When Businesses Encourage Family Preparedness, Community Resilience Improves
Read More

When Businesses Encourage Family Preparedness, Community Resilience Improves

Your business continuity plan could be compromised if your employees and their families are unprepared to keep their families and pets safe after a disaster. According to a 2012 poll by Adelphi University Center for Health Innovation, almost half of all Americans have no family disaster plan or supplies, making it very likely that some of your employees are unprepared.

Preparedness Gaps

  • 44% of Americans do not have a first-aid kit.
  • 48% of Americans do not have emergency supplies.
  • 42% of Americans don’t know the phone numbers of immediate family members.

Improving the Speed of Recovery

In order to return to normal as soon as possible after a disaster, communities need businesses open and employees at work. That’s why it’s vital that you work with employees, especially any that are essential for business continuity and resilience, to develop a family preparedness plan.

Most of the 48% of Americans without emergency supplies think it’s a good idea to have supplies and a plan, but they keeping putting it off. By incorporating family preparedness into the culture of preparedness you promote for the business, you provide people with information and a framework to make emergency planning a priority at home and at the office.

5 Ways to Encourage Employees to Develop a Family Emergency Plan

  1. Hand out checklists that employees can take home to make sure they have everything needed in an emergency.
  2. Distribute information about family preparedness as part of new employee orientation and post useful links on the company intranet.
  3. Conduct a lunchtime training session about family preparedness, where people can ask questions and share ideas.
  4. During your annual (or more frequent) business continuity planning review, send a reminder to employees and include the checklists and links. Remind everyone to inspect family go-kits for expired items.
  5. Ask any employees who are essential to your business continuity plan to confirm that they have a family plan and emergency supplies.

Strengthen your business continuity planning by encouraging family preparedness for your employees. Everyone will be better off for it.

Contributing Author

Lilly Harris is the CEO of MSA, Inc., a small, economically disadvantaged, woman-owned small business that delivers expertise and knowledge in Professional Services, Systems Test Evaluation and Support, and Emergency Management to more than thirty federal and commercial clients.

H.R. 5230: SECURE THE SOUTHWEST BORDER SUPPLEMENTAL APPROPRIATIONS ACT, 2014
Read More

H.R. 5230: SECURE THE SOUTHWEST BORDER SUPPLEMENTAL APPROPRIATIONS ACT, 2014

On Friday, August 1, the House voted 223-189 in favor of H.R. 5230, known as the “Secure the Southwest Border Supplemental Appropriations Act, 2014.” The $694M bill, now headed to the Senate, includes:

Funding Proposals

  • $405M for Department of Homeland Security (DHS) to boost border security and law enforcement measures.
  • $22M to accelerate judicial proceedings for immigrants.
  • $70M for National Guard border efforts: $35M for the federal deployment of the Guard, and $35M for reimbursing states for their use of the Guard on the southern border.
  • $197M for the Department of Health and Human Services (HHS) to provide temporary housing and humanitarian assistance to unaccompanied minors.
  • $40M in repatriation assistance to Guatemala, Honduras, and El Salvador (redirected from within existing foreign aid for Central American countries so that these repatriation activities are immediately prioritized).

Policy Proposals

  • Amends the Trafficking Victims Protection Reauthorization Act of 2008 so all unaccompanied alien children (UACs) are treated the same as Mexicans and Canadians for the purpose of removals. UACs who have a credible fear of persecution or who have been trafficked must appear before an immigration judge within 14 days of their initial screening and shall be detained until their appearance.
  • Provides authority for the Secretary of State to negotiate agreements with foreign countries regarding UAC, which include protections for children who are returned to their country of nationality.
  • Includes a “last-in, first-out” policy that prioritizes the removal of minors that most recently arrived.
  • Authorizes additional temporary judges to help address the increase in traffic on the southern border.
  • Changes the Immigration and Nationality Act to strengthen the law prohibiting criminals with serious drug related convictions from applying for asylum.
  • Prohibits the Secretary of the Interior or the Secretary of Agriculture (USDA) from denying or restricting U.S. Customs and Border Protection (CBP) activities on federal land under their respective jurisdictions.
  • Authorizes the deployment of the National Guard to the southern border.
  • Expresses the “Sense of Congress” that the Secretary of Defense should not house unauthorized aliens at military installations unless certain specific conditions are met.
  • Prohibits the housing of unauthorized immigrants on military bases if the use of the military instillation will displace members of the Armed Forces on active duty or interfere with military activities at the installation.

