Homeland Security: 2005 priorities

Federal Computer Week reporter Dibya Sarkar asked various government officials and industry experts what the technology priorities should be for 2005 in the area of homeland security. Here are their comments:

Tom Cowper, a staff inspector at the New York State police and a police futurist:

On interoperable communications

Our ability to communicate ubiquitously -- that's geographically as well as jurisdictionally -- is really the biggest problem we have. Interoperability is almost nonexistent in some places. Radio systems don't talk to one another. Most public safety radio systems today are outdated and in bad need of replacement and upgrade. And when [officials] upgrade those things, they need to be able to communicate with systems that overlap each other or they need to communicate with systems adjacent to them.

Safecom [a federal program to coordinate interoperability efforts nationally] is certainly helping that process. It's a component, and central government can certainly facilitate interoperability. We need more money from the federal government. This is a huge problem from a technical perspective. Like I said, it needs to have some significant money applied to it. The issue with Safecom or the federal government is the quick fix is to just connect all these old radio systems together in a sort of patchwork. It is a way to allow a few people to communicate across the agencies, but it's a Band-Aid. So they're buying expensive gateways called ACU-1000s and other types of devices to link old radio systems together. They aren't spectrally efficient at all and they only allow a few people to talk in a crisis.

[The idea of] what we're doing in New York with our project and other states as well, like Pennsylvania, Florida, Michigan, [is that] the more users that you can put on a shared network -- we'll have 65,000 on our network -- the more you can push communications down to the lowest level. What I like to talk about is creating a net-centric system. It's big in the military world these days to talk about net-centric warfare. But that net-centric concept is pushing information and the ability to share information down to the lowest possible level in real time. If a trooper needs to talk to a deputy right now, he can dial him up and talk to him. He doesn't have to go through his dispatch center, then his commander and then somebody else to communicate with a deputy.

On data mining:

If we're really going to take homeland security seriously and do what we need to do, we've got a couple of major areas to work on. You've got the Total Information Awareness data-mining types of applications that are going to be critical to connecting the dots. They're designed to take a bunch of disparate information and help you make decisions on it and draw conclusions from it and see where the patterns are.

The problem that we have is these things send a red flag to civil libertarians. That's not necessarily a bad thing for people to be watching out for civil liberties. The problem is that they have really stifled the field. And this is an issue that law enforcement and homeland security people have got to deal with. We have got to figure out a way to use this technology in ways that don't violate civil rights, and that's going to be a hard thing to do. It's going to require a lot of thought and a lot of work and a lot of study and a lot of research. And it's going to require a lot of marketing. You've got to be able to bring civil libertarians in and say, "Look this is what we're trying to do, and this is why and I don't see a lot of dialogue there."

On use of biometrics:

Certainly I think the biggest weapon that terrorists and criminals have against free societies today is their ability to remain anonymous and carry out whatever their designs are. And biometric technology is going to be the way that we capture and identify these people. It's great for border security. It'll eventually make its way into airports and places like that. But I don't see a lot of headway being made [at] the state and local levels to implement this stuff. Cops have been using [the FBI's Integrated Automated Fingerprint Identification System] and fingerprints for a long time, but this is really scratching the surface in utilizing biometric technology to really identify the bad guys. We've got to begin employing these systems a lot more.

On use of surveillance technologies:

Surveillance technologies -- the sensors, sensor grids, [unmanned aerial vehicles] and camera networks -- are inevitable. You can buy a full-motion video, color, wireless camera now the size of a quarter for a couple of hundred dollars. And the price continues to continue to drop while the form factor continues to get smaller and smaller.

The biggest hurdle I see is really not getting the money and buying the stuff. I think policy-makers and decision-makers know homeland security is important and we've got to spend money on it. The issue is...a lot of times you try buying this stuff and employ it and have the local activists go crazy and stop the program or delay the program or change the program in some way that makes it less effective. Again, I'm not bashing civil libertarians; they play a good role in society and keep the abuses in check, but there's got to be a balance there. There's got to be some understanding and agreement about what the risks are and how we can solve the problems.

