Homeland Security at a Crossroads: Evolving DHS to Meet the Next Generation of Threats

The Department of Homeland Security (DHS) finds itself at a crossroads as it enters its second decade of existence. Since its creation in 2002, DHS has worked diligently to keep the United States safe from the specter of another catastrophic terrorist attack. In doing so, the Department has wrestled with a variety of significant challenges, including coordinating across 22 preexisting agencies, reporting to a multitude of congressional committees, and interacting with the U.S. public in a manner that constantly tests the balance between security and privacy. Some have pointed to these challenges as evidence of a dysfunctional department that is unable to effectively protect the nation. However, the Department’s record is clear; there have been no major terrorist attacks on American soil in the years since DHS’ creation. Furthermore, during this time DHS has achieved new levels of interagency coordination, improved cooperation with state and local agencies, and has begun integrating the private sector into a true homeland security enterprise. The Department should be congratulated for this record, as should the men and women whose hard work and constant vigilance have helped prevent another 9/11. However, after DHS spent the past 10 years focused on al Qaeda and its ideologically-inspired brand of terrorism, DHS is now confronted with a variety of new threats and challenges that will require an evolution of the Department’s priorities, structures, and missions.

While the pressing need to prevent further terrorist attacks after 9/11 naturally led DHS to devote much of its energy and resources to protecting against this threat, the Department can no longer afford to focus on al Qaeda as the preeminent threat to the nation. The ability of al Qaeda and its international affiliates to launch sophisticated strikes within the United States has been degraded to a significant degree over the past several years. While terrorists are still capable of taking lives and wreaking mayhem, the potential for an attack approaching the scale of 9/11 is low. Yet even as the threat of al Qaeda recedes, new challenges are emerging. DHS must find ways to increase the nation’s defenses against cyberattacks, establish enhanced systems for secure screening and credentialing, and improve intelligence and information sharing, all while operating in a constrained fiscal environment.

In some ways, the current budget climate presents a unique opportunity to transform the direction of the Department. Limited dollars will force hard decisions regarding what programs and capabilities to fund or cut, yet ultimately these decisions may be necessary to ensure DHS’s future utility and health. Furthermore, these budget cuts provide an opportunity not only to increase the Department’s efficiency but also to overcome and move past difficult policy issues. Fiscal realities may force resolutions to questions and problems that would have otherwise remained unaddressed, ultimately leading to a more efficient and effective Department. For instance, recent moves towards risk-based security models have been accelerated by budgetary concerns. These models hold the potential to improve not only the nation’s security, but also the Department’s relationship with the public. As DHS moves forward, identifying and implementing such efficiencies will be vital if the Department is to evolve to meet the demands of today’s complex and dynamic threat environment.

The Greatest Challenge: Cybersecurity

Perhaps the greatest threat the Department must defend against in the coming years will come not from a physical opponent, but from cyberspace. This threat will only grow more dire as information and communication technology continues to evolve at a rapid rate and state and non-state actors increasingly invest in cyber-capabilities. The danger posed by cyberattacks extends not only to critical infrastructure systems such as the power grid and water systems but to the nation’s economy as well. Equally if not more worrying than the potential for a catastrophic “cyber Pearl Harbor”, as described by Defense Secretary Leon Panetta, is the ongoing theft of intellectual property from U.S. corporations and businesses. As noted by General Keith Alexander, Commander of USCYBERCOM and director of the National Security Agency, intellectual property theft represents “the greatest transfer of wealth in history”. This theft not only leeches billions of dollars from the nation’s economy each year, but also grants potential adversaries access to sensitive information regarding U.S. technologies, including those related to national security. One of DHS’ greatest challenges in the coming years will be to protect against these attacks and intrusions yet in order to be effective the Department must first put in place systems and architectures designed to support its growing role in cybersecurity.