 

Read the full report here.

 

Contributing Author

Spencer KingSpencer King is the GTSC U.S. Intelligence Community Fellow.  Spencer studied at Audencia Nantes Ecole de Management and at Shenandoah University, where he graduated Cum Laude.  Spencer was the president of the Student Government Association at Shenandoah University.  At Shenandoah University, he worked for the university president’s office on lobbying, governance, and special projects.  Spencer also interned at Wolf Trap, where he facilitated strategic planning, government relations, special initiatives, and board relations/operations.

OIG: Contractor Increases Vulnerabilities in Medicaid Processing System
Read More

OIG: Contractor Increases Vulnerabilities in Medicaid Processing System

The Office of the Inspector General (OIG) released a report entitled “Weaknesses in Molina Medicaid Solutions’ Information System General Controls Over Idaho’s Medicaid Claims Processing System Increase Vulnerabilities”.  The OIG inspection of the Idaho Department of Health Welfare Medicaid in the spring has extended to one of its contractors, Molina Medicaid Solutions.  OIG highlighted 19 weaknesses in different parts of the Idaho Department of Health and Welfare Medicaid Solution claims processing system this April.  Similar to the Idaho audit, OIG found 21 weaknesses in the Molina system controls and distributed 6 consolidated findings into 3 categories: access controls, configuration management and security management.

In terms of access controls, OIG found issue with user authentication for remote network access, inadequate password history policy, and inadequate encryption of network passwords.  In response to the OIG report Molina said that it had proper authentication methods but would focus on encrypting passwords.  OIG found Molina’s policy and protocols for network access and configuration for devices appeared to be deficient.  The OIG identified a total of 9 weaknesses in the configuration management department, so Molina decided to review its device and network configurations as well as patch management procedures

The report exposes and reports that Molina does not have a system for taking portable device inventory. Molina will now have employee security education/training updates, and change background check policies as well.  While OIG does not think that the addressed weaknesses have been exploited at this point, such weaknesses could lead to compromised patient data within the Medicaid system at some point if the issues are not resolved.  OIG made 6 recommendations that Idaho must impress upon Molina.  These recommendations were:

  1. Implement stronger user authentication for remote network access, strengthen password history policy, and use a secure method to store encrypted network passwords
  2. Implement secure configuration settings for network devices
  3. Implement policies and procedures to secure Medicaid claims database
  4. Implement policies for its patch management program
  5. Implement policies and procedures to periodically review and account for inventory of all portable devices and identify the custodian of the devices
  6. Implement policies and procedures for annual security awareness training and adequate policies and procedures for terminated and transferred employees and for background checks of employees

 

Read the full report here.

Contributing Author

Gabriella Miroglio is the GTSC Government Affairs intern.  Gabriella studied at the University of California, Santa Barbara,w here she earned a B.A. in Political Science with an emphasis in Comparative Politics.  During college she interned with Boxer and Gerson LLP and volunteered with Phi Alpha Delta, the pre-law fraternity.  In addition to internships, she has also worked for UCSB’s Annual Fund and the Disabled Students Program.  Gabriella was also a National Honors Scholar in high school, and completed over 100 hours of community service.

9/30 National Preparedness Symposium
Read More

9/30 National Preparedness Symposium

The Federal Emergency Management Agency (FEMA) is facing a tremendous number of challenges including more violent and frequent weather incidents, preparedness awareness, long-term disaster recovery efforts and continuing financial constraints.  To achieve the best outcomes, the Department of Homeland Security’s Quadrennial Homeland Security Review identifies strengthening public-private partnerships as critical to integrating the private sector’s innovation, resources, ingenuity and experience to the mission.

Join us to discuss the changing challenges to FEMA and other government facilities posed by changing climate conditions, the advances in alert systems and disaster communications, new technologies to support the mission and what concrete steps we can take to strengthen the exchange between the public and private sector.

 REGISTER

Speakers:
 
Antwane Johnson
Director, IPAWS, FEMA
 

 

 

Anne Petera
DHS Client Executive, Harris


 

 

Gwen Camp
Director of Individual and Community Preparedness, FEMA
 

 

 

 

Brian Lepore

Director of Defense Capabilities and Management, GAO

 


Todd Jasper
Director of Homeland Security and Emergency Management, Man-Machine Systems Assessment

 

  

Kevin Delin
Founder, SensorWare Systems

 

 

 

Ryan DenmarkRyan Denmark
CEO, RSDCGroup

 

 

 

david-mckernanDavid McKernan
Coordinator of Emergency Management, Fairfax County Office of Emergency Management

 


Thank you to our National Preparedness Month Chair!

