Friday, November 16, 2007

Some folks read Stephen King - I read GAO reports and get the same effect

Wanna know what scares the hell out of me?

It isn’t a few thousand bearded whack-jobs frothing with fundamentalist fervor, sporting a gigantic chip on their collective shoulder and entertaining delusions of taking over the world that are slightly less likely to be realized than the grand schemes of Pinky & the Brain.

No, what scares me is the pure, unadulterated incompetence at the highest levels of our kleptocracy.

In the last week, the GAO issued three reports on border security, terrorist screening, and aviation security that, read individually, are each cause for consternation. But read them together and synthesize the information, and you might be sorely tempted to crawl under the bed with a security blanket and a stash of Xanax until 1/20/2009.

[keep reading]

Border Security

U.S. Customs and Border Protection (CBP) is the governmental agency responsible for keeping terrorists and other inadmissibles out of the United States. They are charged with fulfilling this mission while simultaneously facilitating the cross-border traffic of millions of international travelers every year. The CBP conducts this mission at 326 ports of entry (international airports, harbors, border crossings) throughout the United States. In Fiscal Year (FY) 2006, nearly a quarter million ineligible individuals were interdicted by CBP and turned away, but the agency estimates that several thousand more were admitted to the country through our ports of entry.

Weaknesses that compromise border security include not verifying the nationality and admissibility of individuals. This failure of the system is the most acute at land crossings. When the GAO did spot checks, they found some checkpoints entirely unmanned. (For contrast: The state of Kansas is more vigilant about their turnpikes and that five dollar fee to travel from Bonner Springs to Wichita. I have never seen a turnpike entry point completely unmanned. Have you? Didn't think so.)

The CBP has been somewhat successful in identifying certain undesirables and inadmissible aliens, but the system is compromised by the vulnerabilities that let several thousand inadmissibles slip in.

Most of the problems highlighted by the GAO can be traced to a single problem: understaffing. Staffing shortfalls directly affect the ability of the CBP to carry out the anti-terror aspect of their mission. Progress has been made in the training of new officers, but no metric exists to measure the extent to which officers on the job receive additional training and exhibit proficiency in requisite skills. Officer attrition has further impaired the ability of the CBP to maintain budgeted staffing levels, and efforts are underway to curb the loss of seasoned officers opting to retire at relatively young ages.

Terrorist Watch List Screening

In the shock and horror of the terrorist attacks of September 11, 2001 the FBI was charged with compiling a terrorist watch list to keep tabs on known terrorists and individuals who were suspected of ties to terrorism after “standards of reasonableness” were applied to nominated individuals. The FBI conducts this work through the Terrorist Screening Center (TSC), which submits records from the watch list to screening entities, such as the CPB, law enforcement agencies, etc.

In the intervening time since the watch list was initiated, it has mushroomed to include records on over three-quarters of a million individuals. The list has led to approximately 53,000 positive matches. These matches have led to arrests, denial of entry into the U.S., but most often questioning and release. In a disturbing revelation, the GAO found that some of these positive matches occurred after-the-fact. Individuals positively identified and confirmed to be inadmissible to the United States had already boarded and flown on aircraft, or even been admitted to the country, and perhaps become untraceable.

The TSC sends updates daily to the various screening agencies, but in many instances entire records are not sent, partly because screening against certain segments of the reports might not be integral to the mission of respective agencies. The resulting “cafeteria updates” are often incomplete, inadequate or even missed entirely. In other instances, software incompatibility hinders the ability of some agencies to receive adequate updates of information.

Although the GAO found that some progress has been made in the promotion of effective screening procedures, both in the federal sector and the private/critical infrastructure sector, many potentially effective screening opportunities remain untapped. This situation is perpetuated because the government lacks a current strategy and implementation protocol for optimizing the terrorist watch list.

In addition to the lack of formal protocol, clear lines of authority, accountability and responsibility are missing.

Aviation Security

If you aren't ill at ease yet, keep reading. Aviation security, it seems, is an oxymoron. The GAO conducted spot-checks of United States airports, and successfully smuggled bomb-making components and detonation devices aboard aircraft.

After the thwarted attempt in Britain to make bombs from hydrogen peroxide, the Transportation Safety Administration (TSA) made substantial modifications to the passenger screening process. Aimed at closing gaps in security that the alleged plot revealed, TSA agents set about confiscating perfumes and shampoos and sippy-cups and toothpaste from hapless travelers as they passed through security checkpoints at the airport.

After the new protocols were in place, a request was made for the GAO to test the system. To do this, the GAO attemptedc to:

  1. Obtain the instructions and components needed to create devices that a terrorist might use to cause severe damage to an airplane and threaten the safety of passengers and
  2. Test whether GAO investigators could pass through airport security checkpoints undetected with all the components needed to create the devices.
The investigators were able to successfully pass through screening checkpoints with bomb-making components and, on one occasion, an improvised incendiary device (IID), concealed in their carry-on luggage or on their persons. All of the component parts, as well as the items used to conceal them are commercially available.

In conducting the test, the GAO investigators used publicly available information, and determined that two types of device could be used to commit acts of terror aboard aircraft. The first was a two-component IED, comprised of a liquid explosive and a low-yield detonator. In this scenario, the detonator could be used as an explosive device in it's own right, or used to greater effect in concert with a volatile liquid. The second device was an IID that could be created by combining readily-accessible products (one of which is a liquid) that are banned from carry-on luggage. All total, the investigators spent less than $150 to purchase the components of their improvised weapons. Prior to testing the security apparatus, the components were tested for efficacy at a national lab in the summer of 2007. Prior tests had been conducted in early 2006, in conjunction with an unnamed law enforcement agency from somewhere in greater metropolitan D.C. These test clearly demonstrated that a terrorist aboard an airplane with the components in question could wreak havoc and endanger the safety of all aboard.

After the volatility of the components had been adequately established, the investigators set about devising concealment schemes, keeping in mind the prohibitions on liquids and other banned items. And two GAO investigators demonstrated the weaknesses of the security screening process in American airports by smuggling the components for multiple explosive devices and one incendiary devise through security and aboard commercial airliners, without being challenged by TSA officers.

Most of the time, the officers seemed to follow protocol and procedure, and employed technology in an appropriate manner, however, GAO was able to uncover weaknesses in the screening process and expose other vulnerabilities as a result of the exercise. Case in point: While officers generally followed the guidelines and enforced TSA policies, the investigators were able to exploit weaknesses in the TSA's own policies to get liquids through checkpoints. the investigators were able to exploit the weaknesses by studying public information and identifying the procedural weaknesses in the policies. (Details of a sensitive nature or that could otherwise be exploited by those intending to inflict harm were omitted from the report released to the public.)

GAO has submitted two briefings to the TSA in an effort to help the agency take corrective action, and suggested several actions that TSA should consider implementing in an effort to improve the passenger screening program. A system-wide review is underway, and the GAO is expected to issue a comprehensive public report, complete with recommendations for TSA early next year.


As I said at the beginning of this post, any one of these reports would be cause for consternation and concern. But read them together and the picture that emerges is downright maddening. Not only are we not keeping proper tabs on terrorists and suspected terrorists, but our borders are as secure as your average sieve is watertight, and the GAO sent investigators into the field who were able to smuggle bombs-making components past TSA officers and aboard commercial aircraft.