The world is a dangerous place, as Americans are quite aware.
But it is the often overlooked threats — an aging electrical infrastructure and cyber-crime, are two examples — that have Dr. Michael Hoeflich worried.
“There’s a reason my students call me ‘Dr. Doom,’” said Hoeflich, a professor at the University of Kansas School of Law.
Hoeflich was in Iola Thursday to speak with Rotarians about homeland security, particularly with how it affects today’s society.
The topic is more than a passing interest for Hoeflich, one of the creators of a new master’s program dealing with homeland security, law and public policy at KU.
Simply put, the program is designed to train professionals to work in emergency management and homeland security, both in military and civilian positions.
Hoeflich was invited to speak in Iola by long-time Rotarian Clyde Toland. While in town, Hoeflich also sat down with the Register.
Homeland security discussions these days centers on bickering about immigration or a much-ballyhooed border wall, Hoeflich said, when they should address more insidious things such as cyber security.
GETTING NOTICED
“It’s been 16 years since 9/11, and we have a tendency to forget. We still obviously remember 9/11, but we forget the problems that led to it, and those still exist.
“If anything,” he said. “They may be worse.”
Which is where the Department of Homeland Security’s emphasis may be misguided.
“Most of what we use as anti-terror legislation is under the Foreign Intelligence Surveillance Act of 1978,” Hoeflich said, which was updated following the Sept. 11, 2001, attacks.
“But most of that legislation deals with foreign powers and agents of foreign powers,” he said. “Increasingly, terrorists are not a part of a group. They’re lone wolves.
And in the United States the most recent terrorist attacks have not come from foreigners.
“They tend to be American citizens who have, for whatever reason, been radicalized.”
SNOWDEN’S ‘TREASON’
The United States lost a key tool in combating terrorist networks about two years ago, Hoeflich contends, after Edward Snowden, a former CIA employee, leaked thousands of documents to media outlets detailing the efforts by intelligence agencies — in particular, the National Security Agency — to collect data regarding communications among American citizens.
The effort was created as a provision in the aforementioned Patriot Act.
Hoeflich explains:
With the cooperation of telephone companies and internet providers, the government was allowed to intercept and archive information about phone calls, emails and other communications.
While the content of the communications was not revealed, the callers’ names and their locations were.
“If one of our intelligence agencies discovered a known terrorist was using a particular phone number, they could take that number, run it through a program that allowed them to identify whether any archived numbers matched,” he explained. “That allowed them to find networks. That’s how you find out who’s building terror networks.
“When Snowden made all those disclosures to the Guardian, it became immediately a hot political issue,” Hoeflich said. “All of the headlines read, “NSA is spying on 300 million Americans. Yes, but in a very limited way. They weren’t listening to phone calls, but just getting call details.”
Regardless, the effects in Washington, D.C., were seismic.
Lawsuits were filed within weeks demanding the program be dismantled.
Congress acted promptly, essentially ending the program, via the USA Freedom Act of 2015.
“It basically said we can’t do bulk collections. What we could do was in a limited framework, and we could only hold that information for a short amount of time.”
Simply put, “we lost a tool.”
Civil libertarians, conversely, rejoiced. “Over the long term, I don’t know if it was a good decision or not,” said Hoeflich, who describes himself as a libertarian, but also had little problem with the data collections.
“Personally, I don’t care if the government wants to know who I’m calling,” he said. “If they want to know who’s contacting me? Fine. If they’re collecting that data and it helps them identify terrorists and stops terrorist attacks, that’s fine by me.
“I would have a different opinion if they were collecting the substance of my calls,” he said. “I don’t want them reading my emails or looking at my call details.
“I’m not saying which is right or wrong,” he continued. “But these were difficult decisions that were made in very quick reaction to Snowden’s treason. These are things the public hasn’t even thought about. These were quick, knee-jerk reactions.”
AGING INFRASTRUCTURE
Protecting America comes at a cost, Hoeflich admits, and not necessarily for traditional means, such as military spending.
To illustrate, Hoeflich recalls the events of Aug. 14, 2003: the Northeast Blackout. Roughly 45 million Americans, from New York to Ohio, and an additional 10 million Canadians lost power following a series of power plant failures.
Many had their power restored after about six hours. However, there were pockets that did not get service restored for more than a week.
“It went down at a cost of $4 billion to the U.S. and $2 billion to Canada,” Hoeflich said. “Lives were lost and disrupted.”
A subsequent investigation determined the problems started with tree branches coming in contact with power lines in Ohio.
“It just happened on a hot day,” where demand for electricity was high. “It was a perfect storm.”
The episode pointed out a glaring vulnerability.
“It pointed out the electric grid in the U.S. is very old, more than 50 years old,” Hoeflich said. “It’s really old equipment and to a very large extent, it needs to be replaced. But we don’t have the money to replace it. Utilities don’t have the money to replace it.”
Fast forward to December 2015, in Ukraine, of all places.
Russian hackers — ahem — conducted the first known cyber attack of a power grid, cutting electricity to much of the Eastern European country for up to six hours.
“It was basically to tell them, ‘Don’t mess with us,’” Hoeflich said. “A few months ago, a European software company published a report about how not only is the same software the Russians used in Ukraine available on the Net, but it also can be relatively easily modified and used against the American grid.
“We know there have been attempts to come at the grid,” he said.
And there’s the rub.
Losing full electric power for an extended period — even for a week or two — would be devastating.
“We cannot function as a society without our electric grid being functional,” he said. “Most people depend on having a municipal water supply. Most of us depend on having natural gas. All of those are controlled by computer systems vulnerable to hacking.”