 

Jason McNamara
Vice President, Obsidian Analysis
Former Chief of Staff, FEMA

 

 

 

If you are interested in supporting the National Preparedness Month program, please contact us!

 Register

Privacy and Civil Liberties Oversight Board Releases Report on NSA Data Collection Program
Read More

Privacy and Civil Liberties Oversight Board Releases Report on NSA Data Collection Program

The Privacy and Civil Liberties Board (PCLOB) released their report on telephone record surveillance under Section 702 of the Foreign Service Intelligence Act.  The report was precipitated by a public hearing held after the release of a report on Section 215 telephone records program and the operation of the FISA court. The analysis is based upon the evaluation of compliance with the statute of Section 702, and the Fourth Amendment. Additionally, attempting to address the treatment of non-U.S. persons in U.S. surveillance programs, the Board reviewed the International Covenant on Civil and Political Rights (ICCPR) and Presidential Policy Directive 28 on Signals Intelligence (PPD-28). The Board identified several areas where privacy could be threatened, and made 10 recommendations:

  1. Targeting and Tasking: The NSA’s targeting procedures should be revised to (a) specify criteria for determining the expected foreign intelligence value of a particular target, and (b) require a written explanation of the basis for that determination sufficient to demonstrate that the targeting of each selector is likely to return foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court. The NSA should implement these revised targeting procedures through revised guidance and training for analysts, specifying the criteria for the foreign intelligence determination and the kind of written explanation needed to support it. We expect that the FISA court’s review of these targeting procedures in the course of the court’s periodic review of Section 702 certifications will include an assessment of whether the revised procedures provide adequate guidance to ensure that targeting decisions are reasonably designed to acquire foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court. Upon revision of the NSA’s targeting procedures, internal agency reviews, as well as compliance audits performed by the ODNI and DOJ, should include an assessment of compliance with the foreign intelligence purpose requirement comparable to the review currently conducted of compliance with the requirement that targets are reasonably believed to be non-U.S. persons located outside the United States.
  1. U.S. Person Queries: The FBI’s minimization procedures should be updated to more clearly reflect actual practice for conducting U.S. person queries, including the frequency with which Section 702 data may be searched when making routine queries as part of FBI assessments and investigations. Further, some additional limits should be placed on the FBI’s use and dissemination of Section 702 data in connection with non–foreign intelligence criminal matters.
  1. U.S. Person Queries: The NSA and CIA minimization procedures should permit the agencies to query collected Section 702 data for foreign intelligence purposes using U.S. person identifiers only if the query is based upon a statement of facts showing that the query is reasonably likely to return foreign intelligence information as defined in FISA. The NSA and CIA should develop written guidance for agents and analysts as to what information and documentation is needed to meet this standard, including specific examples.
  1. FISC Role: To assist in the FISA court’s consideration of the government’s periodic Section 702 certification applications, the government should submit with those applications a random sample of tasking sheets and a random sample of the NSA’s and CIA’s U.S. person query terms, with supporting documentation. The sample size and methodology should be approved by the FISA court.
  1. FISC Role: As part of the periodic certification process, the government should incorporate into its submission to the FISA court the rules for operation of the Section 702 program that have not already been included in certification orders by the FISA court, and that at present are contained in separate orders and opinions, affidavits, compliance and other letters, hearing transcripts, and mandatory reports filed by the government. To the extent that the FISA court agrees that these rules govern the operation of the Section 702 program, the FISA court should expressly incorporate them into its order approving Section 702 certifications.
  1. Upstream & “About” Collection: To build on current efforts to filter upstream communications to avoid collection of purely domestic communications, the NSA and DOJ, in consultation with affected telecommunications service providers, and as appropriate, with independent experts, should periodically assess whether filtering techniques applied in upstream collection utilize the best technology consistent with program needs to ensure government acquisition of only communications that are authorized for collection and prevent the inadvertent collection of domestic communications.
  1. Upstream and “About” Collection: The NSA periodically should review the types of communications acquired through “about” collection under Section 702, and study the extent to which it would be technically feasible to limit, as appropriate, the types of “about” collection.
  1. Accountability and Transparency: To the maximum extent consistent with national security, the government should create and release, with minimal redactions, declassified versions of the FBI’s and CIA’s Section 702 minimization procedures, as well as the NSA’s current minimization procedures.
  1. Accountability and Transparency: The government should implement five measures to provide insight about the extent to which the NSA acquires and utilizes the communications involving U.S. persons and people located in the United States under the Section 702 program. Specifically, the NSA should implement processes to annually count the following: (1) the number of telephone communications acquired in which one caller is located in the United States; (2) the number of Internet communications acquired through upstream collection that originate or terminate in the United States; (3) the number of communications of or concerning U.S. persons that the NSA positively identifies as such in the routine course of its work; (4) the number of queries performed that employ U.S. person identifiers, specifically distinguishing the number of such queries that include names, titles, or other identifiers potentially associated with individuals; and (5) the number of instances in which the NSA disseminates non-public information about U.S. persons, specifically distinguishing disseminations that includes names, titles, or other identifiers potentially associated with individuals. These figures should be reported to Congress in the NSA Director’s annual report and should be released publicly to the extent consistent with national security.
  1. Efficacy: The government should develop a comprehensive methodology for assessing the efficacy and relative value of counterterrorism programs.

