIT machines following the 2009 Christmas Day plot. Given the budget-constrained environment in which TSA has operated for the past six years, and is likely to continue to operate, it is imperative that decisions on any major new investments in next-generation screening equipment be made judiciously.
The President has nominated Coast Guard Vice Admiral Peter Neffenger to be the next Administrator of the Transportation Security Administration (TSA), replacing John Pistole, who departed from the position at the end of 2014. Neffenger is currently the Vice Commandant of the U.S. Coast Guard (its second-ranking official), and is well-respected within DHS, in Congress, and among the Coast Guard’s stakeholders – a fact reflected in the positive comments in the media on his nomination. Given this high praise, I would expect the two relevant Senate committees (Homeland Security and Governmental Affairs, and Commerce) that have a role in his nomination to move quickly.
One question related to his nomination is whether he will retain his rank within the Coast Guard after being confirmed as TSA Administrator, akin to how former CIA Director Michael Hayden remained as a four-star General in the US Air Force for the majority of the time that he served as CIA Director. In addition, given the non-partisan nature of this nomination, it will be interesting to see whether the next Administration decides to retain Neffenger in this position for the purpose of continuity, assuming that he is confirmed and is successful at TSA in the next 18 months.
Earlier today the U.S. Senate confirmed Russell Deyo to be the Under Secretary for Management at the Department of Homeland Security, the third most senior position in the Department. Both Secretary Jeh Johnson and Senator Tom Carper released statements praising his confirmation this afternoon.
Deyo’s confirmation is long overdue – a point that I made in an op-ed published by The Hill last week that called for the Senate to finally act on his nomination. As I had predicted in that piece, Deyo received near-unanimous support, with 95 Senators voting in favor of his confirmation, and only two opposed.
Deyo will find himself with a full agenda when he is sworn in as Under Secretary, including needing to address such issues as (a) management-related issues that are part of the Unity of Effort initiative, (b) making key decisions about the St. Elizabeths DHS headquarters project, (c) overseeing the Department’s efforts to address morale and other workforce effectiveness issues, and (d) continuing to strengthen the Department’s oversight of major acquisitions.
This confirmation represents further progress in addressing the senior-level vacancies problem that was seriously impairing the Department in 2013 and early 2014. With Deyo’s confirmation, by my count only two Senate-confirmed positions are currently unfilled at DHS:
1. Administrator, Transportation Security Administration. The TSA Administrator position has been vacant since John Pistole’s departure at the end of the 2014, with TSA being led by Acting Administrator Mel Carraway in the interim. At a recent House Appropriations hearing, Secretary Johnson told members of the Committee that a nominee was in vetting and would be announced soon.
2. Assistant Secretary, Office of Policy. The lead Policy position at DHS has been without a Senate-confirmed leader since David Heyman departed the position in May 2014, nearly a year ago. Alan Bersin was named as Acting Assistant Secretary after Heyman’s departure, but Bersin would have been limited by the Vacancies Act to serving in that acting role for a maximum of 210 days, i.e. until mid-December 2014. Notably, the DHS Leadership page now lists this position as “vacant” rather than being filled in an acting capacity – a recent change.
Hopefully the President will soon nominate highly capable individuals to fill these two positions; and if such nominations are made, I would hope that the Senate will act with a greater sense of urgency then it did with respect to Deyo’s 7 1/2 month nomination process.
The Science and Technology Directorate (S&T) at the Department of Homeland Security released a new five-year strategic plan this week, a detailed document that succinctly articulates and aligns the Directorate’s priority areas of research and engagement for the next five years. The report highlights the five visionary goals that S&T announced last fall, and it explains how S&T plans to address management and workforce issues, a very important priority given S&T’s record of low employee morale for the last several years.
One notable aspect of the strategy is the focus on the Homeland Security Industrial Base, or HSIB for short; a term that had not previously been used widely within DHS until S&T Under Secretary Reggie Brothers started using it last year, as a variant of the well-known concept of a Defense Industrial Base. The report articulates the concept of a HSIB as follows:
Unlike many other industries with well-defined sets of products, technologies, and customers, the HSIB is a highly fragmented federation of product and service providers serving a broad constituency. Customers and their needs vary widely, from ships for the U.S. Coast Guard to protective gear for first responders to cyber defense tools for power plants. This degree of fragmentation means that many companies with leading-edge technologies are often small and more challenging to locate and engage. Simultaneously, federal, state, and local agencies are spending less on R&D for next-generation technologies. Therefore, it is critical that S&T collaborate with the HSIB to capitalize on industry investments in R&D and encourage the development of force multiplying solutions that defend, defeat, and mitigate threats to the nation.
