Page 1




Mission Focused

Cybersecurity is top priority

SECURITY VS. PRIVACY Mobile phones ignite debate

FUTURE DEFENDERS Best colleges and programs

SECRETARY Q&A Jeh Johnson outlines issues







201 6 S P E C I A L E D I T I O N


CONTENTS MARITIME FEATS Coast Guard commandant touts the service’s accomplishments

The U.S. Coast Guard cutter Eagle sails along New York’s Hudson River on National U.S. Coast Guard Day in August. DREW ANGERER/GETTY IMAGES



COMMAND AND CONTROL Clover 3x3 Video Wall

21:9 UltraWide® Monitor

LG displays are designed with the military in mind. As a recognized EPEAT manufacturer, LG Commercial Displays manufactures a comprehensive portfolio of small and large format digital displays with exceptional image quality and reliability. Our innovative technology solutions are well suited for military situational awareness and briefings, and can be tailored to a variety of government agencies on federal, state and local levels. • TAA-compliant Desktop and 21:9 UltraWide Monitors • Slim-bezel Video Walls • 86-inch Ultra Stretch Display • Dual-sided OLED Displays DISCOVER THE LG ADVANTAGES FOR GOVERNMENT TODAY:

1.800.897.8788 or e- mail



This is a product of


Jeanette Barrett-Stokes CREATIVE DIRECTOR


Jerald Council


8 12 14 18 28 32 36 40

DETECTING THREATS Q&A with DHS Secretary Jeh Johnson

48 54 60


Elizabeth Neus Hannah Prince Sara Schwartz Tracy L. Scott

SECURITY BLUEPRINT Agencies that make up DHS SECRET SERVICE Agency attempts to reboot amid busy time


Miranda Pellicano Gina Toole Saunders Ashleigh Webb Lisa M. Zilka

TSA PRECHECK Travelers slow to sign up for streamlined security program


Matt Alderton, Brian Barth, Mary Helen Berg, Carmen Gentile, Adam Hadhazy, Melanie D.G. Kaplan, Tammy Lytle, Diana Lambdin Meyer, Nancy Monson, Erik Schechter, Adam Stone

A NEW NORM Incidents a! ect national security views HACKERS FROM AFAR E! orts to keep nationstate actors at bay FUSION CENTERS Information-sharing hubs include cyber focus MIGRANT DETENTION Calls to end for-profit holding centers gain support




Michelle Washington

SMARTPHONE SECURITY Mobile devices raise privacy vs. safety debate HOMEGROWN TERRORISM " warting lone-wolf attackers remains a priority DRONES Civilian use of unmanned aircraft increases LOUISIANA UNDER WATER Major media coverage eludes historic flooding


Flooding evacuees take shelter in August in the Baton Rouge River Center in Louisiana.

70 84 96 77

Justine Madden | (703) 854-5444

SECURITY ROBOTS Company’s roaming guards aim to protect and serve



Julie Marco

CREDIT CHECK Chip card readers make gradual entry in stores

ISSN#!734" 7456 A USA TODAY Network publication, Gannett Co. Inc

JOBS Snapshots of diverse careers

USA TODAY, its logo and associated graphics are the trademarks of Gannett Co. Inc. or its aÿ liates. All rights reserved. Copyright 2016, USA TODAY, a division of Gannett Co. Inc. Editorial and publication headquarters are at 7950 Jones Branch Dr., McLean, VA 22108, and at (703) 854-3400.

BUSINESS SOLUTIONS Programs help tech startups get o! the ground

EDUCATION CYBERSECURITY DEGREES Higher education leads to in-demand jobs

Patrick Burke | (703) 854-5914 ACCOUNT DIRECTOR




ON THE COVER DHS Secretary Jeh Johnson spoke to USA TODAY about his department’s mission. PHOTO BY DOUG KAPUSTIN

For accuracy questions, call or send an e-mail to








THREAT DETECTION As his term nears an end, Department of Homeland Security Secretary Jeh Johnson addresses cyberthreats and terror challenges facing the nation

By Kevin Johnson


HE MASSIVE SO! CALLED DENIAL of service attack that knocked many popular websites offline in late October not only rattled internet users, it also underscored an increasingly uncomfortable reality in the corridors of government responsible for the nation’s cyberdefenses. “It is a sign of the increasing level of sophistication of cybercriminals, cyber

hacktivists, single individuals, groups of individuals,’’ said Department of Homeland Security Secretary Jeh Johnson. The attack came just days after Johnson and National Intelligence Director James Clapper formally identified the Russian government as responsible for the breaches this summer at the Democratic National Committee and other institutions. While Johnson said the October outage could not be traced to a state actor, specifically Russia, the action nonetheless reverberated

across an already unsettled landscape where vulnerabilities have been exposed in some of the country’s most basic institutions, including local voter registration databases. In a wide-ranging interview with USA TODAY, conducted prior to the Nov. 8 general election, the nation’s fourth homeland security secretary, who is set to leave office at the close of the Obama administration, discussed the rapidly evolving catalog of threats facing the country and government efforts to confront them.





Are you satisfied with the government’s preparations to confront a multifaceted cyberthreat involving both state actors and cybercriminals? JOHNSON: I think that we have made significant strides in our cybersecurity efforts. In March, we created automated information sharing. That was a huge step forward. We have the ability to share cyberthreat indicators in near-real time ... and we’re inviting informationsharing organizations, corporations other agencies — state, federal and local — to participate in this system. That’s a huge step forward. (Johnson was referring to the deployments of the three-phased system known as Einstein, a cyber surveillance program designed to guard the federal civilian network. It is capable of alerting systems to potential cyberattacks, while an advanced phase of the system, known as Einstein 3 Accelerated, or E3A, boasts of the capability of detecting and blocking cyberthreats.) Is oversight of the government’s data systems too decentralized to manage? The most simple way to put it is that (FBI director) Jim Comey is the cop and I’m the fireman. If you need the cop because you’ve been the victim of a cybercrime, you call the FBI. If you need the fireman to come in and help fix your system, mitigate the damage ... you call the DHS. Each agency and department head is legally responsible for their own systems. Particularly in this administration ... it is important that Cabinet heads take that responsibility seriously as part of their core mission and not just forward the email on to their CIO (chief information officer) when you get it from me. I have an overarching responsibility for the protection of the federal civilian dot-gov system. So, that can take the form of providing best practices to departments and agencies. It can take the form of issuing operational directives. ... It can take the form (of) getting a lot of these agencies covered by a form of Einstein 3A. So, it’s a collaboration between agency heads and myself. I’m satisfied with the framework. It’s up to all of us to understand the framework and how it’s supposed to work.


Homeland Security Secretary Jeh Johnson speaks about terror attacks in Paris and the ongoing Syrian refugee crisis at a CyberCon conference in Arlington, Va., in November 2015.

There was some highly charged rhetoric on the campaign trail. The harshest voices espoused views that appear to have energized the anti-government movement. How concerned are you about what might spring from that? I do have a concern about violent extremism of many different forms in this country. Part of our Countering Violent Extremism initiatives includes CO N T I N U E D




SECRETARY JOHNSON ON THE JOB Appearing at a news conference with Peter Neffenger, head of the Transportation Security Administration, Johnson speaks about the safety of the nation’s rail system in September 2015 at Union Station in Washington, D.C. Johnson hands Fariatou Ibinike Abdoul, from Benin in west Africa, her certificate of naturalization after she was sworn in during a citizenship ceremony on World Refugee Day at the Delacorte Theater in New York’s Central Park in June. After a historic storm caused severe flooding throughout Louisiana in August, Johnson met with state and local officials in Baton Rouge to survey response and recovery efforts.


domestic-based forms of extremism and addressing it as appropriate. That could be through law enforcement. I’m not making a comment specific to this election season or any candidate. But we have seen a level of domestic extremism in a number of different forms that gives me concern. But domestic violent extremism can be aimed not just against government institutions but people, groups of people, types of people, as well. So in this climate, I think it’s important that we remind the people of who we are as a nation. We are a nation of immigrants. We are a diverse nation. We celebrate our diversity and in this climate where there is a lot of rhetoric about refugees ... we made a determination that because of the worldwide refugee crisis we needed to up our undertaking (to 85,000 in 2016; the Obama administration pledged to accept 110,000 in 2017). In the face of considerable political

resistance, it was the right thing to do. There were a lot of women and children fleeing violence, fleeing terrorism. And I’m proud of the fact that we did that. We added security checks to the process. And we surged a lot of resources to make it work and meet that commitment. And so, I think it’s incumbent upon government leaders to dispel stereotypes and remind the country who we are, what our values are, what our heritage is. How vulnerable is the U.S. to the expected flight of Islamic State fighters as pressure mounts on their strongholds in Iraq and Syria? For us ... it’s a two-dimensional threat picture: homegrown and the prospect of foreign terrorist travel. It’s what I’ve been very focused on. From the foreign terrorist travel side, we have to be concerned about those few U.S. citizens

who have gone to Iraq and Syria to take up the fight who may come back here. And that is a matter for law enforcement. But we also have to track them; we have to track people ... who may be citizens of countries for whom we do not require a visa to come here. And so we’ve done a lot to build our information-sharing regime with foreign countries and interagencies in this government. We’ve done a lot to build the National Targeting Center (which tracks people and cargo that might pose a threat to the U.S.). We’ve done a lot to build the security around the visa waiver program. So that we know more about the people who want to travel here. We have denied travel to literally, I think, thousands of people. We now deny visa-free travel to those who have been to various hot-spot countries, and I have a waiver authority, which I’ve exercised sparingly.

The Department of Justice (DOJ) announced earlier this year that it was ending its use of private prisons after concerns were raised about security and medical treatment at those contracted facilities. Is the DHS still committed to using private prisons for illegal immigrant detention? If I was committed to it, I wouldn’t have asked people to review it. (A DHS advisory committee report on the use of private prisons was due Nov. 30.) (See story on page 40.) I always want to know if there is a better way — reassess policy. And that’s why I asked this group to look at whether we should go the same direction as DOJ. And they are doing that. But at present, we have a need for immigration detention, and so we need to use what we have. A lot of people don’t like it, but it is necessary.






HOMELAND SECURITY AT A GLANCE The Department of Homeland Security has a multifaceted responsibility of keeping the nation safe from dangers, both inside our borders and from abroad. Its more than 240,000 employees respond to disasters, fight crime and fend off terrorism threats. Here’s a look at the divisions that power the agency’s mission:

SECRET SERVICE Investigates financial, currency and computer-related crimes, including counterfeiting and identity theft; protects national and world leaders.

BORDER U.S. Customs and Border Protection Provides security at U.S. borders; facilitates legal trade and travel across borders.

Directorate for Management Handles budget matters, human resources, accounting, IT and procurement.

U.S. Citizenship and Immigration Services Handles applications for U.S. citizenship, green cards and work visas for foreign nationals; runs E-Verify program where employers can check employees’ citizenship status.

Federal Emergency Management Agency Supports state and local agencies that respond to disasters; provides financial aid to residents who have lost housing or property in a federally declared disaster.


Transportation Security Administration Screens luggage, passengers and cargo, primarily at airports; stations air marshals aboard planes; maintains watch list of people suspected as threats.






Office of Policy Coordinates the development of agency policy.

COAST GUARD Defends maritime borders; the only military organization within DHS.

ICE U.S. Immigration and Customs Enforcement Created from the investigative and enforcement arms of the U.S. Customs Service and the Immigration and Naturalization Service; enforces border control, customs, immigration and trade laws.




National Protection & Programs Directorate

Science & Technology Directorate

Leads efforts to protect physical and cyber infrastructure, protects federal buildings and provides technology to collect, store and analyze biometric data.

Researches, develops and provides products and technology solutions that help strengthen DHS security capabilities.



Office of Health Affairs

Office of Intelligence & Analysis

Advises the department on medical and public health matters; manages systems for early detection of chemical/biological weapons; coordinates agencies’ response to food, animal or agricultural health threats.

The hub that distributes information and intelligence to state, local and tribal officials. Part of the national intelligence community; works with the Office of the Director of National Intelligence.



Office of Operations Coordination

Office for Civil Rights and Civil Liberties

Oversees the National Operations Center, which collects and distributes information from federal, state, local, private sector and other agencies to thwart threats.

Provides legal and policy advice on civil rights and civil liberties issues; conducts investigations on related complaints.



Federal Law Enforcement Training Center

Domestic Nuclear Detection Office

Has trained more than 1 million law enforcement officers since it opened in 1970.

Detects and reports threats related to nuclear or other radiological weapons or devices.

INTERGOVERNMENTAL Office of Intergovernmental Affairs Coordinates and advances federal interaction with state, local, tribal and territorial governments to promote an integrated national approach to homeland security.





SECRET SERVICE Secret Service agents surround the popemobile as Pope Francis rides through Philadelphia en route to celebrate Mass in September.



Secret Service tries to boost its ranks amid unrelenting demands By Kevin Johnson


ASHA ALHNAITY ARRIVED IN Chicago in early October at a regional gathering of federal law enforcement applicants with some of the most-prized credentials of any of the nearly 150 candidates all pursuing the same thing: a place in the ranks of the U.S. Secret Service.

The 34-year-old data analyst holds master’s degrees in business and health care administration. She is fluent in Arabic, and if there are any questions about her physical conditioning, agency officials need only scan the YouTube catalog of international martial arts events where she has competed as a fourth-degree black belt. “I’ve been doing my homework,’’ she said, waiting for the verdict after a first

round of interviews. “I’ve worked very hard to pursue this life.’’ Yet for every candidate mirroring Alhnaity’s impressive qualifications, thousands of others seeking positions as agents and uniformed officers have been washing out of the Secret Service’s most ambitious recruiting campaign in more than a decade. The agency is facing unprecedented demands as it works to emerge from the



SECRET SERVICE controversies that have dogged it in recent years. Complicating the agency’s effort to boost its ranks, officials said, are otherwise promising candidates whose abuse of the amphetamine Adderall or other prescription drugs, or their lack of candor about using them, result in an abrupt removal from the process. The problematic prescription drug histories, officials said, are emerging with troubling frequency in the midst of the hiring blitz aimed at rejuvenating an agency shadowed by a series of security breaches and recurring agent misconduct. Just two years ago, those controversies helped topple the service’s first female director, Julia Pierson in October 2014. An ongoing effort to add more than 1,000 agents and uniformed officers to the ranks by the fall of 2017 also comes during the most taxing 12-month period in the history of the service. Beginning with the massive security operation that accompanied Pope Francis’ September 2015 visit to the U.S. and culminating with raucous primaries, summer political conventions and the general election campaign, agents and officers have been thrust into the most volatile political environment in recent history. While hundreds of agents have been crisscrossing the country with candidates and vetting a record 3 million people at conventions and rallies, others have been culling through JUSTIN LANE/EUROPEAN PRESS AGENCY; CHARLES DHARAPAK/ASSOCIATED PRESS tens of thousands of applicants who are being eyed to provide relief to weary security details even as the giant inauguraWITH CLANCY, tion security operation looms. in many cases, beyond its limits,’’ a special The succession of major security events investigative panel concluded in a review ‘THE RAIN STOPPED’ Two years ago, when Clancy was plucked has been so demanding that some of the after Pierson’s resignation. “Perhaps the from an executive suite in the private secmost veteran agents maxed out their service’s greatest strength — the committor, John Magaw, a former Secret Service overtime allowances in June and have esment of its personnel to sacrifice and do director, described the moment as one of sentially been working for the job no matter what relief for the beleaguered agency. “Today, free since, said Maryland — has had unintended the rain stopped,’’ Magaw said at the time. Rep. Elijah Cummings, consequences.’’ Yet the barrage of failures that forced the ranking Democrat on Secret Service Director “(The Secret the change in leadership had clearly taken the House Committee on Joseph Clancy, a career Service is) a big its toll. Starting in 2012 with disclosures Oversight and Governagent summoned from that agents had consorted with prostitutes ment Reform, which has retirement by President ship that doesn’t in Cartagena, Colombia, in advance of a closely examined the Obama to help right the presidential visit, the agency was staggered agency’s operations in the agency, said the finding turn easily. I still by a succession of misconduct incidents past two years. continues to influence want to look at and security lapses. The most stunning The unrelenting pace is virtually every facet and consequential of the breaches came what has troubled both of an ongoing internal altering the core two years later when a mentally ill Army critics and advocates of restructuring effort. mission.” veteran scaled a White House perimeter the agency, who believe “Everything starts fence, raced unimpeded across the north the grinding nature of the with that staffing — Rep. Jason Chaffetz, lawn and barreled through the mansion’s R-Utah Secret Service’s mission piece,’’ Clancy said in unlocked front door before he was tackled has largely contributed an interview with USA near the Green Room. to its recent troubles. TODAY. “The panel was Pierson, who had been quickly installed Consequently, they added, exactly right when they as the first woman director in the afteran infusion of personnel for the uniformed said we wear this (heavy workload) as a math of Cartagena, was just as abruptly officers who guard the White House as badge of honor, and we shouldn’t. ... We swept out in the downpour of criticism well, the plainclothes agents who protect don’t want to be in that position. Our goal after the fence jumping and new discloits occupants and a host of other governis to try to take that pressure off. We’re sures about a breach during a presidential ment officials and visiting dignitaries is never going to be able to remove all of that visit to the Centers for Disease Control and urgently needed. pressure, but we’re working to remove Prevention in Atlanta. “The Secret Service is stretched to and, some of that pressure.’’