Read the full report here.

Contributing Author

Spencer KingSpencer King is the GTSC U.S. Intelligence Community Fellow.  Spencer studied at Audencia Nantes Ecole de Management and at Shenandoah University, where he graduated Cum Laude.  Spencer was the president of the Student Government Association at Shenandoah University.  At Shenandoah University, he worked for the university president’s office on lobbying, governance, and special projects.  Spencer also interned at Wolf Trap, where he facilitated strategic planning, government relations, special initiatives, and board relations/operations.

 

Leon Rodriguez Sworn in as USCIS Director
Read More

Leon Rodriguez Sworn in as USCIS Director

Leon Rodriguez was sworn in on July 9, 2014 as the fourth director to the world’s largest immigration service.

Rodriguez was sworn in as the director of U.S. Citizenship and Immigration Services (USCIS) during a ceremony at USCIS headquarters. Rodriguez, born in Brooklyn, and raised in Miami, comes to USCIS with a broad legal background and will lead the nearly 18,000 employee agency charged with administering the nation’s immigration and naturalization system.

Leon Rodriguez sworn in as USCIS Director“This is both an exciting and challenging time for USCIS,” Rodriguez said. “Our role in administering our nation’s immigration and naturalization laws has never been more important. I look forward to working with the entire USCIS family, including our partners and constituents, to ensure that our mission is carried out with fairness and integrity.”

Leon Rodriguez was confirmed by the Senate in June 2014 as the director of USCIS.  He previously served as the director of the Office for Civil Rights at the Department of Health and Human Services, a position he held from 2011 to 2014. From 2010 to 2011, he served as chief of staff and deputy assistant attorney general for civil rights at the Department of Justice (DOJ). Previously, Mr. Rodriguez was county attorney for Montgomery County, Maryland from 2007 to 2010. He was a principal at Ober, Kaler, Grimes & Shriver in Washington, D.C. from 2001 to 2007.

He served in the United States Attorney’s Office for the Western District of Pennsylvania from 1997 to 2001, first as chief of the White Collar Crimes Section from 1998 to 1999 and then as first assistant U.S. Attorney until his departure. Prior to joining the U.S. Attorney’s Office, Mr. Rodriguez was a trial attorney in the Civil Rights Division at DOJ from 1994 to 1997 and a senior assistant district attorney at the Kings County District Attorney’s Office in New York from 1988 to 1994. He received a B.A. from Brown University and a J.D. from Boston College Law School.

Read the release here.

7/22 MEMBERS ONLY Tour & Conversation with Col. (Ret.) Lee Wight, Director, WRATC
Read More

7/22 MEMBERS ONLY Tour & Conversation with Col. (Ret.) Lee Wight, Director, WRATC

Colonel (Ret.) Lee T. Wight is detailed as Executive Director, Washington Regional Threat Analysis Center (WRTAC), at Washington, DC’s Homeland Security Emergency Management Agency, while assigned to the Metropolitan DC Police Department. The Center’s mission is to facilitate information sharing and produce high-quality organic intelligence to detect, prevent and respond to all hazards to DC and the National Capital Region. He is also the Vice President of the National Fusion Center Association, representing 78 DHS-regionally recognized fusion centers across the US and its territories.