But generally speaking, we all know that we need to start using UAVs to some extent. Just take high-speed [car] chases for example. UAVs come in thousands of different shapes and sizes now. Instead of having three or four police cars traveling 120 miles an hour down an interstate chasing a car that's wanted...why not put a UAV or two and follow [the car] until [it] runs out of gas or until you figure out where [the suspect is going]. Those kinds of things can have real benefits to public safety. It's really difficult to try and convince people -- convince policy-makers and budget people -- that we have to have a whole new section here [to run] the UAVs. The problem is just getting it, implementing it and doing something new. We've never used UAVs before, so how do you convince people it's something you really need?

George Foresman, assistant to Virginia Gov. Mark Warner for Commonwealth Preparedness.

On the need for a larger homeland security plan

I think what you're going to see this year is a lot of people stepping back and saying, "You know we've done some of the low hanging fruit, we've addressed some big holes in the dam, but we really need to step back and look across our entire enterprise." Things have settled down post 9/11. We've got a better much idea of what we want to try to accomplish, we have a better vision of where the feds and (the Homeland Security department) are going to go, because they've had a chance to not only be creative but also to develop some momentum. And nationally it's kind of the time where we maybe need to step back, take a deep breath and say, "OK let's take a look at the big picture out here."

Many of my counterparts I've talked to around the country are very much focused on doing this. It's much easier for the state to do this. We're fortunate in Virginia because with our new consolidation with the Virginia Information Technology Agency we basically have a single "bellybutton" that we can go to and say. "Tell us about the enterprise architecture."

But then the second question we always ask is, is this in the context of appropriate public policy? You don't want to link every database because then it's Big Brother spying. You've got to define the "want" versus the "need" and then make a policy judgment. I am actually beginning to see a real effort not only here in Virginia but in the national capital region where we're pushing back and saying, "No, not another database, not another information system." Let's get a handle on what the big picture is, what are the business processes for moving information inside and outside the law enforcement community, within the public health community? How does local, state, federal (pieces) fit together? How do they collaborate horizontally across one another? How do we bring in the private sector? Where do the walls need to be?

As we look across the threat spectrum ... very little attention has been given to cyber threat on a whole. The asymmetric threat of a conventional attack on America coupled with a cyber event I think remains a very real possibility. In the late 1990s and early 2000, preparedness for weapons of mass destruction (was) all you could get federal officials to talk about. [There was a] little discussion about cyber threats, but not a lot. Then after 9/11, weve (now) got to be prepared for conventional attacks. I think we always make it an "either or" equation and we need to make it an and equation. If somebodys really smart and wants to ... couple low-tech conventional attacks, suicide bombers, improvised explosive devices with some cyber destruction, its not going to break down the democracy but its certainly going to cause people to stop and think again. And that's what the enemy wants us to do. So Im seeing a much heavier focus on the part of local government and particularly state government to kind of reinvesting its attention to the cyber threat issue.

On intelligence reform and information sharing

What we're doing at the federal level is not going to make a measurable difference at the state and local level because it's federal-centric. And in fact the (Congressional) bill that is being debated is not really just an intelligence bill. (There's) much more in it. We're going to create a new structure and organization rather than fix the management and leadership issues.

What we lack in this country...is (an understanding of) who's talking to what, who's sharing it with who. Everybody's so focused on the technology they don't know what the architecture is.

On funding

The funding is beginning to flow in earnest. When you think about it, there was all this prognostication about billions of dollars back during the winter when the mayors were saying $8.2 billion were stuck in the states and the states were saying no, it's stuck in the (federal government)...I think what you're going to see is there's probably about $2 or 2 1/2 billion that's been allocated and you've got about another $1.2 billion coming down on the DHS side. You've got another $1.4 billion I think that's coming down from the HHS side. I think you're going to see a lot more focus on high-end technology solutions for integration.

Kay Goss, senior adviser for homeland security, business continuity and emergency management services at EDS and former associate director of the Federal Emergency Management Agency in charge of national preparedness, training and exercises.

On state and local governments getting federal funding

Up to this point, you have seen them use the funding that has become available for things that have been pent up for years that just haven't been filled. We call it 'boots and suits' and 'guns and gates,' and things like basics, and some overtime for personnel and those kinds of things. I think what they need to do at this point (is) the planning and the training and the exercises. So, I'd like to see more money spent on curriculum development, delivery and exercising out those things, making sure all the plans are in place and the assessment have been done and that kind of thing.