Joseph Clancy, the director of the United States Secret Service, says he is working to correct issues that have led to overworked agents trying to keep up with an unrelenting pace of responsibilities in the past year.

The success of the massive and near non-stop security events of the past 12 months, including the anxious run-up to the summer’s two national political conventions, has helped quiet the critics. But not entirely. While describing the agency’s recent work as “amazing,’’ Rep. Jason Chaffetz, R-Utah, chairman of the House Committee on Oversight and Government Reform, remains concerned about the continuing personnel stresses and the agency’s long-term management. “It’s a big ship that doesn’t turn easily,’’ said Chaffetz, who has been the agency’s most vocal critic. “I still want to look at altering the core mission.’’ The press of the protective mission, Chaffetz said, has raised questions about whether the agency’s investigative responsibility — defending the nation’s financial and cyber institutions — should be moved to another branch of government. Such a move, Chaffetz acknowledged, would involve a dramatic break from tradition and require support across the political spectrum. “It’s important that it be bipartisan or else it is not going to go very far,’’ the CO N T I N U E D



SECRET SERVICE Secret Service agents maintained a relentless schedule providing security details at political primaries, conventions, political rallies and other events during the general election campaign for presidential candidates Hillary Clinton and Donald Trump.


After just a year and a half, Julia Pierson, the first female Secret Service director, resigned in 2014 amid a spate of security failures within the agency. congressman said, adding the separate investigative responsibility only adds pressure to an already-stressed workforce. “We need to give these people some time off to do their own thing.’’ The congressman’s proposal is a non-starter for Clancy, who claims that the skills developed on the investigative side are invaluable to the protective mission.

“Absolutely not,’’ Clancy said, referring to such a mission change. “I’m so very confident in this. ... This integrated mission is what makes us successful.’’


Much of the success or failure of the agency’s ongoing restructuring program, Clancy suggested, depends largely on the

a vetting gauntlet that includes multiple personal interviews and ultimately, a date with the polygraph that few pass. Officials said the process has been further complicated by a generation of recruits whose relatively short life histories are marked by unusually high rates of prescription drug abuse. “It is definitely a struggle with this generation,’’ said Susan Goggin, the agency’s chief recruiter. “Adderall is a huge, huge issue.’’ Abuse of the stimulant is what sunk an JUSTIN SULLIVAN/GETTY IMAGES honors graduate from Eastern Kentucky University, who in Chicago acknowledged continuing recruiting and hiring efforts using the unprescribed drug — commonly in places like Chicago, New York and Fort used to treat attention deficit disorder — to Benning, Ga. keep pace with a heavy academic load. After hiring was essentially halted in the The fresh-faced candidate, who asked midst of the 2013 government shutdown, not to be identified to protect his current restarting a national campaign has required job, had driven six hours and 400 miles an enormous redeployment of resources at his own expense from his home in all its own. Private contractors were Lexington, Ky., to pursue what he described brought in to “build out’’ as a dream career only a largely dormant human to be shown the door. resources operation. He estimated that he “Everything starts “Someone gave me used the drug up to 20 the analogy of a Chevy times during his years with that staffing that’s been sitting in your in college as a study aid, piece. ... Our goal garage for a couple years a practice remarkably and then you go in and common on campus, and is to try to take you turn it over and it failed to comprehend that pressure off.” may not kick right over,” how it might affect his said Clancy. “You have future career. — Joseph Clancy, to work with it a little Crushed by his Secret Service director bit. And that’s where we dismissal, he sat in the are.’’ lobby of the agency’s Perhaps the most downtown office builddaunting part of the operation, however, ing near tears, facing the long drive home. has been sorting through the avalanche Nine floors above, Rahsa Alhnaity of applications that has followed each quietly celebrated the news that she was job posting. Nine separate calls for agent advancing. Now, the Jordanian-born data applicants last year produced 27,000 analyst from Chicago awaits the results of potential candidates. From that pool, the a polygraph examination that consumed agency offered jobs to just about 300 agent more than five hours. candidates. “The process is so long,’’ she conceded. The process requires candidates to run “But I’m ready for this.’’






Automated PreCheck stations at Atlanta’s HartsfieldJackson International Airport aim to further speed passengers through screening lines.


By Nancy Monson

Despite perks, fliers still slow to join PreCheck program

INCE THE IMPLEMENTATION OF the Transportation Security Administration’s (TSA) PreCheck program in December 2013, 3.7 million people have signed up for the opportunity to bypass long screening lines at airports around the country. That number is expected to reach 6 million by the end of 2017, but it’s just the tip of the iceberg compared with the approximately 708 million passengers screened by TSA in 2015. So why aren’t more people signing up to speed through security, keep their shoes and jacket on and leave their laptops and liquids in their carry-ons?


With PreCheck you don’t need to remove:





3!1 !1 LIQUIDS


The PreCheck program was designed to reduce wait times for security screening at airports. To be cleared, passengers must complete an online or in-person application and schedule an appointment at one of more than 380 enrollment offices nationwide. The 10-minute appointment includes fingerprinting, an interview, a background check and payment of a nonrefundable $85 fee for five years of clearance. Once approved, passengers are assigned a known traveler number, or KTN, which must be added to all future airline reservations in order to receive PreCheck status on boarding passes. At the airport, PreCheck CO N T I N U E D





TRANSPORTATION SECURITY ADMINISTRATION TSA officials report reduced wait times at airports around the country as a result of the Precheck program.

PreCheck allows us to focus on individuals whom we know less about,” he said.




A sign advertises a PreCheck application center at New York’s LaGuardia Airport.

members proceed through a separate line. Their luggage must still be processed through the TSA checkpoint scanner, but items that regular passengers are required to remove from their bags can stay packed. The PreCheck flier must proceed through an advanced imaging technology (AIT) machine or metal detector designed to detect explosives and weapons, but they don’t need to remove shoes or belts. The concept is certainly appealing, but the lag in sign-ups remains. One reason could simply be one of convenience and cost. “We are trying to make the process easier, finding more venues and making it more convenient for people,” said John

Sammon, TSA’s chief marketing officer. For instance, TSA opened nearly 20 temporary “pop-up” application centers at locations across the country, including New York, Dallas, Atlanta, Miami, Chicago, Los Angeles, Denver, Boston and Minneapolis, and passengers can also apply at some airports. “We had a huge spike in enrollment in the spring, when 16,000 people a day were signing up,” Sammon said, adding that in September, about 8,000 people a day were signing up — double the rate of the previous year. By TSA accounts, PreCheck is having a positive effect on airport wait times. “In September 2016, 99 percent of PreCheck passengers waited less than 10 minutes to get through security, versus 96 percent in regular security lines,” reported Mike England, a TSA national spokesman. That’s a far cry from the two-hour waits that were commonplace this past spring and caused an uproar among the traveling public — and which came on the heels of random covert tests conducted by Homeland Security Red Teams who posed as passengers in 2015 and showed epic security failures at our nation’s airports. (According to information leaked to ABC News, TSA failed 95 percent of the covert tests, allowing prohibited items such as weapons and explosives to pass through screening checkpoints.) With those findings fresh on the minds of travelers, one can question whether PreCheck has actually improved security at the nation’s 440 airports. Citing security concerns, the TSA won’t provide statistics, but TSA Administrator Peter Neffenger said the system is a first line of defense. “By creating a pool of known travelers who allow us to vet them in advance, TSA

TSA has responded to the criticism by boosting staff, improving training and standardizing protocols, which helped them to successfully handle the high-volume Memorial Day and Fourth of July weekends this summer. “We have upped the number of TSOs (transportation security officers) hired,” said Brett Gunter, assistant administrator in TSA’s Office of Training and Development. “Six thousand officers were trained this year, and we plan to train 8,000 next year.” New technology is also part of the agency’s effort to reduce wait times. At Hartsfield–Jackson International Airport airport in Atlanta, for example, TSA and Delta Air Lines have been testing automated screening lanes since May, reported Jill Vaughan, TSA chief technology officer. This system eliminates the need for passengers to wait for others to unload their possessions onto the belt in the security line. Passengers can walk up to one of five security stations and place all of their carry-on items in oversized bins that are tagged, scanned and automatically pushed through security, while the passenger proceeds through an AIT or metal detector. While testing is still in progress, the system has proved reliable and has been well received by passengers, noted Vaughan, adding it may eventually be rolled out to other airports.


This holiday season, the TSA is expecting a 40 percent increase in passenger volume, so passengers could experience increased wait times. And, of course, the more people who are approved for PreCheck, the longer those lines could become, especially if TSA faces budget cuts or staffing issues. To keep on top of things, Neffenger reported that the TSA will be working closely with airports and airlines to maintain security while keeping lines moving over the busy travel season. Passengers are advised to get to the airport early for their flights and pack according to TSA guidelines. “We have provided TSA’s federal security directors — particularly at critical, highvolume airports — with the flexibility and staffing they need to address projected volume and any issues before or immediately as they arise,” he said.

TRUSTED TRAVELER PROGRAMS In addition to TSA PreCheck, there are a number of other options designed to expedite passengers’ trips through airport security. They include three government-backed programs and one relatively new private option. All require an application, an approval process and fees. Global Entry is an airport and land border security program administered by the U.S. Customs and Border Protection (CBP) agency that allows expedited processing upon arrival in the U.S. It includes PreCheck privileges. uFee: $100 NEXUS speeds access across the northern border of the United States. NEXUS is designed for U.S. or Canadian citizens and legal residents of those countries who frequently travel across the U.S.-Canada border. Membership is good for five years and allows use of PreCheck lanes. uFee: $50 SENTRI gets travelers quickly through customs at the Mexican border. Approved applications come with a five-year membership. uFee: $129.99 CLEAR is a privately administered security program utilizing fingerprint and retinal scanners to confirm identity and expedite the security process. The program is currently operating at 14 major U.S. airports. Once approved, the passenger is ushered to the front of the regular security line. uFee: $179 per year — Nancy Monson and Katherine Reynolds Lewis





COAST GUARD Paul Zukunft, who has been at the helm of the U.S. Coast Guard since 2014, said the agency is being modernized at a fast pace.



U.S. Coast Guard Commandant Paul Zukunft discusses his unit’s top missions By Mary Helen Berg


HE U.S. COAST GUARD’S 88,000 activeduty, reserve, civilian and volunteer personnel are tasked with securing the nation’s maritime borders in the service’s role as the only military unit within the Department of Homeland Security. In addition to policing U.S. waterways to thwart migrant and drug smuggling, prevent

possible terrorist acts and other law enforcement responsibilities, the agency must also defend its cyber domain against attacks. Adm. Paul F. Zukunft, who became the 25th commandant of the Coast Guard in 2014, spoke with USA TODAY about recent efforts to keep cyberthreats at bay and fight international crime at sea. CO N T I N U E D








Capt. James Passarelli, commanding officer of the Coast Guard cutter Waesche, and crew members listen in October to a news conference announcing a massive drug seizure near Central America.


What’s the Coast Guard’s primary role in cybersecurity? ZUKUNFT: There are actually three pillars to this, and the first pillar is defending our cyber equities so we do not have an intrusion on our systems. The second is how do we exploit cyber (threats) in the conduct of our missions. We’ve been doing that for some time now with search and rescue. How do we take the “search” out of “rescue” by using some of the tools available in the cyber domain? The third part of this is with our broad regulatory authorities. The maritime industry is very concerned about intrusions into its SCADA (Supervisory Control and Data Acquisition) systems (which allow remote access to industrial control operations) that may disrupt either shipping activity or activity in a port. In 2012, we are aware of over 100 intrusions on GPS signals on international shipping that actually caused ships to deviate from course unbeknownst to the operators. So, industry is looking, not necessarily for the Coast Guard to regulate, but (to provide) the best standards that they need to adopt. The Coast Guard’s Western Hemisphere strategy estimates that transnational criminal organizations cost the global economy more than $750 billion in illegal drugs, human trafficking and

other crimes. Why is it important for the Coast Guard to combat this threat? When you look at what has enabled the FARC (the Revolutionary Armed Forces of Colombia) to carry out an insurgency for over 50 years, their primary source revenue is in the cocaine trade. It typically will land in Central America in bulk shipments upwards of a ton, some as large as six or seven tons. When cocaine lands in these countries ... rule of law goes out the window and violent crime really takes off. If law enforcement tries to impede movement, they will find themselves potential victims of this violent crime. This really erodes regional stability. Then, you have the corruption that goes with it, which really dissuades any foreign investment into these countries, as well. So, if you just sit back and you let nature take its course, over a period of time you run the risk of having a failed nation. For 2016, we moved more cocaine than any other year in history — over 416,000 pounds of cocaine — which is a lot of cocaine. That equates to a little over $5.5 billion dollars worth of cocaine at the wholesale value. This is a near daily occurrence in the Coast Guard right now where we are apprehending a shipment of cocaine at sea. Most of it does move in bulk by water. The biggest return you get is when you apprehend these individuals at sea.

Aboard the USS Boutwell at Naval Base San Diego, Coast Guard and Drug Enforcement Agency personnel stand watch over 28,000 pounds of cocaine seized in 2015 in the eastern Pacific Ocean.


A Coast Guard crew moors a yacht at Cobb’s Marina in Norfolk, Va., after rescuing its passengers, who were stranded in waters near Hampton, Va., in November. Midway through your term, how do you rate the Coast Guard’s progress in combatting these organizations? If I were to measure progress, it’s really measured in the fact that our Congress is paying attention to this. They’ve invested in the Coast Guard. They realized we have resource constraints, aging fleets. So, we’re

actually at a point in time where we’re modernizing the Coast Guard at the fastest rate that I have seen in my nearly 40-year career. The first three (new) National Security Cutters (flagships of the Coast Guard fleet) have paid for themselves three times over in a short period of time in the amount of cocaine that they’ve removed.









A NEW NORM High-profile crises affect attitudes about and approaches to national security

By Brian Barth


N OCT. 21, TENS of millions of Americans in the northeast U.S. awoke to a disconcerting experience: Scores of major websites were offline, including PayPal, Spotify, Amazon, CNN, The New York Times, Reddit, Twitter and Netflix. While many individuals anxiously reset the modems in their homes and workplaces, hoping they could soon get about their day, word slowly spread that this was

not an isolated event — the internet itself was under siege. The Department of Homeland Security characterized the disruption — which eventually affected the entire country — as a distributed denial-of-service attack, and initially warned that its scale and sophistication suggested that nation-state actors may have been involved, but later said it couldn’t be traced to such groups. This was just the latest chapter in a year in which threats to national security and personal safety seem to come from every

direction at once. Deadly lone-wolf attacks are on the rise; violence and threats against African-Americans, Muslims and Hispanics have been nearly constant themes in the headlines. Russia continues to be accused of attempting to manipulate the U.S. presidential election. Even the weather seems bent on making life difficult, if not dangerous, with a so-called 1,000-year drought in western states, numerous extreme flood events east of the Mississippi River and experts fretting over the rapid pace of climate change.




