The panelists were:
William P. Crowell – former Deputy Director of the National Security Agency
Michael P. Jackson – Deputy Secretary, Department of Homeland Security
Jose A. Rodriguez, Jr. – former Director CIA, National Clandestine Service & CIA, DCI Counterterrorist Center

Overall, it was a very nicely arranged event on a brisk fall evening with about 100 CXO attendees; mostly large but some small government contractors and a few product companies like ScienceLogic that conduct business with military, intelligence and the public sector.

No surprise, given the financial crisis the economy is suffering from that the panelists said we also have a crisis coming on the Federal budget front. This will put enormous pressure on the way Administration thinks, and how and where to spend the $$.

Obama’s tone regarding the issues he will be confronting in the world during the election was encouraging. Make the world more non-partisan and take on the threats that we have in front of us head-on!

The panel was very upfront about current threats. William Crowell said,

“It is highly imprudent to believe that there will not be another 9-11. We have to fund and support the work to stop other attacks. We can only mitigate risk but we can’t eliminate risk. We have to try to absorb the sense of urgency and wake up every day looking at the intelligence screens as if 9-11 happened within the last couple of months.”

He added,

“They (the intelligence community) need the innovation, sense of commitment and urgency that comes from the private sector – a sense of mutual commitment to that mission.”

Predicted Priorities for investment for DHS:

1. Cyber attack as the top issue
2. Nuclear threats including dirty bomb
3. Chemical and biological attacks
4. Explosive attacks against critical infrastructure with maximum # of lives and or financial disruption / loss.
5. Large scale natural disasters – hurricane + earthquakes
6. Border penetration - identity management and border management issues

An Obama administration will spend dollars around these threat vectors. They will want to spend $$ to help state and local governments. Grants to state and local governments should significantly increase with the Obama administration, so think about how you will increase your focus on the state and local government spending initiatives.

Secure border investments – the panelists believe that the new administration will feel compelled to invest here. Michael P. Jackson bluntly said, “You have to make investments in border tools to get meaningful immigration reform.”

Panelists agreed that the 1^st year will be an intense period of scrutiny about fundamental directions. We can’t afford it all at DHS; it is dramatically under budgeted. At TSA/DOT and then at DHS, we spent about $4 Billion on technology investments since 9-11; those investments are now reaching the end of the original service life.

One gripe from the panel that I found humorous: “We don’t have a group of people who think like entrepreneurs.” It is insane how long things last when you buy things in the government. As an example, we are still replacing vacuum tubes in some of the very old FAA gear… this is well beyond what any reasonable person would think these initial investments should/would last.

Final Thoughts:
I actually think that the Obama Administration will be quite favorable to COTS software products, SaaS offerings, and creative financing initiatives from the private sector. The government just won’t have the capital budget to do everything it wants to accomplish. I would say if you look at how intelligently and aggressively Obama used technology to assist his campaign, the odds are good that this new breed of IT talent (which is already really comfortable with SaaS products, blogs, wiki’s, hosted/outsourced Cloud solutions… this team really understands the latest technology trends) will quickly work to bring these new IT paradigms to the Federal marketplace. Clearly the private sector can help the Government achieve more with lower capital budgets – beginning to provide services rather than transaction-based selling. Another clear idea is to think about leasing as a better way to work with the government which going forward will have increased budgets restrictions.

They will likely be in confrontation with members of Congress that won’t change fast enough, however the future of our nation’s ability to fight terror lies in becoming more efficient and effective. It requires the government be flexible enough to figure out what jobs and IT functions to outsource in a nimble and smart way. My prediction: this is great news for Service Providers. Overall the next 4 years should be great for our business as well as the Managed Service Provider/SaaS industry!

Unfortunately, there's not really anything to his response. It's obvious he doesn't want to admit that they've been checking ID's all this time to no purpose whatsoever, so he just emits vague generalities like a frightened squid filling the water with ink. Yes, some of the stunts in article are silly (who cares if people fly with Hezbollah T-shirts?) so that gives him an opportunity to minimize the real issues.

Watch-lists and identity checks are important and effective security measures. We identify dozens of terrorist-related individuals a week and stop No-Flys regularly with our watch-list process.

It is simply impossible that the TSA catches dozens of terrorists every week. If it were true, the administration would be trumpeting this all over the press -- it would be an amazing success story in their war on terrorism. But note that Hawley doesn't exactly say that; he calls them "terrorist-related individuals." Which means exactly what? People so dangerous they can't be allowed to fly for any reason, yet so innocent they can't be arrested -- even under the provisions of the Patriot Act.