Any effort to build the nation’s defenses against cyber-attacks will necessitate a robust system for the sharing of cyber-threat information and intelligence. Cyberattacks pose a challenge not just for a specific sector but span all elements of government and industry. Furthermore, an attack against a government system may well originate from the same source as an intrusion attempt directed at a private corporation, and may employ similar methods and signatures. As such, the sharing of information across and between government and industry will be vital. If various sectors can work together to ensure that information is passed to the right people at the right time and is actionable, attacks can be blunted and damage mitigated. Furthermore, the sharing of information related to adversaries’ tools and tradecraft can provide early warning of emerging threats (e.g. zero hour threats), allowing those potentially affected to prevent an attack before it can inflict damage.

However, in order for this to take place a number of steps must be taken to improve the speed and breadth of sharing. Given that private industry owns 85 percent of the critical infrastructure the Department is tasked with protecting, including many of the systems most likely to be targeted for cyberattacks, methods of sharing information with and between private sector entities must be improved. Congress has made clear that it will not compel the private sector to share information. As such, DHS will need to find ways in which it can promote cooperation by lowering the costs and barriers for private industry to share cyberthreat information, both with DHS but also with one another. Informal networks for such sharing already exist between a variety of private sector entities; DHS can build upon these existing relationships by establishing a robust consortium for cyber-threat information sharing. Funded by DHS but utilized by the private sector, this consortium would serve as a forum for private industry to share information regarding cyberthreats with one another and could potentially build off the work already being conducted by the Information Technology Information Sharing and Analysis Center (IT-ISAC). However, in order to be effective this consortium would have to extend beyond the information technology sector to include members across the critical infrastructure spectrum. Furthermore, unlike the Defense Industrial Base (DIB) Cyber Pilot and the Enduring Security Framework, these efforts must focus on working to obtain and share threat information from the private sector. Simply distributing threat and intelligence briefings created by the government is insufficient; the private sector, who possesses significant and valuable insights into threat tools and tradecraft, must be an active partner.

While sharing information will do much to build cyberdefenses, DHS must also seek means by which to reduce the number of attacks being launched. The Department and its partners will always be one step behind if they focus solely on blocking or countering attacks that have already been launched, and cyberaggressors will only continue to increase the frequency, sophistication, and scope of their attacks if there are no consequences for their actions. As such, DHS must begin working, along with its partners, to develop a coordinated strategy intended to deter cyberattacks against U.S. institutions and critical infrastructure. As part of this strategy, international cooperation will be essential. Continuing to advocate for expanded multi- and bilateral arrangements between the United States and its international partners to provide for the prosecution of cybercriminals will help ensure that attackers will face legal repercussions for attacks. Further, DHS should explore assigning “cyberattaches” to a variety of nations, both to provide expertise and improve coordination. There are already precedents for these types of attaches in the customs, port, and border officers DHS already deploys to embassies. The relationships these attaches build, as well as the law enforcement and intelligence cooperation they could foster, would potentially do more to build effective bilateral and multilateral relationships than any purely diplomatic relationships. However, such a program would need to be fully supported by the State Department in order to realize its true potential. By raising the costs of launching cyberattacks, the Department has a chance to reduce their number through a strategy of aggressive deterrence.

Another measure which would be relatively easy to implement would be for DHS to establish a basic training program for federal employees across the U.S. government instructing them on how to identify, understand, and report suspicious cyberactivity. Similar standardized training could also be offered to major government contractors and industries most at risk for a cyberattack. Such training would not only reduce the risk that a given employee would become the victim of a cyberattack, but by emphasizing reporting of attempted attacks, would increase the speed at which information regarding the attack could be disseminated. However, the speed of information sharing will always be limited if it is left entirely in human hands. As such, the increased automation of information sharing, in both human and machine-readable formats, should be explored. By more rapidly sharing cyberthreat information across sectors, government and industry have the chance to limit the efficacy of cyberattacks.

