Commentary

Emerging Homeland Security Issues – A 2018 Panel Review

by Joseph J. Leonard Jr.

DomPrep hosted the 2018 Emerging Homeland Security Issues Panel in conjunction with the Clean Gulf Conference in New Orleans, Louisiana, on 13 November 2018. The active discussion among panel members and more than 50 attendees focused on hybrid warfare and the current threat environment, strategic and operational preparedness, emerging technology to meet these threats, and sustainment of interagency relationships.

Joseph Leonard headshotAs of May 2019, there was still doubt whether either major political party was actively involved in efforts to undermine the 2016 elections. What seems to be certain is that Russia was actively involved in undermining confidence in the election process. How effective this endeavor was will remain open to debate for years:

Former Secretary of Defense James Mattis stated in the 2018 National Defense Strategy that, “Inter-state strategic competition, not terrorism, is now the primary concern in U.S. national security.” Although a peer-competitor, Russia’s $42 billion 2017 defense budget is only 6% of the U.S. defense budget; and Russia has shown a willingness to use low-cost, innovative means to influence the political and strategic landscape, as shown in the Crimea and Eastern Ukraine. These facts raise questions about: whether Russia is using similar means and achieving a level of success in the United States; whether much smaller nations could manipulate information and perceptions of that information to advance their goals at the United States’ expense; whether a multi-national corporation could do the same thing to a commercial competitor; and whether an individual could influence a community’s attitude against a neighbor.

A North Atlantic Treaty Organization (NATO) military working group defined hybrid threats in 2010 as “those posed by adversaries, with the ability to simultaneously employ conventional and nonconventional means adaptively in pursuit of their objectives.” U.S. Marine Corps (USMC) Major Valerie McGuire expanded on this in a 2018 article for U.S. Naval Institute’s Proceedings stating, “Hybrid warfare, often employed in the gray area between traditional peace and war, is the synergetic fusion of asymmetric tactics, unconventional methods, and traditional instruments of power and influence applied across and within every warfighting domain – air, land, sea, space, cyberspace, and information – to pursue national and strategic interests.”

These and other topics were addressed by the November 2018 panel of homeland security professionals, which included:

  • Captain Kristi Luttrell, U.S. Coast Guard (USCG), Commander, USCG Sector New Orleans
  • Justin Thomas Russell, Executive Director, Spill Cleanup Association of America
  • Commander Sharon Russell, USCG Reserve, CEM, PMP, Emergency Management Director, Pasco County Sheriff’s Office
  • John Temperilli, Senior Manager with Garner-KSolve-OMI
  • Dr. Michael Wallace, EdD, Professor of Practice and Director, Emergency and Security Studies at Tulane University (and Commander, U.S. Navy, retired)
  • Forrest Zolczer, Emergency Response Project Manager with U.S. Environmental Services
DP Cyber Roundtable
DomPrep, 2018

Panel participants were in unanimous agreement that hybrid warfare is being used by peer and non-peer competitors of the United States as a means of fostering division through confusing messages that degrade confidence in political and economic systems. All agreed that information acquisition by itself is insufficient to enhance security. The information must be analyzed and vetted to ensure accuracy and reliability. Only then can this information be transformed into actionable intelligence to support the decision-making process.

Sharon Russell put this in terms everyone could understand, saying:

We are now very much a divided community. That’s important, regardless of the cause, because it means we cannot unify behind anything. It’s akin to a family dinner where everyone is arguing over who will carve the turkey, not realizing the dog has already stolen the turkey.

As Luttrell so succinctly stated, “Hybrid warfare diverts attention from what is important.” This diversion, if successfully exploited, can be an opening to even more significant vulnerabilities with catastrophic consequences. And it could be accomplished with a minimal budget.

Wallace looked at this more holistically, “The rise of social media has contributed to a rise in information operations. You can reach and influence a lot more people with today’s internet. If it’s written on the internet, it must be true.” As Russia has shown, this can be accomplished on a minimal budget. If that is the case, other nations or entities might be employing hybrid warfare to advance their agendas as well.

Zolczer echoed Wallace’s comments, saying:

Every one of us has probably had to face “false data” in the course of our recent personal and professional lives. We know and recognize that some things being portrayed in the news, in social media, and from some elected leaders and other prominent people are false. How do we combat the enemy from within?

These actions are exemplified in data manipulation. If people cannot trust the data in front of them – and they have unlimited time – they might seek more information elsewhere. However, with limited time, the options are also limited. Imagine a broker needing financial data to process a short-fuse acquisition, a surgeon needing critical information on a patient, or a pilot or ship’s master needing navigational information to transit a busy commercial waterway. The information consumer must determine which data to trust and which to ignore. The impact of using some or all of the wrong data, though, is unknown.