Terrorism remained the top security concern for 3 out of 4 Americans in 2016, with 42 percent reporting that they feel the country is less safe than before 9/11, up from 27 percent in 2014, according to a recent poll by the Chicago Council on Global Affairs. In December 2015, a Pew Research Center poll found that the percentage of Americans who felt the government was doing an effective job protecting the country from terrorism had fallen to 46 percent, its lowest point since the 2001 attacks, and a steep drop since polling at 72 percent in 2014. Clearly, a pervasive sense of vulnerability is on the rise. Of course, such worries are subjective in nature. The sophistication of the national security apparatus in the United States has never been greater because of substantial protocol upgrades after incidents that include 9/11 and the ongoing war on terror. In theory, the nation is better equipped to handle security threats than at any time in history. Yet fear has a way of sowing doubt. Whether we are safer or more vulnerable is a question Juliette Kayyem, former assistant secretary for intergovernmental affairs at the Department of Homeland Security, and currently a member of DHS Secretary Jeh Johnson’s Homeland Security Advisory Committee, is asked often. The question fails to acknowledge the nature of our vulnerabilities, she said: “I won’t answer the question, ‘Are we safer?’ Zero RON AGAM/GETTY IMAGES vulnerability is not the standard we should Firefighters stand amid the rubble of the World Trade Center towers after the 9/11 terrorist attacks. Fifteen years later, terrorism remains use. It’s just not a healthy criteria.” the top security concern for 3 out of 4 Americans, according to a poll by the Chicago Council on Global Affairs. Kayyem, who is also a security analyst, radio and TV personality and mother of three, what homeland security added that the multiple means,” she said. and potentially simul“As we see more So rather than attempt taneous threats mean frequent and to answer the impossibly that every household, complex question of, business and community more significant “Are we safer?” Kayyem must become proactive suggests screening every in planning for, managing weather events security strategy and and lowering risks. ... we’re working protocol through three “The new norm is an criteria: acceptance of a certain to incentivize ▶ How well it minilevel of vulnerability resilience.” mizes risk. in our homeland,” said — Rafael Lemaitre, FEMA ▶ How well it imKayyem. “We can’t give director of public affairs proves our defenses. up on prevention, but ▶ And, just as I think we also need to importantly, the degree invest in preparedness to which it preserves our national identity and response and recovery and resiliency and democratic ideals. just as much.” Within this perspective, said Kayyem, When the DHS was created following accepting vulnerability is not about weak9/11, Kayyem said, the expectation ness; it’s about a pragmatic approach to in the public was of “this government homeland security, one based on a network apparatus that was going to protect you. of small and connected defenses in each That narrative got a course correction after home, block, school and business district, Hurricane Katrina, when we recognized as rather expecting a centralized, heavya nation that if we were too focused on one handed force to keep all danger at bay. particular threat, we were going to miss a Kayyem is the author of Security Mom: whole bunch of other things. An Unclassified Guide to Protecting Our “When you think of H1N1 (swine flu) PROVIDED BY JULIETTE KAYYEM Homeland and Your Home, published in the and Zika and cyberattacks and flooding and Security analyst Juliette Kayyem, left, who is also former DHS assistant secretary for spring. Part memoir, part security manihurricanes ... the new normal must be an intergovernmental affairs, discusses in August 2015 terror attacks that have occurred in acceptance of all hazards, and of having a France on CNN’s New Day. much more enterprise-oriented focus on CO N T I N U E D



“The new norm is an acceptance of a certain level of vulnerability in our homeland. We can’t give up on prevention, but I think we also need to invest in preparedness and response and recovery and resiliency just as much.” — Juliette Kayyem, security analyst and member of the DHS Homeland Security Advisory Committee


A firefighting helicopter flies over the Blue Cut Fire near Wrightwood, Calif., in August. Wildfires can be the result of climate change, a growing threat to national security. festo, the book attempts to communicate security strategy to the general population in a way that engages people, rather than frightening them or making them paranoid — “to bring homeland security back home,” she said. “Our vulnerabilities are a reflection of much that is good about our society — the flow of people and goods and ideas that we adore, the millions of people that are traveling each day, the capacity to live in urban cities with vast transit systems ... (and) as I say in the book, my God-given right as a mother of three to go on and have something delivered the next day,” she said. “Think of the level of vulnerabilities in a system like that.” Another question Kayyem is often faced with in her public outreach efforts: What is the greatest threat we face? Like most Americans, Kayyem places terrorism at the top of the list. But she said another, even less predictable threat — one that she argues is more dangerous in the long run — is becoming equally important to national security: climate change.

“(Climate change) is not just about whether we’re going to get a little wet,” Kayyem said. “People have to understand that the reason those of us in the security space think about climate change as a security risk is because people will be moving in response to changes in climate, and they will be fighting in response to lack of resources, and they will be evacuating in response to extreme climate events.” In July 2015, the Pentagon released a report on the security implications of climate change, describing it as an “urgent and growing threat to our national security.” In January, that report was followed by the Department of Defense’s Climate Change and Adaptation Resilience directive, which further cemented the Obama administration’s mandate that the national security apparatus consider climate-related disruptions in every aspect of its operations. Kayyem’s emphasis on resilience is especially relevant with climate change — after all, weather-related disasters can’t be prevented, but they can be prepared for.

Within DHS, climate “resilience” falls largely under the purview of the Federal Emergency Management Agency (FEMA). According to Rafael Lemaitre, FEMA’s director of public affairs, the agency has expanded its role since Hurricane Katrina in 2005. Instead of focusing primarily on recovery and cleanup after natural disasters, FEMA also works with state and local partners to make communities better able to withstand flooding and other extreme weather events. The idea is that by investing in more resilient infrastructure, the economic toll of the next Hurricane Katrina — the most costly natural disaster in U.S. history, estimated at $125 billion in today’s dollars — can be reduced. “We have to find new ways to address the rising cost of disasters,” Lemaitre said. FEMA’s hazard mitigation grants are one tool for doing just that. Available in jurisdictions where a federal disaster declaration has been made, this funding is not just for helping communities replace what was lost, “but to build back safer and stronger,” Lemaitre said.

For example, he said, a community might use the funding to buy out all the homes in a frequently flooded neighborhood and turn the area into a park where flood damage would be less costly, while rebuilding the homes in a safer location. Likewise, the president’s Federal Flood Risk Mitigation Standard, established by a 2015 executive order, requires all new federal buildings “to be built above a certain base flood elevation to accommodate the reality of a changing climate,” Lemaitre noted. In addition to protecting federal property and federal workers, Lemaitre envisions the new standard having “a cascading effect to urge state and local officials to consider doing the same. “Climate change is definitely a concern (at FEMA),” he said, adding that it’s not the sort of threat that takes “a blunt instrument to address the problem.” Rather, a proactive, community-building approach is in order. “ As we see more frequent and more significant weather events ... we’re working to incentivize resilience.”





IN PURSUIT OF W By Tamara Lytle

HACKERS Recent cyberattacks spotlight threats from foreign entities

HAT DO THE DEMOCRATIC Party, U.S. Olympic gymnast Simone Biles, Sony Pictures and Yahoo have in common? They’ve all been hacked — allegedly by foreign countries. Governments no longer need spies on the ground to gather information that can cause disruption; hacking is an increasingly popular tool for espionage. As computers and data processing get faster and society relies on them for everything from running the power grid to finding a date — and more and more information is stored online — the payoff for countries that want to run cyberattacks is even more alluring. “They’re looking to cause harm to our way of life,” said Phyllis Schneck, deputy undersecretary for cybersecurity and communications at the Department of Homeland Security. “The ability to execute one’s will on another’s machine is increasing.” With the added hacking activity by nations, there’s now more at stake with utilities, banks and other life essentials dependent on computers. CO N T I N U E D







In August, the Russian hacking group Fancy Bear published the stolen private medical files of more than 100 international athletes from a World Anti-Doping Agency database. “It basically makes information a whom had to resign. The hack also delayed competitive element across the planet. It and limited the release of Sony’s movie becomes yet another type of warfare,” said The Interview, a controversial comedy that Mark M. Pollitt, an adjunct professor at depicted an assassination attempt on North Syracuse University’s School of Information Korean leader Kim Jong Un. Investigating Studies and a former chief of the FBI’s and repairing damage from the attack cost computer analysis response team. the company $35 million. Yahoo announced in September that “State-sponsored hackers can manipulate a state-sponsored hacker accessed 500 the atmosphere of entire companies or million email accounts entire nations,” said in 2014; the stolen Alex Holden, chief information included information security passwords and answers officer at Hold Security, “State-sponsored to security questions. an information security Russia is suspected company in Milwaukee. hackers are not of being behind the He cited the Sony after my mom’s breach. The company breach and another had been hit in the past discovered in 2015 at information, not by Chinese military health insurer Anthem after the money. hackers. Inc. that tapped into Also in September, personal data for at They comprothe World Anti-Doping least 70 million custommise people, and Agency accused the ers and employees. The hacking group Fancy government itself is not people give them Bear — which security immune: Chinese hackfirms have said is linked ers allegedly breached the information.” to Russian state the federal Office of — Alex Holden, chief interests — of accessing Personnel Management information security its records and revealin 2015, gaining access officer at Hold Security ing medical information to the records of more on Biles and other than 22 million current Olympic athletes. Fancy and former federal Bear is also thought to employees. be among the foreign hackers allegedly Evan Sills, director of Good Harbor responsible for the cyberattack on the Security Risk Management, a consulting Democratic National Committee this firm in Washington, D.C., said China is summer. still a concern, but that the country has The FBI blamed a separate high-profile reduced its hacking since it made a deal hack on North Korea: the 2014 release of with the U.S. in 2015 not to engage in emails and other private information from economic espionage. That agreement came Sony Pictures Entertainment, including after a 2014 U.S. indictment of five Chinese information that proved embarrassing for military hackers accused of hacking the company’s top executives, some of manufacturers such as U.S. Steel and Alcoa

Inc. to benefit Chinese government-owned companies. The U.S. is not averse to cyberattacks of its own, according to security experts. The U.S. and Israel were suspected in the Stuxnet malware that attacked Iranian nuclear facilities in 2010. And Edward Snowden’s leak of National Security Agency files revealed that the federal spy agency had been monitoring the phone of German Chancellor Angela Merkel. Governments are “still trying to figure out what the rules of the road are” with cyberattacks as the amount of information proliferates online, Sills said. When the internet was designed, no one envisioned the amount of private and crucial information that would find its way into bits and bytes. “It’s easier to hack than it is to defend at this point,” Sills said. “That’s because the internet was designed to share information, not protect information.” The breach of federal employee information is an example of why countries find it appealing to hack. “How long would it take for a foreign agency to collect all the information about everyone who works for the IRS the old-fashioned way?” asked Pollitt. “But yet they were able to do it online.” As a tool for espionage, hacking neither requires military troops nor does it physically endanger spies; it enables information seekers to gather data despite long distances and language barriers and to do their work largely in secret. That makes it difficult to know who’s really responsible for attacks, even when the attacks become public. State-sponsored hackers operate differently than criminal hackers, however. They often spend years working quietly behind

the scenes to gather information, while hackers who just want to cause trouble usually tout their victories publicly and quickly sell the information they’ve stolen on black market websites to spammers and others. The relative ease of hacking has leveled the playing field in spying, allowing more countries to get information even if they don’t have the resources for large field operations. But Pollitt and other security experts say that larger countries still have the advantage of more resources to sift through the vast troves of data now available and the talent to handle the hacking more strategically. State-sponsored hackers aren’t usually after the average individual, although accessing emails, Facebook accounts and other personal information of government officials and their families can help spy operations: Who’s broke and susceptible to leaking U.S. secrets? Whose smartwatch shows they have an elevated heart rate while in a hotel room with someone not their spouse? Whose expense records show suspicious spending patterns? These hackers gain the trust of people who have access to government data or trade secrets through avenues including dating sites and social media, Holden said. “State-sponsored hackers are not after my mom’s information, not after the money. They compromise people, and people give them the information.” Information originally commissioned by state-sponsored hackers can eventually find its way into the black market, especially if countries are trying to deflect blame onto commercial hackers. The Yahoo breach, for instance, didn’t include any bank information, but many people use the same passwords and usernames on multiple accounts, potentially making non-Yahoo information vulnerable. Schneck said the U.S. government is getting better at figuring out who’s attacking and is calling them out on it, but individuals need to do their part, too. The indictment of the Chinese hackers is an example. “We are just not going to stand for cyber intrusion,” she said. Her department is now sharing computer coding information that has been used in attacks so companies and government departments can protect themselves. Experts said the public needs to do its part by guarding access to their passwords, using stronger passwords, keeping computers updated with security software, using systems that require more than one method of authenticating their identity and not sharing information such as Social Security numbers online. Although foreign hackers might not be interested in someone’s Facebook cat photos, they might just use the person’s computer to get access to their system at work or for data about someone else close to them. “Every machine that is not protected is part of a weaker link,” Schneck said. “Everyone has something to protect.”







State agencies pool resources to battle cyberthreats

By Adam Stone


HEN JOHN HOLIDAY TOOK the helm as Kentucky’s executive director of homeland security in February, he saw right away that something was missing in the state’s Intelligence Fusion Center. Formed in the wake of the 9/11 attacks, the nation’s 78 state and local fusion centers act as focal points for security intelligence. They gather, analyze and share threat-related information between a multitude of federal, state, local, tribal and private-sector partners. Kentucky’s center was doing all that, effectively tracking a broad range of

potential hazards to public health and safety — but it wasn’t tracking computer crimes, even though cybercrime is widely recognized as one of the fastest-growing perils in homeland security. “I realized that we did have a problem here in Kentucky in addressing the growth of cybercrime,” Holiday said. “We did not really have any coordinated effort to deal with this growing trend.” He took action, implementing initiatives to bring cyberthreats into focus. It’s a trend playing out around the nation as fusion centers expand their portfolios to account for cyber hazards. The Department of Homeland Security calls cyber intrusion a sweeping threat, an enabler of activities that include child pornography,

financial crimes and attacks on critical infrastructure. Fusion centers increasingly are stepping up to address the threat.


In Kentucky, Holiday started by hiring the first-ever cyber analyst for the 11-yearold fusion center, which operates on a $450,000 annual budget. “That person is the center of gravity for all things cybersecurity, public sector and private sector, in the state of Kentucky,” he said. He also formed working groups to bring together public and private sector officials. In April, the fusion center sponsored a multiagency cyber conference on the CO N T I N U E D






Chris Rodriguez, New Jersey’s homeland security director, says the private sector has been reluctant to share cyberthreat data with government agencies.