In order to prepare for cyberthreats that will likely only continue to grow in frequency and sophistication, the Department must enhance long-term planning and investments. Most importantly, DHS must accelerate its efforts to build a workforce of cybersecurity experts. Without a dynamic, trained cadre of cyber practitioners and analysts, DHS is likely to fall behind when attempting to defend against rapidly-evolving cyberthreats. While DHS should be commended for recent initiatives to hire hundreds of new cyberworkers, the Department may experience limited success if it does not find ways to better appeal to these potential and current employees. Many skilled cyberexperts who might otherwise apply to these jobs lack the formal education or background expected by DHS and may not fit the mold of a traditional government employee. In order to attract and retain talented individuals, DHS must be willing to look past traditional hiring practices and requirements and instead focus on the skills and traits needed to succeed in a cyberworkforce. For example, DHS could establish a cyberworkforce rotation program with academic institutions and the private sector. DHS has an opportunity to build a workforce capable of meeting and countering tomorrow’s cyber threats but only if the Department is able to attract and retain the best and brightest.

The Core Capability: Screening and Credentialing

Beyond cybersecurity, in the coming years DHS will be faced with the growing challenge of providing vital screening and credentialing services for an increasing number of individuals even as budgets are tightened. At present, the Department is responsible not only for screening millions of airline passengers each day for security threats but for credentialing thousands of individuals seeking access to everything from the transportation system to critical infrastructure. As such, responsibility for screening and credentialing is spread across multiple agencies within DHS who employ dozens of unique systems. However, this diffuse model is inefficient and, as demand rises and budgets fall, will increasingly become untenable. For instance, with the President’s National Travel and Tourism Strategy seeking to attract millions of additional foreign visitors to the United States each year, the strain on visa and customs screening is only likely to grow. Yet long wait-times at gateway airports demonstrate that these screening systems are already overtaxed. DHS must seek new efficiencies in order to continue to provide the screening and credentialing services necessary to keep the nation safe.

For the Department’s screening and credentialing services, the way ahead may lie with an enterprise approach. At present, the multitude of systems being utilized contributes to significant redundancies. Collecting information that is only entered into a single system wastes time and money if that information has already been entered into another system. Furthermore, due to a lack of integration, there is the danger that vital existing information on one system will be overlooked when making a decision based on information in a second system. However, by implementing common, enterprise-wide systems, there is an opportunity not only to reduce redundancies and thereby increase efficiency but improve security as well.

A number of steps can and should be taken in order to foster an enterprise approach to screening and credentialing. While the Department has made great strides towards integration of its various databases, this process is not yet complete. Full integration of all DHS databases should be accelerated so that all elements of the Department have as much information as possible regarding those they are screening and credentialing, whether that information was originally collected by Customs and Border Protection (CBP), the Transportation Security Administration (TSA), Immigration and Customs Enforcement (ICE) or any of DHS’s other component agencies. In addition to greater connectivity across DHS, the Department should also explore greater integration with other government databases. Furthermore, screening and credentialing processes could benefit substantially from greater automation. The introduction of automated processes could significantly reduce the time needed for many tasks associated with screening and credentialing, greatly improving efficiency. However, a functional and useful system will require not only advances in automation technology, but that the Department as well as the public come to accept and trust automation to a greater degree. Furthermore, the Department should examine the creation of a Department-wide targeting center for the analysis of screening data from across DHS. While various component agencies maintain their own targeting centers, no single agency has a complete picture of all the information residing in the Department’s many screening and credentialing systems. A DHS targeting center could provide a more complete view, putting together pieces that other, smaller centers might miss. By focusing on greater integration of databases, increased automation, and the creation of a Department-wide targeting center, DHS has an opportunity to create a more efficient and effective screening and credentialing enterprise.

Further advances in risk-based security will also play a vital role in ensuring efficient and effective screening and credentialing systems. As budgets are reduced and demand for screening and credentialing grows, the targeted application of resources will become increasingly necessary. DHS will need to spend fewer resources screening those who represent a low risk, yet in order to realize savings, the Department must build a better picture of these low-risk individuals. Programs like TSA’s Pre-Check and CBP’s Global Entry represent valuable steps forward. Yet in order to fully realize the benefits, these programs should be expanded to include a greater number of trusted travelers from a variety of sources. Further, trusted travelers enrolled in one program should be provided an ID number or biometric profile that would be recognized across programs, greatly increasing interoperability while decreasing the resources wasted screening those who have already been screened by another program. By expanding risk-based security, DHS can not only increase security, but save limited budget dollars.