Now beyond that, in order to empower them, in order for them to manage all the new kinds of information they're getting, I think technology is the key. With the money that's being sent out to the states now, most of homeland security research and development money is not going out t o state and local (governments), it's going to universities, and it's going to the research labs. So, they are hopefully working with state and local officials...on what is needed. I think most of the private sector has been working quite closely with local officials and especially in this area, the National Capital Region, with the (Urban Area Security Initiative) grants. And that money is designed to go for transits and ports and (information technology), (the) really critical infrastructure protection.

The Office of Domestic Preparedness has another pot of money, and that money goes directly to the states, and it's pretty well a lump sum to every state regardless of population and then some more based on the population. And 80 percent of that has to be sent out to the locals. So, I think there's going to be more spending on IT than ever before at the state and local level.

On a virtual operations center

We've been working on a concept of a virtual emergency operations center (EOC). We started thinking about how could an emergency operations center continue to function even under those (catastrophic) kinds of terrorist attacks. And so, what we've come up with is working out in Anaheim, Calif.

Anaheim, for many years, has been providing the dispatch system for 11 to 13 other cities within the area. So, they were working that regional concept, and now, once they developed this, the cities are interested in coming in and seeing how they can partner with the system or become integrated in the system, as well. It has the (geographic information system) mapping and the global positioning, traffic video feeds and plume modeling and it's sort of a portal. And if you're the city manager and you're awakened at three in the morning, you don't have to go down and activate the EOC and make sure all the computers are working and call everybody to come in. You can get the information right there on your laptop. Wherever you are is where the emergency operations center can start operating.

On IT priorities at FEMA

Almost every conversation that I have with any of my former employees in FEMA or the leadership there, they are talking about technology and IT and how this can help their partners and state and local (governments). What they're looking for is technologies that will allow the local and state partners to be able to enter information into the (National Emergency Management Information System). In the past, it's been difficult for them to do that. It has been very user unfriendly, and they're working very deliberately and effectively in trying to overcome that so that it's easier for information to be entered. Because otherwise they have to enter the system in a separate local or state database and then try to convey that information to FEMA. Sometimes, they've had to maintain dual databases because the FEMA system was slow. But they're working over time to correct those problems, and I think they've actually done that.

On state government structure

I'm really interested in a lot of legislation that's being proposed in the legislative sessions for 2005 because every state legislature will be meeting then. A large number of them are proposing some kind of advisory councils. They're composed of emergency services personnel, and I think they're going to be working more closely than ever with their mayor's offices and with their governor's offices across the country. And that's been a long-term goal of mine after working for 12 years in the governor's office in Arkansas being in charge of this. (Such advisory councils have not) been formalized in terms of laws and executive orders and things like that so much. (They usually are created as a result of) the personality of the governor or whoever he or she happened to have as a staff person. The moment that changes, it could totally vanish, so now, it's being formally established in a legal framework.

Jim Harper, director of information policy studies at the libertarian Cato Institute and editor of Privacilla.org.

On the use of technology as a proposed solution:

There's a continuing attempt to redefine the (Sept. 11, 2001, communications) problem throughout the land as a failure of technology. That may be very pleasing for those folks to hear, but I don't think it's true.

(The Progressive Policy Institute) has a January 2002 (publication) out (about) using technology to improve homeland security. It points out in the first couple of paragraphs that Mohammad Atta had a warrant out for his arrest in Florida at the end of May (2001). And at the beginning of July (2001), he was pulled over and (the police) didn't recognize that. That's not a technology failure. They had the technology to communicate among Florida counties that there was a guy with a warrant out there. That was an institutional failure and a communications failure.

Would (instant messaging) among cops have taken care of that? Not necessarily, but maybe it was some organic communications capability that would have gotten the FBI agent, who I think might have been in Minnesota, to get somebody's attention in Washington (D.C.), or get somebody's attention somewhere, and bubble this up the way it should have been bubbled up. That's connecting the dots. I think the major impediments are institutional impediments, not technological impediments. It's culture. (The) FBI doesn't want to share with (the) CIA. Different components of (the) Justice (Department) don't want to share with other components of Justice -- things like that.

Stephen Millett, manager of the Battelle Memorial Institute's technology forecasts, an annual list of predictions the company publishes.