University of Kentucky campus that drew more than 100 attendees. Sessions addressed emerging threats, modern enterprise security practices, ransomware defense strategies and a range of related topics. Kentucky’s fusion center has become a clearinghouse for cyberintelligence. “We gather information from multiple sources, from public reporting and from three-letter (federal security) agencies. We conduct analysis, we determine how it impacts the state of Kentucky and we push that out to the organizations that have the proper security clearance and the need to know,” Holiday said. Recipients include state agencies and private-sector partners. This emergence of the fusion center as a state’s de facto cyber hazard authority is playing out across the nation, noted Glenn L. Archer III, executive director of the National Fusion Center Association. He called it a natural next step in the effort to bring a multiagency approach to issues of homeland security. “The fusion center is already the information-sharing hub for counterterrorism and major crimes information, so this is a logical progression,” he added. The level of cyber sophistication varies widely — not all fusion centers are fully engaged in battling the online threat — “but we are all building toward that capability at varying levels, at varying speeds,” Archer said. “This is probably the most serious growing threat we face today, and so we are seeing fusion centers across the country pick up this role.” While the association’s cyberthreat intelligence subcommittee is helping members to get up to speed, some fusion centers clearly have taken a leading role. Given the proximity of Silicon Valley, it is perhaps


Kentucky Office of Homeland Security Executive Director John Holiday, standing at left, has led efforts to increase emphasis on cyber hazards in the state’s fusion center. not surprising that the Northern California Regional Intelligence Center (NCRIC) is ahead of the curve.

its partners in cyber training and readiness activities. The center offers a mobile application to help people report incidents, and it mounts a 24/7 response team. DEDICATED EXPERTS All this effort requires a specific skill set, NCRIC Director Mike Sena literally one not readily available. Analysts say more helped write the book on than 209,000 public- and cyberintelligence-sharing. private-sector cybersecurity He worked to develop a jobs in the U.S. are unfilled, THERE ARE toolkit on the topic, Cyber and the demand for workers Integration for Fusion continues to increase. Centers, for the U.S. DepartDespite being located in the ment of Justice’s Bureau heart of tech country, NCRIC of Justice Assistance. The still finds it a challenge to center launched its cyber close the talent gap. Univerinitiative two years ago. sity internships help. STATE AND LOCAL “We have looked at “Those folks have been physical threats, suspiciousFUSION CENTERS phenomenal. They are young activities reporting, tips and they want to learn, but IN THE U.S. and leads. Those are already the downside is that we only being pushed into the fusion have them for two or three centers,” he said. “But the years before some other virtual world is a place where government organization comes along and hires them and public safety have lagged behind, for a lot more money. It is a revolving door largely due to a lack of expertise.” for us,” Sena said. With six cyber analysts on staff, NCRIC WINNING COOPERATION has been working to bring that expertise to In New Jersey, Homeland Security and the table. Sena’s team monitors networks Preparedness Director Chris Rodriguez and issues threat alerts. The center faces a different challenge in efforts to bring collaborates with agencies across the a cyber focus to the New Jersey Cyberseboards, from the highway patrol and state curity and Communications Integration justice department to DHS, DEA, FBI and Cell, located within the state fusion center: local law enforcement. The team engages


private-sector reluctance. In order to issue timely alerts, cyber experts need to draw data from as many points as possible. While federal agencies such as the FBI and DHS readily share what they know about emerging threats, private companies have been less sanguine about disclosure. “For private owners and operators, if they see malicious traffic hitting their systems or if they have been the victim of a cyberattack, they may be unwilling to share their information with the government,” Rodriguez said. Businesses may fear public disclosure of their security weaknesses, even though the fusion center is exempt from reporting any such data, and despite the fact that analysts make all breach information anonymous before broadcasting their warnings. At the end of the day, Rodriguez said, it is in the private sector’s interest to join the dialogue. Just as fusion centers have served a nexus of critical data on physical threats for more than a decade, those same operations today can help secure digital assets for both governments and commercial end-users, but only if everyone rows together. “Especially among smaller businesses that don’t have the staffing or the expertise to run their own full-fledged IT shops, we want to help them raise the bar,” he said.





HOLDING PATTERN Use of private immigrant-detention centers is under review




Immigrant detainees walk to lunch from a housing unit in July 2015 at the privately run Eloy Detention Center near Phoenix, far left. Immigration-rights advocates want to end the use of for-profit facilities to hold immigrants like these female detainees, above. There are 41 privately run centers under contract with U.S. Immigration and Customs Enforcement. By Daniel González


RIVATE FEDERAL PRISONS ARE on the way out, and privately run immigration-detention centers could be next. In August, Department of Homeland Security Secretary Jeh Johnson directed an advisory committee to produce a report by Nov. 30 on whether U.S. Immigration and Customs Enforcement (ICE) should end the use of private for-profit companies that operate detention centers to hold immigrants. The move came less than two weeks after the Department of Justice announced that it had directed the Federal Bureau of Prisons to phase out the use of privately run for-profit prisons. The decision cited an inspector general’s report that concluded private prisons are less safe and not as effective as government-run prisons. Following the Justice Department’s announcement, immigration-rights advocates said DHS should do the same with for-profit detention centers. Many contend that the use of for-profit companies to run immigration-detention centers has fueled a trend to hold more people rather than use less expensive alternatives to detention. It also has led to a host of problems at the facilities, including inadequate medical care that rights groups said has contributed to numerous deaths. “It’s a welcome sign that detention centers are, too, being looked at,” said Carlos Garcia, executive director of Puente Arizona, a group that advocates for the

release of immigrants held in detention. “From what we know, the same horrible conditions at federal prisons are happening in detention centers.” The group has been critical of the Eloy Detention Center, a 1,550-bed private prison about 60 miles south of Phoenix, considered the deadliest in the nation. Since 2003, 14 deaths, including five suicides, have occurred at the center, according to an investigation by The Arizona Republic. Nashville, Tenn.-based Corrections Corporation of America (CCA), one of the largest private-prison contractors in the country, runs the center under contract with ICE. From 2004 to June 2015, at least 32 deaths have occurred at CCA-operated facilities nationwide, according to data collected by Prison Legal News, a project of the nonprofit Human Rights Defense Center. Cristina Parker, immigration programs director at the civil and human rights organization Grassroots Leadership in Austin, Texas, said she hopes that DHS’ review of private, for-profit immigration-detention centers concludes with the closing of all of the privately operated centers. “I am glad they are reviewing, but ultimately an honest and correct outcome of that review is to decide to stop using private prisons,” she said. “After all, the DOJ decided they did not want to use these companies for private prisons, and they are the exact same companies involved in immigrant detention.” Rep. Raúl Grijalva, D-Ariz., and Sen.

Bernie Sanders, I-Vt., have called on DHS the advisory committee to review current to stop using private, for-profit companies policy and practices concerning the use to house immigration detainees. The two of private immigration detention and to lawmakers urged the department to use evaluate whether any should be eliminated. community-based alternatives they said The review should consider all factors, are more cost-effective but also ensure that including fiscal considerations, he said. immigrants show up for hearings. Should DHS decide to end the use of In a statement, Grijalva and Sanders said privately run immigration-detention immigrants housed in detention-center centers, the fallout could be much greater alternatives appear in court 99 percent of than on private prisons. the time and comply Forty-one priwith removal 84 percent vately run immigrationof the time. Increasing detention centers the use of such options throughout the country could save the federal contract with ICE to hold government more than immigrants awaiting $1.4 billion a year, they deportation or the THE NUMBER added. outcome of immigration Jonathan Burns, a hearings. Eloy Detention OF IMMIGRANTS CCA spokesman, said is the third DETENTION CENTERS Center in a statement that the largest in the nation. private-prison contracThe private detention HOLD EACH YEAR tor welcomes the centers house 62 — 2015 report by Grassroots Leadership, review. He said the compercent of the estimated a nonprofit group that opposes private prisons pany has worked with 34,000 immigration the federal government beds that ICE maintains. to “provide solutions to The vast network of pressing immigration challenges for more detention centers holds more than 300,000 than 30 years. immigrants each year, according to a “This effort builds on the unfettered, 2015 report by the nonprofit Grassroots daily, onsite access ICE officials have to our Leadership group, which opposes private facilities and the thousands of government prisons. audits we’re subject to each year. We’re By comparison, the Justice Department’s proud of the quality and value of the decision applies to 13 private prisons services we provide and look forward to operated under contract with the Bureau of sharing that information with” the advisory Prisons. Those centers hold about 22,000 committee, Burns’ statement read. inmates, who represent about 11 percent DHS Secretary Johnson said he wants of the total federal prison population.




INSIDE OUR BORDERS Smartphone owners keep loads of personal data in their devices in exchange for convenient features.

POCKET PROTECTION Your mobile device knows almost everything about you. Can it be used against you?


By Matt Alderton


EIGHING LESS THAN 5 ounces, Apple’s iPhone 7 knows whom you call and who calls you. It knows the content of your text messages and emails. It knows where you’re going and where you’ve been. It knows your banking passwords, the names of your friends and the date of your next doctor’s appointment. And, if you’ve ever taken an explicit selfie, it even knows what you look like naked. “Your cellphone is the most intimate thing in your life,” said security expert Bruce Schneier, author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. “It knows who you sleep with, when you get up and when you go to sleep. It’s the first thing you check in the morning and the last thing you check at night. ... You don’t lie to your (cellphone);



INSIDE OUR BORDERS it knows more about you than your significant other does.” Of course, cellphone owners enjoy a wealth of 21st-century services in exchange for their data. Travelers who tap an address receive turn-by-turn directions to their hotel. Those who upload vacation photos can quickly share them on social media. And customers who add their credit card information can use their phones to pay for coffee. For most Americans, the question isn’t whether their phones should know the things they know. Rather, it’s how they should share them and with whom. “It’s very difficult for most consumers to control what happens to their data,” said Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, a public interest research center that advocates for digital privacy and civil liberties. “For that reason, we need companies and governments to establish safeguards.”





The national conversation about safeguards began in earnest in 2013, when former CIA employee and government contractor Edward Snowden disclosed documents that proved secret mass surveillance of Americans’ internet and cellphone communications by the National Security Agency. It reached a fever pitch, however, on Dec. 2, 2015, when husband-and-wife terrorists Syed Rizwan Farook and Tashfeen Malik opened fire on Farook’s colleagues at a holiday party in San Bernardino, Calif., killing 14 people and injuring 22 before both were killed in a shootout with police. Afterward, the FBI recovered Farook’s work-issued iPhone, which was locked with a four-digit password and programmed to erase its contents after 10 failed password attempts. Unable to unlock the phone, it asked a federal court to compel Apple to assist its investigation by creating a “backdoor” into Farook’s phone. Apple refused. “The government suggests this tool could only be used once, on one phone. But that’s simply not true,” said Apple CEO Tim Cook said in a statement. “In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.” Apple’s feud with the FBI ended abruptly in March when the agency announced it had successfully commissioned a private company to crack Farook’s phone without triggering a security feature that would have erased all the data. The questions it raised, however, remain — not the least of which is: Which is more important, privacy or public safety? Privacy advocates point out the personal



Edward Snowden, shown on banner above, revealed secret surveillance by the government in 2013, and police sought to access the cellphone of an accused terrorist who killed 14 people at holiday party in San Bernardino, Calif., in December 2015. and social consequences of unsecured mobile data. “(If you have an Android phone) Google knows where you sleep, eat and work. It knows where you go to the doctor, whether you’re seeing a therapist, if you’re having an affair, where you worship and where your kids go to school,” said Nate Cardozo, senior staff attorney at the Electronic Frontier Foundation, a nonprofit that works to defend digital civil liberties. “Even if you don’t care that Google knows that, or the government, you might care if your ex, your employer or your insurance company knows it.”

The consequences aren’t just personal; they’re also political, according to Cardozo, who said privacy violations can have a chilling effect on First Amendment rights such as freedom of speech and freedom of assembly. “Privacy is how social movements get built,” he said.“ Gay rights, civil rights, women’s rights — agents of social change were dependent on privacy when they created each of these social movements. ... Without privacy, democracy breaks down.” So does creativity, according to Georgetown University Law Center professor


Paul Ohm, who cited a 2013 survey by the PEN American Center, a literary and human rights organization. The research found that many American writers censor themselves in emails, on social media and in their writing because of concerns about government surveillance. “We, as a society, should worry if the people we rely on to imagine our future and reflect on our past no longer feel unencumbered,” Ohm said. “It’s hard to quantify that kind of harm, but if we’re all suddenly looking over our shoulder, it seems likely that we’re heading toward a society that is less creative and less vital.” Of course, it’s not just abstract art and ideas that are at risk when privacy is threatened. It’s also concrete assets — like your identity. “When someone gets access to your personal information, it’s not just because they’re nosy; it’s because they want to use that information,” said Rotenberg. He pointed out that while the FBI has approximately 600 locked cellphones it wants to access for investigations, identity thieves potentially have access to 3 million phones that were stolen in the United States last year alone. Securing information from fraudsters, therefore, is perhaps even more important than securing it from government, he argued. “These stolen cellphones are leading to more crime, and that’s a problem we shouldn’t CO N T I N U E D



INSIDE OUR BORDERS At the U.S. Immigration and Customs Enforcement’s Cyber Crime Center in Fairfax, Va., specialists inspect confiscated digital equipment looking for evidence in criminal cases.


underestimate.” Which leads to the issue of public safety. While cellphones can enable crime, they can also be used to stop it, according to security experts, who point out the difference between Snowden’s case, which involved secret surveillance, and the San Bernardino one, which involved legal forensics. “(Forensic technology) is not an onthe-wire listening technology,” explained Jeremy Nazarian, global chief marketing officer at Israeli mobile data forensics firm Cellebrite, which is rumored to be the company that helped the FBI unlock Farook’s iPhone, although representatives wouldn’t comment on the case. “It’s a technology that can be used to obtain evidence from a mobile device only once that device is in custody as evidence.” Used lawfully — with probable cause and a warrant, for example — both surveillance and forensics can advance public safety by extracting information from cellphones

that can help solve crimes, convict criminals and even exonerate innocent suspects. “Public safety is clearly enhanced by virtue of an investigation being solved faster,” Nazarian noted. Then there’s the fact that criminals are increasingly using mobile devices. When crimes such as human trafficking, narcotics smuggling and cybercrime are committed using cellphones, it stands to reason that cellphone evidence can play an important role in prosecuting them. “Illicit activity is increasingly being conducted online. Between 2010 and 2015, (Homeland Security Investigations) has seen almost a five-fold increase of data seized and analyzed,” said Dani Bennett, spokeswoman for U.S. Immigration and Customs Enforcement’s Homeland Security Investigations, the principal investigative arm of the U.S. Department of Homeland CO N T I N U E D





INSIDE OUR BORDERS “It’s very difficult for most consumers to control what happens to their data. For that reason, we need companies and governments to establish safeguards.” — Marc Rotenberg, president and executive director of the Electronic Privacy Information Center


The U.S. Supreme Court ruled in 2014 that the warrantless search and seizure of a cellphone’s contents during an arrest is unconstitutional. The case involved a suspect in San Diego whose mobile device was confiscated and searched by police when he was arrested in 2009. Security. “The amount of seized data being analyzed coming from mobile devices compared with non-mobile devices is still a small percentage overall, but the trend is heading upwards dramatically.”


According to Sen. Ron Wyden, D-Ore., privacy and public safety are not mutually exclusive. “Our people want ... the best possible security and the strongest possible privacy protections,” he said. “We can have both, although increasingly, the policies being proposed don’t do much of either. Wyden is leading the effort to change that as the sponsor of two bills that he hopes will lead the way on digital defense.

The first, the Geolocation Privacy and Surveillance Act, or GPS Act, would require government agencies seeking location data from citizens’ mobile devices to have probable cause and a warrant, and would prohibit private companies from sharing location data without customers’ explicit consent. The second, the Secure Data Act, would prohibit government mandates to build security vulnerabilities or “backdoors” into mobile devices, like the one the FBI requested of Apple. The bill proposed by Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., would mandate the opposite by requiring tech companies give the government access to plain-text user data. Wyden released a statement

saying he would filibuster it if it reaches the Senate floor. As of mid-November, neither proposal has come to a vote. “Federal law hasn’t kept up with technology,” Wyden said. “So from a legal standpoint, I think it’s safe to say Americans’ electronic ... data is up for grabs. I want clear rules that speak to how we’ll keep people safe while also protecting their privacy.” The Supreme Court laid the foundation for exactly such rules in 2014, when it decided the landmark Fourth Amendment case Riley v. California. The court’s unanimous decision held as unconstitutional the warrantless search and seizure of a cellphone’s contents during an arrest.

“Chief Justice (John) Roberts’ opinion is a love letter to the smartphone,” Ohm said. “It said that ... (constitutional protections) should be stronger for your smartphone than they are for even your bedroom.” As decisive as it was, Riley was only the first chapter on cellphone privacy. For instance, courts and lawmakers still must determine who owns cellphone data — the consumers who generate it or the companies that collect it — and for how long companies can retain it. Industry also must do its part, according to the Electronic Frontier Foundation’s Cardozo, who supports end-to-end encryption of cellphone data to protect it both on devices and in the cloud. “We need more corporations to do what companies like Apple and WhatsApp have done, which is encrypt data in transit in ways that no one can access it — not even themselves,” he said, citing as an example his phone’s ability to estimate the length of his commute home from work. “The way Apple has built its products, it doesn’t know where I live or work; my phone does. With an Android phone, that information is processed on Google’s servers instead of on the device.” Although few dispute the merits of security, Nazarian said the responsibility for protecting privacy rests with people, not technology. “There’s nothing inherent in technology that leads to its misuse,” he said. “It’s up to our partners in law enforcement to follow the law ... in legally obtaining, accessing and managing evidence.” And up to consumers to be better stewards of their data in the first place, according to Ohm. “In some cases, we’re (surrendering our data) in exchange for some really wonderful innovations — like Amazon on the fly and YouTube on the train. But for the average citizen, it’s a really bad bargain,” he concluded. “I think everybody could stand to think a little bit more about the risks. If they did, we would probably have a lot more laws and protections.”