In order to energize the HSIB, S&T will revamp existing programs so industry can more easily partner with S&T. We will also develop new approaches to engage non-traditional companies. The following initiatives highlight specific activities that will help us achieve this objective.
This focus on the Homeland Security Industrial Base as part of S&T’s strategy will hopefully catalyze efforts to address the noted fragmentation of homeland security markets and technologies. This fragmentation has led many companies in the past decade to settle for opportunistic investments in the homeland security market, rather than taking a long-term, strategic approach with respect to investments in homeland security research and development, as they often do in other markets and domains.
If S&T’s efforts with respect to the HSIB can help to encourage standard-setting, reduce duplication, and decrease market fragmentation, the Department will likely find itself dealing with a stronger, more engaged set of industry partners in the coming years, who can be a force multiplier for S&T’s own investments in its portfolio of research challenges.
The Washington Post has a story today highlighting the fact that Immigration & Customs Enforcement (ICE) has issued a new solicitation entitled “Access to License Plate Reader Commercial Data Service”, a second attempt by ICE to procure such a service after a previous solicitation was withdrawn last year following a round of media scrutiny. As the Post story notes, the DHS Privacy Office also recently completed a review of ICE’s “Acquisition and Use of License Plate Reader Data from a Commercial Service”; the completion of this review likely provided the basis for ICE to move forward with this solicitation.
The Privacy Office’s review of this matter is thorough in its analysis of the relevant issues, and makes it clear that ICE would not be developing its own LPR database, but instead would simply be establishing a query capability that can be used against known subjects of investigations or enforcement actions, consistent with ICE’s well-established law enforcement authorities. This is a standard tool now for U.S. law enforcement at all levels of government, an issue that may be worthy of a broader national policy debate, building on the analysis within this 2014 report from RAND. But given that the adoption of these capabilities is already the prevailing reality today, there is no justifiable reason why one of the largest federal law enforcement agencies in the country should not also have uniform access to such a capability.
Furthermore, the DHS Privacy Office report also notes the variety of safeguards that will be put in place with ICE’s access to such a service, including required training of ICE officers, specified purpose policies, and audit capabilities to detect and deter misuse. These safeguards should help to provide the general public that such a capability will not be misused, and senior leaders at DHS and ICE will need to be watchful to make sure that it is not.
Despite the concerns expressed by a couple of the critics in the Washington Post piece, it is likely that ICE’s procurement of this service will now move forward. The real lesson from this story and the earlier firestorm over this issue in 2014, is that DHS and its components need to be more proactive in socializing such new projects and proposals with key stakeholders (including Congress) and the media early on in the planning process. Too often in DHS’s history, new projects make their first public appearance in a solicitation on FedBizOpps or as a passing reference in a job posting on USAJobs. After such projects are publicly uncovered, the critics often drive the media narrative, DHS reacts slowly, and those who would be generally inclined to support such projects are provided with scant information on which to base such arguments. This ICE/LPR issue will hopefully serve as a useful case study about how the Department can better vet and socialize similar projects in the future.
The Department of Homeland Security quietly released its annual report on the National Network of Fusion Centers several days ago on the Department’s website, available at this link. This is the fourth consecutive year that the Department has produced and issued such a report, measuring the relative maturity of the 78 state and local fusion centers with respect to a defined set of Critical Operational Capabilities and Enabling Capabilities. (Previous years’ reports are available at this link).
The latest report provides a rich, updated overview of the current state of the national network of fusion centers. I won’t try to summarize the full report, but instead would note my three key takeaways:
1. Fusion center costs. The total operational cost of the national network of fusion centers was calculated at $328.3 million for 2014, of which $184.8 million (56.3%) was funded by state and local dollars. A smaller amount – $143.7 million (43.2%) – of funding for fusion centers came from federal coffers, either directly in terms of staff deployed at fusion centers, or indirectly through homeland security grants.
This reality of balanced cost-sharing between federal, state and local levels is a strong counterpoint to the occasional budget-related critiques of the fusion centers. It’s also worth noting that this annual federal investment in state and local fusion centers is miniscule in comparison with other federal homeland security and counterterrorism activities, adding up to around 0.24% of the annual DHS budget or 0.27% of the annual National Intelligence Program budget – a proportionally small investment in enhancing the capabilities and awareness of state and local entities across the country in support of these critical national security missions.