Col Lee Tip Wight(Ret.) Wight is a Hobbs, New Mexico, native.   Prior to retiring from the USAF after 27 years of service, Col (Ret.) Wight served as the Chief of Air Force Strategy at the Pentagon, where he focused on future threats, alternative force structures, and developed long term strategic policy. He was also Commander, 52d Fighter Wing, Spangdahlem Air Base, Germany, where he led over 16,000 military, civilian and dependent personnel who maintained, deployed and employed F-16 and A-10 aircraft, TPS 75 radar systems and $2.5B of U.S. Protection level 1 assets. Prior to joining the AF, Col (R.) Wight served as a Police Officer for the University of Oklahoma and the City of Moore, OK from 1980-1985. Colonel Wight has two children, Taylor (28) and Shanna (22).

REGISTER

About Fusion Centers:

Primary fusion centers serve as the focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information and have additional responsibilities related to the coordination of critical operational capabilities across the statewide fusion process with other recognized fusion centers. Furthermore, primary centers are the highest priority for the allocation of available federal resources, including the deployment of personnel and connectivity with federal data systems.  Learn more here.

 

The New Paradigm of the Government Market:  Plan, Prepare, Position, Partner
Read More

The New Paradigm of the Government Market:  Plan, Prepare, Position, Partner

I recently attended a small business Match Making event sponsored by the Government Technology Services Coalition for small business and prime contractors to meet, greet and exchange information on each other in hopes of identifying potential government contracting opportunities. This event showcased a three person panel of small business program office directors from the Small Disadvantage Business Offices of three different agencies.

I have attended many of these match-making sessions and recently asked the question in one of my Linkedin discussion groups: is attending these events valuable time well spent or a waste of time? I received various comments both positive and negative. However, I must say that this particular event was one of the best that I have attended and my reason is based on the content that the government panelist shared with the small businesses.

There is no question about the changing state of the government contracting market. There is definitely a new paradigm. The landscape has and is continuing to change significantly.

What does this mean for small business? Well, it means that they are being presented with opportunities greater than they have ever been presented within the history of small business contracting in the federal market.

With the implementation of the President’s Job Act coupled with new legislation and regulation that are favoring increased small business participation for contracts and better oversight on Prime/sub-contracting relationships, larger and longer multiple year contracts are being offered to small businesses. To support these initiatives Agencies are increasing their market research activity by sending out more RFI’s and Sources Sought announcements with the intent of identifying more small business  to contract with.

Agency Collaboration and the need to reduce redundancy and budget cuts are responsible for this new trend. With that said, the small business community has to change its thinking and their desire to go it alone when pursuing contracts.

The main theme presented by the government panelist was the lack of preparation by the small business community in pursuing contract opportunities. Some specifics were:

  • Presenting too many capabilities “jack of all trade” scenarios
  • Limited knowledge of agency mission
  • Inability to clearly present their core skills and solutions relevant to the agency mission
  • Not responding or poorly responding to RFI’s and Sources Sought announcements
  • Failure to present their value proposition as it relates to the agency request for support

Considering these things, the take away from this event boils down to the following:

Plan

Plan by performing an internal assessment of your company, who are you, what business are you really in, what are you best qualified to do – not what you want to do. Do your market research to establish where your skills and solutions best fit the agency problems you have targeted and refine your pitch based on your research and knowledge of the agency’s mission.

Prepare

Prepare by creating a compelling story of who you are and why your company is best suited to solve the agency problems based on your research and understanding of the agency mission. Responses to the RFI’s and Sources Sought should be focused on how your skills or solutions support the agency mission. Follow the congressional legislative and regulatory initiatives, and agency news. This information will provide you with great insight into the agency mission and the problems they are encountering in carrying out their mission

Position

Use your research to position your company. The more information you know about the legislative, regulatory initiatives and agency news, the easier it will be for you to communicate with agency program managers and department heads. The more knowledge you can share with them will provide them with a level of comfort that you have a understanding of their issues. This will be the basis of establishing a rapport which will lead to trust.

Partner

Performing a formal assessment on potential partners you have identified to team with is essential. The dynamics of the market demand that you spend ample time to do this. There are more contract opportunities that are multiple 8-10 year contracts and this requires thorough knowledge of who you will be spending that time with.

