The security week that was: 03/07/08

A weekly surveillance of news shaping your profession


DHS - Five Years Later

It was five years ago this week that our government created the Department of Homeland Security. Tom Ridge, the first DHS Secretary, was tasked with the monumental job of creating a new government department and bringing together disparate groups (TSA, CBP, etc.) under one budget. Then, when Ridge deemed his work done (he's now a regular speaker and a CEO of a global consulting firm), Michael Chertoff joined the team. Chertoff had some very big shoes to fill and apparently the guy has big enough feet. Like what Ridge did or not, you have to admit that he was one heck of a manager, and for all the criticism aimed toward him, you have to also realize that there is simply no way an integration of diverse agencies is ever going to be a smooth transition that makes everyone happy.

So let's review the last five years and look at both some of the accomplishments and failures of DHS.

Accomplishments:

1. Forming DHS. This in itself was a monumental accomplishment. You've heard of Microsoft's attempt to buy Yahoo. Or maybe the UTC pitch to buy Diebold. Picture the difficulty of integrating each of these two firms. Then multiply that by 100. Maybe you're starting to understand the scale of difficulty.

2. Developing a border plan. Some might also call this a failure based on recent tribulations with the Project 28 program and because it's been very contested in terms of goals and funding, but slice it how you like it. The accomplishment is that a directional plan was created. Maybe it's pointed at the wrong vector, or a bit too ambitious, but the plan was created and border security is now a national issue.

3. Air security was standardized. I don't know any business travelers who would say they're particularly happy with TSA, but they are at least happy enough that they're willing to trust their safety and continue to fly. Even after 9/11 there was still some lack of standardization in aviation security. You'd take your laptop out at this airport, but not at this one. Shoes off here, but not there. Now, for the most part, the inspection process of aviation security has been standardized – you are getting the McDonald's experience: Everyone's hamburger (and security line experience) tastes the same. Even if it still doesn't taste great…

4. Chemical plant regulations. Kicking and screaming, this finally happened. There is now a method in place for review of chemical plant security processes/plans by the DHS. The smart thing here is that the DHS isn't setting specific minimum standards and technology requirements, but is looking at the overall risk-positioning and response of these chemical plants. Rather than saying "Every plant must have 2 cameras at the gate, 1 armed guard, infrared perimeter detection systems, encrypted drives, etc.", the DHS is allowing this to be risk-based. Smart.

5. Moving money away from state/local security funding. I'm going to be very unpopular for saying this, but I don't think we need to spend national tax dollars on buying the newest command truck for each town's firefighters. If the local citizens want that, then they should "buck up" and buy it with local tax money. Chertoff is trying this year to move money to national level issues. You know what state and local governments can't do effectively? National intelligence programs. Big databases to track terror suspects. That's where the national role comes in.

But because this isn't a puff piece, let's talk DHS flops:

1. TWIC. Government shouldn't be prescribing technology, in my humble opinion. They should be setting minimum requirements/procedures and letting vendors, integrators and others beat those requirements. Yes, national-level interoperability can be a requirement. Otherwise you get the TWIC program, where the focus seems to have been more on technology than a vision for national roll-out. Two of the biggest card/ID systems vendors (who are very in touch with government policies) have told me in the last year that TWIC has been one heck of a tough moving target. Can you imagine if the government got to define what it wanted in a computer operating system? It wouldn't be pretty...

This content continues onto the next page...