September 11 - Are We More At Risk Today?

Today is September 11, 2007.

In 2001, I reported to work. It was not a normal day. I had my infant daughter in my arms and we were scheduled to perform a series of network tests. Otherwise, I would have been at home on my couch. When I arrived at the office, the first plane had hit the towers, but I was unaware of this because I had been listening to silly songs rather than the news. The IT team was glued to the web feed. The CIO was not amused about it and wanted us to get back to work. I was not sure what all the excitement was about either having just come in the door, but I was looking out the window from the sixth floor and could see what I later learned was the smoke from the Pentagon on the horizon. By lunch time, I was in my driveway with multiple radios. the county having lost phone service, my daughter playing in the grass under the tree. Four days later, I was down at the Pentagon, ready to lend my aid. Ironically, it was determined that my presence at a management seminar was a more important use of my time. This was not a determination I made, but was made for me by my employer. This was, perhaps, the first indication to me just how little the attacks truly meant to the county and explains why the nation as a whole, even today is not ready for another incident, but I will discuss that in a moment.

In August 2002, I went to Seattle, Washington to attend a friends wedding. While most of the East Coast was still talking about the events of the previous year, it was not even a topic of conversation in Seattle. What was ironic is most people associated Washington, DC with the Cherry Blossoms, not an airplane hitting the Pentagon. It was almost as if they did not even know that the Pentagon was near Washington, DC.

Today, six years later, the nation seems to have gone from a state of readiness to a state of laissez faire, more interested in what their government is prepared to do for them than the state of their own plans. And, sadly, the state of the government's plans is more interested in preventing things, in the name of security than they are about working towards effective preparation. It reminds me a lot of the sage wisdom in Frank Herbert's Dune. The United States has become very much like House Harkonnen while Al-Qaeda is following the path of House Atreides and their Fremen allies. When the Harkonnen go to ground, Paul Maud'Dib and Gurney Halleck are talking about the events.



Says Gurney "They say they've fortified the graben villages to the point where you [Paul] cannot harm them. They say they need only sit inside their defenses while you wear yourself out in futile attack."

"In a word," Paul said, "they're immobilized."

"While you can go where you will," Gurney said.

"It's a tactic I learned from you," Paul said. "They've lost the initiative, which means they've lost the war." (pg. 415)



While I am not saying that the United States has lost the war, it certainly has adopted a bunker mentality that seems to be more focused on preventing than it is on being prepared for it to happen again, which is most assuredly will.

In Sunday's Washington Post, in the Opinion section, Messrs. Keen and Hamilton, the Chairs of the 9/11 Commission Report asked the question "Are we safer today?" Their answer, which I happen to agree with, is no, but I think a better question is "Are we more at risk today?" This is less clear cut.

Clearly, many of the issues addressed in the 9/11 Commission report are still issues that need to be resolved. There are still a large core of young, predominantly male, Muslims that have no job, and no hope of betterment in the near future. This is further compounded by the power vacuum created by the United States invasions of both Afghanistan and Iraq and a failure, as pointed out by Michael Scheuer, of the intelligence community to check the checkables. The United States has invested large amounts of money into questionable policies and procedures that, while on the surface look like positive steps, begin to show cracks and serious failings as you dig deeper.

As an example, let us take air travel. For obvious reasons, this was one of the first targets for "improvement" following the events of September 11. The problem, and a question that still to my mind has not been answered satisfactorily, is how did the hijackers get into the cockpits in the first place? Remember that following the CIA shootings in Washington in the early 1990's the FAA ordered all cockpit doors to be secured at all times. This, to me raises some very serious questions about how seriously the current regulations are being taken if previous directives were ignored. Further, while the traveling public is all but stripped searched (and with the new back scatter devices being installed in select airports, you might as well be naked) before being allowed on an airplane, the cargo being loaded into the belly of the very same plane is barely looked at, besides making sure it is actually getting on the right aircraft. For those of you who follow this stuff, I am sure you are jumping up and down to point out my error. Sorry, but I am one step ahead of you. In August, what was HR-1 became Public Law 110-53 and ordered the screening of all cargo. As of today, that is not happening and under current TSA guidelines, most of that "checking" will be done by the air cargo carriers with random "enforcement" checks by TSA rather than formal TSA procedures. If you think for one minute this is an improvement over the current set of procedures, I have a genuine piece of the Pentagon to sell you. And it will be years, if not decades before the United States is capable of examining every rail, road and ship borne cargo brought into the United States.

On the home front, the Department of Homeland (In)security started several programs to enhance safety. These include the Ready program, RealID, National Incident Management System (NIMS), and HSPD-12. With the exception of NIMS, these programs are close to being outright failures.