Many entities, such as emergency operations centers, elected leadership, public health organizations, and the news media rely on standardized procedures to ensure the information that they are using or presenting is as accurate as possible. Planning section chiefs in an incident command post typically rely on a “rumor board” within the situation unit, where information not yet vetted would be listed. A person or small staff would have the unenviable task of sifting through this information to discern what is accurate and what is noise that may or may not impact the task. This takes time, resources, and a dedicated effort by knowledgeable individuals who often go unrecognized. Overwhelming an incident response with this kind of “noise” and other distractions provided via the telephone or social media could drastically impact the overall response, putting lives in jeopardy, lead to the loss of property and critical infrastructure, and significantly damage the environment.

As another example, the U.S. Coast Guard vets every ship coming into U.S. ports. The follow-on activities (e.g., additional inspections offshore, detention or removal of persons, escorting of the vessel as it enters port) of Coast Guard, Customs and Border Protection, Federal Bureau of Investigation, and other entities are then based on the findings of this vetting. If a state or non-state actor or a lone wolf manipulated this information, it could significantly affect the flow of commerce through the Marine Transportation System. This could limit the movement of goods and raw materials that can affect additional critical infrastructure systems, and run up the costs of consumer goods. It may also provide an opportunity for those with nefarious purposes to smuggle weapons or persons with the intent of harming the general public or critical infrastructure.

Cellphones provide direct ties to reality during and after incidents and events, with Facebook, Twitter, and other forms of social media becoming the primary means to exchange real-time information. Foreign and homegrown actors have used social media to sow false information to unsuspecting persons. For example, something as simple as “the water supply is contaminated” can easily impact a significant population. Such information must be handled and stopped. The U.S. Department of Homeland Security and Federal Emergency Management Agency deal with this on a regular basis. As Justin Russell said, “We need to avoid going down rabbit holes…. Instead, we have to block the rabbit holes from being created … that’s the challenge.”

Sharon Russell stated the need to refocus with pre-9/11 attitudes:

Our best course of action is still to prevent an incident from happening. We are not doing a good job rallying behind common goals. This could well be because others are sowing seeds of doubt. We as a nation have to come together against common enemies. Differences were set aside and we were able to focus as a nation. We need to recreate that unification without the need for a catalyst like 9-11 to do so.

Agencies and organizations need to be wary of those fostering division, recognize the warning signs, and act accordingly in the best interests of the nation. Those in the private sector also need to consider threats against their industries or organizations. Everyone must be vigilant. The insidious nature of hybrid warfare knows no bounds and can range from nation-states acting in their own self-interests, to industrial sabotage that lessens confidence in consumer products, to cyberbullying that can affect a single individual.

Whether or not hybrid warfare is referred to as something conceived by Marshal Gerasimov (i.e., “Gerasimov Doctrine”) is immaterial. Hybrid warfare is not only real, its impacts occur to varing degrees every day.

Cybersecurity Challenges

This is an issue that seems to be on the news almost daily and is becoming a growing issue in daily life. To highlight current cybersecurity challenges, a quick survey of those assembled at the panel discussion revealed that everyone in the audience was a victim of either some form of hacking or had portions of personally identifying information compromised within the past two years.

Wallace stated:

We are currently engaged in a cyber cold war where nations are stealing information and data. This has been going on for decades. Digital insurgency – used by extremist groups to reach recruits, give them a sense of belonging and provide tactics, techniques, and procedures for participation in a global effort.

The Islamic State Group is the pioneer in the effort and al-Qaida is catching up, as are others. Wallace went on to state, “The internet of things will only make things worse. The interconnection of systems (such as critical infrastructure sectors) will be exploited – not if, but when. Given enough time, money, and effort, terrorists and criminals will find a way.”

Sixty percent of the world’s grain is transported via inland river systems to locations all over the world. The annual value of the U.S. Marine Transportation System is $4.6 trillion and it employs 23 million people. A maritime cyberthreat is real. Cybersecurity specialists and preparedness specialists must consider potential vulnerabilities and determine security measures to safeguard the flow of people and commerce. Justin Russell noted the potential for a direct tie between hybrid warfare and cybersecurity issues in the maritime community, pointing out that a state or non-state actor could:

  • Manipulate data to cause every intermodal container on a ship to be sent to the wrong location. The economic impact could be millions of dollars.
  • Intentionally update navigation systems with false or inaccurate information – for example, when a complacent officer on watch does not confirm a person’s identity before allowing him or her access to a cruise ship’s navigation system. Although the economic impact would be considerable, the potential loss of life could be catastrophic.
  • Hack into the computer system of an oil rig and provide a false reading on computer stabilization or pressure readings. This could lead to an environmental disaster and potential loss of life.