THE DANGER NEXT DOOR As terrorism becomes increasingly homegrown, definitions and policies are being challenged



By Erik Schechter


EFORE HE WAS SHOT and killed by an off-duty police officer, Dahir Adan, a Somali immigrant to the United States, went on a stabbing rampage at a Minnesota mall in September. During the attack, Adan reportedly yelled, “Allahu akbar” (“God is great!”) and appeared to target patrons based on their religion (he asked some victims whether they were Muslim). Afterward, a news agency linked to the Islamic State group claimed that he was a “soldier” of the militant state, and the American press described him as a “lone wolf” terrorist. But was he really? Because of a shift in how militants are mobilized, it’s getting more difficult to tell a lone wolf from someone who is part of an organized terrorist cell, posing a challenge to researchers and security officials alike.




Terrorism is typically defined as the use of violence by non-state actors against civilians to achieve a political objective, according to Daniel Byman, a senior fellow with the Brookings Institution’s Center for Middle East Policy. But what were Adan’s demands? All investigators found in the days after the stabbings was that he was newly interested in Islam and had become more socially isolated. “Twenty years ago, we would’ve called this a crazy person,” Byman said. “Now we call it ‘terrorism.’ ” And it’s not just Adan. Omar Mateen, who shot and killed 49 people at the Pulse nightclub in Orlando, Fla., in June and was killed by police, had explicitly claimed the attack in the name of the Islamic State. Also, his ex-wife said Mateen was bipolar and physically abusive toward her, and Mateen himself had once declared that he was a member of Hezbollah, a Shiite Muslim militant group at war with the Islamic State. Does this mean that Mateen was a low-information terrorist, a sane person who commits a violent act in the name of some cause or group but doesn’t fully understand the implications, or mentally ill? The ambiguity goes both ways, noted Daveed Gartenstein-Ross, a senior fellow at the Foundation for Defense of Democracies, a nonpartisan group with an interest in national security. Often terrorists initially described as lone wolves, such as the suicide bomber who CO N T I N U E D


Police say Dahir Adan stabbed at least nine people at Crossroads Center in St. Cloud, Minn., before he was killed.



Children visit a memorial for some of the 49 people killed in a mass shooting by Omar Mateen at the Pulse nightclub June 17 in Orlando, Fla.




a step in the right direction, while administration critics such as Rep. Michael McCaul, R-Texas, chairman of the House Committee on Homeland Security, feel it doesn’t go far enough. McCaul has expressed disappointment that “violent Islamist extremist ideology” hasn’t been referred to by name as the enemy. Others, however, are dubious of this approach in general.


Michael German, a former FBI undercover agent and fellow with the Brennan Center for Justice’s Liberty and National Security Program, argues that, like “If You See Something, Say Something,” CVE efforts are rooted in muddled thinking about ideology and terrorism. “This model presumes that people who might engage in a violent act in the future are exhibiting some sort of telltale sign to predict it,” he said. It was the same notion that informed The Radicalization Process: From Conversion to Jihad, an assessment published by the FBI in 2006, which broke down four steps by which a U.S. citizen of Islamic faith might become a radical terrorist. JOE RAEDLE/GETTY IMAGES (Traveling overseas and bonding with FBI agents walk outside near the Inland Regional Center in San Bernardino, Calif., where 14 people were killed and 22 othpeople with similar opinions is part of ers were injured after Syed Rizwan Farook and Tashfeen Malik, a married couple, opened fire on a holiday party. step two, identification; proselytizing fell under step three, indoctrination.) But after a decade of empirical in July injured 15 people outside a “It’s like suicide prevention (or) studies into what makes a terrorist, poses a challenge to something like music festival in Ansbach, Germany, gang prevention,” Taylor said. “nobody has been able to identify the national “If You See Something, are, according to Gartenstein-Ross, in This past year, there’s been a this so-called radicalization process, Say Something” campaign, which fact linked to “virtual planners” via doubling down on except in hindsight,” encourages citizens to report social media. CVE efforts. In January, German noted. In fact, tips or suspicious activity to local Francis Taylor, undersecretary DHS announced an the FBI assessment law enforcement agencies; that for intelligence and analysis at the interagency CVE Task says that it’s difficult information is then analyzed at fusion Department of Homeland Security, Force to coordinate and to identify potential centers — which share intelligence calls the phenomenon “homegrown prioritize programs terrorists during among local, state, federal and other AWARDED violent extremism.” Groups such across the government. the first step of the partners — and are investigated BY DHS TO as the Islamic State are using the And in July, DHS’ process, because by the FBI. RELIGIOUS internet to radicalize and enlist Office of Community the pre-doctrination BOOSTING COUNTERGROUPS, people around the world without Partnerships was given is often invisible to EXTREMISM EFFORTS ever having to meet them in person. $10 million to award to observers. MENTAL HEALTH As a preventative measure, the Through blogs, Facebook pages as many as 60 relevant All ideology-focused PROVIDERS year-old DHS Office of Community and chat rooms, potential recruits religious groups, mental approaches do is bury AND OTHER Partnerships leads efforts in countercan access, and be directed to, an health providers and law enforcement in LOCAL SERVICES data, divert it from ing violent extremism (CVE), seeking assortment of speeches, videos and other local services. TO HELP COUNTER focusing on crimes and to help communities convey the training materials. What’s more, this Officials hope that VIOLENT message that terrorism is unethical radicalization used to happen graduCVE efforts will also give the government EXTREMISM (or theologically prohibited), unally, but that’s no longer the case. encourage family, more power to go after necessary and counterproductive and “We’re seeing people in very short friends and commudissenters, he argued. persuade at-risk individuals to seek periods of time, one, change their nity members to report These criticisms different paths in life by connecting behavior; two, become radicalized; people acting strangely aside, U.S. Customs people with mental health providers, and three, move to action very to the authorities. and Border Protection proposed in social workers, faith-based organizaquickly,” Taylor said. Byman and Gartenstein-Ross June that visitors to the U.S. from visa tions and other resources. This short time “from flash to bang” believe that CVE is, more or less, waiver countries (mostly friendly



places such as European countries, Australia and Japan) be given the option to provide information about their social media accounts when they fill out their entry forms. The goal, Taylor explained, is to “bring more data to bear to help us better understand the applicant who is applying for benefits here,” adding that private chats between individuals will remain off-limits. Still, the question is how useful that added stream of data will be. Take Tashfeen Malik, who joined her husband, Syed Rizwan Farook, in planning an attack in which he opened fire on his colleagues at a holiday party in San Bernardino, Calif., killing 14 and injuring 22 others before they both were

“We’re seeing people in very short periods of time, one, change their behavior; two, become radicalized; and three, move to action very quickly.” — Francis Taylor, DHS undersecretary for intelligence and analysis

fatally wounded by police last December. Malik only discussed jihad by email and private messages and through a dating site before coming to the United States from Pakistan. Be that as it may, the new data collection program, which privacy groups have criticized as “highly invasive,” could begin as early as December if approved by the Office of Management and Budget. Ultimately, authorities know that, even with the aid of tipsters, an engaged community and social media checks, they face a challenge trying to distinguish lone terrorists from law-abiding radicals. “We don’t do mind policing here in the United States of America,” Taylor added, “and it’s not illegal to have bad thoughts. It’s just illegal to act on your bad thoughts.”


STAYING VIGILANT AGAINST VIOLENCE On Bastille Day, Mohamed Bouhlel deliberately plowed his 19-ton rental truck through crowds celebrating the French national holiday on the closed-off Promenade des Anglais in Nice, France. The devastating attack in July killed 86 people and wounded hundreds of others. Slain at the scene, 31-year-old Bouhlel had a history of mental illness, drug use and criminal violence. French police believe he had no Islamic State connections (despite the group’s claiming him as a “soldier”) but did have local accomplices — and the right target: a large and vulnerable crowd of people suspecting no danger. Closer to home, Ahmad Khan Rahimi, a U.S. citizen and Afghan immigrant suspected of detonating a bomb in New York’s Chelsea neighborhood in September, wounding 29 people, is alleged to have also targeted a Marine Corps charity run in New Jersey. Fortunately, those explosives didn’t hurt anyone. Whether a single person on a mission to kill or hurt others or a terrorist cell aiming to cause mass destruction is the perpetrator, security experts are on guard for future, similar attacks at major events and venues. “I think the threat has been exponentially growing,” said Chuck Archer, a former assistant director of the FBI in the Clinton administration who now works for QFace Systems, a company that develops facial recognition software solutions. Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security, agreed with this grim assessment. “It’s not a matter of ‘if’ anymore, but ‘when,’ ” she said. DHS has been working with security managers at stadiums, casinos, shopping malls and other “soft-target” locations to help protect their patrons. For



Medical and police personnel assess the scene in Nice, France, after a truck driven by Mohamed Bouhlel plowed into a large crowd. smaller venues, DHS can provide infrastructure protection advisers, who offer expertise on everything from screening techniques (a new best-practices guide came out in April) to developing a plan for active shooter scenarios. “At the national level, we’ll work directly with some of the leagues, like Major League Baseball and the National Football League,” Durkovich said. “So we were a driving force a few years ago of having MLB institute a magnetometer (metal detector) policy that you now see at all of the parks.” In addition to metal detectors, major venue security managers have been employing undercover officers to work the crowds, biometric locks to limit access to sensitive areas and barriers disguised as flower planters to prevent ramming attacks. In Baltimore, police used a controversial airborne camera system to watch for threats during Fleet Week in October. Then there is the flood of closedcircuit surveillance cameras, known as CCTV. “Now, in some of these stadiums, you have some very sophisticated security operations center where (you have) these very high-

resolution CCTVs that cover every area in the stadium,” Durkovich said. “Some leagues and venues are (even) employing facial recognition technology.” Other places that use facial recognition software include casinos, large retailers and embassies. To support this technology, companies will sell databases of photos “scraped” from public records. These databases are great for spotting known terrorists or troublemakers with criminal histories, “but newcomers are going to be trickier to identify,” Archer acknowledged. In addition to facial recognition solutions, policies limiting the size of or outright banning bags are also becoming more common at large venues. The NFL, for example, allows fans to bring in items only in a small clear plastic bag, which is checked and then rechecked by concentric rings of security personnel. Still, even in these times, security is not a one-size-fits-all prescription. “What might be appropriate for the Super Bowl might not be appropriate for a regular NFL game day and certainly not appropriate for what a smaller nightclub might do,” Durkovich said. — Erik Schechter







Anil Nanduri, vice president of Intel Corp.’s new technology group, demonstrates a drone in November during a House commerce panel hearing in Washington.



As drones’ popularity skyrockets, security challenges also rise

By Carmen Gentile


HE U.S. MILITARY’S USE of unmanned aerial systems, commonly referred to as drones, has played a major role abroad in tracking down enemy combatants and carrying out often deadly strikes. Their devastating efficacy in countries such as Afghanistan, Iraq, Yemen and elsewhere has apparently inspired the Islamic State to incorporate drone warfare into its own fight, using small drones to

keep tabs on Iraqi and U.S. soldiers, among other missions. The insurgent group recently used a commercially purchased drone packed with explosives to kill two Kurdish fighters in northern Iraq. That attack, coupled with incidents of commercial drones being used with nefarious intent at home, is raising concerns about the potential for domestic attacks being carried out with items readily available online and at local big-box stores. Drone use by amateur enthusiasts has skyrocketed in recent years and with it,

concerns about operators with illegal motives. There have been a number of reports of drones used in criminal activity; for example, one was used to fly narcotics into an Ohio prison in 2015. Pilots have reported numerous incidences of drones interfering with air traffic, causing dangerous close calls with commercial and private aircraft that violate federal safety guidelines. Firefighters, police officers and CO N T I N U E D

“Drones are technology just like any technology. ... They have a benign use and can be used for wrong.” — Tim Brown, senior fellow at






UPS tested delivery by drone by flying a device for 3 miles over the Atlantic Ocean in September. Interest in drones has grown so much that AviSight Drone Academy often conducts training courses like one in August in Las Vegas, left, for beginners and master users.


paramedics at emergency scenes have been buzzed by drones filming overhead and interfering with their work. One drone operator, albeit by accident, even breached the airspace of the White House and crashed on the first family’s lawn, raising eyebrows and sparking a national conversation about the possibility that drones might be used in domestic terror attacks. Drone popularity has largely outpaced the regulation of their use, forcing federal agencies to play catch-up. The Federal Aviation Administration’s (FAA) rule on routine operation of small (less than 55 pounds) unmanned aircraft just went into effect Aug. 29. Pilots are required to keep their unmanned craft within eyesight at all times, fly no higher than 400 feet and not exceed 100 mph, among other requirements. “With this new rule, we are taking a careful and deliberate approach that balances the need to deploy this new technology with the FAA’s mission to protect public safety,” said FAA Administrator Michael Huerta. “But this is just our first step. We’re already working on additional rules that will expand the range of operations.” While the new rules make clearer what constitutes proper vs. improper drone operation, they can’t pre-empt potential domestic drone threats. “Drones are technology just like any technology. ... They have a benign use and can be used for wrong,” said Tim Brown, a senior fellow at, an analyst group specializing in international defense, foreign policy and homeland security. Brown noted the relative ease with which drones can be modified with weaponry, including handguns. Drones

utilizing tasers, rubber bullets and pepper spray have already been approved for police use in some parts of the U.S. Last year, North Dakota became the first state to legalize less-than-lethal, weaponized drones for use by law enforcement. However, Brown said there are other non-fatal ways in which drones in the hands of illicit users could prove detrimental to public privacy and safety. A drone equipped with a cellphone receiver could eavesdrop on calls. Drones with small-item pick-up and drop-off capabilities, such as ones being developed for retailers Amazon and Walmart, could also be used for domestic espionage: Secret meetings where items were once exchanged handto-hand can now occur without direct human contact, thus minimizing the risk of being caught in the act. And that’s the problem with trying to curtail many types of unauthorized drone use, said Brown — there may not be a human perpetrator at the scene of the crime. In order to make an arrest, Brown said, “unfortunately, you have to wait for someone to be caught.” However, federal agencies and law enforcement are not ceding the high ground — or in this case, skies — to lawbreaking drone users. The occurrence of drone-related crimes and possible terror threats has spawned a subindustry of innovations proffering answers to the dilemma of improper drone usage. Federal agencies such as the Department of Defense and the Department of Homeland Security are increasingly interested in the technology. Both departments have expressed concerns about drone threats to vital interests such as nuclear power plants or military facilities. Earlier this year, CO N T I N U E D





Law enforcement officers watch a drone demonstration in November in Sahuarita, Ariz. The Sahuarita Police Department plans to use aerial drones as an investigative tool.


the Defense Advanced Research Projects Agency (DARPA), which develops emerging technologies for military use, began soliciting ideas for how to counter small drones used for terror-related purposes and enemy combatants. Lockheed Martin and other defense contractors are also developing anti-drone technologies, with an eye toward tamping down the threat from rogue drone users. Among the devices being tested are frequency jammers and devices with laser shoot-down capabilities. A less sophisticated, though effective, method of drone deterrence is a shoulder-fired weapon designed to deploy a small net that wraps around and downs drones midair. “Already we are seeing an arms race developing on how to keep drones out and away from critical infrastructure,” Brown noted. Both high- and low-tech options come with concerns, including the potential collateral damage possible after a drone

is targeted and/or that drones left in the air destroyed. Jamming a may be tracked back to FAA RULES FOR drone’s frequency, for their pilots. This may not DRONE USERS instance, could also always work, however. take out unrelated and Some of even the least As of Aug. 29, pilots are necessary cellphones expensive drones required to keep their in the area, said Fred offer preprogrammed unmanned craft within Roggero, a retired Air coordinate capabilities eyesight at all times. They Force major general who that eliminate the need are not permitted to fly is president and CEO of for a pilot — who remains higher than 400 feet and Resilient Solutions, an offline and unconnected aircraft must not exceed 100 aviation safety and riskto the drone during the mph. For more information, management consulting course of its flight. go to firm in McLean, Va. And The increasingly destroying a drone in sophisticated technology the air causes other available in personal and ripple effects. commercially available drones has also “If you jam a drone, what is going to raised concerns about the possible future happen? Will it fly into a school or fall escalation of hostilities between legal and out of the sky?” Roggero said. “By simply outlaw drone users, who could also gain taking the drone down, are you causing a access to anti-drone technology. Experts bigger problem?” like Roggero say that as drone usage He suggested that taking no action may becomes more common, especially for the sometimes be the wiser course, noting delivery of goods, the incentive to hack and

rob them will increase. Drones have already delivered pharmaceuticals and plasma to physicians and hospitals in Rwanda, and test flights are underway for similar runs in parts of the U.S. The growing use of drones for other purposes only increases the chances of theft or disruptions of deliveries as the technology continues to improve as does its accessibility. Even drones themselves are potential targets for thieves. While there have been no reports of legally operating drones in U.S. skies being electronically commandeered or even interfered with, Roggero said it is a likely threat. “There are going to be people who want to take down that drone for its own value or the value of the content it may contain. “It’s an electronic war really with a countermeasure for every measure and a counter to the counter,” he said. “It’s a never-ending loop.”