On intelligence and information sharing

The No. 1 challenge is intelligence. We said that in (Battelle Memorial Institute's) top 10 list. You know the ability to anticipate and prevent acts of terrorism is the No. 1 priority. So we have to have computer systems to pick up signals, to transmit the signals. We have to have analytical tools to interpret all the signals. We have to have communications technologies to communicate our findings. There's a need for a huge (information technology) infrastructure for intelligence and security. I think we're making stabs at it, but I see so much more that can be done.

On modeling and simulation as an application

I'll express a personal point of view: Data mining is not the complete answer. There is a role for data mining, but I think way too much emphasis has been placed on data mining. My perception is the attitude we take toward intelligence is "Give me more, give me more, give me more." The world is awash in data, but it doesn't mean we're any smarter.

So we are working on a complementary piece of the puzzle, which is modeling and simulation. We think that if we have a basic understanding of the terrorist organizations and how they work, we could model the elements and their interrelationships and come up with a prototype forecasting system. And then the modeling would lead us to ask the right questions to get the right intelligence and the predictions, which I expect to be very coarse and not very good at the outset. This will teach us to get smarter about who the terrorists are and how they behave. It's a model of command and control, of communication, of bank transfers, of buying weapons, training.

I'm not aware of any system like that, but I can't believe nobody's doing it. We have thought about this, and we're big fans of modeling simulation and forecasting. I think there's still a need for data mining, but I just take a skeptical look of only data mining. I think modeling and simulation isn't nearly as well developed as it has to be.

On predicting terrorism

(The Defense Department's defunct Policy Analysis Market program) left me cold. I don't get it. Somebody made the assertion that free markets are the best predictors. But free markets and terrorism are not the same thing. What makes free markets predictive is the people who engage in the free markets are doing the acts. So only if the terrorists were involved in the free market of terrorism would this be predictive. When there are buyers and there are sellers of the stock market, what they buy and what they sell determines the result. So if you do a poll of them to see which way things go and if they place bets if you will, they are themselves their own enactors. But for you and me and 12 other people off the street to place bets on terrorism is pure speculation, absolutely nothing predictive in that. I admit that I don't see it.

Whereas, I do think we can study the terrorists. I think there's enough information so that we could put together these first-generation models and start running the models to predict. I'm calling this computational counterterrorism. It's just not just having the information, it's having the right information, interpreting it correctly and acting upon it. Some people may think we're doing it well. I just see so much more improvement that can be done. The technologies are moving, and that's going to help us out. And hopefully we're going to get smarter now that we're studying terrorism intensely, so that helps.

On research and development funding

I think this idea that the federal government is going to do the (research and development) and then just throw the ideas over to industry to develop these products and services is pretty naive. I think it has to be a collaborative effort from the very early stages.

We have seen a trend in the Department of Energy. When technology gets toward a developmental stage, DOE will not let any contracts unless there's also private co-funding. DOE still pays 100 percent of basic research but when it comes to technology development -- particularly demonstration projects -- industry has to be a co-sponsor, a co-funder. It's a way of leveraging federal dollars so it touches more, but I think it's also a way of getting private industry to ante up and to participate in what will eventually be private sector commercialization.

I see a similar trend coming in DOD. If DOD goes that way, then the intelligence community and (the Homeland Security department) will go that way. I see the big trend is coming where we're going to see more collaborative research, and we're going to see the federal government insisting upon more private money in an earlier stage of R&D. I think IT's going to receive a lot of it and the biological sciences are going to receive a lot of it.

On tools to alert the public

In any prevention and disaster-recovery scenario, being able to communicate is absolutely indispensable. People having the information about what the problem is and what to do with it is absolutely critical in saving lives. I see IT playing a huge role in preparing people, going way beyond the traditional fire drills, and communicating with people about what to do. And I see that from everyday applications, like traffic management, all the way to a (Sept. 11, 2001) type national disaster.

The public authorities have a responsibility, but ultimately, every individual shares some responsibility of surviving a catastrophe. I think we can do a lot to educate the public on hazards and how to respond to hazards. And then I think we can use the Internet as a way of communicating. Not everybody is connected to the Internet, but it certainly is a very powerful tool. Then I think having programs like decision trees that take people through a series of actions would be very helpful. If A happens, do B. If A doesn't happen or something else happens, do C. Whether it's a terrorist attack or an epidemic or a hurricane, you don't want panic. You don't want people doing foolish things.