The Ready Program is a great idea. While I think it tends to focus too much on terrorism rather than being an all-hazards approach (after all, why should we worry about bird flu and bio-terrorism. Treat them as a hazard and mitigate the risks). The problem is that in the years since September 11, like my friends in Seattle, the memory has faded and most people are less prepared today than they were prior to September 11. Further, more are looking to the government to be prepared for them rather than taking the responsibility themselves. Yes, this is a problem because when the next incident occurs, whether it is domestic, foreign, weather or illness, the country will again be wringing its hands and asking what more could we have done when the answer has been spelled out clearly and repeatedly.

I have documented numerous times the problems with RealID. From the costs, to the inability for most citizens to qualify for the documentation, RealID is nothing less than a National ID card, and frankly, the United States already has too many forms of identification for too many purposes, some of which are crossed. Until there are real discussions about the privacy of this information and who is going to bear the costs of the program, RealID is dead on arrival.

Along the lines of RealID, is the HSPD-12 initiative. There are dozens of little things in HSPD-12, but the major focus is the attempted establishment of a single, federal ID card. Like all things in the United States, single is a word that is a difficult concept to grasp. The goal may be to archive a single ID card, but at the moment there are no less than three competing standards for what the card will encompass. To add insult to injury, the costs for moving to this single card systems are borne by each agency out of their operating budgets (as compared to separate and distinct appropriation) which must compete with a forced move to IPv6, data center relocations and other routine issues that every agency deals with. Without a single, enforced standard, the mandates of HSPD-12 are doomed to failure.

The National Incident Management System (NIMS) has a lot of good qualities. It attempts to establish a single model for incident response, a unified plan and a process for interagency cooperation. Many parts of the program are good and it is nice to see that many agencies are beginning to adopt the core concepts. That being said, there are large sections of NIMS that are "to be decided," or worse, can never be decided because of the sheer size of the implementation project. A single (there's that word again) data network for passing information just is not realistic (I would argue that several already exist, why re-engineer, but that is just me), especially when each jurisdiction has to buy its own gear and train its own people. Interoperations in communications have come a long way but there are still monumental hurdles to overcome, least of which is cooperation between the various first responder agencies and their local, state and federal counterparts. When it comes to human interaction, there is not much you can legislate, as much as you would like to.

The other piece of NIMS that has a long way to go is the National Response Plan (NRP). There seems to be a disconnect between the writers of the NRP and the writers of NIMS. A disconnect that I understand is being rectified, but will take some time. As we saw with the response to Katrina, the NRP is so new, that even the federal government did not follow it, which of course, begs the question, why should I follow it when the federal government does not? This will bear further examination as the next revision of the NRP is released.

I asked earlier if we were anymore at risk? Frankly, I do not believe the United States is any more at risk from a terrorist attack than it was prior to September 11. What I do believe is that the risk of damage from such an attack is significantly higher and that the ability to execute an attack is significantly higher. Man, as an animal, does not like restrictions generally. Ask any security expert who has thought about it and you will discover that the more stringing the security measures, the more man will try to work around them. While this is particularly true in computer security, we are beginning to see it as an issue in immigration, transportation and economics. This becomes even more critical when you consider the patchwork of enforcement or just following the policy. Again, as any air traveler will tell you, TSA enforcement is haphazard. In some airports you have remove your shoes and belt, take your electronics out and submit to a cavity search. In other airports, you can walk through with nary a glance at the magnetometer. It is this sort of enforcement that really makes most of us upset rather than the requirement for enforcement to begin with. As a result, in the words of Michael Scheuer:



"This dire lack of discernment - few senior bureaucrats will discount a threat if there is a one-in-a-billion chance it might occur and cost a promotion - results in a massive misapplication of manpower, computer time, and national-level intelligence collection systems against a mass of threats, most of which are palpably absurd. As a result, like a fire department plagued by false alarms, analysts, spies, equipment and police at all levels are worn out chasing nonextant threats. In doing so, moreover, an atmosphere is created where the constant crying of wolf dulls our analytic edge and increases the risk of the career-ruining oversight senior bureaucrats fear." (pg. 85).



Finally, there is the "sense of national grief" that seems to pervade the whole incident and has gotten progressively worse as time goes on. Yes, some people died. But the people that died on September 11 were a minority. To put it in perspective, if you assume 2000 people died, that would still be less than then number of people who died on the road in the United States in one month! So far, only one other person seems to get the irony, and that is OpEd cartoonist Jeff Stahler who's rather poignant piece appears today. So if we are going to grieve as a nation, perhaps we need to be looking a different statistic. Further, as pointed out in the 9/11 report, some 600 of those who died did not have to because they violated their own procedures and self-deployed without proper gear or following safety protocols.

Is the United States safer? No, absolutely not. Is the United States more at risk? From another attack? No I would argue that the United States is at no more risk than it was prior to September 11, 2001, but the United States is certainly at more risk for damage and death from an attack when it next occurs. Whether it is from Al-Qaeda, the Illinois Nazis, or Mother Nature. So go and get prepared. It is not up to the government. It is up to you.