Critical Releases in Homeland Security: December 24, 2014

"As the agency charged with safeguarding America's borders, U.S. Customs and Border Protection (CBP) plays a vital role in protecting the national security of the United States. This report summarizes CBP's fiscal year 2014 border enforcement efforts, which reflect CBP's focus on transparency and building partnerships to secure a 21st Century border against a variety of threats and adversaries." This report includes a discussion with the following sections: (1) Enforcement Efforts At and Between Ports of Entry; (2) Border Technology and Investment; and, (3) Transparency and Accountability.

From the thesis abstract: "The September 11, 2001, terrorist attack on United States (U.S.) soil memorialized as 9/11 served as the catalyst for major reforms in the federal government. Twenty-two agencies combined to form the Department of Homeland Security with a mission of preventing homeland attacks and reducing U.S. vulnerability to terrorism. Accomplishing this amalgamation has led Federal Emergency Management Agency supported emergency management discipline principles and homeland security supported discipline principles to create jurisdictional gray areas (JGAs) with stakeholders on a path of division in preparedness, training, and command. Defining 'all-hazards' placed them at opposite ends of the spectrum. The purpose of this research is to determine the presence of JGAs, and define 'all-hazards.' Case study and qualitative methodologies are utilized to examine three cases for JGAs, a disaster, act of terrorism, and an act of workplace violence. The results revealed utilizing an incident command system on any of these incidents reduces JGAs, Presidential Policy Directive-8 (PPD-8) provides a holistic approach to disaster and terrorism, and an 'all-hazards' incident also requires a management component. The recommendations are: 1) further research in reducing U.S. vulnerability to terrorism, 2) support to sustain HS [Homeland Security] as a recognized discipline, and 3) research that identifies mentally unstable employees prior to acts of workplace violence."

"Data breaches, such as those at Target, Home Depot, Neiman Marcus, and JPMorgan Chase, affecting financial records of tens of millions of households seem to occur regularly. Companies typically respond by trying to increase their cybersecurity by hiring consultants and purchasing new hardware and software. Policy analysts have suggested that sharing information about these breaches could be an effective and inexpensive part of improving cybersecurity. Firms share information directly on an ad hoc basis and through private-sector, nonprofit organizations such as Information Sharing and Analysis Centers (ISACs) that can analyze and disseminate information. Firms sometimes do not share information because of perceived legal risks, such as violating privacy or antitrust laws, and economic incentives, such as giving useful information to their competitors. A firm that has been attacked might prefer to keep such information private out of a worry that its sales or stock price will fall. Further, there are no existing mechanisms to reward firms for sharing information. Their competitors can take advantage of the information, but not contribute in turn. This lack of reciprocity, called 'free riding' by economists, may discourage firms from sharing. In addition, the information shared may not be applicable to those receiving it, or it might be difficult to apply."

From the thesis abstract: "Large-scale disasters severely damage local information and communication technology (ICT) infrastructure. This negatively impacts responders' ability to communicate and collaborate with one another. As a result, humanitarian assistance (HA) response organizations cannot maintain situational awareness and efforts remain disjointed and inefficient. Out of the rubble of the Haiti earthquake, a cross-organizational collection of first responders created the Rapid ICT Assessment Team (RTAT) to conduct and share a holistic assessment of the ICT environment. However, RTAT has yet to solve the problem of efficiently and effectively collecting the ICT data and creating a shareable, common, ICT operational picture. Employing a campaign of experimentation (COE), this thesis analyzes RTAT with an Enterprise Architecture framework and Savvion process modeler and employs the Android based, mobile, spatial data collection applications Lighthouse and Open Data Kit (ODK) Collect to exploit the open source form builder ODK. RTAT founders, along with Bicol University and local volunteers, field tested the ODK forms with crowd sourcing techniques and when Typhoon Haiyan struck; they validated the organizational RTAT model and integrated assessments into the Pacific Disaster Center's (PDC) DisasterAWARE [All-hazard Warning, Analysis and Risk Evaluation] collaborative website. This thesis highlights the disjointed rapid response ICT assessment community which lacks standard forms and unifying data standards. The COE validates using open source, spatial data collection tools and crowdsourcing techniques for even highly technical needs. However, the COE revealed programming logic limits of the ODK forms, and the imperfect back-end integration between RTAT and the PDC. Debates remain over the validity of qualitative, crowdsourced ICT assessments. Going forward, RTAT must refine its forms and lead the movement to harmonize HA community assessment data sets. Furthermore, future data collection tools must become operating system."

From the thesis abstract: "This research uses a grounded theory approach to study the phenomenon of hacktivism and seeks to understand how the Internet has evolved to become a disproportionate and significant platform for disruption. Technological advancements involving the Internet, such as social media, have provided a significant advantage for social activists to advance their causes and enables them to recruit large masses with little effort. This platform also provides the distinct advantage of anonymity and increased availability of malicious tools and malware that, if directed toward U.S. critical infrastructure, could potentially cause severe economic and physical harm to the homeland. This research will also provide readers an in-depth analysis of three well-known social movements that have revealed the potential for increasing violence and/or disruption. The civil rights movements of the 1960s and the environmentalist movements of the 1980s are examples of activist movements that quickly evolved into direct action networks. Such historical context, when compared to current hacktivist collectives like Anonymous, suggests that social activist movements, regardless of venue, possess the cognitive praxis to cause injury or harm in furtherance of a social cause."