Dennis Pelehach, principal at Federal Sources.

On a dedicated IT contract vehicle for the Homeland Security Department

The problems faced by (the Homeland Security department), some of the tasks and the kinds of things they're trying to do, is almost overwhelming based on the size of the organization, the complexities of merging these different organizations together. (There are) some very huge challenges there in terms of information technology as well as organizational issues and a lot of other things.

But one of the things that we've seen in ...the last year and year and a half, is that they haven't been able to accomplish some of their acquisition plans, including IT, for a number of reasons. They haven't been able to place acquisition vehicles, ways of actually acquiring these kinds of services, in an efficient manner.

The SPIRIT (Security, Planning and Integrated Resources for Information Technology) program was about a year and a half of effort that in the end they abandoned. (There are) really good resources that DHS could really take advantage of in terms of (the General Services Administration) and other ways that they could perhaps get assistance in putting together kind of an acquisition strategy and utilize some of the other government partners in being able to implement that strategy.

I also don't think they have been able to articulate and communicate some of their acquisition plans and strategies effectively, like how they're going to spend their money. I think a better approach would be for them to better articulate a kind of overall strategy, where they're intending to go. And as part of that, obviously, they would solicit industry partner comments, which I think is really important, particularly for an agency that has so many priorities and so many units that it's trying to pull together.

Even if you get in place a single procurement to get what you need and do a good job with it, you haven't really created an environment where you could do other things in a similar manner, whether it's standalone or one-off kinds of things. What I think DHS would be better doing is create an environment where they can procure and acquire these kinds of services on a recurring basis over a longer period of time.

On small business participation:

(Federal officials have) made a very strong commitment to making sure small businesses play a major role at DHS and they've worked really hard on that. So I would think another area that would be important to them is making sure that the small businesses are engaged. Large companies are innovative in how they use small business in their business strategy. That would be just another place where it would be kind of important for companies as they think about how to bring services.

It clearly helps the small business community, which is a priority. Where I think the large businesses can do a better job is by bringing together (small businesses) as part of their business plan. Small businesses have niche solutions, but (large businesses can) put them together into a more robust solution that they can offer to DHS. It's good for the small business community. It's good for DHS because they may get more advanced technologies. I think large businesses can get entry into DHS using those kinds of things that would be well received. It's a good thing all the way around.

Dennis Schrader, Maryland's homeland security director.

On four technology priorities for Maryland

We are linking all of our statewide (emergency operations centers) through a product called Web EOC, and that's rolling out in the state as we speak. We've got local EOCs and the state EOC, and being able to communicate with them through a Web-based application allows us to pass information back and forth more readily.

As part of that data architecture we also have a system that we're working in collaboration with Towson University called EMMA, the Emergency Management Mapping Application. That's designed to pull data from data sources around the state, both public and private sector, and...display them on a mapping application. That's just one idea that we're using, but it becomes a very powerful tool.... So within Web EOC, you can pull information up with EMMA, post it to Web EOC, and then distribute it. And we have a $1 million grant from (the Homeland Security Department) to develop that concept.

I think a lot of people are working it, but we're actually doing it. We're talking about doing some very sophisticated reengineering of processes and product development. And the fact of the matter is it's going remarkably fast.

We're looking at voice interoperability, and we're developing a statewide architecture of linking various frequency bands through audio interface technology. (We'll use) mutual aid channels as the interoperability tool. (To do this,) we've got three projects in the state going on. They're pilots funded by the (Federal Emergency Management Agency), one by (Community Oriented Policing Services,) and one we're doing through Byrne Grant money. So we've got different (funding) sources, but now we've got an integrated architectural plan that's going to link all this stuff.

What we're really trying to do is find a way of cost-effectively doing this without having to spend a gazillion dollars. We're using ACU-1000s, (technology that allows radios using different frequencies to communicate with one another across bandwidths). We're trying to find simple ways.

And the last one that's coming out of DHS that we're trying to work through is the Homeland Security Information Network/(Joint Regional Information Exchange System), so that's a priority. So those are four ideas in play that we're actually moving forward on.