All of these scenarios are realistic. Documented cyberattacks have already occurred in the maritime community. Justin Russell recalled:

One East Coast port had the opportunity to be a participant with the Director of National Intelligence, the Coast Guard, and industry on an effort to enhance cyber preparedness but declined because the port authority did not envision this as a real threat. Within a month, they were attacked.

The Maersk attack in June 2017 triggered an internal assessment by numerous multinational corporations to discern if they have the capacity to purchase cryptocurrency to pay a ransom to facilitate continued operations. That is not much different than the tribute paid by nation states to the Barbary pirates to ensure the safe transit of their goods in the Mediterranean Sea in the late 1700s and early 1800s. Ransom should not be the long-term answer, but that does not mean going “to the shores of Tripoli” is the answer either. Governments and multinational corporations will have to determine if their responses will be proportional or if they will escalate events.

The 2014 Sony hack was alarming to many people, especially in business, regarding the impact of a cyberattack, which involved the financial sector and was politically driven. For a multinational company like Sony, many questions arise regarding: who will respond (e.g., the company, the United States, Japan); if and how they would work together; what the response will be; and whether the response will invite another, potentially more damaging, attack.

Temperilli discussed a recent effort in the Houston-Galveston area called Operation SWORDFISH. Captain (now REAR Admiral) Brian Penoyer, then-Commander at Sector Houston-Galveston, with assistance of USCG headquarters, attempted to discern the number of open-source platforms they could find along the river systems within the sector area of responsibility. “Of the 20,000 platforms detected, over 1,000 were open source, 10-12 of which were major petrochemical facilities that were wide open and susceptible to hacking,” said Temperilli. Operation SWORDFISH excluded vessels and focused only on fixed facilities. Those facilities were informed of their vulnerabilities and requested to enhance protection. This highlights some potential vulnerabilities that need to be safeguarded.

Even with these examples, though, there are no easy answers to the following: how to get stakeholders to understand this is real; how to balance constitutional rights with protecting the country, the infrastructure, and the economy. Like much of the emerging technology associated with it, the U.S. cybersecurity and response strategy is evolving at a rapid pace. It also costs money, often a lot of money. Sometimes it is difficult for those controlling the budgets to realize the tangible benefits of these costly security measures. This is not surprising. Technology is constantly evolving, sometimes faster than procurements systems can keep up with the progress. As such, cybersecurity specialists need to work with technology developers to ensure that the appropriate capabilities are being developed or enhanced.

As those with nefarious purposes seek to subvert these systems, those protecting them must react in a timely and effective manner to minimize damage. Although it is still debatable whether the United States is as proactive as it needs to be, it is obvious that the need to safeguard cyber systems is at an all-time high and continues to grow. One audience member voiced concerns that industry will only make the needed investments in security if they themselves are directly impacted or if it can be made clear how the costs of enhanced security will be offset in resilience and long-term profitability.

Interagency Relationships

The panelists concurred that, with today’s whole of government approach to homeland safety and security, it is vital for leaders at all levels to foster active and sustained relationships with response partners at the federal, state, tribal, local, and private sector levels. Future generations need to be strongly encouraged to develop and build on these relationships to enhance interagency interoperability over the long term. Do not wait until a 3 a.m. incident to meet one another for the first time. It is equally critical to continue improving the process for sharing and communicating critical information and creating a shared common operational picture to enhance preparedness and resilience.

Recommendations

As Sharon Russell said, “Most of society will look for the good. Many of us in this room are the doom and gloom minority. Society wants to find something happy to rally around. They don’t want to think of people doing nefarious things.” Nevertheless, DomPrep readers are comprised of preparedness, safety, or security specialists who live in the world of “doom and gloom” and plan for Black Swan events. They have to look at these complex issues and offer reasonable recommendations to elected leaders and/or corporate or organizational leadership. Hybrid warfare, cybersecurity, emerging technologies, and interagency interoperability are four areas to consider for improving and enhancing homeland security capabilities.

Hybrid Warfare – Take a look at one or more of the articles on hybrid warfare and the Gerasimov Doctrine (e.g., “Hybrid Warfare Helps Russia Level the Playing Field” by USMC Major McGuire). Decide on the validity of the Gerasimov Doctrine and how it might apply to an organization and its personnel. Then go a step further. Seek out means to implement a hybrid attack on the organization during the next security exercise. Note if and how people respond, how an attack of this nature can divide staff members or impede decision making, or how it might cause unanticipated delays when time is of the essence. Assess the organization’s ability to respond in a timely and effective manner. Most importantly, share any lessons learned and best practices.