2. Collaborative analytic products. The new report notes that the network of fusion centers issued 272 collaborative analytic reports in 2014, i.e. where two or more fusion centers jointly develop and publish a report on a given topic. This number is a significant increase from the 115 collaborative reports issued in 2013. Without knowing more about the content of these reports, it’s difficult to definitively assess the meaning of this increase, but this is the kind of trend that is likely to lead to analytic reporting that is increasingly valuable to federal agencies.
For example, If Fusion Center A works together with Fusion Centers B and C on a report on, say, human trafficking issues, and they all identify common trends in terms of traffickers’ activities that may have otherwise appeared incidental to an investigation, that information likely has analytic and investigative value nation-wide with respect to addressing the issue, including to federal law enforcement agencies. Such collaboration is a positive indicator for fusion centers’ continued maturation.
3. The limits of performance assessment. The report notes that the 78 fusion centers averaged a score of 96.3 out of 100 on the assessment of their capability, an average increase of four points from the 2013 assessment, and a significant increase from an average score of 76.8 in 2011. 29 of the 78 fusion centers had a perfect score of 100 in 2014.
This increase in fusion center capabilities is a reflection of dedicated, serious effort in the past five years by the fusion centers to mature their capabilities, and thus to ensure that they are providing value to their state and local stakeholders and their federal partners. As a result, fusion centers today are increasingly efficient in their business processes and are very judicious with respect to privacy and civil liberties-related concerns – it’s not an accident that there have not been any privacy and civil liberties-related scandals at fusion centers in the last 3-4 years, as there were on several occasions in the mid to late 2000’s.
However, it is important to recognize the limits of this assessment process, as the Government Accountability Office noted in a report released in November 2014:
The overall assessment scores represent fusion centers’ progress in establishing designated baseline capabilities—such as implementing specified policies and procedures—but the scores may not reflect improvements in overall performance or homeland security contributions. That is, the assessment questions are intended to capture the extent to which each fusion center—regardless of size or staffing level—has met baseline capabilities to receive, analyze, gather, and disseminate information. However, the actual output of products and services can vary considerably by center based on risk environment, resource levels, or other factors. For example, 11 individual attributes constitute the “analyze” capability, and represent a broad range of activities, such as having developed an analytical production plan, the ability to access subject matter experts, and being able to contribute to local and national threat assessments. A center may report the successful completion of such activities and improve its overall assessment scores, but the scores do not reflect if the center effectively administered these activities or if they resulted in any considerable impact.
Given that the fusion center assessment process has reached its Lake Wobegon phase, with all of the centers now above average, it is imperative that the next assessment be revamped, and focused not only on capability-building but also assessing these issues of performance and effectiveness, in a way that is cognizant and respectful of state and local governance of fusion centers.
There are many additional details in the full report that are worth examining – you can read the full report here.
The White House today issued an Executive Order on “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.” The full text of the EO is at this link. The White House website also has a fact sheet, a statement by the President, and a letter to Congress on the order.
The Executive Order would take the toolkit that the Department of the Treasury has developed and refined over the past dozen years to address counterterrorism and counter-proliferation threats (a story well-told in Juan Zarate’s recent book, Treasury’s War) and leverage it against the most significant cybersecurity threats to U.S. national and economic security. The fact sheet describes the specific types of foreign cyber threats to which this Executive Order will apply:
- Harming or significantly compromising the provision of services by entities in a critical infrastructure sector;
- Significantly disrupting the availability of a computer or network of computers (for example, through a distributed denial-of-service attack); or
- Causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (for example, by stealing large quantities of credit card information, trade secrets, or sensitive information).
In addition, the Executive Order would allow entities or individuals who have knowing benefited from “trade secrets misappropriated through cyber-enabled means” to be sanctioned – a significant additional measure that will hopefully cause many foreign firms to be extremely circumspect about the prospect of illicitly acquiring intellectual property.
Overall, the EO is likely to provide the U.S. government with a significant new tool to counter and deter cyber threats. But the announcement today leaves several key questions unanswered, which will have an impact on its overall effectiveness:
1. Will the US government be able to identify the individuals and entities responsible for relevant cyber threats with the same (or greater) degree of accuracy and legal certainty that it currently does for counterterrorism and counterproliferation-related sanctions? Or is the attribution challenge more difficult in the cyber domain?