George Smith, senior fellow with GlobalSecurity.org.

On intelligence and information sharing

It would be nice if people disavowed themselves of the idea that computer software and hardware and databases presented any kind of solution (to terrorism). Whatever the 9/11 Commission recommended or that was recommended by the Markle (Foundation) report I would say is probably worthless because the problems can't be solved through simple applications of software and hardware.

The problem with intelligence agencies (is that) distribution interpretation of material relies more on sociological (factors) than (information technology). The way people look at information, how they analyze it, and what they value and how they cooperate, these are much more difficult to solve. They predate the war on terror, but databases and accumulation of data and software to control distribution seem to be the only thing agencies like to talk about. It just doesn't solve the problem. It's been going on for at least five years.

It seems like a train that cannot be derailed. The bureaucracies that are built up, people, training and the atmosphere and the culture -- this is where the problem lies. I think the shortcomings are the (lack of) sources within the enemy. It's human intelligence, not just sifting and looking through databases, (but) to have people on the inside who are reliable and trusted.

On cybersecurity risks

Generally the application of information technology is beneficial to security in terms of computers, (but) it's not necessarily attached to the war on terror. The government could give its cybersecurity chief power. The cybersecurity chief (Amit Yoran) just quit. And I think it's safe to say he probably couldn't get anything done. I think it can be traced back even before the administration paid a lot of lip service to the need for cybersecurity. Then what happened (was) the person who was put in charge couldn't get anything done. Well if you want to make changes, you have to give him the authority. I mean not just make suggestions that might or might not occur depending on how they annoy people in the private sector.

But cybersecurity is not a big thing in terms of terrorism. Al Qaeda hasn't demonstrated great capability since 9/11 to disrupt information systems.

W. David Stephenson, a strategic communications consultant specializing in homeland security.

On advanced wireless communications devices.

(There are) literally billions of dollars worth of advanced mobile communications technologies that you and I have already bought, carry with us every day from cell phones to (personal digital assistants) to WiFi laptops, and yet I have yet to see anything in terms of how this is actually factored in to emergency communications...as well as, frankly, preventive measures.

If you were watching on the global theater when the regime in the Philippines was thrown out and the demonstrations there and people were communicating with (short message service) text. It's been credited as one of the critical factors in the last minute surge that turned the incumbents out in Spain this year. And yet I don't think our government has come to terms with it. Because the issue (of terrorism) is so big, so diffuse and so unpredictable, there is, as far as I'm concerned, as much a chance (of a) person to actually spot something, whether it's an attack or something that could be a precursor, and be able to report that, or (to act) after an attack in terms of organizing and mobilizing people.... There's a very real chance, depending on the nature of an attack, where you and I may be left on our own.

The recipe for mass panic is a feeling of real danger. If you put more information and power into the hands of the public, then it's going to reduce that chance of panic and also means we'd actually be valuable adjuncts to government rather than a problem we have to deal with. Israel understands that. Great Britain understands that, (and officials there are) taking all sorts of measures to involve the public.

On using new emergency messaging systems

There is this new cell phone-based variant on Friendster called Dodgeball.com. What happens in a social or professional network, you would input all of your friends' cell phone numbers. You want to get together with your buddies you would send a single SMS text to Dodgeball.com. You input "Does anybody want to get together for dinner tonight?" What it does then is it sends an immediate blast message to everyone on your list who happens, at that point, to be within a 10-block radius of where you are. So if I'm on your list, but I'm in Seattle that day, I wouldn't get the message.

But when I talked to the president of the company, he said they could switch that in a nanosecond to emergency communication and allow friends and relatives to get together to plan what they're going to do for evacuation on a targeted real-time, location-based service. And the more you rely on these services that people are already familiar with — but then they can be converted to emergency communication — I think the better you're going to be because you're not going to have a learning curve.

On the federal Ready.gov program:

I think the Ready.gov program is an absolute disgrace. Polls have shown that only 15 percent of people even recognize the name Ready.gov. (Also,) there have been a number of polls that have shown that very few people have done anything to get ready for an attack.

