Industry View

Homeland Securitys Fundamental Weaknesses

Were all victims when the agency lacks the necessary personnel or structure to carry out its mission.

By Jim Giermanski

May 04, 2006CSO

The Department of Homeland Security (DHS) is like the proverbial gift that keeps on giving: Its disastrous response to Hurricane Katrina, the gaping holes in the security of our transportation networks, its inability to secure our borders, and the recent arrest of a DHS employee for allegedly conducting sexual online conversations with a child provide critics with a steady supply of ammunition.

What is the basis of the departments poor performance? DHS was organized primarily to protect the United States from terrorism. But the agency may not have the necessary personnel or structure to carry out its mission. DHSs apparently inexperienced management appointees have exacerbated the departments three fundamental weaknesses: a lack of expertise in technology, supply-chain operations and security tradecraft (the gathering and analysis of intelligence). Its dangerously high level of amateurism has compromised its ability to keep our seaports and land ports of entry safe.

Technology

Congress has instructed DHS to evaluate and promote the development of container security technology, such as electronic seals and detection equipment. Because it does not have its own laboratories, R&D or adequate numbers of scientists on staff, DHS must look outside for help in evaluating the hundreds of devices now being touted as cargo security solutions.

The department has chosen to contract with universities to conduct those evaluations. As an academic myself, I know that the problem with hiring academics to test new technologies is that they are dedicated to discovery and often lack real-world experience with which to effectively evaluate technologies that must work "on the street," not just in the lab. This is especially true in the area of cargo security; the critically important human element is absent in the lab.

An example of an ineffective technology decision by DHS is the requirement for "smart" container doors instead of a "smart" container. That decision, coupled with industrys reliance on radio frequency identification (RFID) technology, actually makes it easier for a terrorist to enter a sealed container through someplace other than the doors (by cutting a hole in the side, for example). The terrorist could then place an explosive device that is armed to detonate when triggered by an RFID signal at a U.S. port. This is not some far-fetched scenario: During a container security program held last year at the college where I teach near Charlotte, N.C., a housewife and a philosophy professorwith less than 10 minutes trainingwere able to surreptitiously enter and place a make-believe bomb in a sealed ocean container.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Configuration Assessment: Choosing the Right Solution

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Rolling the dice with your security? Take the Self-Assessment Test now

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications