Issuu on Google+





TACKLING TERRORISM Jeh Johnson leads fight against violent extremists

SAFEGUARDING BUSINESS Firms work to keep data out of thieves’ reach

IN THE CLOUD Benefits, risk of computing model

INSIDE THE AGENCY Customs, FEMA, TSA, Border Patrol








201 5 S P E C I A L E D I T I O N


PROTECTING THE PERIMETER Interview with U.S. Customs and Border Protection chief R. Gil Kerlikowske






51 This is a product of


Jeanette Barrett-Stokes CREATIVE DIRECTOR






8 12 20 24 28

PROTECTOR-IN-CHIEF Q&A with DHS Secretary Jeh Johnson CYBER THREAT CENTER New unit will coordinate cybersecurity response CLOUD COMPUTING Balancing convenience with protection of consumer and commercial data CORPORATE SAFETY Companies in constant battle to keep information secure from hackers TECH TOOLS Consumer advancements come with highs and lows


30 43 47 51 56 64

SECURING THE SKIES TSA keeps airports safe amid criticism BORDER CRISIS UPDATE Surge of Central American children slows

90 94

FIRST RESPONDERS GEAR UP Emergency personnel get equipment boost SECURE EDUCATION Colleges prepare future cybersecurity professionals PEOPLE BEHIND THE SCENES Meet DHS staff in important, but lesser-known jobs DISASTER PRE-PLANNING FEMA helps communities prepare for nature’s fury LESSONS LEARNED 2005 hurricanes prompted response changes



Chris Garsson, Elizabeth Neus, Hannah Prince, Sara Schwartz DESIGNERS

Ashleigh Carter, Gina Toole Saunders, Lisa M. Zilka INTERN


Matt Alderton, Mary Helen Berg, Carmen Gentile, Adam Hadhazy, Paul Korzeniowski, Jaime Netzer, Rachel Nuwer, Erik Schechter, Marc Selinger, Adam Stone, Suzanne Wright


VP, ADVERTISING Patrick Burke | (703) 854-5914 ACCOUNT DIRECTOR

Justine Goodwin | (703) 854-5444 FINANCE BILLING COORDINATOR

Lynnae Brown

EXPLORING THE WALL Facts about U.S.-Mexico border fence


A USA TODAY publication, Gannett Co. Inc. USA TODAY, its logo and associated graphics are the trademarks of Gannett Co. Inc. or its affiliates. All rights reserved. Copyright 2015, USA TODAY, a division of Gannett Co. Inc. Editorial and publication headquarters are at 7950 Jones Branch Dr., McLean, VA 22108, and at (703) 854-3400.

HOMEGROWN TERRORISM Extremists set sights on would-be U.S. recruits STAYING ALERT “Soft targets” on guard against potential attacks RESETTLEMENT Migrants look for second chance at life

Christine Neff

For accuracy questions, call or send an e-mail to






their cause and of vetting 10,000 Syrian refugees being resettled in the United States over the next year. From the department’s campus in northwest Washington, D.C., Johnson discussed with USA TODAY these issues as well as the ongoing heated debate over immigration — the toughest issue he said he faces because of the emotion and misinformation surrounding it.


FBI Director James Comey has said there are an estimated 900 active investigations pending against suspected ISILinspired operatives and other homegrown extremists in the United States. Is that a big number? JOHNSON: Well, I don’t know about the precise number. But we do (know) that given how the global terrorist threat has evolved, what we are seeing more and more — in addition to the concern we’ve traditionally had about overseas threats that could be exported to the United States to commit an act of terror — we’re now seeing terrorist-inspired attacks in places like Ottawa, Canada, a year ago, the Charlie Hebdo headquarters in Paris, the attempted attack in Garland City, Texas. So we have to be concerned about the potential of a terrorist attack by a homegrown or a home-born operative, the so-called lone wolf, who is inspired by something they see on the Internet or read without receiving direct orders from a terrorist organization. This is the new phase we’re in. This is the new reality that I keep talking about that we are in now. We have the traditional military response, going after the terrorist organizations where they are overseas, but given how the global terrorist response has evolved, the response involves much more of a whole of government effort, which very much includes a law enforcement effort, the FBI as well as state and local law enforcement.



Homeland Security Secretary Jeh Johnson faces threats to the nation head-on JACK GRUBER/USA TODAY

By Susan Page

This interview with Jeh Johnson was conducted prior to the Nov. 13 attacks in Paris.


HEN JEH JOHNSON WAS nominated as the fourth secretary of the Department of Homeland Security (DHS) in October 2013, he said he didn’t seek out the opportunity. He’d been enjoying life outside of the government arena for a year and was settling into a private law

practice when he was asked by President Obama to lead the federal behemoth created in the aftermath of the Sept. 11 terror attacks. In the two years since he accepted the call, Johnson, 58, has been the face of the department as it has navigated many high-profile challenges — most recently stepped-up social media appeals that have enabled the self-proclaimed Islamic State (ISIL) to recruit young Americans to

Is this threat continuing to grow? Well, that’s really hard to say. But in terms of where we are in our efforts of how to respond, just in the past two years, I think we’ve come a long way. The FBI and my department are more and more communicating with state and local law enforcement, because given the current threat environment, very often the cop on the beat is the first one to detect or see a terrorist plot. So more and more since I’ve been secretary, certainly, we are engaging state and local law enforcement, local police chiefs, our joint task forces. We’ve really ramped up what we refer to as our CVE efforts, Countering Violence Extremism, here at home. I have personally visited communities — Boston, New York, Brooklyn, northern Virginia, suburban Maryland, Chicago, Columbus, Houston,




“Wherever I go in these (Muslim) communities, the consistent thing I’m told is ‘ ... they’re hijacking my religion.” — Jeh Johnson SUSAN WALSH/THE ASSOCIATED PRESS

Above, Jeh Johnson attends the White House Summit on Countering Violent Extremism on Feb. 18 with former Attorney General Eric Holder, left, and Secretary of State John Kerry. Top right, Johnson presents TSA officer Carol Richel a valor award May 14 for helping catch a man with weapons at New Orleans’ Louis Armstrong International Airport. L.A., Minneapolis — to talk to communities, principally Muslim communities, about how they can help us in our efforts and how we can help them in their efforts to counter violent extremism. I want to take this to a new level in DHS with creation of an Office for Community Partnerships and we’ve appointed a new director there. And we want to build on the good work we’ve done so far but engage the tech sector, engage philanthropies, to help in this effort. We know that ISIL has been sophisticated in using social media to reach out to disaffected young people in the United States. Have we made progress in how to respond to that? When I meet with Muslim leaders, everyone talks about the counter-message, we’ve got to put out that counter-message, to counter ISIL’s appeal. It is both a message of how if you join ISIL you will face exploitation, even slavery, even death, to deglamorize that appeal. But there also has to be a positive aspect to the message. And so the message exists out there. There are a lot of clerics, there are a lot of Muslim leaders who have helped to develop this message, but I think it needs a larger megaphone. It needs a larger platform. Who can provide that larger platform? That counter-message should not be a government message. So there needs

to be the capability to build that larger platform, which I think can come from and should come from the private sector, from philanthropies, from the tech sector. So part of what we want to do is to get these actors involved in the effort because it is a good and important effort. Why does ISIL continue to have appeal for some in the United States? Very often, it’s young people who are angry, who feel disaffected, are looking for something in which to channel their energy, and along comes a group like ISIL, which has an appeal that could, to some, be glamorous. And so our mission is to do everything we can to counter that, to show the world what the Islamic State really is. It is neither Islamic nor a state. It is a group of terrorists who exploit people. The principle victims of ISIL are Muslims. So I know the Muslim community itself very much wants to amplify that message. Wherever I go in these communities, the consistent thing that I’m told is, ‘Mr. Johnson, they’re hijacking my religion.’ (From USA TODAY reader Claude Taylor, on Twitter): What level of investigation will Syrian refugees undergo before they are allowed access to the United States?’ As you know, Donald Trump has said they could be a Trojan horse for ISIL to infiltrate the United States. In terms of the level of effort of security review that we will apply and that we have


Johnson speaks about the need to combat violence extremism in the U.S. outside a Columbus, Ohio, mosque with local police and Muslim leaders in September 2014. applied, it will be and it is extensive. Both law enforcement and Homeland Security have improved the process from the days when we admitted a lot of Iraqi refugees. We now do a better job of connecting dots, consulting all the right databases and systems that we have available to us, and the refugee-review process is probably one of the most, if not the most, extensive and thorough background checks that someone seeking to enter this country goes through. Now, we’ve made this commitment for 10,000 Syrian refugees in (fiscal year 2016). It is a commitment that the United States as a global leader should and will

meet. There are Syrian refugees by the hundreds of thousands and millions that have left Syria, that have crossed the borders into other countries. The United States should do its share in terms of taking in refugees as well as humanitarian aid, and that’s what we’re doing. Do you think ISIL sees this as an opportunity to infiltrate the United States? Well, in my world, one failure equals 10,000 successes. So we have to be CO N T I N U E D



“Immigration is the most emotional issue that I have encountered, laden with all sorts of misinformation, and very often misinformation that is repeated and elaborated upon by those who should know better.” — Jeh Johnson


Johnson participates in a naturalization ceremony for new U.S. citizens at the United States District Court for the Eastern District of New York in October. Left, Johnson hands Xue Ying Zheng her citizenship certificate during the ceremony, where 50 candidates from 24 countries became U.S. citizens. concerned about the possibility of a security breach, and we are concerned about that. So we’re going to vet refugees very carefully. There’s pressure on the other side from critics who say the review process takes too long — an average of two years. That is the world in which I live. On the one hand, there are those who say you’re not moving fast enough and on the other hand there are others who say you need to slow down and do it more carefully. We’re going to commit the resources; we’re going to strike the right balance. It’s like so many other things we do — aviation security, immigration enforcement. You’ve got to strike the right balance between meeting your commitments, honoring American values but also public safety. What is the toughest issue you’re facing right now? Since I’ve been in public service, I’ve handled a lot of tough issues, going back to my Defense Department days: Counterterrorism. Targeted lethal force. “Don’t ask, don’t tell.” Guantanamo. Immigration is the most emotional issue

that I have encountered, laden with all sorts of misinformation and very often misinformation that is repeated and elaborated upon by those who should know better. For example, there are large segments of our population, and we know this from surveys, who believe that there are more people crossing our border illegally today than, say, 10 years ago, when the exact opposite is true. The numbers of those apprehended on our southern border has in fact gone way down since the year 2000, for example. In the year 2000, it was 1.6 million people apprehended on our southern border, trying to get into this country. Last fiscal year, that number was down to around 331,000. It’s a fraction of what it used to be. But there are people out there that believe we have this porous border, in which people are just crossing daily. Now, is there a lot more we should do for border security? Absolutely yes, and that is reflected in our budget submissions to Congress. But immigration is one of those issues that is hugely emotional, and there’s a lot of misinformation around it. Your predecessor, Janet Napolitano,

previously complained that (immigration) was being used as an excuse for people with political purposes. Is that how you feel as well? I don’t comment on things that candidates say in the middle of political campaigns. I’m doing my best to stay out of political campaigns. I gave a speech recently at Westminster College in Missouri, as part of the Green Foundation Lecture Series. The most famous Green Lecture was delivered by Winston Churchill in 1946, his “Iron Curtain” speech. In 1954, Harry Truman came back to Westminster and gave his own Green Lecture about what hysteria does to us. That was the title of his speech. And I decided this year to build on that. And what I said, and what I believe fervently, is that those of us in public office and those of us who aspire to public office have a responsibility to be reasonable, factbased in our rhetoric and to not suggest things that are unreasonable to whip up a lot of emotion in the public, which can lead to government overreach, fear, suspicions and prejudice. So the immigration space is a difficult space in which to make policy. But I’m committed to doing the responsible thing

for border security, the responsible thing in terms of how we enforce our immigration laws. We only have limited resources, and we’re not going to deport 11 million people. The most striking thing about the number of undocumented in this country is something like more than half of them have been here for more than 10 years. And a lot of them have kids who are U.S. citizens or lawful permanent residents. They’re here, they live among us, and we’re not going to deport a population of people the size of New York City and Chicago put together. We don’t have the resources to do that, nor should we try. We want to develop priorities and we are developing priorities that focus on convicted criminals, threats to public safety. Is the border now secure? There is room for improvement, definitely. There is room for more technology on the border. There is room for more capabilities on the border. And there is room for — and this is something we’re working on now — for greater cooperation with state and local law enforcement.





CENTRALIZING CYBER SAFETY New office to help put security agencies on the same page By Rachel Nuwer


N FEB. 25, PRESIDENT Obama issued a memorandum for the creation of a national intelligence center to help protect the nation from malicious cyber threats. “Just like we do with terrorist threats, we’re going to have a single entity that’s analyzing and integrating and quickly sharing

intelligence about cyber threats across government so we can act on all those threats even faster,” he said in a speech at the Cybersecurity and Consumer Protection Summit at Stanford University in February. Obama’s memorandum for the new center arrived weeks after the health insurance company Anthem Inc. announced that up to 80 million customer and employee records — including names, Social



USA TODAY SPECIAL EDITION President Obama visits the National Cybersecurity and Communications Integration Center in Arlington, Va., which will oversee the new cyber threat center, in July. Obama is joined by DHS Secretary Jeh Johnson.

Security numbers, addresses and more had been compromised. Anthem’s case, however, was by no means exceptional. In past months, JPMorgan Chase & Co., Sony Pictures Entertainment, the U.S. Department of Energy and many more had all fallen victim to successful cyber attacks. “We’re seeing an increase in the number of incidents,” said Suzanne E. Spaulding, undersecretary for the National Protection and Programs Directorate at the Department of Homeland Security. “Some of this is because we’re getting better at detecting and finding these intrusions, but it’s also because bad actors’ capabilities are proliferating.” The proposed Cyber Threat Intelligence Integration Center (CTIIC) is meant to push those incident numbers down by analyzing, integrating and sharing existing information from other departments and agencies, including U.S. Cyber Command, the DHS’ National Cybersecurity and Communications Integration Center and indications and warnings about threats, the FBI’s National Cyber Investigative Joint strengthening situational awareness and Task Force. facilitating the flow of information across “We believe we are approaching a centers, including those that deal directly strategic inflection point for cybersecurity, with the private sector. where we must adThe CTIIC is not dress our underlying currently operational cybersecurity and, though manproblems in order to dated by Obama, “Everyone agrees on continue leveraging its existence is still cyberspace and the being vetted by the need of integration Internet as strategic Congress. Because its of intelligence, and I assets,” said White operational funding House Cybersecurity is tied up in the 2016 really think it’s just a Coordinator Michael intelligence bill, which matter of making sure Daniel. “CTIIC is really had not been apdesigned to help fill proved by lawmakers we do it right.” in some gaps we’ve as of mid-November, — Michael Daniel, White House discovered in how the it’s not clear when the cybersecurity coordinator government analyzes center will officially and deals with cyber begin its work. And threats.” there are still many The center won’t questions surrounding actually collect intelligence, respond to the center’s logistics. Its organizational breaches or directly deploy investigastructure is still under discussion, and tors to the field. The responsibility for Daniel prefers not to cite hypothetical responding to specific incidents in either employee numbers. But in theory, Daniel the government or the private sector will said, CTIIC will be leaner than some still rest with law enforcement, the DHS previous ventures, and employees will and specific departments and private be brought in on rotation from other entities. CTIIC’s specialty will be enhancing government departments and agencies.


This will help staff move quickly and avoid becoming bogged down in bureaucracy. “It’s really meant to be a small, agile enabler for the government,” Daniel said. Specifics on funding have not been disclosed, although some initial funding for the center exists for the CTIIC start-up in the 2015 intelligence budget, and more has been requested for fiscal year 2016. The center’s location is still being discussed, but it’s expected to be situated somewhere in the Washington, D.C., metro area within an existing facility. Spaulding said she and her colleagues look forward to CTIIC assisting in their missions, especially in enhancing their intelligence-gathering capabilities. “One thing I think it will bring to the table is the ability to tap into experts who are not in cybersecurity, but who are looking more broadly at what’s going on in the world,” she said. “That context ensures that we’re not looking at cyberspace in a stove pipe.” Experts in the private sector, however, warn that expectations for the new center should not be set too high. Past initiatives, such as the Office of Cybersecurity and Communications and the National Cyber Response Coordination Group, have often CO N T I N U E D



CYBER SAFETY fallen short of their goals, and the new center will not provide a solution for the country’s most pressing cybersecurity needs, which are in the private sector’s critical infrastructure, said Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, an independent nonprofit organization. O. Sami Saydjari, president and founder of the Cyber Defense Agency, a private provider of security consulting and research services, agreed. “Having all of these different intelligence

sources come together at the new center sounds like a great idea, but it would only be a small part of a much larger puzzle that’s still missing many pieces,” said Saydjari. “We still have massive gaps in our strategic solution set that makes our position on electrical power, telecommunications and banking extraordinarily vulnerable.” Those gaps largely stem from basic underlying problems in the way the issue is approached — including the fact that there is no national cybersecurity policy

worthy of the name and there has never been adequate public discussion about cybersecurity, said Borg. “As a nation, we have treated cybersecurity mainly as a technical issue that can be solved simply by spending more money on a narrow range of technical counter-measures,” he said. Borg also pointed out that, since 1998, the government has launched more than a dozen organizations, divisions and agencies intended to perform functions similar to those of CTIIC. But none have actually reduced the national cyber risk

to any noticeable degree, he said, and several wound up performing functions significantly different from their original purpose. CTIIC’s mission is perhaps most similar to the National Counterterrorism Center’s within the Office of the Director of National Intelligence in that it is meant to provide integrated, all-source analysis of foreign cyber threats and to ensure that all government centers can tap into the intelligence CO N T I N U E D

HACKS IN THE HEADLINES Recent high-profile cyber attacks have brought more attention to the threats hackers pose and helped spur the creation of the Cyber Threat Intelligence Integration Center (CTIIC). Major breaches in the U.S. over the past two years include:

In December 2013, Target announced that hackers stole credit card information from 40 million customers and personal information from 70 million. Earlier this year, Target agreed to pay Visa Inc. up to $67 million to cover costs incurred by the breaches and MasterCard-issuing banks received as much as $19 million.

From 2010 to 2014, the U.S. Department of Energy’s (DOE) networks were attacked more than 1,100 times and compromised more than 150 times, including 19 successful attacks against the National Nuclear Security Administration, according to a USA TODAY report. Investigations are ongoing, and DOE representatives declined to comment when USA TODAY contacted the department in September.

In July 2014, JPMorgan Chase & Co. suffered one of the largest data breaches in history when hackers gained access to personal information, affecting close to 76 million households. The alleged hackers — three have been charged — were involved in a widespread scheme that targeted 14 other companies. On Nov. 10, 2015, Manhattan U.S. Attorney Preet Bharara described the data breach as “breathtaking in its scope and its size,” saying the hacking was done to support a series of stock manipulation schemes, as well as gambling and payment processing schemes.

In September 2014, Home Depot announced a security breach affecting 56 million credit and debit cards. In a filing with the Securities and Exchange Commission, Home Depot indicated the information was stolen by malicious software (malware) that had infected its computer network.

In November 2014, hackers — allegedly sponsored by North Korea and calling themselves the “Guardians of Peace” — gained access to Sony Pictures Entertainment’s networks and released employees’ personal data and emails containing sensitive information. Those responsible for the attack demanded that Sony cancel its release of the film The Interview, a comedy about the assassination of North Korea’s leader, Kim Jong-Un. North Korea denied responsibility.

In February, health insurer Anthem Inc. announced a security breach that accessed up to 80 million customer and employee records. The hackers gained information including names, birthdays, medical IDs, Social Security numbers, street addresses, email addresses and employment information, including income data, Anthem President and CEO Joseph Swedish said. The company doesn’t believe any credit card information was obtained.

In June, the Office of Personnel Management announced that data from the personnel records of 4.2 million current and former employees had been breached. It was later learned that another hack of backgroundcheck records for 21.5 million people were also affected. Some officials blame the attack on hackers backed by China.

Contributing: David Jackson, Erin Kelly, Kevin McCoy and Kaja Whitehouse








White House Cybersecurity Coordinator Michael Daniel, top, was charged with creating the CTIIC. Suzanne E. Spaulding, undersecretary for DHS’ National Protection and Programs Directorate, said her department will assist the center when it begins.


About 80 million records at Anthem Health Insurance were accessed in February in what may be among the largest health care data breaches to date. needed to maintain their network defenses. While government personnel in other agencies and departments are currently capable of analyzing cybersecurity, none of the existing centers deal with cyber threats the way the government deals with terrorism — as an integrated, whole-ofgovernment problem. “The government’s track record in this area is not encouraging,” Borg said. “Let’s hope this new entity can do better.” Whether the center can break from past trends could soon become apparent; the plan is for it to be at least partially operational by the end of 2015, Daniel said. Despite some initial pushback from Congress, mostly dealing with the center’s roles and mission, Daniel said he is “totally confident” that the center will get off the ground. “CTIIC is fulfilling a critical need that the president and the White House are committed to,” he said. “Everyone agrees on the need of integration of intelligence, and I

“... We’re going to have a single entity that’s analyzing and integrating and quickly sharing intelligence about cyber threats ... so we can act on all those threats even faster.” — President Obama

really think it’s just a matter of making sure we do it right. I’m confident we can work with Congress to secure the funding we need over the long term for the center and get it going.” He noted that “there have been some

questions raised, but they are legitimate oversight questions about what it’s designed to do, whether it’s duplicative and how we will structure it.” Daniel acknowledged that CTIIC “is just one piece of an ongoing effort.” Other goals include enhancing cybersecurity across the board for both the government and private sector; making networks inherently more defendable; and doing a better job of managing and recovering from breaches. Strengthening partnerships with the private sector is also a priority, Daniel said, though he noted that figuring out how to do so most effectively will take time. Still, from Daniel’s vantage point, things are at least trending in the right direction. “I think we are considerably better off than we were four years ago,” he said. “But are we where we need to be? Absolutely not.” “Fundamentally, though, I’m an optimist,” he said. “The Internet is something humans created, and I believe we can create the solutions to make it safer.”






SECURE YOURSELF The American public most often deals with cybersecurity problems in the context of identity theft and malware infections on personal computers. Such breaches can be extremely disruptive for individuals and can take a significant cumulative toll on the economy. The good news, though, is that attacks can be prevented.



Personalize default passwords on new equipment immediately, and do not opt for entries like “password1234” or your children’s birthdays. Instead, create passwords that include a complex combination of numbers, letters and symbols. Change them frequently.



When you receive install updates for your browser, programs or operating system, don’t procrastinate. Updates often include new software that contains patches for recently discovered vulnerabilities. Malicious actors are able to reuse the same well-known loopholes over and over again because people put off software updates.


“There are very basic cyber hygiene steps that you can take that will prevent 90 to 95 percent of intrusions,” said Suzanne E. Spaulding, undersecretary for DHS’ National Protection and Programs Directorate. Spaulding offers five pointers to ensure your personal information and computer remain secure:


Try to limit the amount of personal information you post online. Use privacy settings on social media networks to ensure the things you do post are confined to the people you wish to share them with, not to the entire online community.



If you read something online or in an email that sounds too good to be true, it probably is. Hackers’ phishing techniques—methods used to trick victims into handing over sensitive information — are becoming more sophisticated. Spear phishing, for example, draws on personal information that a user has posted online — a pet or child’s name, for example — to create convincing email scams. Clicking on the attachment or link contained in those malicious messages injects malware into your computer or grants the hacker entry.



If you are the victim of a cyber crime, report it to authorities, including the FBI Internet Crime Complaint Center ( Your data will help prevent others from falling victim to the same scheme.







BALANCING ACT IT departments work to secure cloud computing as threats increase

By Paul Korzeniowski


HE SAFEST COMPUTERS ARE the ones that have the fewest network connections. The most nimble computers are the ones with the most — the ones that operate in the system known as the “cloud.” Businesses that want the agility of cloud computing are also discovering the need to be nimble when it comes to security; every time a business extends its network to a new device, it creates an additional entry point for the bad guys. “Not only is cybersecurity a focus for the IT (information technology) department, it has become a top concern in the board room,” said Jim Reavis, CEO of the Cloud Security Alliance, a computerindustry consortium devoted to improving security within cloud computing systems. Organizations that rely on cloud computing store and access their information, software and other services remotely across the Internet rather than relying on their own physical servers. This gives them the ability to respond to issues or update their systems quickly, and in some cases, less expensively.



For instance, updating and deploying a Fortune 500 company’s payroll software once took weeks or months. A company using cloud-based services can allocate new resources with just a few keystrokes. Amazon Web Services, a leading cloud solutions provider, makes 50 million updates — one every 1.5 seconds — to its computer systems annually. “Companies want to respond to new business drivers ASAP, and cloud offers them that potential,” said Dan Blum, principal consultant at Security Architects LLC. As a result, cloud is gaining traction. International Data Corp. (IDC), a market intelligence company, found that spending on cloud computing infrastructure rose to 30 percent of all IT infrastructure spending in the first quarter of 2015, for a total of $6.3 billion, up from 26.4 percent of spending in the same period in 2014. Non-cloud infrastructure spending rose only 6.1 percent, to $14.8 billion. This interest has expanded to the federal government as well. In 2011, the Obama administration launched a “Cloud First” policy, which mandated that federal agencies begin looking for ways to CO N T I N U E D




22 use the cloud to save money and time on government computer systems — although that process is moving slowly. The fragmented nature of today’s networks, and the amount of bandwidth they take to operate, lends itself to cloud computing. In ancient computing times (i.e., five years ago), people accessed computer networks via a desktop or a laptop personal computer. Those options have been augmented with smartphones, tablets, gaming consoles and wearables such as FitBits. Case in point: In 2011, the University of Tennessee at Chattanooga’s network supported 3,145 devices, most of which were desktop computers. That number rose to 14,906 in 2014, and has jumped to about 48,000 more varied pieces of equipment including smartphones, tablets and gaming devices so far this year, according to Thomas Hoover, the school’s associate vice chancellor and chief information officer. OF ENTERPRISES So as the INDICATED THAT range of devices SECURITY WAS dependent on a THE REASON FOR network widens, THEIR CLOUD safeguarding the company’s PURCHASE enterprise assets — TECHNOLOGY — customer BUSINESS credit cards, Social RESEARCH INC. Security numbers, trade secrets, confidential emails — becomes more complicated. “All organizations are struggling to balance the need to move faster and the desire to safeguard sensitive information,” said Pete Lindstrom, vice president of security strategies at International Data Corporation (IDC). Worldwide, the threat to computer systems has increased. In 2014, more than 450 million records were compromised in the 20 biggest computer attacks in the United States. EBay accounted for almost one-third of the total: 145 million passwords and snippets of personal information were stolen from its site. Target announced in January that a late-2013 hack caused 70 million customers to lose their personal data atop the 40 million breaches it had already revealed. Home Depot was close behind, with 56 million card numbers and 53 million email addresses compromised. As organizations evaluate cloud, they find that the biggest issue is not just security — it’s that their data is no longer housed on-site. “With public cloud (run by another company), you hand your security keys over to a third party, and many organizations are uncomfortable making that change,” said Lindstrom. Those third parties often become hackers’ top targets. Infamous bank robber

CLOUD COMPUTING OPTIONS EMERGE When dipping their toes in the cloud waters, organizations often start with private, move to hybrid, and then go to public. Currently, private cloud systems outnumber public cloud systems, but the gap has been narrowing. In fact, IDC expects public cloud services spending to reach $127 billion in 2018, accounting for 50 percent of total IT spending.

Computers constantly become smarter, and their increasing intelligence provides organizations with more deployment options.


PUBLIC Businesses hand off the deployment and maintenance functions to a third-party vendor, which runs the systems offsite, away from the business’ actual location.

PRIVATE Businesses run their own computer systems. A team of IT workers gather in a data center, where they can configure and troubleshoot the company’s systems themselves.

HYBRID Businesses mix public and private options. Software applications, which often consist of many millions of lines of programming code, are written in chunks. One piece may display on a Web page the whizbang features found with the vendor’s latest smartphone; a second component authorizes a purchase. This way, businesses can have some processing done by their own systems and other parts done by a cloud provider. — Paul Korzeniowski THINKSTOCK

Willie Sutton supposedly said that he hit financial institutions “because that’s where the money is.” Hackers have a similar mindset. Breaking into a single company’s system provides entry to only one set of consumers, but breaking into a cloud vendor’s system gives them access to multiple customer lists.

However, some experts think that the cloud can also potentially improve system security. Although the threat level is increasing, organizations may not have the budget, the expertise or the interest needed to secure information. But “cloud services are based on newer computing infrastructure,”

“All organizations are struggling to balance the need to move faster and the desire to safeguard sensitive information.” — Pete Lindstrom, vice president of security strategies at IDC

noted Lindstrom. “The newer the system, typically the better able it is to defend itself." Vendors and hackers play a constant game of leapfrog where the bad guys find a security hole and the good guys fill it. Older systems have lots of holes. Newer systems, however, are designed to avert established ruses, so they are more secure. As a result, the idea that the cloud can help organizations improve system security is growing in popularity. In fact, 29 percent of enterprises indicate that security was the reason for their cloud purchase, according to Technology Business Research Inc. (TBR). “Recently, we have seen a shift in user perceptions about cloud security from negative to positive,” said Molly Gallaher Boddy, a TBR cloud research analyst. What can businesses do to better safeguard sensitive data? Cloud vendors and customers have recently been encrypting more information and relying on analytics to improve security. Encryption scrambles information. If a would-be hacker grabs the data, it is garbled, and only the user can decode it. Traditionally, encryption was used only when information moved from, say, a customer’s computer to a retailer’s website. Once the data arrived, it was decoded and therefore open to interlopers. Increasingly, businesses encrypt information from the moment it is created until it is deleted, making it more difficult for hackers to access confidential information. Corporations are also able to collect lots of information and run reports analyzing how the business is operating. Such capabilities are being used to ward off hackers. Typically, a criminal makes several unsuccessful attempts before gaining access to a system. Data analytics notify an organization when unusual activity takes place, so they can determine if the problem is legitimate or if an outsider is trying to break into their systems. Whether cloud computing improves or diminishes an organization’s security profile is subjective. But two items are crystal clear: More entities are turning to the cloud and the number of security threats is rising. “Technology continues to provide companies with the ability to work more efficiently, improve customer service, and deliver new products,” said Security Architect’s Blum. “But these advances also makes safeguarding sensitive information more difficult.”





Cyber crime is a major threat to the economy. In 2013, credit card information for 40 million customers was stolen from Target’s computer network.



Firms pay to make threat protection ‘business as usual’

By Marc Selinger


HEN HACKERS USED THE credentials of a heating, air-conditioning and refrigeration vendor to gain access to Target’s computer network and steal the credit card information of 40 million customers in 2013, the breach highlighted the vulnerability of both small and large companies. Cybersecurity experts say the incident served as a wake-up call for firms of all sizes to better protect themselves. “There’s no consumer brand with a

brick-and-mortar or a strong online presence that hasn’t faced this risk and doesn’t face the threat,” said Stephen Ward, senior director of marketing at iSIGHT Partners, a Dallas-based cyber threat intelligence firm. “Every organization — small, medium, large — in today’s world has got to have a very well-thought-out cybersecurity strategy.” With the United States migrating from analog information technology to digital systems that create massive amounts of data, the Telecommunications Industry Association (TIA) indicated in a 2015 report that cyber crime has become a major threat to the U.S. economy. And industry leaders agree it is

costing the private sector about $100 billion a year in losses. Besides Target, household names that have experienced major cyber attacks in recent years include Home Depot, J.P. Morgan Chase & Co. and Sony Pictures. “It is estimated that 90 percent of all the data that have ever been generated in the history of the world was created in just the past two years,” TIA wrote in its 2015-2018 ICT Market Review and Forecast. “As data proliferates, the threat of cyber crime will proliferate as well.” As a result, even small companies find CON T I N U E D




26 themselves spending thousands of dollars a year on cybersecurity, said Chris Smith, director of cybersecurity strategy at SAS, a business analytics software firm. And since no defense is foolproof, businesses have to spend thousands more on insurance, whose cost has mushroomed in recent years, Smith added. U.S. private-sector spending on cybersecurity is on track to nearly double from $14.5 billion in 2010 to $28.25 billion in 2016, according to TIA’s report. “Companies are now putting greater emphasis on cybersecurity,” the report says. “Instead of being relegated to an (information technology) issue unrelated to the basic business, cybersecurity is (becoming) a critical part of business strategy.” Businesses are implementing various measures to protect their networks. Firewalls serve as traffic cops, regulating incoming and outgoing traffic. Encryption encodes files and emails with a virtual lock and key. Segmentation, or dividing a network into sections, can limit a breach to one segment of a network. Threat intelligence is also becoming more popular. The cybersecurity industry is trying to be more proactive by gathering information on potential adversaries and using that knowledge to “inform your controls and your defenses,” Ward said. In addition, the Department of Homeland Security said it has set up several programs to share such information with the private sector, “which owns and operates the majority of the nation’s critical infrastructure,” including such technologydependent sectors as communications, energy, financial services and health care. Hackers have varying motivations. Some, such as those who attacked Target, want credit card or Social Security numbers that they can sell on the black market. Others, such as those who stole customer data from the extramarital-affair website, are “hacktivists” who threaten to expose embarrassing information. Still others are nation states engaged in espionage. The technology controls against each kind of hackers are nearly






Source: Telecommunications Industry Association


Analysts at a FireEye operations center in Reston, Va., review computer systems to try to detect threats to business or consumer data. identical. However, specialized tools might Some experts warn that those compabe needed to protect against a “distributed nies that allow today’s small, high-tech denial of service attack,” such as when devices — tablets, smartphones, watches hactivists flood a company with Internet and fitness bands — to hook into their traffic in an attempt to knock down its networks need to be aware that those website, Ward said. items may not have been designed with Consulting firm PricewaterhouseCoopers cybersecurity in mind, and could create recommends companies elevate the an additional access point for thieves. If a role of information security by naming a smartwatch worn by a doctor to monitor leader to oversee that function and having patients is hacked, it could give cyber that person report to a senior criminals access to medical executive. Vulnerabilities can records. A drone providing be identified through routine security at a manufacturing plant testing and an assessment by could reveal the plant’s security outside security experts. systems, or even cause damage. The National Cybersecurity “Many small companies driving Institute at Excelsior College this innovation are all trying to in Albany, N.Y., suggests that be first to market and are not THINKSTOCK businesses train their employees considering the security impact Credit card to be careful about what they of this inter-connected technolcompanies post on social media. Cyber ogy or do not have the time and are now using criminals use such postings to resources required to adequately smart chip create tailored phishing emails test their systems for security technology to that encourage recipients to click vulnerabilities before releasing better protect a link or download a file that them to market,” said Tony Cole, consumers’ contains malicious software, also vice president and global governinformation. known as malware. The malware ment chief technology officer at then gives the hackers unauFireEye, a cybersecurity firm. thorized access to a company’s network, as Experts say companies need to better happened in the Target case. understand how their networks work and Experts recommend that businesses take pay closer attention to those networks to the same precautions for smartphones and spot abnormal activity. When a network is tablets that they do with personal computattacked, “machines start deviating from ers and laptops, such as keeping software their norm,” Smith said. up-to-date, using anti-virus software and Companies that fail to secure consumers’ picking hard-to-guess passwords. When personal information can face government choosing a cloud provider, they suggest scrutiny. examining security measures. (For more on In August 2015, a federal appeals court cloud computing, see page 20.) ruled that the Federal Trade Commission

(FTC) has the authority to take action against such businesses. The FTC had sued hotel chain Wyndham Worldwide over alleged security failures that led to three data breaches in less than two years. Wyndham had argued that the FTC did not have authority to oversee its security practices. To settle charges by the Securities and Exchange Commission, a St. Louis-based investment adviser firm recently paid a $75,000 fine for failing to adopt cybersecurity policies and procedures before it was hacked. The credit card industry is already making a major security leap, shifting from magnetic strips to hold a card’s information to chip cards that record a unique code with each transaction and are harder to counterfeit. The major credit card companies set an Oct. 1 deadline for businesses to accept the smarter cards; those who haven’t may be held liable for losses resulting from fraud. Among those companies that have already installed new card readers: Target. “That’s a multibillion-dollar investment and it’s a move that is coming quickly,” Ward said. Chip cards are not the perfect solution; card systems in Europe, where EMV (Europay, MasterCard and Visa) technology is widespread, have still been attacked. But experts think that the cards may slow down attacks, or at least make them more difficult to pull off. “Bad guys are going to continue to innovate always against the defenses that we put up against them. That’s just the nature of their business,” Ward said.







Dozens of microprocessors in modern cars control air bags, brakes, entertainment systems, steering and more.

From crop monitoring to filmmaking, small unmanned aircraft are giving businesses a low-cost eye in the sky. And private citizens can easily purchase drones.

PROS uComputerized cars are easier to service — onboard diagnostics allow auto technicians to find problems quicker. uTechnology such as entertainment systems, intelligent cruise control, auto-parking and lane warning increase safety and performance.

CONS uThe system can be hacked. This year, a 2014 Jeep Cherokee was hacked over the Internet. Jeep recalled 1.4 million vehicles and installed a patch. uBecause computers can track the habits of drivers, concerns over privacy have been raised.

CREDIT CARD CHIPS To better protect consumer data, the credit and debit card industry is phasing out magnetic stripes in favor of EuroPay, MasterCard and Visa (EMV) chip card technology.

IN TECH WE TRUST? Advances that make our lives easier can also be problematic

PROS uDrones are cheaper and safer than manned aircraft. uThe devices can go many places where manned aircraft or vehicles cannot reach.

CONS u Drones are vulnerable to potential data security breaches. The regulatory landscape is still evolving, creating uncertainty about the future of drones. u Drones can be misused. In late July, a Kentucky man was arrested after shooting down a civilian drone he says was hovering over his backyard.

FITNESS APPS AND TRACKERS It’s never been easier to be more fitness-minded. Apps and fitness trackers give users tools to improve their health.

By Marc Selinger

T PROS uChip cards are more difficult for thieves to counterfeit if your account information is stolen. uChip cards look like traditional cards, so the visual change is not dramatic.

CONS uChip cards are not immune to fraud and many stores have yet to install the new card readers. uConsumers must change their habits — cards are inserted into a card reader rather than swiped.

ECHNOLOGY MAKES OUR LIVES more convenient and enjoyable. Fitness trackers on our wrists tell us when to walk more, computers in our cars help us parallel park and smart home products make living more comfortable and efficient. “Technology has provided some great advantages to consumers and society in general and those advancements keep coming in droves,” said Tony Cole, vice president and global government chief technology officer at cybersecurity firm FireEye. But Cole said a rush to market by companies developing new technologies could lead to a lack of testing for security vulnerabilities, which could potentially raise the risk of consumers becoming targets for cyber thieves. Here are the highs and lows of some tools in the marketplace today.

PROS u Activity trackers and apps can help motivate individuals to become more healthy. uTrackers and apps can monitor steps, sleep, heart rate and calorie-consumption, motivating users to walk more, sleep better and eat right.

CONS uUsers share their health information with companies, data that only some firms protect. uDevices with GPS sensors could potentially broadcast your location, allowing tech-savvy burglars to know your whereabouts. THINKSTOCK





COURSE CORRECTI N TSA chief focuses on revamping checkpoints and the agency’s mentality

By Adam Hadhazy


INCE ITS LAUNCH LESS than three months after the Sept. 11, 2001, attacks, the Transportation Security Administration has successfully served on the frontlines, helping to prevent more terrorist strikes. Yet over those 14 years, the agency — primarily known for its role in conducting security screenings of more than 653 million airline passengers annually — has still not reached a comfortable cruising altitude. Complaints from travelers over agents’ tactics, such as an incident last spring in Denver where agents allegedly plotted to grope male passengers, as well as reports of theft from passengers’ bags and employees charged with alleged drug smuggling, have

continued to buffet TSA. Governmental watchdogs have also routinely criticized the agency’s performance, calling out the agency for not properly maintaining its screening equipment or properly vetting its workers. The latest admonition was an internal report made public by ABC News in June that described how investigators with the Department of Homeland Security’s Office of the Inspector General (OIG) had slipped past TSA airport screeners with fake bombs and guns in 67 out of 70 instances — a failure rate of 96 percent. This news led to the relatively rapid confirmation of Peter Neffenger as TSA’s sixth administrator; he was nominated in April and sworn in on July 6. Neffenger believes that his 33 years in the U.S. Coast Guard — including a year as second-in-command

of the service — has prepared him for the daunting task of addressing the OIG report’s findings and righting TSA’s ship. “It’s important that we focus our mission,” said Neffenger in an interview. “We are a mission-driven organization, and it is a critically important one.” That mission, which Neffenger has reiterated to his workforce of 60,000, is for the TSA to remain “a high-performing, riskbased intelligence-driven counterterrorism organization.” TSA checkpoint employees must place more emphasis on their professional responsibility of treating the 1.8 million airline passengers they screen daily with dignity and respect, he said. “This is not just about manning a checkpoint,” said Neffenger. “This is really about interacting with 2 million people a day.”





In testimony before a Senate Appropriations subcommittee on homeland security in September, Neffenger said that solving TSA’s problems, especially those related to the covert OIG tests, were a high priority. “I was greatly disturbed by TSA’s failure rate on these tests,” he said. The conflict at the root of the issue underlying the OIG’s findings remains, however. Transportation security officers, or TSOs, must take time to make sure that no prohibited items or high-risk individuals get on an airplane, and at the same time must keep the line of passengers moving efficiently so as not to cripple airport operations and infuriate travelers. It’s a tricky balance, Neffenger said, and a key reason for the recently revealed lapses in security. Too many TSOs have drifted into the practice of advancing people through checkpoints rather than always thoroughly resolving suspicious situations or catching prohibited items. “We have demonstrated our ability to efficiently screen passengers,” Neffenger told the subcommittee. “However, it is clear that we now must improve our effectiveness.” Doing so, however, will be a tall order. At the same hearing, John Roth, the DHS’ inspector general, described the depth and breadth of the issues his office had documented at TSA: “The failures included failures in the technology, in TSA procedures and in human error. We found layers of

security simply missing.” Roth did express optimism about Neffenger’s willingness to work on the problems and to buck a TSA culture that Roth said “resisted oversight and was unwilling to accept the need for change. ... I am hopeful that administrator Neffenger brings with him a new attitude about oversight.” Neffenger and Roth, however, still disagreed on the importance of the OIG’s findings. Neffenger told the subcommittee that “the OIG covert tests, as a part of their design, focused on a discrete segment of TSA’s myriad capabilities of detecting and disrupting threats to aviation security.” Not quite, Roth testified: “It would be misleading to minimize the rigor of our testing, or to imply that our testing was not an accurate reflection of the effectiveness of the totality of aviation security.”


Nevertheless, in the wake of the OIG report, TSA has begun to make changes. In an interview, Neffenger pointed out that TSA was relying less on speed as a measurement of workforce success, for example, and more on beefed-up security procedures. At airports, this new approach has put experienced, TSO leadership supervisors now in charge of overseeing all the Advanced Imaging Technology, “body scanner” checkpoint operations to make sure they are CO N T I N U E D

Transportation Security Administration chief Peter Neffenger, above, visits with transportation security officers (TSOs) during a July meeting at Dulles International Airport in Chantilly, Va.



32 being used properly. The TSA is also using handheld metal detection devices more often, and putting its officers through daily pat-down exercises as training. New TSO training has driven home a greater understanding and appreciation by individual agents of their actions’ critical link to TSA’s overall security framework, said Neffenger. The mandatory training — which 93 percent of TSOs had undergone as of September — teaches TSOs how to overcome passenger reluctance to cooperate with screenings (usually an indicator that they’ve got prohibited items in their bags), and also keeps TSOs up-to-date on the threats they might face while on duty. The increased attention to detail has taken on a new urgency in the wake of the Oct. 31 crash of a Russian passenger jet that killed 224 on Egypt’s Sinai Peninsula, as the result of a bomb. While there are no direct flights from that part of Egypt to the U.S., the TSA is enhancing security on inbound flights from some overseas airports, including the expanded screening of items on an aircraft, airport assessments done with international partners and offers of security assistance to certain foreign airports. Meanwhile, at a number of airports across the country, the renewed focus on routine screenings has led to increased checkpoint wait times, Neffenger acknowledged. “Some of that is just because we’re retooling the system,” he said.


Ultimately, Neffenger said, the best way for travelers to help themselves and their fellow passengers swiftly pass through security is to sign up for a trusted traveler program such as TSA’s PreCheck.

Not everyone is eligible for PreCheck — those convicted of certain felonies, especially anything related to illegal explosives, do not qualify. But once vetted and deemed low-risk, PreCheck-approved passengers — more than 1.5 million of them to date — enjoy expedited screenings that include dedicated, faster-moving lines and the option to keep their shoes on and their electronic devices in their bags. “What you provide us with, when you’re a member of PreCheck, is the ability to know a lot more about you when you present yourself at a checkpoint than we otherwise would know,” said Neffenger. “It makes you a lesser risk and lesser concern to us, so we can focus on the people that we don’t know.” TSA is eager to expand the successful program, now at more than 150 airports and available from 330 nationwide applications centers. A single company currently handles application enrollments, but a recently announced proposal would add three more vendors, Neffenger said, increasing availability and hopefully the numbers of people enrolled. Although the way the increased PreCheck vendor concept would work is still being finalized, Neffenger said it might potentially work the same way as passport applications, which are accepted at thousands of post offices nationwide. Marketing PreCheck will also be a key part of vendors’ pitches to TSA, as the agency continues with a major advertising push to get word out about the program increasingly on the part of airlines, and travel agencies and travel websites. Just recently, while on a commercial flight, CO N T I N U E D


EXPEDITED PATHWAYS Prescreening programs at airports and other points of entry into the U.S. help both government officials and travelers get through security lines much faster. PreCheck TSA’s PreCheck ( began in October 2011 as a pilot program offered at 40 airports to certain airline frequent fliers and members of Global Entry (see below). PreCheck is now available at more than 150 airports in the United States plus Guam, Puerto Rico and the U.S. Virgin Islands; 12 airlines now participate in the program. You can either apply online and make an appointment at aTSA application center, or you can walk into an application center. TSA collects personal information, takes fingerprints and conducts a brief interview. The wait time for approval can be about two to three weeks. The $85 processing fee is non-refundable and covers five years. U.S. citizens and lawful permanent residents are eligible to apply for PreCheck. TSA will deny your application if you’ve been convicted of specified crimes involving espionage, treason or violence. When approved, you will receive a known-traveler number that you should use whenever you book a flight. The airline will issue a boarding pass with the PreCheck authorization, which entitles you to the speedy lines. Global Entry The more than 2.5 million members of the U.S. Customs and Border Protection’s (CBP) Global Entry program can speed passage during international travel via the program’s automated kiosks. U.S. citizens, legal U.S. residents, and citizens of Germany, Panama, the United Kingdom, the Netherlands, South Korea and Mexico may apply for the program as long as they have a machine-readable passport or U.S. permanent resident card. To apply, fill out the form at the Global Online Enrollment System (GOES) website (, and pay a non-refundable $100 fee. Once your application has been reviewed, you’ll be told to schedule an interview at a Global Entry Enrollment Center. If you’ve been convicted of a criminal offense or have pending criminal charges, you won’t qualify. When traveling into the U.S. from overseas, you’ll head to a Global Entry kiosk, present your passport or permanent resident card and let the machine scan your fingertips. The kiosk will print a transaction receipt and tell you how to get to baggage claim. When flying domestically, you’ll be eligible to go through the PreCheck lines. Kiosks are available at 46 U.S. airports. The membership is good for five years. NEXUS and SENTRI These programs, run by CBP, speed crossings across the Canadian and Mexican borders. NEXUS ( is designed for U.S. or Canadian citizens and legal residents of those countries who frequently travel across the northern border. Pay $50 (either U.S. or Canadian), and you’ll get a photo ID with a special radio-frequency identification (RFID) chip that you can present at the border whether you’re traveling by land, sea or air. Apply online at the GOES site; if both countries approve you, you’ll head for a NEXUS enrollment center for an interview and to be fingerprinted. Your card arrives within 10 days after that. The card is good for five years, and also lets you use the PreCheck lanes. SENTRI ( acts as a kind of international E-ZPass to get you quickly through customs at the Mexican border. Apply online at the GOES site; once your background check is finished and your application is approved, you’ll schedule an interview. You’ll need vehicle registration forms and proof of citizenship or legal residency, and you’ll be fingerprinted. SENTRI costs $122.25 per person, and the cards are good for five years.


In 2011, the TSA launched the PreCheck program, which allows eligible fliers to enter about 150 U.S. airports through a special security lane where they don’t have to take off shoes, belts and jackets or remove laptops, liquids or gels.

— Katherine Reynolds Lewis and Adam Hadhazy







DUBIOUS DISCOVERIES Transportation Security Adminstration screeners hit a high point — or possibly a low, depending on how you define it — on June 14, 2014, when they discovered 18 firearms in carry-on bags at airports across the country. That beat the previous record of 13, set in 2013; the national average is six per day. While guns are among the most common contraband seized by TSA agents, fliers attempt to board airplanes with some pretty unexpected items in their carry-on baggage. From The TSA Blog (, here are some of the more unusual finds:


TSA workers screen travelers at a security check point at Chicago’s O’Hare International Airport in June. A 2015 report by the Department of Homeland Security’s Office of the Inspector General found that undercover investigators had slipped past airport screeners with fake bombs and guns in 67 out of 70 instances. Neffenger saw an ad on the seatback screen in front of him encouraging him to enroll in a trusted traveler program. “We’re hoping to do a lot more advertising for PreCheck in the future,” said Neffenger. “You want to get out into the community.” To gather further momentum, Neffenger said TSA will soon streamline the PreCheck application process and hopes to reduce its $85 fee. “I think we’re on the cusp of a big increase in the number of known travelers (TSA’s name for people enrolled in PreCheck and similar programs) as people start to learn more about the programs and have it more available to them,” Neffenger said. Given the win-win proposition that prescreening travelers offers for all the parties involved, Neffenger is eager to promote its widespread adoption. “I would like to see a fully vetted travel population,” said Neffenger. “That would be the best possible world.”


Additional changes will be afoot at TSA as it looks to stay one step ahead in an always evolving threat environment. Past threats have led to quick changes in screening processes. For example, “shoe bomber” Richard Reid, who tried to light explosives hidden in his shoes onboard an American Airlines flight in December 2001, triggered the requirement for passengers to take off shoes before boarding flights. And after printer cartridges loaded with explosives were discovered on cargo planes coming to the U.S. from Yemen in October 2010, the TSA adopted stricter screening of inbound freight.

Neffenger noted that what really impressed him about TSA as he delved deeper into the organization’s operational history has been its quick countering of vulnerabilities exposed by innovative terrorist tactics. “I actually think that’s a real success story that has not been told,” said Neffenger. To stay prepared, TSA in August announced a $2.2 billion, five-year technology plan. Next-generation equipment will enhance the screening of passengers and baggage, while the use of so-called biometrics — involving unique anatomy, like a fingerprint or an iris — could authenticate passengers’ identities at checkpoints. Some argue that more money is not the solution to the agency’s woes. “We should demand better results out of the TSA, but we should also recognize that the actual risk doesn’t justify their $7 billion budget,” wrote Bruce Schneier, a respected security expert and longtime TSA critic, in an opinion piece on in June. Schneier contends that TSA has essentially gotten lucky that a successful terrorist strike has not occurred on its watch, mainly because terrorists are in fact extremely rare. “The TSA is failing to defend us against the threat of terrorism,” he wrote. “The only reason they’ve been able to get away with the scam for so long is that there isn’t much of a threat of terrorism to defend against.” Neffenger disagrees with this characterization, saying in his Senate testimony: “Fourteen years after the 9/11 attacks, we face threats more dangerous than at any time in the recent past ... We’re looking at what we can do in the future. We have to continue to evolve.” Contributing: Andrea McCarren













Seven knives were discovered in a single passenger’s bag at New York’s John F. Kennedy International Airport.

A small amount of marijuana was found concealed in a jar of peanut butter at San Jose (Calif.) International Airport.

A stun gun disguised as a lipstick case was discovered at Chicago Midway International Airport.

Two cans of bear repellent were discovered at the Ted Stevens Anchorage International Airport in Alaska.


A box of shotgun shells was found at Austin–Bergstrom International Airport in Texas (if packed correctly, these can be checked).

A folding credit card knife was concealed in a cardboard instant coffee package at Bishop International Airport in Flint, Mich.


A live smoke grenade was discovered at Tulsa International Airport in Oklahoma.



Four “batarangs” (metal boomeranglike weapons shaped like bats) were discovered at Boise Airport in Idaho.

A knife wrapped in a power cord was detected at Alaska’s Ketchikan International Airport.








U.S. Customs and Border Protection Commissioner Gil Kerlikowske, left, and a CBP agent tour the new West Rail Bypass International Bridge in Brownsville, Texas, in August.


SAFEGUARDING THE BORDERS W Customs chief outlines agency’s challenges, successes

By Erik Schechter

ITH AN ANNUAL BUDGET of $12.8 billion and nearly 60,000 employees, U.S. Customs and Border Protection (CBP) is the largest federal law enforcement agency in the United States. Its mission is to defend the U.S. border, stop contraband and illegal immigration and facilitate trade and travel. The agency is part of the Department of

Homeland Security’s enforcement mission, working alongside the U.S. Coast Guard, U.S. Immigration and Customs Enforcement and the Transportation Security Administration. In March 2014, the CBP saw R. Gil Kerlikowske sworn in as its new commissioner, the first permanent head of the department since 2011. Kerlikowske previously served as director of the White House’s Office of National Drug Control Policy — he was the nation’s drug czar — and, before that, as deputy director of the Justice Department’s

Office of Community Oriented Policing Services. He is also a former Seattle police chief and Buffalo, N.Y. , police commissioner. Kerlikowske recently discussed myriad issues facing his agency, including illegal immigration from Central America, the metrics of border security, the phenomenal challenges of building one big wall along the U.S.-Mexico border and the threat of cross-border terrorism. CO N T I N U E D





A U.S. Customs and Border Protection Air and Marine agent looks for signs of illegal immigrants along a trail near McAllen, Texas, in 2014.


U.S. Coast Guardsmen and CBP agents offload drugs interdicted at sea at the Coast Guard’s Base Miami Beach in September.


KEEPING U.S. BORDERS, WATERS SAFE The CBP is responsible for: Securing the country’s borders at 328 ports of entry; facilitating legal international trade while stopping contraband; fostering safe and speedy international travel. Key facts about the agency: ERIC GAY/THE ASSOCIATED PRESS


What have been some of the challenges and successes you’ve seen as commissioner since taking office? KERLIKOWSKE: The first challenge was certainly, a week after being confirmed in March of last year, the unaccompanied (Central American) minors flowing into the Rio Grande Valley. There was an unprecedented number of children, over 60,000, turning themselves in to the Border Patrol — and us not having the facilities, the capacity, the health care, the food (and) the transportation to deal with it. But the end result was we were pretty successful in bringing all that together. What have been some of the pushand-pull factors contributing to illegal immigration from Central America? And why the decline in fiscal year 2015? The numbers these last couple months have been ahead of last year, but the decline (can be partly attributed to our) large advertising campaign in those three Central American countries (Honduras, El Salvador and Guatemala) about the dangers of making the journey and that you would be a priority for removal. There’s still going to be a big pull factor into this country

because people want better safety and security. They want economic prosperity. They want a job. They want a chance to get their children educated. Has the U.S. government been paying Mexico to clamp down on illegal immigration from Central America? You’ll have to ask the State Department. But I don’t believe there is any United States government money that is funding Mexico for this. Have we been successful securing the U.S.-Mexico border? What metrics do we use for success? There’s been a lot of work done by a lot of different people to try and come up with metrics about what is a secure border and how secure is it, and it’s everything from how many people are apprehended and how many drugs are interdicted to a lot of other metrics. But the difficulty is that you can’t get people to agree to a definition of a secure border. I liken it to my time as a police chief in Seattle. You know, what’s a safe city? Is it a safe city because it has a low crime rate? Because it has a high number of police officers? Because people feel more safe or more secure?

What have been some of the newer smuggling trends? There’s an increase (in demand) for heroin in the United States, and so we’ve seen an increase in our seizures. In fact, in this last fiscal year, our seizure of heroin at the borders was up about 30 percent. One of the things that you do see now has been the smuggling of methamphetamine and cocaine in liquid form. Then it is dried out and put back in its powder form. We used to have small (smuggler) planes land in the United States, but our radar picture is so much better now. We do see planes that land in unpopulated areas of Mexico very close to the border, and then they’ll try and move those drugs up. Has state decriminalization of marijuana affected what sort of drugs are smuggled? I haven’t seen any change. We’ve had, for a number of years, decreases in marijuana seizures on the border before Washington state and Colorado passed (their laws). It’s also pretty clear, according to officials in both those states, that (legalization of marijuana) has not reduced the black market. CO N T I N U E D

▶ Border Patrol agents safeguard 4,000 miles of border with Canada, nearly 2,000 miles with Mexico and 2,000 miles of coastal waters surrounding Florida and Puerto Rico. ▶ More than 500 million people cross into the United States each year. ▶ The CBP collects $30 billion in entry duties and taxes annually. ▶ According to the annual CBP Border Security Report, Border Patrol agents apprehended 68,631 unaccompanied children and 68,684 families in fiscal year2014. ▶ In FY 2014, the CBP seized more than 3.8 million pounds of illegal drugs and $237 million in smuggled currency. ▶ The CBP maintains more than 1,500 towers for command, control and communications as well as surveillance. ▶ As part of its drone program, the CBP’s Air and Marine Operations flies 10 MQ-9 Predator B remotely piloted aircraft. ▶ Since 2006, 80 cross-border smuggling tunnels have been found and dismantled. — Erik Schechter





The Homeland Security Department’s use of drones to patrol the border has been criticized as too expensive and not effective enough.


“On a yearly basis, we’ll apprehend people from well over 100 different countries, from Bangladesh to Somalia, to Ethiopia ... to South America.”

The Office of the Inspector General has questioned the CBP’s (border-monitoring) drone program, estimating that it costs $12,255 per flight hour to operate. In your opinion, has the program been cost-effective? Well, we certainly calculated the cost differently and had some disagreements, which we made known in our response to the Inspector General’s report. We need all the tools that we can get, and unmanned aircraft certainly cost less to operate, less

lesson learned is that the operators, the end-users, have to be involved from the very beginning. It can’t be designed in a laboratory.

What about the technology (MQ-9 drones, infrared cameras on towers, ground-scanning radar, etc.) imported from Iraq and Afghanistan and being used here? All of that stuff was used — R. Gil Kerlikowske, in a very similar fashion by U.S. Customs and Border soldiers and Marines and Protection commissioner others. So it’s already been field-tested. So it isn’t quite JUDY WATSON TRACY/USA TODAY the same as absolutely new technology being plopped to purchase than manned aircraft, and we down into the field and saying, “Well, can put them up in the air for much longer you’ll have to adapt to it.” periods of time. Why not just build one long fence The Department of Homeland Security along the Mexican border? once tried a high-tech border surveilA fence — a wall — didn’t work in China lance program called SBInet along the and it didn’t work in Berlin. Trenches U.S.-Mexico border. What lessons did didn’t work in World War I, and we know we learn from that cancelled program? from our experience with fences that SBInet was touted as a virtual fence with people can get through them, under them, lots of new ideas, lots of new technology, over them, etc.If we use certain types of etc., and I would say that the premier fencing in certain locations, it can be very

helpful. But building one fence from end to end wouldn’t be possible. I’m sure a lot of landowners who have their houses along rivers and other places are not going to want to be a part of that. And the cost would be unbelievably prohibitive. A leaked report from the Texas Department of Public Safety claims authorities have nabbed illegal immigrants with ties to such extremist groups as al-Shabab and the Tamil Tigers in Sri Lanka. Should we be worried about terrorists coming over the U.S.-Mexico border? On a yearly basis, we’ll apprehend people from well over 100 different countries, from Bangladesh to Somalia, to Ethiopia, to Central America, to South America. There probably isn’t a week that goes by that, up in Washington state, we don’t apprehend people from India attempting to enter illegally. Could someone who has designs on actually harming the country enter the country illegally? Yes, they could enter the country illegally, whether it’s between ports of entry or through a port of entry using some type of false documents. We spend a lot of time looking at documents and trying to scan them. But there’s always that possibility.







CROSSING LINES Young migrants still enter the U.S., but in smaller numbers

By Megan Jula and Daniel González



Cindy Lainez, 12, right, and her sister Daniela Lainez, 8, were among the more than 68,000 minors intercepted on the U.S. border with Mexico from October 2013 through September 2014. After a year of legal wrangling, the pair, shown at the Central American Legal Assistance in New York in September, were granted political asylum.

HE TIDAL WAVE OF unaccompanied minors that swept across the U.S.-Mexico border illegally in the summer of 2014 has dropped by 42 percent so far in 2015 — with one exception. Overall, the United States Border Patrol apprehended 39,970 unaccompanied children in fiscal year 2015, compared with 68,541 in fiscal year 2014. The number of family units (children and their relatives) also fell by 42 percent during that period, from 68,445 to 39,838, according to “The flow U.S. Customs and Border has been Protection reduced, statistics. However, an but I would analysis by the still say it’s Washington Office on Latin almost at America, a humanitarWashington, D.C., research ian-crisis and human levels.” rights advocacy group, found — Sen. Ron that apJohnson, R-Wis. prehensions of unaccompanied children spiked in August 2015, rising 45 percent compared with the same month in 2014. The spike continued this September, when 69 percent more migrant children were apprehended by the Border Patrol compared with September 2014. The majority of the children apprehended were from El Salvador, Guatemala and Honduras, countries riddled with gang violence and that are among the five countries with the highest homicide rates in the world. “The overall long-term trend is that (the number of unaccompanied minors) is going down, but it has not been going down to 2011 or 2012 levels,” said Adam Isacson, a security analyst at the Washington Office on Latin America. “We are closer to 2013 levels.” That’s the year that the number of unaccompanied children first began to raise concerns. The numbers this year CON T I N U E D




USA TODAY SPECIAL EDITION Young boys, mostly from Central America, who were intercepted trying to cross into the U.S., sleep in a holding area at the U.S. Customs and Border Protection Nogales (Ariz.) Placement Center in June 2014. are nowhere near the wave arriving last summer, but are still higher than before that 2013 spike. During a congressional hearing in July that served as a review of the government’s response to the crisis, Sen. Ron Johnson, R-Wis., acknowledged that last year’s surge of children and families from Central America had subsided but noted that the levels are still high. “The flow has been reduced, but I would still say it’s almost at humanitarian-crisis levels,” said Johnson, chairman of the Senate Homeland Security and Government Affairs Committee. He pointed out that before 2012, fewer than 5,000 Central American children had been apprehended by the Border Patrol each year. He reiterated criticism that President Obama’s administration helped spur an increase in unaccompanied children from Central America by using his executive authority in 2012 to create the Deferred Action for Childhood Arrivals (DACA) program. The program offers deportation protection to undocumented immigrants brought to the U.S. as children, but not to those who recently crossed the border. Nevertheless, Johnson said the program had created an “incentive” for unaccompanied children and families from Central America to come to the U.S. illegally. “There are multiple factors (for the surge), no doubt about it,” Johnson said. “But I think it’s really quite clear that the unilateral executive action on Deferred Action on Childhood Arrivals was the primary cause for that surge.” Sen. Thomas Carper, D-Md., disagreed. He credited the Obama administration with taking steps to avoid another humanitarian crisis this year, including: ▶ Sending more Border Patrol agents and immigration judges to south Texas. ▶ Opening temporary emergency shelters and placing children in homes in the U.S. while they await the outcome of immigration hearings. ▶ Working with Mexico to stem illegal immigration along that country’s southern border and working with governments in Central America to warn children and families not to try to come to the U.S. illegally. “I would suggest that one of the reasons why they want to come up here is because, for a number of years, they have lived hellacious lives (that) we contribute directly to. ... We sell them guns and those guns are used to arm their gangs,” said Carper, the committee’s ranking Democrat.


Juan Osuna, director of the Justice Department’s Executive Office for Immigration Review, told members of the Senate committee that the surge of children and families has added to the Immigration Court’s already long backlog of cases. As of May 26, the backlog had reached 449,569 cases, double five years ago, Osuna said. The Rio Grande Valley in south Texas, which remains the most popular crossing point for Central American migrants, accounted for the bulk of the decrease in Border Patrol apprehensions. In 2014, the Border Patrol in south Texas was overwhelmed by a record surge in children and families fleeing poverty and violence in Central America and traveling through Mexico and crossing the border illegally into the U.S. The surge created a humanitarian crisis for the United States and set off a political firestorm for the White House. Border Patrol statistics show that the number of unaccompanied children apprehended in the Rio Grande Valley fell 52 percent from fiscal year 2014 to FY 2015 — from 49,959 to 23,964. Apprehensions of Central American families in that area fell 48 percent during that same period, from 52,326 to 27,409. Other crossing areas have increased in the number of unaccompanied children as smugglers look for new routes, Isacson said. For example, Customs and Border Protection data shows the number of unaccompanied children apprehended in the Yuma sector of Arizona jumped from


Gladys Pina of Honduras looks for clothing for her 8-month old daughter April 30 at a respite center run by Catholic Charities in McAllen, Texas, after the U.S. Border Patrol released her and dozens of immigrant mothers who were caught trying to enter the country illegally. 351 in FY 2014 to 1,090 in FY 2015 — a 211 percent increase. “Some enterprising coyotes are trying, but they are remote areas,” Isacson said. “We are seeing increases in these areas by the hundreds, not the thousands.” The data also showed that the number of unaccompanied Salvadoran and Honduran children is down significantly. In fiscal year 2014, 16,404 children from El Salvador and 18,244 from Honduras were apprehended; in FY 2015, those numbers dropped to 9,389 and 5,409

respectively. Tony Banegas, former honorary consul for Honduras in Arizona, said the drop in unaccompanied minors crossing the border from Honduras is due in large part to media campaigns in that country discouraging people from traveling north into the U.S. illegally. “I am a father of two daughters,” Banegas said. “Parents do desperate things for their children. I’m glad to see the numbers come down. But the number is still too high from my point of view.”





ON THE BORDER A breakdown of the U.S.-Mexico boundary USA TODAY CA AZ




U.S. - Mexico border



18,127 IN 2014










Chain link

Vehicle bollards



Steel mesh

Jersey walls



The U.S.-Mexico border runs from the Gulf of Mexico to the Pacific Ocean. Signed into law by President George W. Bush, the Secure Fence Act of 2006 mandated the construction of almost 700 miles of barrier fences along the Mexican border to prevent illegal immigration into the U.S.


We must protect our borders, but building a wall across the entire southwest border is not the answer.” — Jeh Johnson, in October


El Paso, Texas

San Diego

The makeup of the border fence varies depending on geography and climate. The majority of the divider consists of vehicle barriers and single-layer pedestrian fencing.

Tijuana, Mexico

Naco, Mexico Nogales, Ariz.










With digital reach, radical groups lure would-be domestic terrorists By Carmen Gentile


RIOR TO HIS ARREST, Terry Lee Loewen was known to a few as an airplane mechanic and a Kansan. But in 2013, Loewen, then 58, made headlines when he was arrested trying to drive a van loaded with explosives into the Wichita airport where he worked, hoping to inflict what he characterized as “maximum carnage.”

Earlier this year, Loewen pleaded guilty to one count of attempting to use a weapon of mass destruction. Others convicted of similar terroristic acts are typically subjected to life in prison, but the judge gave him a 20-year sentence, citing Loewen’s age and health issues. He will likely die behind bars. Loewen became a convert to Islam in 2008, having gleaned much about his extremist beliefs CON T I N U E D THINKSTOCK



online. Five years later, an FBI agent posing as a member of a radical group provided him with the fake explosives for his plot. According to Loewen’s plea, the FBI became interested in him after he became a Facebook friend with someone who posted favorable comments about violent jihad. He is among a small but growing number of homegrown terrorists seeking to commit acts of violence on U.S. soil. Some, like Loewen, are inspired by radical Islamic websites and occasionally, though not always, digital contact via email and social media with members of terror groups like the Islamic State (ISIL) and al-Qaeda.

Some extremist online campaigns artfully lace images from popular violent movies like Saw and war-based films like American Sniper to inspire would-be jihadists to join their cause.


President Obama meets with New York City police in May 2010 as Times Square car-bomb suspect Faisal Shahzad’s photo is projected.

The list of those attempting and failing to commit similar acts of violence has grown in recent years and includes those whose plans never came to fruition, such as Zacharia Yusuf Abdurahman, the 20-yearold Minnesota man who, in September, pleaded guilty to conspiring with at least eight other individuals to travel to Syria to join ISIL. A more notable plot involved Faisal Shahzad, the Pakistani-American man who was arrested in 2010 for trying to detonate a car bomb in New York’s Time Square. Dzhokhar Tsarnaev and Tamerlan Tsarnaev, the Boston Marathon bombers, were among the few seemingly radicalized from afar that successfully carried out their plot, resulting in three deaths and hundreds of injuries in 2013. The Nov. 13 attacks in Paris that left at least 132 dead and hundreds injured put U.S. officials on heightened alert and raised concerns about the potential for a similar attack here. An ISIL video warned of deadly consequences in the U.S. — specifically the nation’s capital — or any other country that joins the French in punishing airstrikes against ISIL positions in Syria and Iraq. These plots and attacks have caught the attention of U.S. intelligence officials who are warning of more threats in the future. In recent remarks, Department of Homeland Security Secretary Jeh Johnson called them “terrorist-inspired” attacks — those violent attacks that result from perpetrators becoming radicalized from afar, almost always online.




A SWAT team searches houses in Watertown, Mass., on April 19, 2013, for Chechen-born teenager Dzhokhar Tsarnaev, wanted in the Boston Marathon bombings.


An FBI agent searches for evidence in an alley on the property of a house where Times Square car-bomb suspect Faisal Shahzad lived in Bridgeport, Conn. “This is the new reality of what we face,” Johnson said at an Association of the U.S. Army meeting in October. “It is more complex and has led to a more complex world. In many respects, it is harder to detect. ... The homegrown actor could strike at any moment and is inspired by something he sees.” It’s also a concern for lawmakers. Rep. William Hurd, R-Texas, is among the few on Capitol Hill with firsthand experience dealing with those overseas trying to spread radical sentiment in the United States. Before becoming a congressman, Hurd was with the CIA for nearly a decade

post-9/11, working in Afghanistan, Pakistan and India. He said that while it’s necessary to work to prevent terrorists from using the Web as a recruitment tool — a nearly impossible task — that’s not where it ends. “You still have to attack the problem at the source. That means going after folks that are inspiring homegrown terrorism,” said Hurd. Airstrikes and drone attacks in Iraq and Syria have targeted the Islamic State and other terrorist groups for years. But Hurd added that there should be effort at home to also counter extremist ideology, using the same tools — primarily social media

— as the terrorists. “ISIS’ ability to leverage by posting manifestos outlining their social (media) to get their message out is discontent and future plans on YouTube or unprecedented,” he said. other video-sharing sites. He recalled how during his days in “You can use that venue (social media) to Afghanistan and Pakistan, see who is on the other al-Qaeda would leave side,” said Hurd, who printed messages in vilsuggests that the intellages commonly referred ligence community make “This is the new to as “night letters,” greater efforts to infiltrate reality of what warning residents to not recruitment sites and collaborate with or take social media profiles that we face. The any material aid from incite many to take up U.S. forces. “You can hit arms overseas or commit homegrown a couple hundred people terrorist acts at home. actor could that way. But (with) Agents pose as people what ISIS is doing, you interested in committing strike at any can reach tens of millions violent acts or wanting moment and of people,” he said. to join extremist groups Hurd noted the to learn more about the is inspired by sophistication of extremists’ tactics. something he some extremist online While the Internet campaigns such as recent makes radical views sees.” ISIL videos that artfully more accessible, it also — Jeh Johnson, lace images from popular potentially exposes its Department of Homeviolent movies like Saw perpetrators in ways land Security secretary and war-based films previous generations of like American Sniper to homegrown terrorists inspire would-be jihadnever were, said Jeffrey ists to join their cause. D. Simon, visiting lecturer “They are great at using iconic images,” in the department of political science at he said, adding that the videos “often UCLA and author of Lone Wolf Terrorism: appeal to young men with a sense of Understanding the Growing Threat. Those adventure.” who regularly go online to post threatenHe noted that more than 200 Americans ing messages or try to coerce others to have traveled to Syria and Iraq to fight violence using the same computer can have alongside the Islamic State, with many their IP address tracked and their location having first been recruited to the cause discovered unless they take measures to through social media, be it in chat cover their tracks. rooms where aspiring terrorists discuss CON T I N U E D bomb-building and other ploys, or simply






The Islamic State (ISIL) continues to try to lure Americans to its violent extremist cause despite attempts by DHS and law enforcement agencies around the country to thwart the group’s recruitment efforts.

By Dan Horn


T FIRST BLUSH, THE online magazine with its eye-catching design looks like any other slick publication. Even the magazine’s name — Inspire — suggests the content could be about improving your health or your home. It’s not. Welcome to the world of the modern-day jihadi recruiter, where Islamic radicals make a pitch that starts with the click of a mouse. “The phenomena of social media recruitment is key,” said Ed Bridgeman, an associate professor of criminal justice at the University of Cincinnati. “There’s an al-Qaeda and ISIS recruiter in every living room now, potentially.” The Internet is full of new opportunities to share and package propaganda. Hardcore believers and sociopaths can find inspiration from grisly videos of beheadings

and executions. But others, including non-Muslims, could find common ground in the content written in magazines like Inspire, the official publication of al-Qaeda in the Arabian Peninsula. Inspire, which began publication in 2010, is a case study in selling radical Islam. It could be easily mistaken for a mainstream publication, but the content tells a different story. A question-and-answer feature, for example, includes a reader’s request for advice on how to kill himself in battle. Much of the material focuses on encouraging recruits to strike close to home as a “lone wolf” terrorist. “I would compare it to marketing,” said Ian Amit, a vice president at ZeroFOX, a social media risk management company. “If you’re a company and your goal is to market to a certain audience, you’re going to look for what messaging works.”

Simon said that unlike homegrown terrorists of old, such as the Unabomber — Theodore Kaczynski, who was arrested in 1996 after he delivered homemade bombs that killed three Americans and injured 24 over nearly two decades — today’s would-be perpetrators of bombings and other terror attacks enjoy the sense of community created by the digital tools of their recruitment. “They feel part of the community by reading the blogs and videos and feel part of the group,” he said.“Today, it is almost impossible to be a true loner.” Still, curtailing online radical inspiration and recruitment is difficult despite some websites leaving ample digital breadcrumbs, such as traceable IP addresses, for U.S. intelligence to follow. Social media accounts that espouse violence can be shut down, but pop up again under another name or different platform. Daniel Byman, a professor of security studies at Georgetown University and a senior fellow at the Brookings Institution, said that recruitment is also becoming more sophisticated, with “tailored propaganda” targeting “different people with

“ISIS’ ability to leverage social (media) ... is unprecedented. They are great at using iconic images (that) often appeal to young men with a sense of adventure.” — Rep. William Hurd, R-Texas

different kinds of messages.” One example is how ISIS entices young men overseas by promising to give them their own sex slave. Al-Qaeda’s own English-language digital magazine Inspire, with its use of potent imagery in a well-designed package, makes the case for taking up arms against the West as well as any other site. And it’s been doing it for years. Hoping to counter some of the violence rhetoric online, DHS is reaching out to social media platforms and marketing

A look at the ISIL impact:







companies, as well as Arab and Muslim community leaders and law enforcement, to organize “credible voices” outside of government, said David Gersten, deputy director of DHS’ Office for Community Partnerships. He said the agency is also working with the tech industry to increase awareness of how their platforms are being used by violence extremists to recruit and organize online. Other efforts include what Gersten referred to as “hackathons” sponsored by universities and the private sector, creating smartphone apps designed to disseminate counter-extremism messaging and offering instruction to mostly young Muslims and Arabs in U.S. communities to produce videos that could be posted on YouTube or elsewhere online. “If we do a good job of connecting social media practitioners and platforms and marketing campaign experts with community and religious leaders and at the grassroots level with young people, then we will see a movement emerge to push back at violent extremism at its sources,” said Gersten.





INDIVIDUALS ARRESTED IN U.S. IN ISIL-RELATED CASES (2015) Source: House Homeland Security Committee Terror Threat Snapshot, November 2015






Schools, churches and theaters take steps to prepare for unexpected attacks By Adam Stone


UNMEN AND TERRORISTS OFTEN target schools and houses of worship. This puts pressure on Shay Amir, the head of security at Manhattan Day School, a Jewish elementary school on the city’s Upper West Side. “We have the crazy guys who shoot for reasons we never understand, and then we also (have to) think about terrorist acts. When you have a religious institution and an educational institution, there are always two threats,” said Amir, who works at security firm Global Operations Inc., and was hired independently by the school. To help protect the 600 students, faculty and staff, Amir uses cameras and motion sensors, and a locking vestibule that requires ID to get through. And if someone takes photos of the school from out in the street, a security guard will quickly emerge to politely ask their business. While estimates vary, no one disputes that gun violence is on the rise among “soft targets” — schools, churches, shop-

ping malls and medical centers that are wide open to the public, where defenses are scant and civilians unsuspecting. The largest gun violence prevention organization in the country, Everytown for Gun Safety, says there have been at least 160 school shootings in America since 2013. Many media outlets report that at least 74 school shooting incidents occurred between the Dec. 14, 2012, mass tragedy at Sandy Hook Elementary School in Newtown, Conn., and the deadly rampage at Umpqua Community College in Roseburg, Ore., on Oct. 1. These tragedies are taking a social toll. Twenty-nine percent of U.S. parents said they fear for their child’s safety at school, and 10 percent of parents of K-12 students reported that their child has expressed worries about his or her safety at school, according to a Gallup poll released in August. As public concerns mount, some in the security industry say many facilities are making headway in strengthening their defenses. “All schools have some kind of training CO N T I N U E D





The state of South Carolina is seeking the death penalty for the 21-year-old gunman charged in the slayings at Charleston’s Emanuel A.M.E. Church.

theaters — there have been three since the 2012 shooting in Aurora, Colo., where 12 people were killed — have pushed some legislators to ask whether metal detectors might be an appropriate safeguard. New York Sen. Tony Avella said he would develop legislation requiring either metal detectors or security officers with wands at theaters, stadiums and malls. And in Louisiana, state Rep. Barbara Norton is working on a new bill to make metal detectors mandatory in movie theaters. She added that the extra cost would be worth it. “Add a few dollars to the price of a movie, citizens will not have a problem with that,” she said. At least one poll has found that partially true. Consumer research firm C4 released a survey of 500 moviegoers that showed 48 percent would be willing to pay at least a $1 more per ticket for enhanced security. Thirty-five percent said mandatory bag checks would make them feel safer and 34 percent would be reassured by armed lobby security. Still, the notion of heightened theater security has not gained much ground. Movie industry insiders generally have worried that tighter security would slow the lines and, in the case of metal detectors, add a grim overlay to what is supposed to be a fun night out.



in place. They have protocols in place, they have a chain of command in place to minimize the risk,” said Anthony Roman, the founder and CEO of Roman & Associates, a Nassau County, N.Y., global security firm. Schools also are working closely with local emergency services to analyze risk and develop action plans. At Manhattan Day School, Amir maintains strong relationships with the local police department, and he trains staff and students on how to respond to emergencies.


“The way to do it is by being proactive,” said Amir, who used to train agents for the Israeli secret service. “That means doing actions that detect and deter. If you can do that, you can actually get to prevention. You don’t sit behind a desk and wait for someone to come to you.” Police culture also has evolved since the Columbine shootings in 1999 first drew public awareness to the risks faced by schools. In that case, police on the scene waited for the arrival of SWAT before moving in. “That has completely changed,” Roman said. “Today, the officers’ instructions are to assess, enter, engage the shooter and

eliminate the threat. That Protection. “I would argue is a 180-degree protocol that we don’t have to go in change.” that direction.” THERE Recently, there’s been a There are other ways to HAVE BEEN push to extend that logic protect. Take for example by arming security guards Southwestern High School AT LEAST in elementary schools, in Shelbyville, Ind., poson college campuses and sibly the safest school in elsewhere. Advocates America. It has bulletproof for this route say there’s doors, teachers who wear nothing that stops a gun panic buttons that can better than another gun. set off the school’s alarm The Umpqua Community system and cameras in the SCHOOL College gunman had a 9mm hallways that feed directly SHOOTINGS Glock handgun, and four to the local sheriff’s office. IN AMERICA other handguns and a In addition, there are smoke SINCE 2013 Del-Ton 5.56×45mm rifle. canisters in the ceiling that These six guns were found can detonate to visually  EVERYTOWN FOR GUN SAFETY at the scene of the crime impair an attacker. But this and seven more in his home. level of security butts up Opponents ask, how could against an issue that faces more guns possibly lead to every soft target: People fewer shootings? still feel the right to come inside. The Department of Homeland Security, It’s not just a matter of openness, but which works with communities to deter of commerce as well. “A mall survives in soft-target threats, votes definitively for its foot traffic. In the time it would take to plowshares over swords. ID all those people, to run them through a “Our kids should be able to go to school metal detector, you would bring everything without being in an armed environment,” to a halt,” said Peter Martin, CEO of said Caitlin Durkovich, DHS assistant security services firm AFIMAC. secretary for the Office of Infrastructure However, high-profile attacks in movie


Houses of worship are also now targets for violence. In June, a 21-year-old gunman opened fire during an evening Bible study at the Emanuel African Methodist Episcopal Church in Charleston, S.C., killing nine people, including the pastor. That incident clearly put churches on alert, but some acknowledge any level of vigilance might not be enough. At Bethlehem Baptist Church, a 400-member church in Kings Mountain, N.C., an off-duty deputy sheriff watches over the flock on Sunday mornings, Sunday evenings and at Wednesday evening services. “Even as a rural area, we do still have crime,” said church member Mark Hughes. While the deputy sheriff is mostly on the lookout for minor trouble like break-ins and thefts of audiovisual equipment, Hughes has no illusions about the possibility of a bigger incident, and believes deterrence can only go so far. “My family has been the victims of crimes that could not be foreseen, and I realize that violent crime can occur anywhere, anytime,” he said. “You can take some precautions but you can’t prevent things from happening.” As the incidents against soft targets have increased and security professionals have sought out solutions, most have hit upon the importance of having a consistent process. Not every school can afford a camera array, much less a dedicated staffer CO N T I N U E D






The December 2012 mass shooting at Sandy Hook Elementary School in Newtown, Conn., demonstrated how vulnerable places like schools, churches, movie theaters and shopping malls can be.



Security was tightened at the Grand Theatre in Lafayette, La., after two people were killed and nine others were wounded July 25 when a gunman opened fire during a during a screening of the film Trainwreck. to watch the video feed. Less expensive, and often highly effective, is a solid set of procedures, Martin said. In an ideal scenario, once school is in session, all the doors lock. A security guard challenges all vehicles at point of entry. Access is restricted to a single door and every entry is recorded. Every visitor is met by a security guard and made to wear a badge. These procedures are neither complicated nor expensive, Martin said, and such measures form the bedrock of any security portfolio. Others pair the process with training. Teachers and preachers aren’t typically up-to-speed on lone-shooter response. “At a minimum, you teach and train your employees on how to deal with these situations, even in a basic way. If you see a guy wearing a mask, don’t wait until he starts shooting,” said Michael Bouchard, chief security officer of Sterling Global Operations Inc. and newly elected board member of the security industry association ASIS International. “At the very least, if something bad happens here, they should know where the exits are,” he said. Having a plan is good, and training is

vital, but neither is sufficient. There’s one more key ingredient: ongoing practice. Arguably, all of this has been the foundation of soft-target defense for years. Now, there’s an increasing focus on the shooters themselves. Each time an incident occurs, the public gets a clearer insight into the people who do these things. Now, security experts are asking us to point out those people before they head over the cliff. “You always hear afterwards that they were posting on Facebook, they were showing their increased anger, their decreasing mental state. There are typically signs that people see, but they don’t act on them,” Bouchard said. “In this country, we try to give people their space, but I think we could do a lot of good if we could educate the public that it doesn’t hurt to make a phone call to law enforcement or mental health just to say: This person is changing.” DHS shares the sentiment. “Everyone is responsible and should be reporting suspicious activity,” Durkovich said. “The environment today requires an additional level of vigilance. We’d rather hear it, even if it seems small and inconsequential.”

Just as the tragedy at Sandy Hook highlighted the vulnerabilities of elementary schools, the recent shooting at Umpqua Community College in Roseburg, Ore., turned the nation’s attention to college campuses. It’s a topic Todd Badham knows well, as director of security at the University of Puget Sound in Tacoma, Wash. “It’s my responsibility to perceive the risk as a high one. I would have my head in the sand if I didn’t,” he said. “I think about it constantly.” In La Mirada, Calif., Biola University Campus Safety Chief John Ojeisekhoba tills the same stony soil. “No place is immune. Everything we are doing here is to prepare as if it is going to happen,” he said. Colleges are, by nature, open, with few walls or gates to segregate them from the surrounding community. Their populations come and go, with off-campus students routinely entering the grounds. Difficult to secure — but not impossible, as both these men have proved. Badham starts with access control. Buildings on the campus are locked 24/7 and you need a pass card to gain access. The school just finished a half-million-dollar project to add electronic access to seven academic buildings. Badham can lock every building on campus with the push of a button. A mass notification system with emails and text addresses is updated daily. Seven outdoor towers can broadcast emergency news through loudspeakers. Even with these safeguards, security still comes down to people, especially the students, staff and professors. “We are always working to get their buy-in,“ Badham said. At Biola, there are 200 cameras on the 99-acre campus. The school spent $32,000 last year to install locking mechanisms inside classrooms so students can lock themselves in. “You cannot stop somebody from going to a classroom and shooting people,” said Ojeisekhoba. “But you have to at least have options for preventing loss of life — or further loss of life — than have no options at all.” In terms of “soft targets,” a college campus is not exactly an elementary school, a church or a shopping mall. A large college may have the cash to fund an armed security presence, where ecclesiastic and civic budgets might fall short. But there are similarities. Locks and cameras have their place, as does an emergency button that connects to the sheriff’s office. Most of all, colleges and churches and schools all have the ability to train people to spot warning signs and report concerns. That kind of vigilance won’t stop every incident, but many experts contend that the eyes and ears of the community are the best protection a soft target may have. — Adam Stone









Residents welcome Syrian refugees to Vienna during a rally in October.



Resettling refugees in the United States takes compassion, circumspection By Matt Alderton


S RECENTLY AS FIVE years ago, northwest Jordan was barren and lifeless, save for scorpions stalking snakes in the scorching desert sand. Today, it’s teeming with traffic from neighboring Syria, its refugees flowing over the border like water from a garden hose. More than 4 million of them live in refugee

camps like Zaatari, established three years ago near Mafraq, Jordan, as a sanctum for those fleeing the Syrian civil war that erupted in 2011. Home to more than 79,000 Syrian refugees, it’s one of dozens of camps punctuating the perimeters of Jordan, Turkey, Lebanon, Iraq and Egypt. Inside, families displaced by violence and poverty spend their days ponderCO N T I N U E D


A man cries as thousands of other Syrian refugees arrive in Dortmund, Germany, in September. Germany has taken in about 100,000 refugees from Syria this year.





Migrants, including families and children, are housed at the United Nationsrun Zaatari refugee camp northeast of the Jordanian capital, Amman. More than 79,000 Syrian refugees reside at the camp.

ing an unfathomable future in someplace far away and foreign. For most of them, that place is Europe, where Germany alone has agreed to take in 500,000 Syrian refugees per year for “several years.” For others, it’s the United States, where President Obama has pledged to take in at least 10,000 Syrian refugees in the current fiscal year ending Sept. 30, 2016. “We have received over 20,000 (refugee referrals), of which we’ve resettled almost 1,700,” said Larry Bartlett, director of the U.S. State Department’s Office of Refugee Admissions. Syrians will be among 85,000 total refugees resettled in the U.S. in 2016 from around the world, including Iraq and Afghanistan as well as Bhutan, Burma, Somalia and the Democratic Republic of Congo. The U.S. refugee resettlement process came under fire after a Syrian passport was found near one of the suicide bombers in the Nov. 13 attacks in Paris that left at least132 dead and hundreds injured. The passport was later found to be fake. Rep. Peter King, R-N.Y., a member of the House Homeland Security Committee and an intelligence subcommittee, said Nov. 16 there is no true

vetting process because there are no government records or databases in Syria to confirm the identities of the refugees. “We don’t know who these people are,” King said on Fox News Sunday. White House Deputy National Security Adviser Ben Rhodes defended the government’s screening process on NBC’s Meet the Press. “We have very extensive screening procedures for all Syrian refugees who come to the United States,” he said. Meanwhile, at least 24 governors have threatened to close their states to Syrian refugees, though legal experts say it doesn’t appear they have power to do so. The developments after the Paris attacks illustrate the sentiment that which refugees are resettled in the U.S. is just as important as how many are allowed to relocate here. The process for screening, receiving and integrating migrants from foreign countries therefore strikes a careful balance between solicitude and security.


THE CASE FOR RESETTLEMENT The U.S. has been resettling refugees since at least World War II, when the country resettled approximately 85,000 displaced Jewish refugees from Europe. Its current resettlement program was established in 1975 to accommodate Indochinese fleeing Communist regimes in Southeast Asia during and after the Vietnam War. Since then, the U.S. has resettled more than 3 million refugees, with annual admissions ranging from a high of 207,000 in 1980 to a low of 27,110 in 2002. “Because having connections with so many CO N T I N U E D




68 different parts of the world has helped the U.S. become a global power, there is a strong feeling that we benefit from resettling refugees in this country,” said Kathleen Newland, senior fellow and cofounder of the Migration Policy Institute, a non-partisan think tank specializing in international migration issues. “As a nation of immigrants, it’s part of who we are.”

“These are people who fled violence ... and now they’re being given an opportunity for something brand new.” — Larry Bartlett, director of the State Department’s Office of Refugee Admissions

Even so, resettlement is a last resort for humanitarians. “The majority of our support goes to refugees who are still overseas … because refugees, frankly, want to go home,” explained Bartlett, who said most U.S. funding for refugees goes toward shelter, food and services in nations where refugees initially land, called their “country of first asylum.” “But in some cases — and certainly it has come to this point now in Syria — people simply can’t go home. It’s at that point in time that we start to look at other options.” Out of the 14.4 million refugees around the world, resettlement is deemed the best option for less than 1 percent of them. “We look for people who are still vulnerable, even in a country like Jordan or Turkey or Lebanon — they can’t work, maybe they’re children who can’t go to school, maybe they have medical needs, maybe they are victims of torture or violence and are in need of psychological services. Those are the people we work … to identify and bring to the United States,” Bartlett continued. Resettlement begins with the United Nations High Commissioner for Refugees (UNHCR), which screens refugees in their country of first asylum to identify candidates for resettlement. UNHCR refers those candidates to resettlement countries — including the United States, where the resettlement process is divided among the Departments of State, Homeland Security, and Health and Human Services (HHS). “The people referred to the United States for resettlement often are people who have particular ties to the U.S.,” Newland said.



The interagency process is long and complex and has a few main components. “First, the people proposed are checked against at least four different databases


A group of Eritrean women, top, walk through a temporary refugee camp in Kassala, Sudan, on Oct. 22. Bottom, young Turkish refugees from the Izmir province prepare to travel by raft to the Greek island of Chios on Nov. 5.

to make sure they’re not a security risk,” Newland said. “People have a paper review of their file, then they must have … a oneon-one, face-to-face in-depth interview with a DHS officer to make sure they are who they say they are.” Barbara Strack, chief of the Refugee Affairs Division at DHS’ U.S. Citizenship and Immigration Service (USCIS), said refugees are “inadmissible” for resettlement if they fail to satisfy the legal definition of a refugee, have committed a serious crime in the past, are addicted to drugs or are otherwise deemed a national-security risk. “Once all required check results are received back, and they are clear, then DHS makes the decision to finally approve or not approve the case,” she said. Approved refugees are also subject to medical screening to ensure they don’t import communicable diseases to the U.S. “It’s not for the purpose of exclusion, but to make sure they get proper treatment,” noted Newland, who said the entire process is long — 18 months to 24 months — but effective. “Since 9/11, the U.S. resettlement program has brought in about 784,000 refugees. In that time, there have been three resettled refugees arrested on terrorism-related charges. That’s a pretty good record.” Indeed, refugees are the most vetted of CO N T I N U E D








oua Yang was just 16 years old when he made the treacherous trek across the Mekong River into Thailand from his native Laos in 1979. Although many before him died making the same journey — shot by Communist forces mere feet from salvation — he trudged over mud, mountains and misgivings because there was hope on only one side of the river. And it wasn’t his side. “It was terrifying,” recalled Yang, whose people, the Hmong, aligned themselves with the United States during the Laotian civil war as part of the “Secret Army,” a native force recruited and trained by the CIA to fight the namese Army Communist North Vietnamese uring when it invaded Laos during the Vietnam War. When the hrew North Vietnamese overthrew COURTESY OF SOUA YANG the Laotian government in Soua Yang, left, and me 1975, the Hmong became his wife, Kabtauj, targets for retribution are former Hmong and genocide. Their refugees who now MEKONG RIVER subsequent exodus operate a fresh meat gave birth to the store in Wausau, Wis. modern U.S. Refugee Resettlement Program. “The country was LAOS where they torn apart,” continued her established Mekong Yang, whose older brother ret Fresh Meat, whose 28 died fighting in the Secret employees supply fresh em Army. “You could either go or THAILAND meat to Hmong families and me stay, and if you stayed you yway.” businesses whose broken might not live long anyway.” ds English makes it difficult to Accompanied by friends rents re communicate with tradiand neighbors — he left his pare parents Meko Me kong ko tional purveyors. behind — Yang crossed the Mekong arkn ar kness. kn “One of my cousins had by boat under the cover of dar darkness. opened a similar business in St. On the other side of the river, he was amp, whe here he Paul and and thought maybe we coul ushered into a refugee camp, where could bei b eing ei open one in Wi op Wisconsin, since we have a he spent several months before being lot of Hmong people here,” explained Yan resettled in the United States along with his Yang, w. who in many ways embodies the American sister and brother-in-law. “We had no idea about America,” said Yang, now dream — in spite of the fact that he was born 52 and the father of four children, ages 16 to 23. outside the U.S. Or, perhaps, because of it. “It was “But we saw a lot of people go, and we knew that challenging for me at first, but I think we’re doing to have a better life we had to move on.” OK. We’re not rich people, but we’re not poor It was December when Yang first arrived in people, either. We’re average. And we’re happy Providence, R.I. Except for a few miscellaneous with that.” words learned in the refugee camp, he spoke no Yang’s story is typical of many refugees, acEnglish, and had never experienced winter. Or the cording to May yer Thao, director of the Hmong Fourth of July, for that matter, which gave him a Wisconsin Chamber of Commerce. “Refugees can shock during his first American summer. Quickly, be — and are — great contributors to this country,” however, he adapted, completing high school, then she said. “Refugees are not immigrants. They came college, where he studied electrical engineering here because they had no other choice. It was a before commencing an 11-year career at Motorola. matter of life and death. As a result, they have a Yang’s parents finally joined him in the United sense of loyalty to the U.S. for giving them a new States in 1988, and in 1997 he moved with his life; they give back 10 times what they received wife, also a Hmong refugee, to Wausau, Wis., because of it.”


A young Syrian refugee gets a vaccination from Dr. Susanne Eipper at a health facility in Berlin on Oct. 1.

any U.S. arrivals, according to Strack, who calls the U.S. Refugee Resettlement Program “the most robust set of checks (applied to) any category of traveler to the United States.” “Resettlement itself is such an unbelievably scarce resource ... so we’re really committed to making sure as much as we can that it goes to people who are truly eligible and who don’t present a risk to the United States,” she said.


Refugees approved for resettlement are referred to one of nine national agencies that help them acclimate to life in the U.S. Following three days of cultural orientation that prepares them for their arrival, they are flown to a U.S. city where there are deemed to be sufficient jobs, schools and housing to absorb incoming refugees. There, they’re met at the airport by a caseworker from their sponsoring agency. “A number of things happen when refugees arrive: They have initial housing set up for them with basic furnishings, they have a culturally appropriate meal ready for them when they first arrive, then the process starts of applying for a Social Security card, enrolling children for school and following up with any medical conditions they might have. We refer them to English-language classes, provide them with cultural orientation classes and job readiness training, and work to get them employed,” said Robin Dunn Marcos, senior director of resettlement and processing at the International Rescue Committee (IRC), an agency that sponsors refugees in the U.S. “The ultimate goal is to help refugees become economically self-sufficient as quickly as possible after arrival. Everything we do is geared towards that.” Refugees receive financial and medical support from the federal government for up to eight months and retain their refugee status for a year, at which point they’re required to apply for permanent residency. After approximately five years, they’re eligible to apply for full citizenship. “These are people who fled violence ... and now they’re being given an opportunity for something brand new,” said Bartlett. “I don’t think any refugee would tell you that their experience making this transition has been easy, but I think the large, large majority will tell you that they are extremely grateful for what our country has offered them, and that they’re going to do their best to take every advantage of it.” Contributing: Erin Kelly and Jane Onyanga-Omara









Tomorrow’s first responders may wear their tech on their sleeves

By Carmen Gentile


HE FIRST RESPONDERS OF the future may be armed not just with body armor or protective helmets, but with “intelligent” gloves, backpacks and earpieces that allow them to react more effectively and safely to tomorrow’s threats. Wearable tech for the country’s police

officers, firefighters, paramedics and others who are first on the scene of natural disasters or humanitarian emergencies is a new priority for the Department of Homeland Security. Through its first responder programs, the department already provides $2.2 billion in grants that include funds for local law enforcement agencies and first responders who want to buy new equip-

ment, send employees for state-of-the-art training or even hire more. But the DHS is expanding its mission to aid in the creation of new technologies as well. In April, DHS opened an office in California’s Silicon Valley in hopes that proximity to the beating heart of cuttingedge innovation would yield dividends by way of new devices for improving responders’ effectiveness in an emergency.

The department’s Science and Technology Directorate (S&T), created in 2003 to research, develop, test and deliver technology solutions across DHS, earlier this year created the EMERGE Accelerator program for Wearable Technology for First Responders, hoping to attract start-ups to the homeland security field. About 100 CO N T I N U E D






BearTek gloves, top left, by Blue Infusion Technologies would allow first responders to control electronic devices remotely. Chicago District Fire Chief Josh Dennis, bottom left, shows off some high-tech gear as part of DHS’ EMERGE initiative in San Francisco in September. DHS Science and Technology Directorate staff members, above, are responsible for identifying gaps in the nation’s infrastructure and developing solutions that support the agency’s security mission, as well as those of local first responders. companies responded to the program; about 20 are now working with DHS to launch possible new products. “We sought innovators with ideas for the latest scientific advancements,” said Robert Griffin, a former firefighter who is now DHS deputy undersecretary for science and technology. “Sometimes, these technologies aren’t developed in a commercial laboratory or a major industrial company.” The goal not to create a heavily armored and terrifyingly armed Robocop but a swift and nimble “Responder of the Future,” as the department describes it. A concept unveiled late last year shows a first responder in a trim, tear- and fire-resistant jumpsuit outfitted with embedded Wi-Fi and 4G network connections and sensors to detect health threats and environmental contamination, with eyewear that could display readouts controlled by head motions. “Sane people don’t run into buildings.

I recognize that. But I need data that’s actually going to help me run into buildings,” Griffin said at the Wearables + Things conference in Washington, D.C., in November 2014, where the idea was first presented. “You need data at the speed of thought, and mechanisms that can receive that data.” In September, DHS, in partnership with the Virginia-based Center for Innovative Technology, sponsored its first “demo day” for about a dozen innovators and entrepreneurs in San Francisco. John Verrico, spokesman for S&T, said that the Accelerator program has been instrumental in enticing small companies to develop technologies for first responders that they might never have considered. The market for such products is much smaller than those in the civilian world. The program can also give those small companies access to innovations incubators working with the DHS; in this case, start-up accelerators TechNexus and Tech

Wildcatters were available as having to remove them. possible conduits between The first responder apUNIVERSITY inventors and investors. plications would be similar, ENGINEERS “When these small allowing users to control companies go through electronic devices remotely RECEIVED A something like an acceleraand without looking. tion program, it gets them The MindTalk Mouthpiece trained up and introduces is being developed for use them to larger companies to primarily in sports. Using help them with the capital bone-conduction technolto develop their ideas,” said ogy, which gets sound to the Verrico. MILLION GRANT ears through bone, it would Some of the products preallow athletes to listen to TO DEVELOP sented at the demonstration music, hear messages from A PORTABLE day were based on concepts coaches or retrieve health already developed for civilian or weather data, but the RADIATION use. BearTek gloves, made company believes it can be DETECTOR by Maryland-based Blue adapted for first responders. Infusion Technologies, are The device would give already in use in snowsports, first responders a way to motorcycling and other cold-weather communicate in loud environments where outdoor activities. The gloves allow the headphones or radios would not work wearer to operate phones, cameras or CO N T I N U E D other touch-sensitive devices without








DIVISION HAS MULTIFACETED MISSION Projects at the Department of Homeland Security’s Science and Technology Directorate are organized into six primary goals that support DHS, as well as federal, state and local initiatives:

Wearable tech • Head-mounted displays • Motion controls


First responders: Expanding first-responder capabilities and improving their effectiveness, efficiency and safety. Network connection • Wi-Fi • 4G LTE • Mesh network • LTE Connect


Borders and maritime security: Enhancing security at our nation’s borders and waterways without impeding the flow of commerce.


Cybersecurity: Contributing to a safe, secure and resilient cyber environment.

Embedded sensors • Health sensors • Environmental threats • Alerts


Chemical and biological defense: Detecting, protecting against, responding to and recovering from chemical and biological incidents.


Explosives: Protecting citizens and infrastructure from the devastating effects of explosives.

Uniform material • Tear resistance • Fire resistance • Wearer comfort • Splash protection


Resilience: Improving the nation’s preparedness for natural and man-made catastrophes.

The high-tech suit shown at the DHS EMERGE event incorporates wearable tech, Internet and cellular connectivity, and an array of environmental and biological sensors to better protect first responders. DEPARTMENT OF HOMELAND SECURITY

well, or in industrial situations where ear protection is necessary. Other highlights of the event included: v Extra-light body armor components made by Chicago-based start-up Kofman Technologies, a company of student innovators who specialize in design, engineering and business applications. v A device that serves as an automatic distress signal, created by Select Engineering Services. It would integrate with police vests to instantly detect puncture wounds, send out an automatic distress signal and communicate an officer’s name, location and injuries.

v A triage language translator that would allow patients and first responders to communicate when they don’t speak the same language. In a separate initiative, DHS is also tapping talent at universities to develop the next generation of wearable technology. The department recently awarded a $1.75 million grant to two University of Tennessee engineers to develop a portable nuclear or radiation detector that would go unnoticed by the public. It’s an improvement on an already existing design for nuclear and gamma ray detection that relies on a combination of a backpack-size detector and a device the

size of your average trailer that evaluates the findings. “You can’t drive a trailer through a building or through stands at a stadium,” said Jason Hayward, a UT associate professor in nuclear engineering and grant recipient. Hayward and Hairong Qi, a professor of computer science, said the detector will instead masquerade as a common backpack — simple to carry and conceal as an official moves through a crowd looking for radiation. “The idea of having such a device in backpack size that is capable of not only detecting such threats but of tracking them as well appealed to Homeland Security,” said Hayward.


Tech Wildcatters partners with DHS on programs that encourage innovation with start-ups.










WHERE TO STUDY CYBER EDUCATION Based on reputation and government recognition for innovation, these five colleges provide notable cybersecurity offerings:

Colleges train students to become tomorrow’s federal cyber defenders

By Jaime Netzer


ECENT HIGH-PROFILE SECURITY BREACHES at government agencies — including the massive hack of the Office of Personnel Management, which compromised the personal information of as many as 21.5 million people — have made one thing clear to federal officials: There is a great need for more federal cybersecurity professionals. “Hackers are becoming more innovative in their approaches and attack methodologies,” said Douglas Maughan, the director of the Cyber Security Division within the Department of Homeland Security’s Science and Technology Directorate. “Having a trained, upto-date, and at least equally innovative cybersecurity workforce is important. In my opinion, there aren’t enough people, both in government and industry. “Everyone’s struggling to find qualified people,” he said. It’s a field with plenty of opportunity: The research firm MarketsandMarkets estimates the cybersecurity market will be worth more than $170 billion by 2020. DHS is taking steps to help expand the pool of qualified cyber workers by sponsoring cybersecurity competitions and educational programs as well as cofunding scholarships with other government agencies. “DHS is working to increase the capabilities of the future cybersecurity workforce and encourage students to pursue these critical career fields,” Maughan said. For instance, the department’s year-old Cyber Student Volunteer Initiative allows college students to complete volunteer work supporting the DHS cyber mission at one of 50 participating field offices around the country. They gain firsthand experience in fields such as cyber threat analysis, digital forensics, network diagnostics and incident response — before they ever graduate. One main challenge facing cybersecurity education, however, is the ever-changing nature of the field,

Maughan said. “You want the teachers to know as much as the students, and in some cases they don’t,” he said. “The students can be more savvy on technology than the teachers. The majority of today’s students have spent their entire lives surrounded by technology. ... Those of us who watched as technology developed in our lifetime had to learn this stuff later in life. It may not be so ingrained.” But he still sees many young people excited about the challenges of the field. “People working (in government cybersecurity) fight the adversary on a daily basis,” he said. One student determined to follow that path is Lipee Vora, 19, a computing security student at the Rochester Institute of Technology (RIT) in New York. Her dream job, she said, would be with the CIA or National Security Agency (NSA), as a part of the country’s first line of defense against cyber attacks. “It was for this reason that I decided to pursue security as a major and career,” Vora said. “I wanted to help people and make lives safer, but I also am in love with the technical side of it all, and everything that computers have and can do for the world.” Navy veteran Scott Vincent, 25, a graduate student studying computing security at RIT, was inspired by his military service to pursue cybersecurity as a profession. “I was in a role (in the Navy) where I did a lot of system administrative work,” he said. “We didn’t get to touch the security side of things but we knew they were there — we just weren’t allowed to touch them. From there, I knew I wanted to get involved with computing, mainly security.” Not all cybersecurity jobs are in the government sector. Maughan pointed out that there are also “critical infrastructure” jobs outside of government as well, protecting vital resources such as financial services and oil and gas supplies. “You’ve got a pretty broad career path, no matter what you want to do,” he said.




Developed in 2001, UTSA’s cybersecurity education program was named an NSA/DHS National Center of Academic Excellence in 2002, and has won other accolades from those two agencies since. The program covers much of the security spectrum, including intrusion detection, digital forensics, the economics of information security and biometrics. Students can choose from 16 undergraduate and graduate programs that cover a variety of majors, minors and concentrations in the schools of science and business, including an undergraduate minor in digital forensics, a master’s of science in the management of technology and a Ph.D.-level concentration in information technology. “This means that no matter what a student wants to do from a security perspective, there is a good chance we have a course covering it,” said Greg White, director of the UTSA Center for Infrastructure Assurance and Security. USTA’s Center for Infrastructure Assurance and Security, which designs and runs training exercises for communities and states, and its business-oriented Center for Education and Research in Information and Infrastructure Assurance are among the specialized programs that expose students to basic security research as well as operational issues and how to work with state and local governments and businesses. UTSA, White said, wants students to be able to jump right into security “from the moment they graduate.” Another bonus: The university puts a focus on “soft” skills such as teamwork and producing oral and written presentations — abilities that the industry has complained that graduates from other programs are lacking, White said. CO N T I N U E D








Cybersecurity education at Carnegie Mellon is spread across four colleges and eight academic departments, including an institute for software research, a machinelearning department and a robotics institute. All told, the academic opportunities add up to more than eight Ph.D. programs, more than a dozen master’s of science programs and two major undergraduate programs — computer science and electrical and computer engineering. This is by design, said Bill Scherlis, director of the Institute for Software Research and a computer science professor at the

Pittsburgh-based university. “If we think about the adversary, we can understand why so many disciplines are involved,” Scherlis said. “The adversary is trying to understand how we think about the design of systems. ... This is one of the reasons why our field continues to broaden.” The school is known for the Carnegie Mellon CyLab, whose purpose is to help assure coherence across this diversity of research and educational activities. Jointly operated by the Carnegie Institute of Technology and the School of Computer Science, CyLab “assists in the coordination of course offerings, supports a strong partnership program linking our work in cybersecurity with industry and government, and supports outreach programs such as hackathon events,” Scherlis said. In addition, the CERT Coordination Center at the Software Engineering Institute was created in 1988 in response to the infamous Morris Worm, one of the first damaging computer worms to wreak widespread havoc on the then-young Internet. The CERT was to be a widely trusted community cybersecurity resource, coordinating response among diverse stakeholders. Today, the proximity of the CERT to campus labs enables collaboration with professors and students on projects.




Cybersecurity market’s estimated worth by 2020. - MarketsandMarkets


Best known for its agricultural and engineering programs, Purdue’s 15-yearold cybersecurity program is broadranging. Students can pursue a number of degree options for a bachelor’s, master’s or doctoral degree, but they can also build expertise by tackling minors and concentrations in cybersecurity. Purdue, located in West Lafayette, Ind., also offers an interdisciplinary master’s degree and Ph.D. that ties together specialties that include information technology, linguistics, philosophy and electrical THINKSTOCK engineering. “We need deep technical experts and they tend to graduate from STEM (science, technology, engineering and math) disciplines,” said Melissa Dark, associate dean of planning and research for the school’s College of Technology. “However, first and foremost, cybersecurity is a social goal, and that implicates the importance of teaching students the policy, economics, and culture dimensions. “Purdue is especially good at teaching cybersecurity as a system of systems — connecting cybersecurity technology to infrastructural systems such as energy systems, health systems, financial systems and more,” Dark said. “The cybersecurity landscape is dynamic and complex. Therefore, teaching students from a system-of-systems perspective helps ensure the adaptability of their knowledge to the shifting landscape and helps prepare a more agile cybersecurity workforce.” At Purdue, cybersecurity is not approached as merely a technical issue. “Graduates need to have technical depth in computing and information systems coupled with a breadth of knowledge that includes risk analysis and adversarial awareness,” Dark said. “Because national security is not just a technical challenge, but a social goal, they need some grounding in policy, economics and/or sociology.”



Boston-based Northeastern is home to one of the nation’s first doctoral programs in information assurance (the protection of information systems), created in 2009. In 2013, the university became one of four nationwide to be designated as a National Center of Academic Excellence in Cyber Operations by the National Security Agency. The program, which offers both a master’s degree and a Ph.D., has been interdisciplinary since it began: It sits within DAVID FOX the College of Computer and Information Science, but also offers courses in criminal justice, public policy and business. “Other than the technical and contextual knowledge that a student learns from a university-level cybersecurity program, a student must be taught to understand the importance of ethics, and the ability to react to adversity with a calm and clear mind,” said Themis Papageorge, the director of the school’s graduate information assurance program. “Cybersecurity professionals need to actively address rapidly — sometimes daily — changing threats and vulnerabilities and understand the mindset of the attacker to be able to manage these security risks.”




The very term “hacker” was invented by an MIT student in the 1960s. It’s no surprise, then, that MIT remains a premier academic destination for those interested in the cutting edge of cybersecurity. Two years ago, MIT — famous for its unending stream of scientific and technological advancements — turned its attention from pure academics and launched its online “Digital Programs” as part of the school’s ongoing professional THINKSTOCK education efforts. The six-week programs cover Big Data and cybersecurity, and are designed for a wide range of professionals. “It’s imperative that all new professionals and experienced professionals in this field have a hunger to continually learn and add to their skill set,” said Clara Piloto, director of global programs at MIT Professional Education. The Cambridge, Mass.-based school’s CyberSecurity@CSAIL is MIT’s research initiative focused on cybersecurity technology based in the Computer Science and Artificial Intelligence Laboratory (CSAIL). CSAIL leverages MIT’s existing research portfolio and work with the university’s industry partners to address cybersecurity challenges.

The term

“HACKER” was invented by an MIT student in the 1960s.

CYBER STUDENT VOLUNTEER INITIATIVE An informal network created by DHS for college students to gain high-level experience at one of 50 participating field offices around the country before graduation.









2015 YEAR IN DEFENSE A look at the people, policies and technology that make up our nation’s military. Available in December







DONE Meet five Department of Homeland Security employees who work behind the scenes to keep our country safe

By Suzanne Wright


HE DEPARTMENT OF HOMELAND Security is the third largest agency in the federal government with more than 230,000 civilian and military employees. While the vast majority of those workers are people the public never sees, they are performing important work across a wide spectrum of duties, including recognizable jobs like airport screeners and security personnel, agents securing the nation’s borders and members of the U.S. Coast Guard. Here, five DHS employees discuss their lesserknown roles and how they contribute to the overarching mission of maintaining the nation’s security.