And if Secretary Chertoff is telling the truth when he says that there are only 2,500 people on the no-fly list and fewer than 16,000 people on the selectee list -- they're the ones that get extra screening -- and that most of them live outside the U.S., then it is statistically impossible that the TSA identifies "dozens" of these people every week. The math just doesn't make sense.

And I also don't believe this:

Behavior detection works and we have 2,000 trained officers at airports today. They alert us to people who may pose a threat but who may also have items that could elude other layers of physical security.

It does work, but I don't see the TSA doing it properly. (Fly El Al if you want to see it done properly.) But what I think Hawley is doing is engaging in a little bit of psychological manipulation. Like sky marshals, the real benefit of behavior detection isn't whether or not you do it but whether or not the bad guys believe you're doing it. If they think you are doing behavior detection at security checkpoints, or have sky marshals on every airplane, then you don't actually have to do it. It's the threat that's the deterrent, not the actual security system.

This doesn't impress me, either:

Items carried on the person, be they a 'beer belly' or concealed objects in very private areas, are why we are buying over 100 whole body imagers in upcoming months and will deploy more over time. In the meantime, we use hand-held devices that detect hydrogen peroxide and other explosives compounds as well as targeted pat-downs that require private screening.

Optional security measures don't work, because the bad guys will opt not to use them. It's like those air-puff machines at some airports now. They're probably great at detecting explosive residue off clothing, but every time I have seen the machines in operation, the passengers have the option whether to go through the lane with them or another lane. What possible good is that?

The closest thing to a real response from Hawley is that the terrorists might get caught stealing credit cards.

Using stolen credit cards and false documents as a way to get around watch-lists makes the point that forcing terrorists to use increasingly risky tactics has its own security value.

He's right about that. And, truth be told, that was my sloppiest answer during the original intervied. Thinking about it afterwards, it's far more likely is that someone with a clean record and a legal credit card will buy the various plane tickets.

This is new:

Boarding pass scanners and encryption are being tested in eight airports now and more will be coming.

Ignoring for a moment that "eight airports" nonsense -- unless you do it at every airport, the bad guys will choose the airport where you don't do it to launch their attack -- this is an excellent idea. The reason my attack works, the reason I can get through TSA checkpoints with a fake boarding pass, is that the TSA never confirms that the information on the boarding pass matches a legitimate reservation. If all TSA checkpoints had boarding pass scanners that connected to the airlines' computers, this attack would not work. (Interestingly enough, I noticed exactly this system at the Dublin airport earlier this month.)

Stopping the ‘James Bond’ terrorist is truly a team effort and I whole-heartedly agree that the best way to stop those attacks is with intelligence and law enforcement working together.

This isn't about "Stopping the 'James Bond' terrorist," it's about stopping terrorism. And if all this focus on airports, even assuming it starts working, shifts the terrorists to other targets, we haven't gotten a whole lot of security for our money.

FYI: I did a long interview with Kip Hawley last year. If you haven't read it, I strongly recommend you do. I pressed him on these and many other points, and didn't get very good answers then, either.

Investigators are treating the explosions as acts of vandalism, not terrorism, Shields said.

"Under the Criminal Code, it would be characterized as mischief, which is an intentional vandalism. We don't want to characterize this as terrorism. They were very isolated locations and there would seem there was no intent to hurt people," he said.

It's not all good, though. Here's a story from Philadelphia, where a subway car is criticized because people can see out the front. Because, um, because terrorist will be able to see out the front, and we all know how dangerous terrorists are:

Marcus Ruef, a national vice president with the Brotherhood of Locomotive Engineers and Trainmen, compared a train cab to an airliner cockpit and said a cab should be similarly secure. He invoked post-9/11 security concerns as a reason to provide a full cab that prevents passengers from seeing the rails and signals ahead.

"We don't think the forward view of the right-of-way should be available to whoever wants to watch ... and the conductor and the engineer should be able to talk privately," Ruef said.

Pat Nowakowski, SEPTA chief of operations, said the smaller cabs pose no security risk. "I have never heard that from a security expert," he said.

At least there was pushback against that kind of idiocy.

And from the UK:

Transport Secretary Geoff Hoon has said the government is prepared to go "quite a long way" with civil liberties to "stop terrorists killing people".

He was responding to criticism of plans for a database of mobile and web records, saying it was needed because terrorists used such communications.

By not monitoring this traffic, it would be "giving a licence to terrorists to kill people", he said.

I hope there will be similar pushback against this "choice."