What should and could we do about Ready.gov? One of the things that is missing from there is any way of letting you know whether it has changed in the recent past. I do have to go back from time to time and look through every page of the site to see if something has changed. And there's nothing to tell you that. Nor is there anything like a push or subscription or (Extensible Markup Language) feed that would let you know what the latest stuff is.

Ernst Volgenau, founder, chairman and chief executive officer of SRA International Inc.

On intelligence and information sharing

Everybody knows about the stovepipe problem when it comes to identifying potential terrorists. The list of suspects for (the) FBI might be different from those for the CIA, and there might be some differences for the Department of Homeland Security and, for that matter, other intelligence agencies. There are many, many intelligence agencies throughout the government. They're all over the place in the State Department and DOD and in (the Defense Intelligence Agency), and the services all have theirs. The classic problem then is economically combining and reconciling those lists of suspects and then acting on it. So the stovepipe problem still exists. The government has made, I'm sure, some pretty good progress in reconciling it, but I'll be surprised if anybody would declare victory at this point.

The terrorism watch list is perhaps the best example (of identifying potential terrorists). But let's suppose that some agency has a suspect who hasn't made the grade and then (is) promoted to the terrorism watch list. What an awful promotion. And yet you want to find out more about that individual or correlate that individual's activities with potential terrorism. Maybe he's talking with somebody who is talking to somebody who is in contact with terrorists or maybe they live together in an apartment or they're seen traveling together. You know all of the things any good intelligence agency would use, including a lot of open literature, to detect emerging terrorist cells and individuals. Let's say a military attaché in a foreign country might detect something and report it back to channels, and let's say it goes to (DIA) and to the service of that military attaché, let's suppose he's an army colonel. Well, the DIA and the Army might have that information. The State Department might have it, but the Navy might not have it or then the CIA might not have it.

Technological things like Web services and data and text mining are an approach to this. So you know, the general idea (is to make) data from one agency accessible to other agencies without having to decide and build a huge system that encompasses them all. This is a much more decentralized approach to the problem, which hopefully could reconcile those differences and do it in a kind of cascading pyramidal type of way so that at the very top of that pyramid is something like the terrorist watch list. But one gradation down from the apex of the pyramid might be a set of other people who haven't quite made the grade so to speak, but are being evaluated. And so our vast apparatus around the world is gathering information on those other people that some of whom might be completely innocent. Of course you want to protect them if they're innocent, but others might be steadily getting engaged in more and more suspicious activity.

For example, take a report of some guy who has been advocating violence in Pakistan, and it's reported in the open press, and this guy's name is reported. You pick that up and say, 'Hey I don't know whether that guy is Category 3 or Category 4 in this pyramid. He hasn't made the grade to Category 1, but we need to keep an eye on him. And we need to be watching for other articles and maybe we alert the CIA to try to gather data on him.' And this is all done in a fairly decentralized way because the information has been drawn from, let's say, the DIA Web site. And so we don't have (a massive database of people) in that counterterrorism center. It's only the people that DIA thinks are primary suspects or maybe Category 2 suspects. I think you could do a good job with computers in terms of processing all that stuff and thereby addressing the data glut problem that everybody's concerned about, being awash in data.

On use of radio frequency identification tags

(Another technology to decentralize is the) use of radio frequency identification, putting RFID tags on containers and perhaps even packages within containers. The whole process of loading that container, verifying that it doesn't contain elements that could be used in a dirty bomb or pathogens in a biological terrorist act, having a process with our trading partners to make sure their inspectors know what's going into that container before it's sealed with a tamper proof seal, and then having on that container an RFID tag so that...when they're being unloaded you just have a monitor that's reading those containers.

Now, the system could break down in Amsterdam or someplace else because some local inspector got paid off, but I would just hold the companies particularly responsible for ensuring that integrity. If there's an integrity breakdown, a security breakdown, then I'd say, "OK, you're not delivering any more containers to the Port of Baltimore or, for that matter, any U.S. port." So there's lot of ways that (information technology) could help breathe confidence that the material entering our ports is safe.

The way to do it is decentralize. You can't put that on a Customs Service. They don't have enough people. You just decentralize it and make the shipping companies...responsible. Levy one heck of a fine on them the first time; and the second time, you don't let them deliver anything to a U.S. port for a month; and third time, you debar them. You decentralize the whole process, and (then) you're still able to handle a high throughput of containers.