Record-breaking rains inundated parts of Louisiana in August and left cities such as Baton Rouge with historic levels of flooding.


Historic floods in Louisiana largely escape media attention outside the bayou By Brian Barth


N FRIDAY MORNING, AUG. 12, Gerard Stolar awoke to the sound of torrential rain, which is familiar for residents of Baton Rouge, La. Such weather is typical in the sultry days of midsummer. The forecast the night before suggested the storm would taper off by afternoon — likely to create a bit of standing water on low-lying roads, but predicted no major damage. Stolar, the Federal Emergency

Management Agency’s (FEMA) federal coordinating officer for the state of Louisiana, prepared for what he hoped would be an ordinary day at the office. But by early afternoon, such hopes had vanished. As the skies continued to dump buckets over the Baton Rouge area and parishes to the east and west, Stolar set in motion the first steps of a response: He briefed the regional FEMA headquarters in Dallas of the situation, dispatched a federal liaison officer to Louisiana’s State Emergency Operations Center and instructed about

200 staff members to “shelter in place” and ensure their laptops and cellphones were fully charged so they could work remotely should the power go out. “It was just staggering the amount of water that fell in a very short period of time,” Stolar said. “Louisiana handles this sort of thing pretty well, but no one expected the quantity of rain we ended up getting.” By Saturday afternoon, a huge swath of the state, from Lake Charles across to Lafayette and Baton Rouge and east to

Lake Pontchartrain, had been inundated with 15 to 20 inches of rain, falling at a rate as high as 6 inches per hour. In some areas, as much as 30 inches of rainfall were reported in a 72-hour period. In total, nearly 7 trillion gallons of water fell on the state in what meteorologists described as a 1,000-year storm. That afternoon, as rain continued to fall, Stolar accompanied Gov. John Bel Edwards on a flight to survey the damage, CO N T I N U E D





touching down in several parishes where local emergency management officials were already welcoming evacuees into community shelters. “At that point, my role on the federal side was to begin to anticipate what support the state might need,” said Stolar. With tens of thousands already displaced and dozens of roads and highways impassable, including portions of Interstates 10 and 12, he knew a major federal contribution would be forthcoming. “This was clearly a significant flooding event, which meant we were going to have a significant population that would have to be sustained for awhile,” he said. By Saturday evening, he was working to “pre-position” emergency supplies — food, water, blankets, cots, infant and toddler care kits, fuel and generators — in a logistics staging area in Alexandria, La., just north of the most heavily flooded areas. On Sunday morning, Edwards made his request to the White House for an emergency declaration, which was approved within hours, ultimately providing federal funds to assist individuals and families in 22 parishes. Stolar said a total of 26 parishes received funds for both individual assistance, as well as to repair roads, bridges, schools, police stations and other public infrastructure. Local government officials, both Democrats and Republicans, praised FEMA’s response as swift and thorough, a welcome signal that the agency had learned from its travails after Hurricane Katrina in 2005 and successfully implemented reforms. Rafael Lemaitre, FEMA’s director of public affairs, attributes the transformation to several factors. JOE RAEDLE/GETTY IMAGES The first factor was a broad stroke of Leslie Andermann Gallagher surveys the flood damage to her home in Sorrento, La., after nearly 7 trillion gallons of rain fell on the statein national policy: the Post-Katrina EmerAugust, causing 13 deaths and billions of dollars’ worth of property damage. gency Management Reform Act, signed into law by President disaster response is time. George W. Bush a year The faster you are able to after the catastrophe. This “When you deploy those resources, set into motion a series of the better.” Hence those organizational reforms at have a storm emergency supplies that FEMA that endowed the that is unnamed Stolar set in motion even agency with more tools before a federal disaster and greater flexibility for ... people declaration was made. addressing major disasters underestimate It also helped that the and strengthened its wheels of federal disaster mandate as the lead the impact.” relief in Louisiana were coordinating entity within — John Bel Edwards, already well-greased the federal government, Louisiana governor before any meteorologist not just post-disaster, but had the slightest inkling pre-emptively, through that torrential rain was on the development of a its way in August. FEMA has maintained an comprehensive emergency management active presence in the state since Katrina program. — the federal declaration for that disaster “(The act) provided FEMA with the is technically still “open” — but two other authority and clarity of mission it needed flood events in Louisiana had already trigto better respond to disasters like this,” gered disaster declarations in the months Lemaitre said. “One of the things the prior to the August floods: In February, legislation created was the ability for FEMA seven parishes along the Mississippi River to pre-deploy, not just personnel, but rein southern Louisiana were made eligible sources as well, closer to where a disaster JOE RAEDLE/GETTY IMAGES for relief, while in March, more than half may occur, so that if and when there are Louisiana Gov. John Bel Edwards updates the public on disaster recovery efforts and temthe state received the president’s declararequests from the governor, the support is porary housing programs provided by the Federal Emergency Management Agency on Aug. there right away. That’s important because 19 in Baton Rouge. the one thing you don’t get back during a CO N T I N U E D



64 tion after a deluge dumped more than 25 inches of rain in some areas. The August floods highlighted one rarely acknowledged pitfall of a world in which it seems as though natural disasters are becoming more and more the norm: inaction. Is the public becoming numb to the bad news? Will complacency set in, leaving communities that much more vulnerable when the next flood, drought or wildfire threatens? Alexa Lopez, FEMA’s press secretary, said that while FEMA is more proactive than ever with its disaster preparedness and response programs, such trends within the general public are a concern at the agency. The media coverage of the 2016 Louisiana floods — or more to the point, the lack thereof — certainly brought this concern to light. With 13 deaths, more than $20 billion in property damage and more than 100,000 residents displaced, the August floods were eventually proclaimed the worst disaster since Superstorm Sandy hit the coast of New York and New Jersey in 2012. However, during the first few days of the disaster, national media outlets barely seemed to cover what was happening, giving much greater airtime to the Olympics and the presidential campaigns. The storm received less media attention than expected, leaving Lopez “to find ways to reach out and push our preparedness messaging.” The lack of media attention could have been partly due to the fact that the August storm didn’t have a moniker as hurricanes do. During a news conference in the midst of the crisis, Edwards noted, “When you have a storm that is unnamed ... people underestimate the impact.” FEMA Administrator Craig Fugate added that

USA TODAY SPECIAL EDITION while the catastrophe may have only made “the third or fourth page (of newspapers) ... FEMA understands this is a very large disaster impacting tens of thousands of people. (Regardless) of whether it is getting national coverage, we think it is a national headline disaster.” The fact that Hurricane Matthew, which affected parts of Florida, Georgia, South Carolina and North Carolina in October, received wall-to-wall media coverage even though it did not cause significantly greater damage than Louisiana’s August floods, certainly seems to validate the theory. Lopez said media response plays a critical role during catastrophes, locally, by alerting people to the dangers and connecting them with government resource, but also nationally, in that vital relief organizations such as the American Red Cross receive vastly more financial support when a disaster remains at the top of the headlines for an extended period. The increased frequency and intensity of storm events associated with climate change is affecting how the agency approaches its work in a variety of ways, not the least of which is public outreach. In Louisiana, for example, Lopez said FEMA’s mantra that they are attempting to instill in residents is: “There is no such thing as a no-risk flood area — you either live in a high-risk or a low-risk area. (So) no matter what, you should always purchase flood insurance.” And when the waters rise? “Make sure you have the FEMA app,” she advised. With weather alerts, safety tips, emergency numbers and a feature that allows photos to be uploaded to help rescue workers assess damage and locate people in need, it is the one-stop shop for those facing a natural disaster.


Each citizen is like a brick in the giant structure of what the Department of Homeland Security refers to as the nation’s “emergency management system.” Local, state and federal governments are integral players in ensuring safety and a speedy recovery in the event of a disaster, along with a nationwide network of support organizations like the American Red Cross. But an informed and well-prepared citizenry is essential for these larger entities to be most effective. There are numerous preventative steps every household can take in support of personal, community and even national security — the key to softening the blow of any crisis. is DHS’ one-stop shop for disaster preparedness. The website provides guidance on how to prepare for emergencies ranging from cyberattacks to disease outbreaks to tsunamis, and everything in between. It also provides a step-by-step approach to preparedness that is applicable in any context, including the following recommendations: ▶ Download FEMA’s Family Emergency Communication Plan. This printout, with versions for children and adults, is a place to compile important contact information, an escape plan for your household and a map for a family meeting spot. ▶ Assemble a disaster supplies kit. Recommended provisions include a gallon of water per person per day for three days, a three-day supply of nonperishable food, a manual can opener, flashlights, a battery-powered radio, extra batteries, a first-aid kit, a whistle, a solar-powered cellphone charger and other items. ▶ Volunteer. Sign up to help the American Red Cross or other aid organizations. ▶ Request a map of flood- or fire-risk zones and emergency routes from your local municipality. ▶ Join a Community Emergency Management Response Team, a FEMA program that trains citizens to assist their neighbors during a disaster when professional responders are unavailable. ▶ Assist family, friends, elderly and disabled persons in your community with disaster preparedness. ▶ Sign up for local severe weather alerts from the National Weather Service. ▶ Download the FEMA app ( to learn about nearby emergency shelter locations and receive government advisories after a disaster. — Brian Barth


Cattle are guided to safety on a Sorrento, La., road flooded in August by rains that fell at a rate as high as 6 inches per hour in parts of the state.





TECHNOLOGY & JOBS Knightscope, a Silicon Valley startup, has created autonomous security robots, like this K3, to help deter crime.



Technology gets fine-tuned to protect and serve

By Mary Helen Berg


MAGINE R2D2, LUKE SKYWALKER’S sidekick robot, as he rolls the beat, working as a sentry at the airport, a security guard at the mall or a sentinel at your child’s elementary school. Imagine no more — robo cops are real and they’re here. The bots are positioned to be high-tech partners for human law enforcement and vanguards for homeland security, said Stacy Dean Stephens, co-founder of Knightscope, the Silicon Valley startup that has developed a new

Unlike the fictional but resourceful Star Wars droid R2D2, Knightscope’s autonomous robot guards have realworld security applications.

line of robot guards. The autonomous security bots can be used in just about any setting, Stephens said, and Knightscope is slowly deploying them in California, before releasing them nationwide. According to Stephens, the machines’ very presence should deter crime, helping “make America the safest country on the planet.”


Knightscope’s shiny, rocket-shaped robots, which the company calls autonomous data machines (ADMs), have




TECHNOLOGY & JOBS a non-threatening appearance, and as they patrol, they collect valuable information for law enforcement and public safety officials. The robots can be made in any color and be designed with “skins,” wraps that a company could customize with a logo. The ADMs currently come in two sizes — the K5, a 5-foot-tall, 3-foot-wide version for outdoors, and the K3, a shorter, slimmer version for indoors. Trundling along at 1 to 3 miles per hour, the 300-pound machine can inspect every corner of a property, collecting audio and 360-degree high-definition video of its surroundings. Sensors detect human trespassers and license plate recognition software scans vehicles, comparing the information to national databases and quickly determining whether a vehicle is suspicious. The robots also sport a thermal sensor that can perceive the presence of people and animals, or “feel” temperature changes that could indicate a fire. In addition, they offer signal detection and can flag unfamiliar mobile phones, laptops or tablets in the area to help prevent hacking. They immediately alert authorities via a wireless connection to human users if they “see or hear” anything out of the ordinary. Stephens said the 2012 attack at Sandy Hook Elementary that killed 26 adults and students in Newtown, Conn., inspired his idea for autonomous robot security. The following year, the former police officer launched Knightscope with business partner William Santana Li. The two believe that having robots onsite at Sandy Hook could have automatically notified police, saving precious seconds and potentially saving lives. Knightscope is crowdfunding further development of robots, giving the public an opportunity to share the expense — and responsibility — of creating futuristic security, according to Stephens. “If we can crowdsource security, and if we can broaden the responsibility for it, to not just the federal government, not just your private security companies, but everybody — then you’re going to have people who are more alert, you’re going to have people who are paying better attention and you’re going to have a safer society,” Stephens said. The roving robo cops have caught the eye of DHS, according to Stephens, but he declined to discuss details of talks with the agency. “What I can tell you is the interest has been sparked,” he said. DHS officials would not confirm having discussions with Knightscope, but Stephens said the robots could be useful in securing U.S. seaports and airports. “You have a tremendous issue with containing the perimeter of those areas because of the traffic that’s in and out of them,” he said. “So being able to utilize

BOTS COULD GO BEYOND GUARDING The machines being developed by Knightscope have the potential to be more than mechanized guards. Here are a few ways the company says the robots could be used if their capabilities were kicked up a notch.

Natural disasters The robot could determine whether areas are safe for rescue teams. They could secure perimeters, check for downed power lines or dangerous gases and chemicals and use thermal scans to detect fire.


Knightscope’s robots, including the K5, can collect audio and high-definition video of their surroundings and sense the presence of people, animals and temperature changes. an autonomous machine to go out and do these patrols and keep eyes on the perimeter protection of these places is paramount.” Investors seem to love the idea of robots, injecting $14 million into the startup to launch the K5. As of early November, additional backers had expressed $61 million in potential interest. The company aims to use the fresh capital to fund development of new skills for the robots, such as gun detection or the ability to identify chemical, biological or radiation threats, Stephens added. Still, there are some kinks to work out; in July, a K5 collided with a toddler, slightly injuring him and raising safety concerns. The use of robo cops also raises ethical

concerns, said Shannon Vallor, who is president of the Society for Philosophy and Technology and author of Technology and the Virtues: A Philosophical Guide to a Future Worth Wanting. Threats to privacy, the potential for racial profiling and hacking or sharing surveillance data are real challenges, Vallor said. “There’s no in-principle objection to using robots for security purposes,” Vallor noted. “The problem is, we’re not discussing how this should be done, and we’re not discussing this in a sense where the public has input, where people who are able to foresee the kinds of ethical problems, and the judicial and due process issues that CO N T I N U E D

Gun detection This capability would alert law enforcement to concealed weapons and potential threats.

Chemical or biological agent detection Post offices and shipping centers

such as FedEx, DHL and UPS could use the robots to detect dangerous agents such as anthrax in packages.

Radiation monitoring or detection Robots could serve as early detection for radiation leaks or measure radiation exposure in the event of an accident.

Facial recognition Advanced software could recognize individuals and alert officials to the presence of specific people, including known criminals or crime suspects.

— Mary Helen Berg GETTY IMAGES




The BIOSwimmer marine robot is designed to maneuver in constricted areas inaccessible by other underwater vehicles.

could crop up are being asked to shape those applications.” Knightscope robots are already on the beat in a dozen locations across California, including the Sacramento Kings’ Golden 1 Center arena, the Stanford Shopping Center in Palo Alto, Calif., and two at the Qualcomm data center in San Diego. The company is working to deploy 50 to 100 units throughout California by the end of the year and plans to make them commercially available to corporations, communities and law enforcement and public agencies throughout the U.S. by 2019, Stephens said. The machines rent for $7 per hour, or about $60,000 a year for 24-hour service.