Basic communications, fuel for vehicles and other life-essential services would eventually be compromised if the outage is long enough.
“The average supermarket keeps on hand about three to four days worth of food,” Hoeflich said. “That’s why FEMA tells you to keep three or four days worth of food on hand in case of a disaster.”
Look at Florida, where some parts of the state still are without power, and may remain powerless for the next few weeks.
“Imagine what happens if the electrical grid goes out for a month,” Hoeflich said. “Modern society in the U.S. is gone. People will starve to death. We depend on electricity to live.
“What happens if a terrorist organization or foreign country that’s not a friend of ours, was able to take down the U.S. electrical grid and keep it down for a while?” he asked. “At that point, we’re not talking about improving homeland security. We’re talking about survival.
“Are the grids secure?” he asked. “No. And everybody knows that. Talk to anybody who is an expert on the grid, and they’ll tell you it’s very scary.
“Personally, I’d rather see my tax dollars go to ensuring my electricity stays safe than making sure there’s a wall to keep out poor Mexicans from Arizona,” he says bluntly.
But he has a hard time finding a receptive audience, and he knows why.
“There are no lobbyists for the government,” he said.
It’s a matter of priorities, he notes, and as long as politicians keep issues such as immigration and military spending at the forefront, such issues as beefing up the infrastructure will remain on the back-burner.
“Politics is not the best at assessing risk priorities,” he said. “The immediate danger is there. We are vulnerable. But that’s not apparently as popular a political issue.”
DON’T FORGET THE NATURAL DISASTERS, TOO
Some risks to the public have existed for generations, Hoeflich said, such as tornadoes, hurricanes and earthquakes.
The back-to-back hurricanes Harvey and Irma have provided some glimpses of optimism, Hoeflich said.
“One of the things that was great in Texas, and now in Florida, is how the National Guard and federal foks and local governments work together,” he said. “They learned the lessons of Katrina.”
However, a pair of “once-in-500-year” storms arriving days apart also points out another glaring vulnerability.
“Regardless of what you think about climate change, we’re getting a much more violent weather pattern,” he said. “Weather is getting scary.”
NEW-AGE DANGERS
Society is increasingly reliant upon the Internet, adding another layer of vulnerability.
“The more we get dependant on the Internet, the more we should be concerned with its security,” he said. “And we don’t seem to be. How many people update security software on their computers as they should? Studies show not nearly as many as they should.
“We are becoming more dependant upon technology that we don’t understand, and for the large part, we don’t control. When you’re in that situation, you really ought to be sure they’re safe.”
For example, the 140 million Americans exposed in the Equifax breach likely had done no business — at least not knowingly — with the credit ratings agency.
“But Equifax was one of the three companies in the U.S. that gathers credit information,” he said. “You didn’t have to be a customer, and you still got caught.
“And now they’re having congressional hearings?” he lamented. “Why weren’t those hearings held 10 years ago?”
That’s because public policy is far too often reactive than proactive, Hoeflich contends.
“This is a flaw in the way our political system operates, and when you combine it with a widespread distrust of the government and politicians, it becomes a real danger,” he said. “A good dose of skepticism about governmental activity is always a healthy thing. But we can’t forget the government is there to protect us. We have to find a way of overcoming our fear of government and telling government what we need and what we want and how our money should be spent.
I’m not saying spend less on education or less on health care,” he continued. “I’m saying, ‘Gosh, isn’t keeping the U.S. safe domestically as important as keeping it safe against foreign aggression?
“And I’m not even talking about infrastructure like our aging bridges and dams — look what happened this year in California — and protecting our water supply from terrorist activity.
“We don’t pay enough attention to it.”
WHAT TO DO?
Hoeflich has a diverse group of students — 12 in all — enrolled in his homeland security course at a KU law school campus in Leavenworth. Four are military officers, two are retired veterans, one works for the Department of Homeland Security, one is a law student, and one “is a retired woman, doing it because she thinks it’s interesting,” he said. “It’s a group of people who feel that something needs to be done, and they want to get involved in some level.”
The course runs the gamut, from looking at international terrorism and trafficking to such topics as intergovernmental relations, crisis communication, and the constitutionality of surveillance.
The second semester involves taking those discussions and running them through an actual crisis.
“We’ll look at it, study it, analyze and prepare a plan,” he said. “Then we’ll see if it works.”
He describes the course as “holistic,” incorporating both emergency management techniques and advocacy. “By the time we’re done, we want to work with advocates, managers, leaders,” he said.
“We look at all areas where there are significant risks,” Hoeflich said. “We don’t have to figure out how to stop the cyber attack, but we have to figure out how to talk to the guy who’s gonna stop the cyber attack.”
EVERY DOLLAR COUNTS
Beefing up internal security costs money, which is in large part why the aging infrastructure has not yet been tackled on a large scale, Hoeflich said. “Everybody is fighting for the last dollar.
“I’m fundamentally a libertarian,” he said. “I don’t like government doing things it shouldn’t be doing.
There are lot of things government doesn’t need to do, but it does,” he continued. “But I worry about the things they need to do, but they don’t, because nobody else can do that.
“You can’t leave maintenance of a national electrical grid to states and cities alone. You can’t leave security to a nuclear power plant to the states alone. These are issues only a (federal) government can handle,” he said.
“The public has to learn its lesson before the next major catastrophe,” Hoeflich warned. “Otherwise, the next 9/11 may be a lot worse than 9/11.”