As DHS pursues methods for improving screening and credentialing systems, the Department must also look to improve its identity management capabilities. Establishing identity is often the first and most important step in the screening and credentialing methods employed by the Department. Biographical data, such as an applicant’s name and date of birth, comprises the vast majority of information currently used to establish identity yet biographical data is relatively insecure and open to counterfeiting. Furthermore, this information is subject to a variety of potential errors that can limit its utility. For instance, while Umar Farouk Abdulmutallab, the “Christmas Day bomber” was placed on a terrorism watch list, he was not prevented from boarding a United States-bound flight because his name was spelled incorrectly when searched against a database. However, biometric information offers the potential to improve the security of the Department’s identity management efforts while reducing the risk of errors. Abdulmutallab would likely have been discovered before he attempted to ignite his explosives if his fingerprints or iris scan, rather than his name, had been compared. Furthermore, such biometric identifiers are significantly more difficult to counterfeit than biographical information, greatly reducing the risk of fraud. The increased incorporation of such biometric information into the process of establishing identity will go far toward bolstering the effectiveness of DHS’s screening and credentialing efforts.

The Mission Accelerant: Intelligence and Information Sharing

Given the wide variety of rapidly-evolving threats facing the Department, intelligence, and particularly the sharing of information, is only becoming more vital to fulfilling homeland security missions. In an environment of reduced budgets, intelligence is of even greater value, allowing for the effective targeting of limited resources. Given that the Department is increasingly employing risk-based models of security, which are inherently intelligence-driven, the Department’s need for timely and accurate information is only likely to grow in the immediate future. DHS and the greater homeland security enterprise have made enormous strides over the past decade in promoting the sharing of intelligence and information in order to meet these needs. New organizations and systems have been created and existing organizations have radically altered their structures and cultures to reduce stovepipes and cross boundaries that existed before 9/11. However, there exists a significant risk that as the specter of another catastrophic terrorist attack recedes from the public consciousness support for information sharing will decline, allowing organizations to retrench into their pre-9/11 positions of isolation. In order to prevent this from occurring, DHS needs to be a forceful advocate for the continued, and potentially even expanded, sharing of intelligence and information.

While the traditional core of al Qaeda has been decimated in recent years, its adherents and supporters continue to pose a worrying, if somewhat reduced, threat to the security of the nation. Al Qaeda in the Arabian Peninsula has repeatedly attempted to strike within the United States and on at least two occasions has managed to operationalize plots that would have brought down aircraft over the United States. Al Qaeda in the Islamic Maghreb has not yet sought to launch attacks against America itself, yet recent events have demonstrated their increasingly sophisticated capabilities as well as the willingness of their associates to target U.S. institutions and personnel. However, the terrorist threats that face the nation are not just external but internal as well. Homegrown terrorists, already residing in the United States and familiar with U.S. culture and customs, continue to pose a unique and troubling challenge. While the overall frequency of homegrown terrorism has declined from 2009 levels, plots continue to be uncovered, evidenced by the arrest in December, 2012 of two Florida men accused of conspiring to employ weapons of mass destruction within the United States. In such cases, a mixture of externally and internally-focused intelligence is often required to detect and disrupt the plot, necessitating robust and continued information sharing efforts.