While DHS does not build its own robo cops, it has funded development of a marine robot to help safeguard the sea, said John Verrico, media relations chief for the department’s Science and Technology Directorate (S&T). With the BIOSwimmer — a 90-pound water robot shaped like a bluefin tuna — security comes in fish form, an unmanned underwater vehicle (UUV) built by Boston Engineering Corp. The BIOSwimmer, nimble enough to maneuver around ship hulls, oil rigs and piers, and able to dive 100 feet, has the potential to help secure U.S. waterways from beneath the surface, said Dave Taylor, program manager for the DHS’ Border and Maritime Security Division. An operator guides the camera- and sonar-equipped robot fish to search for


The Department of Homeland Security says the BIOSwimmer, equipped with cameras and sonar equipment, could potentially help secure U.S. waterways. first responder agencies contraband, drugs or can afford, such as tools explosives. The BIO“If we can that attach to existing Swimmer technology is robots, Verrico said. an example of governcrowdsource Each year, DHS seeks ment and industry security ... you’re input from police officers, cooperating to move emergency personnel technology forward to going to have and bomb technicians to solve security challenges, people who are help determine needs in Taylor said. the security community, “We’re always more alert (and) said Greg Price, director looking at how do we do ... a safer society.” of responder technolosomething quicker, faster gies for the directorate. and better,” Taylor said. — Stacy Dean Stephens, DHS then collaborates “How do we improve co-founder of Knightscope with companies that altechnology to help ready have the expertise (customs and border and infrastructure to agents) do that? I think develop high-tech products needed by law technology is very critical in improving enforcement. security at ports and ports of entry and at For example, DHS partnered with RE2 our borders.” Robotics in Pittsburgh to create the remote ROBOT SUPPORT controlled Semi-Autonomous Pipe Bomb S&T focuses on cost-effective research End Cap Remover (SAPBER). From a safe and development and partners with pridistance, an operator uses a wireless vate companies to create technology that system to command the robot to dismantle

a pipe bomb without detonating it. The device can cut through various types of pipe and disable the explosive, keeping law enforcement officers out of danger and allowing them to safely collect fingerprints, shrapnel, gunpowder and other important evidence. So far, four SAPBERs costing around $45,000 a piece have been bought by bomb squads and law enforcement agencies, according to Jessica Pedersen, marketing director for RE2 Robotics. In addition, the Bureau of Alcohol, Tobacco and Firearms received two prototypes of the pipe-cutting robot, Price said. Whether it comes in the form of a cone-shaped, full-size robo cop, a fish or a tool such as the SAPBER, technology plays an increasing role in securing the future. “It’s a changing world and there are so many threats out there that humans have to get involved with today,” Price said. “Literally, the robot takes the human out of harm’s way.”





TECHNOLOGY & JOBS Security experts say that credit or debit cards with microchips will reduce fraud.


PLAYING WITH A NEW DECK Fraud dips with ‘smart’ payment cards, but issues remain amid slow rollout

By Adam Hadhazy


HE SWIPING OF A credit or debit card at a cash register, gas pump or other point-of-sale location — a gesture so familiar that it’s a reflex for many consumers — is becoming a thing of the past. Instead of running a card’s magnetic stripe through a groove, a growing number

of shoppers now are instructed to insert new “smart” cards into terminals. These cards contain microchips embedded in a small contact plate. When inserted into a terminal, the plate draws electromagnetic power to the chip, which then generates virtually fraud-proof transaction codes every time the card is used. That’s in contrast to magnetic-strip-only cards, which rely on nearly 50-year-old

technology — the same found in outmoded cassette tapes — to statically encode customers’ personal information. Criminals can steal this information to produce counterfeit cards and rack up fraudulent purchases — and did so to the tune of $4 billion in 2015, according to the Boston-based Aite Group, an independent research firm. The U.S. is only now catching up with

most of the rest of the world in switching over to chip cards that rely on EMV technology — named after Europay, MasterCard and Visa, the companies that created the new standard — in order to stamp out this increasingly common crime. “The U.S. has been one of the last countries to embrace that standard,” said John Liau, a special agent with the U.S. Secret Service, part of the Department of Homeland Security. “With the addition of the EMV chip, overall fraud will go down a lot.” Although the Secret Service is best known for protecting elected officials, candidates for select offices and foreign dignitaries, that role only officially came about after the 1901 assassination of President William McKinley. In fact, when formed in 1865 as part of the U.S. Department of the Treasury, the Secret Service investigated and thwarted the widespread counterfeiting of money across the wartorn nation at the close of the Civil War. Liau presently serves as the agency’s liaison to the National Cyber-Forensics & Training Alliance (NCFTA), a nonprofit corporation based in Pittsburgh. He and partners in the private sector, including more than 80 major banks and 90 mega-retailers, as well as the FBI and national police representatives from France and Japan, collaborate on fighting financial crimes including payment card fraud, wire fraud and traditional bank fraud. Before his current post, Liau served in Canada during its transition to EMV technology, which began in 2003, where he saw bogus charges from counterfeit cards drop precipitously. On the Interac bank network, for instance, debit card fraud dropped 92 percent between 2009 and 2015. The ongoing adoption of EMV technology is already slashing the effect of fraud in the U.S. as well, barely a year after implementation in earnest. MasterCard has reported a 54 percent drop in counterfeit costs at American retailers between April 2015 and April 2016. “EMV is helping bring counterfeit fraud down, and that is exactly the goal of moving the market forward to this technology,” said Chiro Aikat, senior vice president of product delivery for EMV for MasterCard. After the massive Target hack in late 2013, in which credit and debit card data from 40 million accounts was stolen, the big credit card companies — MasterCard, Visa, Discover and American Express — announced that as of October 2015, the CO N T I N U E D





TECHNOLOGY & JOBS banks in their payment networks would no bemoan the loud, beeping reminder to longer foot the bill for fraud perpetrated remove the card from the machine. at merchants that had not yet upgraded Card companies have acknowledged their point-of-sale terminals from magnetic these issues and are working to shorten stripe to the EMV standard. certification and consumer wait times. In the year since that liability shift, about “The U.S. is one of the largest and most a third of the country’s approximately 6 complicated payment markets in the million merchants have upgraded their world and it hasn’t seen a change of this terminals to accept EMV cards, according magnitude in the last 35 to 40 years,” said to MasterCard. About 1.3 million of those 2 Aikat. “This change comes with a set of million merchants that have upgraded are challenges, no doubt about that.” smaller, local and regional businesses, on As a sign of just how bumpy the top of the widely expected early adoption transition could still be, in October, a judge by national chains such as Walmart and in California allowed a lawsuit brought Best Buy. Holdouts are typically very small by four small grocery store businesses operations with relatively few transactions, against the major credit card companies lesser concerns about to proceed. The businesses counterfeit cards, and less claim that the credit card revenue to support buying companies unfairly colluded new point-of-sale terminals. to bring about the change to Banks, meanwhile, have EMV cards, burdening busiissued 600 million new cards nesses with the costs of card outfitted with chips, along reader upgrades, whereas with magnetic stripes still for if the companies had acted those merchants who have as free market entities, each not switched over. would have competed to Overall, financial instituoffer better terms to clients. tions are well on their way To cope with the to replacing the estimated 1 complexity of the overhaul, MASTERCARD ATMs have been granted billion cards U.S. consumers possess, said Jason Oxman, extensions on liability for REPORTED A CEO of the Electronic Transtheir owners to upgrade to actions Association, a trade EMV. MasterCard’s deadline association for the payments passed on Oct. 1, while Visa’s processing industry. “It’s a is not until Oct. 1, 2017. Gas huge undertaking,” he said. station terminals also have “But the good news is after extensions into next year. DROP IN only one year, we’re making “Once this full adoption remarkable progress.” happens, we will see an COUNTERFEIT The transition has, even larger reduction in COSTS AT however, caused its fair card-present fraud,” said the AMERICAN share of frustration from Secret Service’s Liau, using consumers and merchants; a term for fraud conducted RETAILERS the latter have had to pay to when cards are physically BETWEEN replace their payment card presented to terminals. APRIL 2015 AND terminals or be stuck coverStill, for all their promise in ing the fraud charges that largely eliminating cardAPRIL 2016 banks previously covered. present fraud, EMV cards do In 2015, the National Retail not address the expanding Federation pegged the total problem of online fraud. A upgrade at $25 billion to $30 billion. credit card number stolen by computer For a mom-and-pop operation with a hackers can still be used to make bogus single point-of-sale, buying a new chip card purchases, chip card or not. reader from the company Square can cost And Liau noted that online fraud has as little as $29. For national behemoths historically gone up as countries have such as Walmart, which has more than adopted EMV technology. “The bad guys 4,600 stores in the U.S., the upgrade is don’t go away,” he said. “They retarget costing millions of dollars. their focus.” An additional burden is that new EMV In the years ahead, new data security readers must be certified by outside technologies should take some of the bite companies, such as terminal manufacturout of online payment card chicanery. ers, before being allowed to accept EMV Mobile payment services like Apple cards — a process that can take months. Pay might offer greater security as well Many consumers have complained when matched with biometrics, such as about the additional time, compared with fingerprints, to ensure a user’s identity. magstripe cards, needed for chip cards “There’s no silver bullet to combat to sit in a point-of-sale terminal as they fraud,” Aikat said. “We have to continue communicate with cardholders’ banks to evolve as the payment landscape to complete a transaction. And they also evolves.”



Since October 2015, MasterCard reports about one-third of the approximately 6 million merchants in the U.S. have upgraded their terminals to accept EMV, or chip, cards.














Higher education degrees are first step to defending the nation’s networks By Diana Lambdin Meyer


N COMPUTER SCIENCE HISTORY, Nov. 2, 1988, was the day that the then-small internet got a very big wake-up call. Only about 70,000 computers were connected to the internet at the time, mostly belonging to academics at colleges and universities, members of the military and government workers. They used it

primarily for communication via email, message boards and other means, for research, work and socializing — much like today, but on a vastly smaller scale. But that day, when they tried to log on, they discovered a devastating problem: Robert Morris, a graduate student at Cornell University, had released a damaging computer worm that brought the fledgling network to its knees.

When the incident was resolved and the internet back up and running, those who used it had realized that its wide-open atmosphere — “like a small town where people thought little of leaving their doors unlocked,” as The Washington Post described it in a 2013 retrospective of the case — could be tampered with, either CO N T I N U E D





EDUCATION accidentally, as Morris had, or, even more disturbingly, on purpose. Thus, the concept of cybersecurity was born. Today, information security is a fullblown profession with codes of ethics and more than 200 institutions offering cybersecurity programs designated as National Security Agency (NSA)/Department of Homeland Security Centers of Academic Excellence. Doug Jacobson was a faculty member at Iowa State University who tried to dial up that November morning 28 years ago. Now a professor in Iowa State’s department of electrical and computer engineering, he wrote the curriculum for some of the first cybersecurity classes taught in this country. Today, Jacobson leads research on the cybersecurity of the nation’s power grid and teaches the next generation of combatants in cyberwarfare. Despite the professional growth, he contends that universities are not yet filling the growing demand for cybersecurity experts. “Part of this comes back to the need to expand our emphasis on STEM (science, technology, engineering and mathematics) at the K-12 level,” Jacobson said. “We need to increase the pool of prepared students coming into our universities, but we also need to elevate the level of cyber literacy in our country.” To that end, Jacobson has created a teaching module that can be used in community courses and in schools and focuses on practical computer security primarily for middle and high school students, but individuals of all ages seeking either technical or non-technical degrees may benefit. “It doesn’t matter what your field of study or professional emphasis, cybersecurity is now an issue for everyone in all facets of their lives,” said S.K. Bhaskar, vice dean of computer information systems and technology at the University of Maryland University College. UMUC offers three bachelor’s and four master’s degrees in cybersecurity that cover what many consider the primary emphases of this new profession: security for computer networks, software development and policy development. In developing the curriculum, many schools offering cybersecurity education rely heavily on an advisory board comprised of those working in the industry in both the public and private sectors. Many of these programs also benefit from adjunct faculty members who work in the field and are exposed daily to the ever-changing challenges of information security. Students at The George Washington University in Washington, D.C., learn from global leaders in cybersecurity, many of CO N T I N U E D


WHERE TO EARN A CYBER DEGREE The National Security Agency and Department of Homeland Security have designated more than 200 two- and four-year degree institutions as National Centers of Academic Excellence in information assurance education (IAE), cyber defense education (CDE) or cyber defense research (R). Here are a few of those schools and some of the degrees offered:

uCalifornia State University-San Bernardino (CDE) Bachelor of Science in administration with emphasis in cybersecurity; Master of Science in national cybersecurity studies; Master of Business Administration with a focus in cybersecurity uDePaul University, Chicago (CDE) Bachelor, Master or combined Bachelor/Master of Science in cybersecurity uGeorge Washington University, Washington, D.C. (R) Bachelor of Arts and Bachelor of Science in computer

science; Master of Science in cybersecurity in computer science, cybersecurity policy and compliance and cybersecurity strategy and information management

uUniversity of ColoradoColorado Springs (CDE, IAE) Master of Engineering with emphasis in information assurance; Ph.D. in engineering with emphasis on security

uIowa State University (CDE, R) Master of Science in information assurance; Ph.D. in computer science with emphasis in information assurance; Ph.D. in computer engineering with emphasis on information assurance; Ph.D. in math with emphasis on information assurance

uUniversity of Maryland University College (CDE) Bachelor of Science in computer networks and cybersecurity; Bachelor of Science in software development and security; Master of Science in cybersecurity and management; Master of Science in digital forensics and cyber investigation; Master of Science in information technology with emphasis in information assurance

uUniversity of CaliforniaDavis (CDE, R) Master of Science and Ph.D. in computer science

uUniversity of Pittsburgh (CDE, IAE, R) Bachelor of Science in information sciences with specialization in networks and security; Master of Science in telecommunications; Ph.D. in information science uUniversity of New Orleans (R) Bachelor of Science, Master of Science and Ph.D. in computer science uUniversity of Idaho (CDE) Bachelor and Master of Science and Ph.D. in computer science with emphasis in information assurance — Diana Lambdin Meyer






EDUCATION Retired Air Force Gen. Michael Hayden, left, shown at the TechCrunch Disrupt NY 2016 event in New York in May, often shares his expertise with computer security students at The George Washington University.



President Obama speaks with students at a cybersecurity summit at Stanford University in California in February 2015.

Many cybersecurity-focused jobs in the public and private sectors have a wide range of titles, but here are some actual positions — as defined by DHS’ United States Computer Emergency Readiness (US-CERT) Team — for which applicants with related degrees could qualify. NOAM GALAI/GETTY IMAGES


whom work right in the metropolitan area. For example, retired four-star Air Force Gen. Michael Hayden, former director of the NSA and the CIA, has frequently spoken at the university’s CyberCorps seminar, a required portion of the school’s elite computer security scholarship program. “We have the benefit of being able to call up our friends in various government agencies and have them share with students on the most recent cyber issues,” said Lance Hoffman, co-founder of the university’s Cyber Security and Privacy Research Institute. Like UMUC, DePaul University, regularly listed as one of the country’s top 10 schools for cybersecurity, strengthens its programs with access to individuals working in the private sector. Security information officers from the insurance and finance fields make up advisory boards and

adjunct faculty. The curriculum at DePaul is determined in many ways by the events of the day. “Our students must do presentations based on current events and offer actual solutions,” said Jacob Furst, a professor in the College of Computing and Digital Media at DePaul, located in Chicago. “If you’re like me and get bored easily, if you like fresh challenges each day, you’ll do well in this field.” Experience in private-sector fields such as finance, medical and insurance, is often considered a benefit when applying for a job with DHS, according to Brad Nix, acting director of the department’s United States Computer Emergency Readiness Team (US-CERT). Nix was employed for 15 years with a consulting firm advising clients such as schools and hospitals about cybersecurity

risks before applying for a position with DHS, where he’s worked since 2014. “It’s an individual’s unique perspective and experience that they can bring to this job, often from a private-sector position, that helps us look at how we do things and develop new, faster and more cost-efficient approaches to information security,” Nix said. The third-largest Cabinet department, DHS looks for applicants with a variety of skills, from forensic network analysis to incident response. In general, Nix said, universities are doing a great job of preparing students with those skills. But, he added, he wants more than just technical skills, and those with a broader education may have an advantage. “I’m always looking for people with the ability to effectively express themselves and their ideas in verbal and written form,” Nix said. Those skills are often developed through liberal arts classes, which Nix said many in the computer sciences frequently overlook in their education. Among other “intangibles” that Nix celebrates when he identifies them in a candidate is the ability to understand what supervisors want and need, something he calls “the ability to manage up.” These traits are often attributed to those with strong communication and critical-thinking skills. Those working in the field, both in education and application, agree that cybersecurity is an ever-changing, volatile study based on “the basic principle of people behaving badly,” according to Furst. “For that reason, job security and career opportunity for those with a solid degree and skills is potentially limitless.”

uChief information security officer. This senior executive position is responsible for the integrity of information technology, including hardware, software and personnel. uForensics expert. This is essentially a detective who examines and analyzes evidence from computers, networks and data storage devices for signs of criminal activity. uSecurity network specialist. Typically an entry-level position, this job involves day-to-day testing and monitoring of a company’s or agency’s computer network. uCybersecurity analyst. This person performs vulnerability testing, conduct internal and external security audits while anticipating and reducing the likelihood of security breaches. uIncident responder. These are the first responders of cybersecurity. An incident responder usually works with a team to rapidly address security breaches. uSecurity software developer. These programmers develop and integrate into software the tools needed to detect spyware, malware and virus protection, as well as detect intrusions and analyze traffic. — Diana Lambdin Meyer GETTY IMAGES









TO SERVE Behind the scenes, these public servants help preserve homeland security


By Melanie D.G. Kaplan N ITS EFFORT TO secure the nation from threats ranging from rare plant diseases to terrorism, the Department of Homeland Security employs more than 240,000 people — and some of the jobs they hold may surprise you. We talk to five DHS employees about how their roles help keep America safe.