Executive director, Responders Technology Alliance, DHS Science and Technology Directorate

LOCATIONS: Washington, D.C., and Seattle TENURE: Since its inception after the Sept. 11, 2001, terrorist attacks EDUCATION: Master’s of public administration, Harvard University’s John F. Kennedy School of Government; master’s of science, National Defense University; bachelor of science in public administration, University of Southern California

The Responders Technology Alliance manages an alliance between first responders, industry and investment communities and research and development communities to address long-term and difficult technology challenges for first responders.

You’ve had quite a career path from the U.S. Navy and the Royal Canadian Mounted Police as a first responder to several positions at DHS. MORGAN: The world has evolved. When I first started, I used to carry a set of handcuffs and a six-shot revolver; now there are advanced body-worn electronics, Tasers and wireless body cameras. I have been given the opportunity to make the responder profession more efficient, effective and safer. How is technology changing the field? What will the first responder of the future — a firefighter, a law enforcement officer or an emergency medical technician — look like? Advancements in technologies — how we will communicate during emergencies and how we can better engage with the communities we serve? Innovation will ensure that the next generation of first responders is protected, connected and fully aware. You’re also working with the investment community. Our business accelerator program called EMERGE helps innovators — individuals, start-ups and companies — develop and launch their ideas into investable companies by providing early market validation, mentoring and access to private investment. The program will accelerate the development of wearable technologies and provide a path to introduce those technologies to a variety of markets, including government sector partners. What might one find surprising about your colleagues? Fourteen patents have been awarded to our employees; some are getting royalty checks for their inventions. When it comes to intellectual property rights, not everything belongs to the government.

CATHERINE EMERSON Chief human capital officer

LOCATION: Washington, D.C. TENURE : Appointed in August 2011 EDUCATION: Bachelor of arts and juris doctor, The Catholic University of America

The Office of the Chief Human Capital Officer for DHS provides overall management and administration for the department’s human resource policies, programs and practices to ensure that the department is attracting, retaining and developing the skilled workforce it needs to protect and secure our nation.

Tell us about high-growth areas. EMERSON: We look for highly specialized applicants with skills like secure coding or cyber threat analysis. We anticipate growth in border security agents and IT. We also hire a lot of transportation safety folks and EMTs. How diverse is DHS? We are committed to a diverse and inclusive workforce. Particularly given the complexity of our missions, we believe that diversity and inclusion can lead to innovative problem-solving, enhance decision-making and enable us to more effectively engage with the public we serve. Specifically, 43 percent of the DHS civilian workforce identifies as a member of a diverse racial or ethnic group. You’ve had a special focus on hiring veterans. There are 250,000 veterans returning annually to the workforce. The department is the ideal employer to maximize the skills and training veterans have acquired while serving our country, as well as (continue) the commitment to serve and protect our nation, which is the DHS mission. The department currently employs more than 50,000 highly trained and qualified veterans. I know you are hiring across a broad spectrum, but are there qualities successful hires have in common? The biggest is a passion for our mission and those who feel a calling to public service. DHS is a place where people are willing to go the extra mile to get the job done. Collaboration is extremely important. CO N T I N U E D BARRY BAHLER/DEPARTMENT OF HOMELAND SECURITY






Laboratory director, U.S. Secret Service, Forensic Services Division


Assistant secretary for health affairs and chief medical officer, Office of Health Affairs

LOCATION: Washington, D.C. TENURE: Since 2008 EDUCATION: Bachelor of science, Brown University; doctor of medicine, Tufts School of Medicine; master of public health, Boston University

The Office of Health Affairs serves as the principal authority for medical and health issues at DHS. Experts advise and support DHS leadership, public health and first responder communities nationwide to prepare for, respond to and recover from threats to the nation’s health.

Tell us about the people in your office. BRINSFIELD: One of our strengths is the variety of backgrounds our people have. Civilians, military, Ph.D.s, first responders, nurses, chemical experts and biologists all come together in one place. It’s a crosswalk of ideas. What happens during a typical day? Every day is different, but always includes being briefed on where our programs are and what the current medical issues are. We also support policy development with the (Capitol) Hill. In addition to being proactive in planning, your teams have to be reactive in a crisis, such as a chemical threat, or a pandemic like Ebola. For an office of our size, our staff has the incredible ability to switch gears when necessary. What initiatives are you proud of? I’m really proud of the first responder guidance we’ve provided on the federal, state and local level to increase the survivability of our employees and citizens during IED (improvised explosive device) and active shooter events. With the Life Saving Award, which honors DHS personnel who have taken action to save a life, we can recognize employees who work hard both on and off duty. And our Stop the Bleed program gives bystanders the tools and education they need to help save lives.


Officer for civil rights and civil liberties

LOCATION: Washington, D.C. TENURE: Since 2013 EDUCATION: Bachelor of arts, Brown University; master of arts, University of Chicago; juris doctor, University of Michigan Law School

The Office for Civil Rights and Civil Liberties supports DHS as it secures the nation while preserving individual liberty, fairness and equality under the law. It advises DHS leadership on policy and is tasked with investigating and resolving civil rights and civil liberties complaints filed by the public regarding DHS policies or actions. Mack is a presidential appointee.

Terminology-wise, is there a distinction between civil rights and civil liberties? MACK: In simple terms, civil rights and civil liberties both ensure that our freedoms under U.S. laws, regulations and treaties are protected. Our rights ensure equality for all individuals, like the Fourteenth Amendment and laws such as the Civil Rights Act of 1964 and the Americans with Disabilities Act of 1990. Liberties are protections like our First Amendment rights. I’m thinking about headlines and the tremendous scope — and potential scrutiny — of your office. We investigate individual rights, like how someone in a wheelchair was screened by TSA (Transportation Security Administration) at the airport to immigration policy, such as how someone is treated while in DHS custody. Those are things you might read about. We also investigate more traditional civil rights, like Title VI of the Civil Rights Act of 1964, which prohibits discrimination. What are some of your office’s lesser-known responsibilities? Our community engagement outreach includes meeting with local DHS and law enforcement professionals, experts and other stakeholders in 15 major cities across the country. With everyone in one room, we answer questions, address complaints and air concerns. From that mediated session might come a detailed recommendation on improvements to medical care for people in immigration detention. What qualities do you most value in your colleagues? Critical and creative thinking, dedication and the ability to work cooperatively. It’s wonderful to work with such dedicated folks from all kinds of backgrounds; we really value different opinions and perspectives.

The Secret Service is home to an advanced forensics laboratory, which provides creative and forensic support services, including the world’s largest digital ink library and the only forensic information system for handwriting. Experts perform scientific analysis and provide testimony for the U.S. judicial system. We’re addicted to procedural TV dramas like Law and Order or Criminal Minds. How accurate are these shows? LEBEN: What’s nice is that TV procedurals represent a kind of executive summary of the overall work that is done in a case. However, they don’t reflect the daily complexities of a case, nor does TV represent the collaboration that occurs across agencies that help solve cases. LOCATION: Washington, D.C. TENURE: 25 years EDUCATION: Master of science, George Washington University; master of science, George Mason University

How did you get started in this field and what has contributed to your success? For me initially, it was the desire to work in the field. I have been interested in criminal investigations and science since the third grade. Over time, it is important to identify what specialty area or discipline interests you. Also, embracing the mission of an agency is crucial; it helps instill pride in the work accomplished every day. The technical work can be tedious work. What kinds of cases have priority in your department? We support the missions of the U.S. Secret Service and Department of Homeland Security. We protect government leaders, the nations’ financial infrastructure, lead and coordinate national special security events, combat terrorism and support the congressional mandate to respond to missing children cases on a federal, state and international level. Threats against government leaders always take priority. It’s a dynamic environment; priorities can change hourly and daily, depending on both the internal or external climate. What do you find most satisfying in your position? Connecting people. I value the opportunity to serve and guide others to success and assisting them in achieving immediate and long-term goals. I also enjoy teaching when opportunities arise, having a voice in making change and creating opportunities for those willing to take a risk and work beyond their limitations.





FEMA staffer Emily Miller shares disaster preparation tips during an America’s PrepareAthon event Sept. 3, 2014, in Boston.



Ahead of natural disasters, emergency managers spread the word By Mary Helen Berg


HE U.S. EAST COAST dodged Hurricane Joaquin, which battered the Bahamas and other parts of the Caribbean in October, but a separate storm system hammered the seaboard anyway, dumping as much as 2 feet of rain in parts of South Carolina. Historic flooding stranded homeowners on roofs, sent cars cascading down streets and shut down a 75-mile stretch of Interstate 95. Twenty-one people died in North and South Carolina. President Obama quickly declared a disaster in South Carolina. Damages, expected to total billions of dollars,

were still being calculated weeks after the rain ended and the waters receded. By late October, 64,000 people had filed $47.5 million in claims, said Leo Skinner, assistant external affairs officer for the Federal Emergency Management Agency. FEMA established 23 recovery centers and deployed 1,350 employees to South Carolina, including hundreds of home inspectors to examine waterlogged property, Skinner said. Despite the lives lost and 1,460 people who needed rescue, the human toll could have been much higher, said Derrec Becker, spokesman for the South Carolina Emergency Manage-

ment District. Most fatalities occurred on the road, when drivers tried to exit their cars or vehicles were swept away in floodwaters, according to Sherri Iacobelli, spokeswoman for the South Carolina Department of Public Service. Overall, South Carolinians were relatively well prepared for disaster. “People heeded the warnings, they got disaster supplies, they paid attention to the weather reports, they stayed off the roads, with very few exceptions,” Becker said.


No matter where you live, you can’t be too prepared for a disaster, officials said. Indeed, planning ahead can mean

the difference between life and death. “Even if you don’t expect it, you still need to be ready,” Skinner said. That message isn’t getting through to everyone, according to FEMA research. Despite frequent recent disasters — massive wildfires, crippling blizzards and damaging hurricanes including Ike, Sandy and Irene — the percentage of people who actually prepare for emergencies hasn’t changed much since 2007, FEMA said in a 2014 Preparedness in America report. And although most Americans have lived through some type of catastroCO N T I N U E D


MAC'S M-30 &

Mac's Fence, Inc.

Electronic Gates Security Bollards Kansas City, KS Ornamental Fence 913-287-6173 Chain Link Fence High Security Fence M-50 Crash Barrier Gates




DISASTER TIPS The FEMA website offers extensive tips on preparing for many types of disasters as well as emergency planning advice for the elderly, pets, the disabled, the workplace, school and home. FEMA recommends these actions to prepare for natural disasters:

Stay informed Know what types of natural disasters are common to your region. Find out when it is safer to evacuate and when it is safer to shelter in place. Download FEMA’s free app for weather alerts from the National Weather Service at (also available on iTunes and Google Play). Ask local officials whether your community has an emergency alert system and subscribe to it. Pay attention to social media reports and alert messages texted to your phone, if available

in your area, or broadcast to television and radio stations. Communicate Talk with everyone in your family and form an emergency plan before a disaster. Agree where to meet and how to communicate if separated. Choose an out-ofstate friend or family member for everyone to contact, since long-distance calls can be easier to make during an emergency. Remind family members that texts are more likely to go through than phone calls if phone lines are jammed.

Plan a route Plot an evacuation route. Keep your gas tank full as gas stations may be closed or gas pumps may not work during emergencies. Consider alternate routes and modes of transportation in case main roads are blocked. Pack a kit Stock an emergency kit that includes a three-day supply of food and a gallon of water per person for each day; first aid supplies; a battery-powered or hand-crank radio; a flashlight and

batteries; a cellphone and charger; and a supply of cash in case ATMS are unavailable. Don’t forget prescription medication, pet food, diapers and baby formula. Check periodically to ensure these items aren’t expired. Keep kits at home, in your car and at work. Make sure all family members know where kits are stored. It’s also a good idea to keep important paperwork — passports, birth certificates, insurance policies — in one place where you can access them quickly. — Mary Helen Berg THINKSTOCK

the PrepareAthon! registered 25.8 phe, more than 90 percent have million people who had taken part in never rehearsed an evacuation and preparedness-related activities as of 30 percent wouldn’t evacuate even Oct. 26. if ordered to during an emergency, The city of Nashua, N.H., buried according to a 2014 Allstate Insurat one point last winter in 33 inches ance survey of 1,000 people with of snow, used the PrepareAthon! homeowners or renters insurance. to test its emergency alert system Last year, 333 people died in the to 30,000 subscribers and train city U.S. as a result of natural disasters officials on tornado preparedness, — including 57 from rip currents, 43 said Justin Kates, Nashua’s director of from cold exposure, 47 in tornados emergency management. and 29 from flash floods — that cost FEMA’s ready-made Pre$7.6 billion dollars in damages, acpareAthon! toolkits cording to the National are easy to implement Weather Service. and save time and But about half of labor for small city Americans say they MORE THAN staffs, Kates said. Most simply don’t know importantly, they how to get ready for help communities to a disaster or believe be proactive about that preparing for one disaster planning. will cost too much, “We don’t want according to FEMA. to focus on response Disaster planning OF AMERICANS and recovery (after doesn’t need to HAVE NEVER an emergency),” he be confusing or REHEARSED AN said. “Those are the expensive, emergency bad times. Those are experts said. The first EVACUATION the times where we step is to understand end up spending a lot the specific risks in —Allstate Insurance survey of money to rebuild your area, whether and recover, when you live near an ultimately we can try earthquake fault line during the preparedness phase to or in Tornado Alley, according to make people feel like they’re a little Skinner. Then, take charge of your in control of their own destiny.” own safety and make a plan before Preparing ahead also helps speed disaster strikes. reaction time during a crisis, said PRACTICE FOR DISASTER Scott Cave, whose Mount Pleasant, To encourage disaster planning on S.C., company, Atlantic Business a grassroots level, FEMA launched Continuity Services, designs emerthe America’s PrepareAthon! gency plans for businesses. Stress campaign in 2013. FEMA provides can slow response times and cloud training materials on different types rational thinking, he said. of disasters to local governments, “If you don’t have an easy-tochurches, businesses and community follow checklist or some sort of groups; participants use them to document or plan, it becomes really organize disaster education events difficult for most people to think on and even actual drills. This year their feet,” Cave said.





Tools and tips from FEMA can help residents be prepared for natural disasters like the 104-squaremile fire that destroyed hundreds of structures in Middletown, Calif., top, in September; historic rains, bottom left, that flooded Kingstree, S.C., on Oct. 7; and a tornado that hit Van, Texas, in May.





BUILDING CODES: uIn Gulf Coast states, Hurricane Rita helped usher in a new era of construction rules. After Rita, many homes, like this one in Long Beach, Miss., were required to be built 17 feet or more above ground.


Canal Street is flooded a day after Hurricane Katrina blew through New Orleans on Aug. 30, 2005.


After the disasters of 2005, emergency management agencies revamped plans By Alan Gomez


ANY WHO LIVE ALONG the Gulf of Mexico refer to Rita as the “forgotten hurricane,” but in the 10 years since, emergency management officials consider it just as important as Hurricane Katrina in terms of lessons learned. Hitting the U.S. just three weeks after Katrina ravaged New Orleans, Rita wasn’t on most Americans’ radar when it made landfall as a Category 3 hurricane Sept. 24, 2005, in a less populated area along the Texas-Louisiana border. Where Katrina left more than 1,800 dead, Rita killed fewer

than 150. But after Rita, Texas officials redesigned their evacuation plans, local leaders started building new shelters and Louisiana legislators updated their antiquated building codes. (See right for more information on the changes.) The Federal Emergency Management Agency, the target of much anger for its delayed response to Katrina, upgraded its procedures for a more rapid and organized response to future disasters. Those improvements paid off: FEMA won praise for its coordinated reaction to the destructive Superstorm Sandy, which struck New York City and other heavily populated areas along the East Coast in 2012.

EVACUATION PLANNING: uIn Texas, officials better coordinate evacuations to prevent the massive and deadly traffic jams like the one in Houston, when 3 million people along the Gulf Coast hit the roads simultaneously to escape Hurricane Rita. When Hurricane Ike hit in 2008, traffic moved through the evacuation routes more smoothly.

GOVERNMENT EFFORTS: uAcross the country, FEMA, the National Hurricane Center and the Army Corps of Engineers work together to constantly update risk assessments for every coastal city from Texas to Maine. ROGELIO V. SOLIS/THE ASSOCIATED PRESS; PAUL SANCYA/THE ASSOCIATED PRESS; FEMA





Homeland Security