Compatibility, integrity, culture, vision, goals and trust will be the key factors for you to assess and consider in your selection. These criteria should be used regardless of whether or are considering a Prime or subcontractor relationship. Casual teaming is not the best way to go in the new market.

Contributing Author

Earl HollandEarl S. Holland III is the President and CEO, Growth Strategy Consultants, Strategic Advisor with the Government Technology Services Coalition and former Vice President of the Washington Chapter of the Association of Strategic Alliance Professionals.  You can reach him at: [email protected]www.growthstrategyconsultants.com

 

Mitigating the Insider Threat Through Personnel Surety Counterintelligence
Read More

Mitigating the Insider Threat Through Personnel Surety Counterintelligence

The Department of Homeland Security in coordination with US Customs and Border Protection are at the forefront of preventing insider threats within its law enforcement operations. These threats take the form of overt actions because of gaps in coordination and process mistakes that lead to self-created but preventable vulnerabilities.

To assure this continued success, a Personnel Surety Counterintelligence mission must be put in place through a management and implementation functionality that will meet the following objectives:

• Assess and audit the effect of the insider threat through risk analysis threat algorithms

• Establish a collaborative information-sharing personnel surety data base system that tracks action requirements and assigns accountability on a continuous basis

• Build a personnel surety counterintelligence business process into each law enforcement mission area, both operational and technologically supported through stakeholder collaboration

• Create a culture built around a robust personnel surety plan to ensure that a need to share for operational success supersedes the need to protect information

• Identify the insider threat and vulnerabilities through a continual monitoring system of checks and balances

• Counter the inadvertent mistakes that lead to the insider threat through the deployment of technologies that drive mission success and efficiencies

 

Coordinating the Government’s Personnel Surety Mission

The multi-faceted challenges of working in today’s mission-critical environmental and multiple enterprise coordination formats require innovative approaches that stress stakeholder creation and participation with built-in accountability, under an umbrella set of governance parameters. This is especially true in the world of counter-intelligence / insider threat in light of the number of initiatives currently underway to protect the United States government information infrastructure. It is imperative that the following initiatives be established:

• Establishing a government-wide personnel surety process and management discipline supported by standardized and relevant technologies

• Coordinating the activities of multiple operational centers, including sharing information about malicious activity and establishing common operating standards and procedures to: track information sharing, require acknowledgement of information received, and provide reports of counter-actions taken

• Deploying technology advancements in order to counter the threats both from an IT and behavioral perspective

• Engaging the private sector, as a partner, to extend the envelope of protection beyond the government’s firewall in a manner that is clear and manageable to that sector

These initiatives are designed to break the pattern of information silos and to overlay new paradigms that will mandate sharing and accountability to protect lives and critical mission information while providing stakeholders tangible metrics for their participation.

They also address the technology aspects required to support this new paradigm by ensuring that the most appropriate tools are in place, under the most cost-effective basis.

Establishing Enterprise-Level Governance

As recent events have proven, internal barriers may well be the biggest stumbling blocks to “connecting the dots” on a threat and preventing violence.

Deployment of a CBP Enterprise Program Management Office (EPMO) is a successful methodology that will enable CBP to break through such barriers and establish an enterprise-level governance functionality that will assure the success of the insider threat mission. An insider threat EPMO will allow CBP to:

• Coordinate the Counterintelligence Mission Focus across all of the Federal Mexican Police Department

• Deploy technologies that drive mission success and efficiencies

• Establish performance metrics and measurable outcomes linked to meeting the counterintelligence insider threat mission

 

Successfully Deploying the EPMO

A successful Counterintelligence EPMO will require the following focus to its activities:

• Developing and documenting a clear understanding of the mission

• Establishing an executive Governance Board

• Organizing with a focus on meeting the counterintelligence mission

• Deploying operations that protect the mission from internal/external threats

• Leveraging technology to enable the counterintelligence mission

• Establishing a disciplined standards-based foundation

It is critical that CBP establish an EPMO to serve as a central program management body, one which both manages and coordinates core insider threats and counterintelligence activities. The EPMO performs much of the program management related work for individual programs as well as the organization at an enterprise level, while still valuing the individual program contributions and objectives.

Establishing and sustaining this focus for the EPMO will require that four themes be addressed: statutory and other mandatory drivers, organization and supporting processes, technology requirements, and cultural change.