CHARLES “SKEET” BREWER Position: Physical Techniques Division branch chief Agency: Federal Law Enforcement Training Centers (FLETC) If you work as a law enforcement officer or agent protecting the U.S., there’s a good chance you’ve crossed paths with Brewer. Maybe you have taken a class with him or one of his instructors at the Federal Law Enforcement Training Centers (FLETC) headquarters in Glynco, Ga. At the center, which can train as many as 65,000 students a year, Brewer teaches law enforcement professionals what to do in the case of injury in an active threat environment. But the four FLETC locations across the country have a broader mission, as well. “If it’s a law enforcement topic, we train it,” said Brewer, who has worked in emergency medical services for 25 years. FLETC tactical

medical training, which Brewer has overseen for 12 years, takes lessons learned from the military and applies them at a civilian level, whether it’s care under fire, in the field or during an evacu-

ation. In the classroom, Brewer talks about triage, coping with escalating events and preparing enough so an officer’s response in the field will be second nature. “If you haven’t thought through a scenario,” he said, “you won’t be prepared.” In the past, medical training was centered around skills such as first aid and CPR. FLETC still focuses on survival, but it also now looks outside of critical situations, including topics such as psychological endurance throughout a law enforcement career. Brewer said instructors talk about emotional health, wellness and dealing with stress. The goal, Brewer said, is “to expose students to every possible environment.”


Charles “Skeet” Brewer, left, oversees a training exercise at the Federal Law Enforcement Training Centers in Glynco, Ga.






JACKIE SUAZO Position: Special assistant, Washington District director Agency: U.S. Citizenship and Immigration Services (USCIS)

Suazo has always loved planning celebrations for friends and family, so it’s no surprise she’s become an ace planner within the Department of Homeland Security. For thousands of new citizens, Suazo has planned perhaps the most important event of their lives. “We’re pretty much rolling out the red carpet to make these naturalization ceremonies special,” Suazo said, “so they leave really happy.” Suazo is the go-to person for ceremonies in the Washington, D.C., area. She handles all logistics, including selecting prominent venues and securing high-profile speakers. It’s not unusual for Suazo to schedule ceremonies for every day of the week, and occasionally she’ll juggle a few in one day. She orchestrates every tiny detail, from where the color guard lines up to where officials sit down. Each experience is unique: for a ceremony at Theodore Roosevelt Island on the Potomac River, for example, the National Park Service provided cupcakes decorated with maps of the world. Ceremonies can range from a single candidate (a special-education teacher wanted to be naturalized in front of all her students) to 700, but most have 50 to 100 participants. The 30-minute ceremony includes the national anthem, presentation of candidates, oath of allegiance and a commencement-style certificate distribution. Suazo, the daughter of Honduran immigrants, has held her current position since 2012 and never tires of hosting. “I give all (the ceremonies) love and attention,” she said. “I don’t want anything to go wrong and want to make sure everyone is happy.” Being thanked by new citizens is most rewarding, she said. “That means I’ve accomplished my goal.” U.S. CITIZENSHIP AND IMMIGRATION SERVICES






DANIEL BRAZIER Position: Special agent, Homeland Security Investigations Agency: U.S. Immigration and Customs Enforcement (ICE) After 14 years as a police officer, Brazier sought more challenging work. He ended up with dinosaur fossils. Brazier is a special agent with Homeland Security Investigations (HSI), a directorate of U.S. Immigration and Customs Enforcement (ICE) that investigates cross-border criminal activity, including money laundering, weapons smuggling and human trafficking as well as cultural property, art and antiquities theft. Over the past decade, HSI has repatriated more than 7,000 items to more than 30 countries. “In this job, you have to be adaptable and think on your feet,” said Brazier, who is based in New York City and has been at HSI since 2009. “I don’t have a background in paleontology, but I look at it like a simple type of investigation. It’s stolen property at the core — whether you steal

a car or a fossil.” In the case of at least 23 Mongolian dinosaur fossils that were stolen by smugglers and returned between 2013 and 2016, Brazier said, “Immediately you have to figure out the violation, the laws in Mongolia, the laws here.” He met with experts, witnesses and those suspected of criminal activity, and went to a storage facility to inspect the stolen artifacts. “You get to hold this (roughly) 70 million-year-old fossil,” he said. “It’s all the things you got to read about as a kid, and then you get to play with as an adult.” After a rare Tyrannosaurus bataar skeleton was returned, Mongolia was able to open its first natural history museum. Brazier would like to visit and see the fossil again. “You’re taking a country’s heritage and returning it to them,” Brazier said. “That’s been extremely rewarding.”

Special agent Daniel Brazier inspects cargo containers as part of the U.S. government’s efforts to stem smuggling of cultural property such as dinosaur fossils from other countries, right.







VALERIE BOYD Position: Liaison to the Federal Emergency Management Agency (FEMA) Agency: U.S. Coast Guard

Coast Guard Lt. Cmdr. Boyd began her job as liaison to the Federal Emergency Management Agency (FEMA) in Washington, D.C., in July, and she didn’t have to wait long for an adrenaline rush. After dealing with small hurricane threats in late August, FEMA prepared for Hurricane Matthew in October. Because of the intensity of the storm and the probability of it making landfall in the U.S., the threat resulted in a full Level 1 activation of the federal government’s super-intense, fast-paced National Response Coordination Center. “Level 1 means all hands on deck — every emergency support function is prepared,” said Boyd, who is one of just five uniformed military officers assigned to FEMA. “We could be activated for any type of disaster — tornado, winter storm, earthquake, flooding, terrorist incidents. We are all always on call.” In previous jobs, Boyd worked in the field, whether it was coordinating rescues and evacuations during Hurricane Katrina or coordinating operations during a major coastal oil spill in Texas. These days, her primary duty is to synchronize FEMA and Coast Guard activities that support homeland safety and security. She’s shifted to a national, more strategic mindset and may be asked, for instance, to brief the White House National Security Council’s senior director for response policy or identify someone from the Coast Guard to participate in a congressional briefing. “I need to have a really good grasp of what the Coast Guard is doing at any moment,” she said. “I need to be prepared at any time.” ALEXA LOPEZ/FEDERAL EMERGENCY MANAGEMENT AGENCY






KIMANI MUSTAFA Position: Agriculture specialist Agency: U.S. Customs and Border Protection On his way to his job as an agriculture specialist at Hartsfield-Jackson Atlanta International Airport, Mustafa stops to pick up his partner. The two head out to the international terminal’s baggage carousels, wellstocked with the one thing necessary to complete their mission: dog treats. Mustafa works with a floppy-eared beagle nicknamed Joey (because he jumps like a baby kangaroo). The duo searches for agricultural contraband, whether it’s a Brazilian berry or live snails. “Most people have no idea what the beagles are sniffing for,” said Mustafa, who works with the U.S. Customs and Border Protection agency. “When a dog is sniffing intently, some people expect the SWAT team to roll in.” He said dogs sniff out produce and meat on flyers and in luggage to prevent

harmful plant pests (such as Mediterranean fruit flies) and certain animal maladies (like mad cow disease) from entering the U.S. Mustafa, who has worked as a K-9 officer for 15 years, always hopes for a catch early in the day, to get Joey excited about sniffing. “If it’s a flight from Jamaica during juicy mango season, it’ll be a lot more interesting than a flight coming from Zurich,” he said. Among the strangest items they’ve found in bags: an entire hog leg and a 10-pound sack of yams. With each new prohibited item Joey discovers, his encyclopedia of smells expands, and the team becomes more proficient at protecting U.S. borders. Joey, however, has no idea he’s working. “It’s all a game to him,” Mustafa said. “He’ll jump and bound off the suitcase until he gets his treat.”

Kimani Mustafa and his canine partner, Joey, inspect baggage at Hartsfield-Jackson Atlanta International Airport for agricultural items being brought into the U.S. illegally.













DHS gives emerging entrepreneurs boost in search for latest tech solutions By Adam Stone


N ITS EFFORTS TO stay ahead of emerging threats, the Department of Homeland Security is looking past the tried-and-true world of the big defense contractors. Today’s dangers go well beyond the threats posed by traditional adversaries, so DHS is seeking a greater breadth of response. “You want a diversity of thought in attacking these problems,” said DHS Undersecretary for Science and Technology Reginald Brothers. “It’s important that we have as wide an aperture as possible, and so we try to engage the most creative minds in the country.” That means engaging the startup com-

munity. In recent years, DHS has launched a number of initiatives to generate interest among high-tech entrepreneurs, to seek their expertise in confronting the challenges of homeland defense and to help them through the sometime onerous government acquisitions process.


Network security firm ThreatSTOP was awarded a $92,000 grant in 2010 from DHS under the Small Business Innovation Research program. It doesn’t sound like much, as government money goes, but it was enough to get the Carlsbad, Calif., company up and running. Founder and CEO Tom Byrnes had been operating his servers out of his garage

before the grant. Not only did the money get him into a real office, it helped get him into the marketplace. “This was critical because it gave us credibility when we went to talk to potential customers,” he said. “The first thing people ask is who is behind you, and when you say it’s DHS, they stop and listen.” Byrnes’ customers include defense agencies, utilities, pipelines, state and local governments and law enforcement agencies. His product, also called ThreatSTOP, can defend things such as pipelines and power plants — the kind of critical infrastructure DHS is looking to secure. Even with the CO N T I N U E D














DHS support, though, he’s peddling in a crowded marketplace. “There is a lot of noise because there is a lot of money,” he said. When it comes to homeland security technology, “all the usual suspects come out with the same sausage they have been selling for years, and now suddenly it is for critical infrastructure.” The competition should not come as a surprise, considering the stakes on the table. The global homeland security market size was $279.64 billion in 2015, according to Grand View Research consulting firm. MarketsandMarkets, a market research company, expects demand for such products to reach $544 billion by 2018. The size of that market correlates to the breadth of the homeland security mission. In addition to terrorism, the field has come to encompass cybercrime, the drug trade, human trafficking and migrant interdiction, among diverse other issues.

Technology has a role to play in all those areas, especially in the rapidly expanding field of cybersecurity, which as of last year already accounted for more than 20 percent of homeland security spending, according to Grand View Research. Recognizing this, DHS has done some of its most aggressive outreach to startups through its new Silicon Valley Innovation Program (SVIP), launched in 2015. SVIP offers startups up to $800,000 in awards dispersed over four equal increments over two years as milestones are reached. Grantees have put forward technology to aid with wireless network security, data integrity and other areas. These solutions arose out of brainstorming sessions between DHS and Silicon Valley technology experts, Brothers said. “That community really responds well to important and hard problems. They just need to know what are important, hard

problems,” he said. While the grant money may serve as an incentive, SVIP aims to do more than just dole out cash. The department is looking to the program as a means to engage IT leaders. “Our task is to go to where these creative people are and show them what our problems are,” Brothers said. Those creative people are at work in fields in addition to cybersecurity, and DHS is trying to reach them in other areas as well. For instance, its EMERGE Accelerator Program aims to encourage innovation in the realm of wearable technology for first responders. Among the innovations selected for participation in October: uA software platform created by CommandWear Systems in Vancouver, British Columbia, that connects smartwatches and other wearables to deliver personnel tracking, two-way text and video content. u An integrated system from Boston-

based Human Systems Integration that includes remote physiological monitoring. u A coaching and training application developed by Pear Sports in Los Angeles that uses biometric signals such as heart rate, location and environmental data to build training programs. uRugged “smart glasses” from Six15 Technologies in Henrietta, N.Y., designed to enhance situational awareness through streaming augmented-reality video. Those who follow the government space said these are just the kinds of cutting-edge technologies DHS would not have found if it had shopped only among traditional suppliers. “The same handful of contractors has held the top spots in terms of government revenue for years. They have multiyear, multibillion-dollar contracts and they CO N T I N U E D






Reginald Brothers of the Department of Homeland Security says diversity of thought is needed to prevent expanding threats.



are comfortable with that,” said Meagan (DARPA) — and found that together they Metzger, founder of Dcode42, a Washinghave invested some $1.3 billion across 137 ton, D.C., small-business accelerator that deals in the last five years. encourages entrepreneurs to enter the Another entity is SOFWERX, an acceleragovernment space. tor for generating rough models of prod“These startups are pivoting; they are inucts, created under an agreement between novating. They are staying on top of things the Doolittle Institute and the United States every day because they feel a greater sense Special Operations Command. Participation of competition,” she in SOFWERX sent tech said. “We need that. startup CrowdOptic To keep up with our rocketing out of the “Our task is to go to adversaries, we have gate. got to start moving a “This is just an where these creative lot faster.” unprecedented fast DHS is not alone in track. In less than people are and its push to get things a month we had show them what going faster. Private a prototype and investors and venture revenue generation,” our problems are.” capitalists are also said Jon Fisher, CEO of — Reginald Brothers, eager and engaged. San Francisco-based DHS undersecretary “We like big CrowdOptic, whose for science and technology markets and we like software allows businesses that have an end user to see broad applicability,” where cellphones said Avi Lindenbaum, managing partner are pointed. Why is that helpful? Suppose of Kodem Growth Partners. The New a shot is fired during a crowded event. York-based venture firm has made investDozens of people immediately look that ments in two homeland security startups, way and start taking cellphone videos. betting that any technology tough enough Guided by CrowdOptic, Fisher said first to make it in that market must be worth responders will know where to go. supporting. Based in a 10,000-square-foot col“The technology being brought into that laboration facility in Tampa, Fla., SOFWERX ecosystem tends to be very hardened and helped CrowdOptic integrate its technolvery strong, which suggests very strong ogy with a mobile application, to allow intellectual property,” he said. field operatives to report information back In fact, a broad range of entities beyond to central command. That rapid prototypDHS has been moving money toward the ing helped make the product market ready. sector. Research firm CB Insights looked “Seeing this up close, I cannot imagine at three big investors in the homeland a more professional and more streamlined security space — the not-for-profit In-Q-Tel, process,” Fisher said. “If this is how the Arsenal Venture Partners and the Defense government is going to do business, it is Advanced Research Projects Agency going to be great.”

In a year’s time, DHS’ Silicon Valley Innovation Program has offered several grants to firms that came forward with promising technologies. That effort has already made awards to:

uPulzze Systems Inc. in Santa Clara, Calif., to secure infrastructures by improving visibility and providing dynamic detection. Amount awarded: $200,000

uWhitescope LLC in Half Moon Bay, Calif., for its secure 802.11 wireless communications gateway. Amount awarded: $200,000

uFactom Inc. in Austin, Texas, to authenticate devices to prevent spoofing and ensure data integrity. Amount awarded: $199,000

uMachine-to-Machine Intelligence Corporation in Moffett Field, Calif., to create a deployable open source version of accepted cryptographic protocols. Amount awarded: $75,000

uIonic Security Inc. in Atlanta, to solve authentication, detection and confidentiality challenges in the realm of internet-connected devices. Amount awarded: $119,000






Give them tomorrow Premature birth is the #1 killer of babies. Every baby deserves a fighting chance. DO SOMETHING TODAY © 2016 March of Dimes Foundation

Shop to support our partners