Cybersecurity – Take the time to review and, if necessary, update the organization’s cybersecurity, continuity of operations, and business continuity plans. Odds are they are protective in nature, at least as far as the cyber realm goes, but may not be as response oriented as they potentially need to be. Ask the IT specialists what their response plans are if the organization’s systems are compromised or unusable. If the plans do not effectively address response, then short- and long-term resilience is in question. Consider which activities would enhance capabilities, before it is too late. For a blueprint for response to an IT incident, consider starting with, “Incident Management for Operations” by Rob Schnepp, Ron Vidal, and Chris Hawley.

Emerging Technologies – Whether it is systems to display a common operational picture, air monitoring devices, communications capabilities, or drones, it is difficult to stay current with all aspects of emerging technology without becoming so bogged down that other tasks become neglected. Look at not only technological capabilities but usability in the field. Commercial off-the-shelf technology is great if it meets current and anticipated needs. Before looking elsewhere, recognize that manufacturers are often quite willing to work with organizations in helping them meet specific capability needs. Be willing to reach out to these manufacturers and engage them with ideas, probing questions, and concerns. It may be necessary to become equal partners in the design and development of technology to ensure it meets the organization’s needs – both now and in the foreseeable future. Take the time to meet manufacturers’ representatives at the organization, at their facility, or at suitable events such as conferences and expositions. Ensure the developers have a comprehensive understanding of the organization’s needs, procurement methods, and budgets to find effective solutions to technology needs. This is one of the most effective ways to put scarce budget dollars to desired use.

Interagency Interoperability – No effort to enhance security is less costly than taking the time and effort to improve relationships with actual and potential partners and stakeholders. The Houston Ship Channel Security District and the Houston-Galveston Port Coordination Team are robust platforms designed and developed by stakeholders to support comprehensive marine transportation initiatives. These are models that should be emulated elsewhere in the United States. In addition, a cup of coffee, lunch, a challenge coin, a t-shirt, a business card, or LinkedIn request are often all that is needed to open the door to an improved relationship. This relationship needs to focus on mutual trust and confidence; on an understanding of organizational jurisdictional authorities, plans, capabilities, and limitations; and on ways to mutually support one another in the conduct of duties. Planning scenarios need to reach a level that effectively challenges plans, training, resources, capabilities, and facilities – not simply planning for the last event. Use these relationships to challenge “what if” scenarios and Black Swan events.

Conclusion

Threats are emerging from a variety of state, non-state, and corporate entities as well as from lone wolves. Agility is the key to a dynamic defense in depth that will help safeguard the nation’s infrastructure, economic engines, and political systems as well as foster long-term resilience.

Addressing the ability to recognize and respond to new and innovative means of hybrid warfare will minimize the likelihood of being surprised by an adversary who seeks to undermine capabilities and systems. Personal and organizational protection from cybersecurity threats is critical, but having an effective capability to respond to a cyberattack is the next logical step to ensure resilience. Organizations need to actively work with the developers of emerging technology to ensure advancements meet anticipated organizational needs. This requires input from the field as well as from management to address design, procurement, and budgeting. Lastly, organizations must continue to build active and sustainable relationships with partner agencies and stakeholders to ensure mutual support and effective information sharing in today’s all-threats/all-hazard environment.

Homeland security is a long-term process involving a whole of government and whole of community approach to be effective. It involves the public sector, private sector, and individuals throughout the nation. Effective homeland security ensures resilience, but only if all stakeholders are part of it. DomPrep challenge to all of its readers: Be a part of “our” homeland security process. Temperilli recalled what retired Navy Captain Steve Nerheim, Director of the Houston-Galveston Vessel Traffic Service, often says, “Success is not earned. It is the rent that comes due every single day.”

CDR Joseph J. Leonard Jr., USCG (ret.), MEP, MCP, CEM, CHPP, CPE, is a 30-year veteran of the Coast Guard and is a principal with the Penta Consortium LLC. He serves as the chair of the Greater Harris County Local Emergency Planning Committee and actively serves in the U.S. Coast Guard Auxiliary. He holds designations as a Master Exercise Practitioner, Master Continuity Practitioner, Certified Emergency Manager, Certified in Homeland Protection Professional, and Certified Port Executive. He has a BA in history from the Virginia Military Institute and an MS in engineering technology from Murray State University.