DHS must better define its role with regards intelligence in order to be effective. However, in order to begin this process the Department will first need to define what constitutes “homeland security intelligence.” Given the variety of entities from across the federal government, state and local governments, and the private sector involved in the collection and analysis of homeland security intelligence, a common definition is of immense value. DHS should provide a common definition for all those involved in the homeland security intelligence enterprise. The Department must also better establish its position within this enterprise. While a variety of agencies and organizations are capable of collecting and analyzing this intelligence, the multitude of entities involved demands that there be a single, coordinated point of control for the movement and distribution of this intelligence. In order to increase its effectiveness, DHS should firmly establish itself as this focal point, serving as the primary lead organization for the movement of information and intelligence between the federal government, state and local governments, and private industry.

At the tactical level, the network of fusion centers established since 9/11 represent a valuable means of bringing federal counterterrorism agencies together with the state and local entities who are most likely to observe suspicious terrorism-related activity. Furthermore, by allowing for outside oversight, fusion centers provide the high degree of transparency required when information regarding U.S. citizens is being shared. Such a transparent environment will be critical in the coming years, given that the amount of information available regarding U.S. citizens is only likely to increase in the future. As such, DHS must take steps to ensure that increased controversy over how these centers are employed does not threaten their continued utility. The Department and other federal agencies must accept that state and local entities will only be willing to continue to participate in fusion centers if they add value beyond counterterrorism. As such, federal and state and local agencies must work together to strike a working balance between counterterrorism and all-hazards missions. Federal agencies such as DHS must also collaborate with state and local agencies in order to gain a better understanding of what information is most useful to them, so that no agency feels that they are sacrificing more than they are gaining by participating in a fusion center. The Department should also encourage state and local partners to participate in standardized intelligence training, in order to better equip those on the ground with a better understanding of the intelligence process and equalize some of the disparities between various fusion centers. Additionally, the fusion centers need to find a means to better engage with the private sector. This includes not only finding new avenues for integrating information provided by the private sector, but keeping private companies and businesses informed of potential threats in a useful and timely manner while remaining cognizant of privacy and civil liberties concerns. Fusion centers have the potential to continue to play a vital role in protecting the nation but will be hampered in their mission unless the Department and its partners can come together to address these challenges.

As the threats facing the homeland evolve beyond terrorism, so too must the Department’s employment of information sharing. Utilizing existing models, technologies, and lessons learned from counterterrorism, DHS has an opportunity to begin building information sharing capabilities dedicated to countering a variety of other pressing threats, most notably illicit activity along the border and cyber-threats. For instance, the Department employs a significant number of sensors and thousands of personnel along the nation’s borders, collecting massive amounts of information each day. However, this data loses any long-term value if it is not quickly integrated, shared, and analyzed. By putting structures and systems in place to encourage this sharing and analysis, DHS has a chance to allocate its resources along the border in a more strategic fashion, so that border security is no longer purely reactive but increasingly predictive. A similar model can be applied to cyber-security. However, in order for these efforts to meet with success, DHS, working with the Program Manager for the Information Sharing Environment (PM-ISE), must lead the establishment of institutionalized means of sharing not just within the Department, but across government agencies as well as with foreign partners and private industry. By applying information sharing lessons taken from years of counterterrorism efforts, the Department can begin to build the capabilities necessary to address the next generation of threats to the homeland.

The coming years will hold a variety of new challenges for the Department which will require an ability to quickly evolve and adapt. While DHS has succeeded in fulfilling its primary mission over the past decade—protecting the nation from terrorism—the coming years will bring with them a variety of new dangers and dynamics. DHS must begin moving to address these now, so that the nation is not left unprotected in a rapidly-changing security landscape, even in the midst of significant budget constraints. By focusing its efforts and resources on building cyber-security, screening and credentialing, and information sharing capabilities, the Department has an opportunity to counter a new generation of threats before they can inflict significant damage to the United States.

(This Commentary was originally presented at a meeting of the Aspen Homeland Security Group on January 24, 2013.)

Rick “Ozzie” Nelson is a nonresident senior associate with the Homeland Security and Counterterrorism Program and Rob Wise is a research assistant with the Homeland Security and Counterterrorism Program at the Center for Strategic and International Studies in Washington, D.C.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2013 by the Center for Strategic and International Studies. All rights reserved.

Rob Wise