DHS lessons learned from Mumbai attacks

DHS Under Secretary Charles Allen (DHS Office of Intelligence and Analysis) testified last week before the Senate Committee on Homeland Security and Governmental Affairs, discussing both the lessons DHS learned from the November terrorist attacks in Mumbai, and the information sharing efforts of DHS with regard to the attacks.

Although committee testimony can sometimes be a bit dry, Allen’s testimony is relatively short and offers some insight into DHS policy direction, so you may want to read it.  Here are some highlights:

Prevention and Deterrence:

  • Previously disrupted plots (and previously identified targets) may resurface.
    • Reducing security protection leaves attackers an opening, no matter how much time has passed since the intial threat.
  • A determined and innovative adversary will make great efforts to find security vulnerabilities and exploit them.
    • Think like attackers to identify our weak points before they exploit them.
  • Security must be unpredictable for the adversary, but predictably responsive to those it is meant to protect.
  • Target knowledge was paramount to the effectiveness of the attack.
    • DHS is working on programs to help detect pre-attack surveillance.
  • “Low tech” attacks can achieve terrorist strategic goals-and can be dramatically enhanced by technology enablers.
    • Note: The attackers may have used wireless devices from hostages to monitor and interfere with the response against them.

Response and Recovery

  • Response to a similar terrorist attack in a major U.S. urban city would be complicated and difficult.
  • A unified command system is of paramount importance if governments are to respond to terrorist attacks quickly and effectively.
  • Public-private interactions are crucial and must be developed before an incident occurs.
  • Threat Information must be quickly and accurately conveyed to the public.
    • But he stressed DHS has procedures and practices to balance this with the need to ensure attackers can’t use the information to further their attack goals.
  • Training exercises that integrate lessons learned are critical.
    • Future national exercises will include Mumbai-style attacks.
  • We must protect the attack sites to collect intelligence and evidence to identify the perpetrators.
    • Proper evidence collection must be incorporated into training, planning, and response.

Note: Several reports were cited in the testimony, almost all marked For Official Use Only (FOUO), so they’re not available to link to.  If you would like access to any of these reports, I suggest you either contact your local fusion center or information sharing center, or contact I&A directly (they may point you to a regional organization that can properly vet you as having legitimate need to see the document).

Final Note: Controlling Wireless Information

Use of wireless devices by attackers is already being targeted from a technology standpoint (The NYPD expressed interest in jamming or intercepting wireless signals at the same hearings).  I expect this to become a hot topic, and I expect it to be addressed from an infrastructure & policy standpoint as well (giving responders some measure of control of private wireless infrastructure during an attack).  A combination of both would be necessary to deny attackers information they could use without interfering with the wireless information responders need, so watch for some policy debate on this issue.


Event: PS-Prep Public Meeting

The first of 2 public meetings on PS-Prep, a new DHS voluntary preparedness accreditation and certification program for the private sector, will be held on Tuesday January 13.  See my original post for more information on PS-Prep.

Thanks to Ginna Rodriguez for leaving a comment with the meeting time.

Date:     Tuesday, January 13, 2009
Time:     9am - 2:30pm
Location: US Chamber of Commerce
          1615 H Street, NW
          Washington, DC 20062
Register: 703-416-8407

DHS announces voluntary private sector preparedness program

From HSToday:

On Dec. 24, DHS announced a new voluntary preparedness accreditation and certification program for the private sector known as “PS-Prep.”  Through the program, DHS will adopt a series of voluntary preparedness standards, and then assess and certify the compliance of individual companies or organizations with those standards.  Congress authorized DHS to establish the program in the Implementing the Recommendations of the 9/11 Commission Act (Public Law 110-53).

DHS stressed that although certification in compliance with the standards is completely voluntary, companies would benefit from adopting the standards and from developing standards for DHS to consider including in its guidelines.

DHS called for comments on its proposal by Jan 23, 2009, and DHS intends to hold public meetings in January and February to solicit feedback on the program.  FEMA has set up a Web site to take comments.

I’ll write a new post (filed under the Upcoming Events category) when FEMA posts the dates of the public meetings.