2. Are such individuals and entities connected to the global economy to a degree that they in fact will be disrupted or deterred by sanctions with respect to ongoing malicious cyber activity?
3. What additional resources (e.g. more intelligence analysts) does the Department of the Treasury need to implement this EO effectively, and how soon will the Department receive them? And at what level of priority will Treasury be able to task the IC (within the scope of the National Intelligence Priorities Framework) to support their efforts? What will be Treasury’s role in the new Cyber Threat Intelligence Integration Center?
4. How will foreign governments respond to this EO? Will they refuse to do business with listed entities and individuals? What is the U.S. government planning to do to encourage other countries to adopt similar policies?
All these questions will need to be addressed by senior leaders at Treasury and other Departments in the coming weeks and months as this is implemented. But overall this is a significant initiative by the Administration, one that if carried out effectively is likely to have a greater impact on the cyber threat than any other policy initiative announced in the past couple of years.
Earlier today the GW Center for Cyber & Homeland Security announced the selection of its new group of non-resident senior fellows, who will serve in the position for a two-year term starting on April 1, 2015. The Center’s full announcement and list of new senior fellows can be found at this link. You can expect to see contributions by many of these senior fellows in the coming months on this blog.
Yesterday the DHS Office of Inspector General released a lengthy report examining the allegations that then-USCIS Director Alejandro Mayorkas, who now serves as Deputy Secretary at DHS, provided favorable treatment to several companies that were involved in the EB-5 Immigrant Investor Program, an issue that arose during his confirmation process to be Deputy Secretary in 2013. You can read the full IG report at this link; at the end of the report is a lengthy rebuttal by Mayorkas of the allegations made in the report. Both Secretary Jeh Johnson and Mayorkas released press statements yesterday in response to the release of the report.
I have a lot of respect for the work of the DHS Office of Inspector General, but after reading the full report and Mayorkas’s rebuttal, I’m inclined to agree with Sec. Johnson’s primary interpretation of Mayorkas’s actions with respect to the cases discussed in the IG report:
Like me, he is often impatient with our sluggish government bureaucracy, can at times be very hands-on in resolving issues and problems that are brought to his personal attention, and is always mindful that we are public servants. Ali works hard to do the right thing, and never acts, in my observation, for reasons of personal advancement or aggrandizement. These personal attributes are reflected in the Inspector General’s report.
My main takeaway after reading the full report is that the EB-5 program – a creation of Congress – should be abolished. At the very least, it should be significantly narrowed to allow visas only for direct investors in real businesses, not the shell companies – the so-called “regional centers” – that seem to dominate this program.
The fundamental economic premise of this program is highly questionable. Any new or growing company that has a good business plan and solid economic prospects should be able to raise capital by securing commercial loans, finding private investors, and utilizing government programs such as the Small Business Administration’s loan programs. Any business that is unable to raise funds through such traditional means, and instead turns to a program such as EB-5, is either (a) one that has a flawed business plan or (b) doesn’t need EB-5 but is using it to lower their cost of capital and engage in rent-seeking behavior. Both of these are distortions of the free market, to the disadvantage of companies’ competitors and at an intangible cost in terms of using our immigration system as a “means” in support of other policy objectives.
The questionable economic basis for the EB-5 program – and the possibility of undeserved economic gains from rent-seeking – are an invitation to cronyism. USCIS (and formerly INS) have responded to these conditions by trying over the years to tightly administer and regulate the program – something that the IG report makes very clear in its description of the highly bureaucratic processes with respect to the cases in question. Ironically, these same bureaucratic processes within the EB-5 program make it even more of an insider’s game, with only a handful of companies able to have sufficient scale to invest in the expertise needed to navigate the program.
Congress will likely express outrage and dismay over this IG report, but it needs to consider its own role in creating and then expanding such a program in the first place. The IG report and Mayorkas’s response make clear that many members of Congress have tried to use this program throughout its history as a pseudo-earmark, pushing USCIS to approve EB-5 proposals that would provide economic benefits in their states or districts, without regard to the fundamental soundness of such investments. By contrast, Congress has a sparse record of oversight and scrutiny of the program’s efficacy in the past decade.
Hopefully this episode will lead to a reexamination by Congress of the value of the EB-5 program, and ultimately to either a termination of the program or changes to it that eliminate the opportunities for rent-seeking behavior and cronyism.