1. Statutory and Other Mandatory Drivers

Any EPMO is responsive to the statutory and / or regulatory drivers that established the mission for a sponsoring agency, augmented by internal agency directives or other mandated requirements. It is critical that information on these be gathered, analyzed, and clearly understood. After this it must be coalesced into a charter statement that all stakeholders will commit to support and follow under a program organization that has been developed and accepted in a collaborative process. Specific mission performance objectives may then be developed. Successful implementation of these is a function of establishing a common operating environment that has two components: process and supporting technology.

2. Organization/Process

The processes defining the EPMO’s operating framework must promote the effectiveness, efficiencies, and collaboration necessary to successfully meet the established counterintelligence insider threat mission. Once established, these characteristics must be sustained by adopting a regular process or review through which the operational and control processes of the EPMO are assessed, revised and opportunities for improvement are incorporated. The effective EPMO deploys Key Performance Indicators (KPIs) measuring key processes, especially those that touch the counterintelligence insider threat customer.

The EPMO monitors the KPIs to identify reductions in performance, and as a result, to proactively deploy revised and improved processes. Incorporation of standards and ratings to insure ongoing performance maturity is essential in order to ensure that the stakeholders of the EPMO are receiving the best information and are participating in decision-making as appropriate.

3. Technology

Even while most EPMOs operate in a highly automated environment, the successful counterintelligence insider threat EPMO team understands the use of technology is not the answer to all problems. That team also understands that well-deployed technology remains a critical, but supporting, component to highly qualified personnel and a well-run EPMO organization.

These technologies should be “smart”, scalable, flexible, extensible, and self-monitoring. The requirements for deployment must be based on the automation of a collection of previously manual processes and should provide short-term tactical efficiencies in response time, effectiveness, and productivity. It cannot disrupt processes, unless it is part of a well-understood process improvement strategy. It must be well understood and require users and customers to be well-trained and able to quickly incorporate the technology capabilities into the responsibilities assigned to them.

4. Culture

The EPMO must be staffed by program, change, technology, and counterintelligence professionals who are directly accountable to the counterintelligence mission and to the Department’s strategic objectives. The individuals in the EPMO must have the necessary credentials, as well as managerial, consultative and functional counterintelligence experience, necessary to operate a Department level counterintelligence program office. While necessity often requires that personnel and resources are gathered from other parts of the Department, once those resources are assigned or brought into the EPMO, the mission of the EPMO takes precedence; any adherence to previous cultural and organizational barriers become of secondary priority.

The above four goals must be addressed via a specific implementation process consisting of three primary phases: Initiation, Planning, and Execution, coupled with ongoing Assessment and Update once all facets of the EPMO have been deployed. Each phase has its own input requirements and results in deliverables which are critical to day-to-day execution of the mission objectives.

The advantages of this phased approach are multiple:

• An over-arching mission definition is established, to ensure that all participating agencies are operating to the same goals and objectives

• Agency and other users are provided hands-on guidance to support them through collaborative / facilitated involvement and integration into the counter- intelligence program

• EPMO establish standards, processes and performance measures as well as measuring tools

• Agencies left with flexibility in the management of individual counter- intelligence activities while adhering to enterprise business rules

• Some impact on organization and may require changes in organization structure and / or roles and responsibilities

• Relieves agencies and program teams of much of the responsibility and details of program management-related activities

• Allows users to focus on the counterintelligence activities, resolution of technical issues, and threat adjudication under a common set of ground rules and information-sharing environments

Conclusion

The need for a successful counterintelligence program demands a direct approach to establishing coordination. Therefore, the Counterintelligence / Insider threat EPMO would provide the most robust construct for securing enterprise wide coordination and help break down the organizational silos preventing success. The EPMO will provide a personnel security program as well as counterintelligence / insider threat coordination to the entire enterprise:  from the Executive level to managers, to Federal Officers, to professional staff, to security personnel, to IT personnel, and finally, to IT Security personnel down to administrative and clerical staff.

Contributing Author:

BillCarrollBill Carroll is a co-founder and the President of the EnProVera Corporation, a Service Disabled Veteran Owned Small Business and Native American Owned Small Disadvantaged Business.  Prior to EnProVera, he was the Managing Partner of Strikeforce Consulting.  Bill has over 40 years of experience in law enforcement, in the U.S. Government, and in the Government Contracting Industry.  He retired from the U.S. Government in 1998 after a distinguished career in the Immigration and Naturalization Service (INS).  Bill was the Director of the INS Washington District Office and Deputy Director of the Los Angeles District Office.