Internal Memorandum

To: Fr: Re:

Democratic Members, Committee on Homeland Security Democratic Staff (Cherri Branson)

Full Committee Hearing entitled: From al-Shabaab to al-Nusra: How Westerners Joining Terror Groups Overseas Affect the Homeland _____________________________________________________________________________________ On Wednesday, October 9, 2013, at 2:00 p.m. in 311 Cannon House Office Building, the Committee on Homeland Security will meet to hold a hearing entitled From al-Shabaab to al-Nusra: How Westerners Joining Terror Groups Overseas Affect the Homeland. WITNESSES Professor Michael Scheuer, Adjunct Professor Center for Peace and Security Studies Georgetown University Ms. Lauren Ploch Blanchard Specialist in African Affairs Congressional Research Service The Library of Congress Mr. Brett Lovegrove Chief Executive City Security and Resilience Network (CSARN) Mr. Richard Stanek Sheriff Hennepin County, Minnesota Mr. Richard Mellor Vice President, Loss Prevention National Retail Federation (Democratic Witness) Ms. Stephanie Sanok Kostro Acting Director Homeland Security & Counterterrorism Program Center for Strategic & International Studies (Democratic Witness) PURPOSE The purpose of this hearing is to explore the possibility that American or other Western citizens may leave their countries of residence, join Al Qaeda affiliated or other terrorist groups fighting in areas of unrest and after returning home, may seek to use tactics and skills learned abroad to launch terrorist

attacks within the United States. Further, because of the defensive and offensive measures currently in place at governmental and military installations within the United States, these individuals or groups may find unprotected soft targets to be the most appealing targets. In part, it appears that the concept for this hearing is both a response to the terrorist attack at the Westgate Mall in Kenya as well as a continuation of Majoritys examination of the Boston Marathon bombing. Because the hearing concept is not specifically linked to a particular governmental program, specific aim of a terrorist organization or a distinct incident, this memo is not written in the usual format. Below, you will find a series of questions followed by information which may arise during the course of the hearing. Unfortunately, the issues raised by this hearing could be explored in a meaningful fashion if the federal government shutdown did not prevent the appearance of government witnesses. Without the testimony of officials charged with implementing these important programs, there is little from a policy, legislative or oversight perspective that can be gained.

Why Should Soft Targets Be Considered Significant? Generally, soft targets are locations or events which may become the focus of terrorist attack because of a combination of factors which make them difficult to protect. These factors may include a lack of security (security personnel and/or facility protections) and the need to assure open and public access to fulfill their core function. Additionally, soft targets often have a symbolic significance and are likely to have a non-governmental purpose. For instance, shopping malls, movie theaters, schools, as well as mass transit and commuter rail facilities are considered the kinds of soft targets likely to garner interest by terrorists. Soft targets are to be contrasted with hard targets which are likely to have a military or governmental function and are equipped with offensive security protections (barriers, metal detectors) and personnel with a defensive response capability. Unexpected and violent attacks on soft targets which cause mayhem and loss of life have occurred with increasing frequency in this nation. The shooting of Rep. Giffords at a shopping center, the attack on the patrons of a movie theater in Aurora, Colorado, and the massacre of schoolchildren in Newtown, Connecticut were all the acts lone wolf actors carried out in places which could be considered soft targets. However, because the actors had no political or religious agenda, these attacks are generally not considered terroristic. On the contrary, because the actors alleged to have been involved in the Boston Marathon bombing are believed to have had a political or religious agenda, the attack is considered to be a terrorist attack on a soft target. In the days after the bombing, no terror organization nor individual claimed responsibility for the attack--leading authorities on terrorism investigations to be uncertain about whether this incident was directed by Al Qaeda or was an incident of Domestic or Homegrown Violent Extremism. Many experts quickly dismissed a possible Al Qaeda connection because of their propensity to quickly take responsibility for terrorist actions. And while the motivation of the Boston bombing suspects remains unknown, news reports have indicated that their motivation appears to have been based on religion, not politics, the purpose of the foreign travel engaged in by one of the suspects remains unclear, the suspects were not involved with any foreign

terrorist organization and the suspects learned to build the bombs used by information gathered on the internet. However, it should be noted that the facts of this case are likely to remain unclear until the conclusion of the criminal proceedings of the remaining living suspect. If Soft Targets are a vulnerability, what can be done about it? Since it is neither practical nor feasible to protect all assets and systems against every possible terrorist threat, the Department of Homeland Security ( DHS) uses risk-informed approaches to prioritize its security-related investments and for developing plans and allocating resources in a way that balances security and commerce. A risk management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives, assessing risk, evaluating alternatives, selecting initiatives to undertake, and implementing and monitoring those initiatives. In June 2006, DHS issued the NIPP, which named TSA as the primary federal agency responsible for coordinating critical infrastructure protection efforts within the transportation sector. The NIPP also established a six-step risk management framework to establish national priorities, goals, and requirements for Critical Infrastructure and Key Resources protection so that federal funding and resources are applied in the most effective manner to deter threats, reduce vulnerabilities, and minimize the consequences of attacks and other incidents. The NIPP defines risk as a function of threat, vulnerability, and consequence. Threat is an indication of the likelihood that a specific type of attack will be initiated against a specific target or class of targets. Vulnerability is the probability that a particular attempted attack will succeed against a particular target or class of targets. Consequence is the effect of a successful attack. An updated version of the NIPP was issued in 2009. 1 With an interest in protecting soft targets, DHS maintains the Homeland Security Grant program. Homeland Security Grant Program Following the September 11, 2001 attacks and the subsequent findings issued by the National Commission on Terrorist Attacks Upon the United States (9/11 Commission), Congress authorized riskbased grant programs to help States, high-risk urban areas, and Port and Transit authorities develop critical preparedness and response activities. 2 These programs include the State Homeland Security Grant

Transportation Security: Additional Actions Could Strengthen the Security of Intermodal Transportation Facilities, GAO-10-435R, May 2010.
2

Federal Homeland Security Grant funds cannot be used to harden non-government owned soft targets. Privatesector owners of soft targets, however, can be included in planning and exercise activities involving soft targets (e.g.: hotels, shopping malls, movie theaters).

Program (SHSGP),3 the Urban Area Security Initiative (UASI), the Transit Security Grant Program (TSGP)4, and the Port Security Grant Program5 (collectively, the Homeland Security Grant Program). Stakeholders from State and local jurisdictions have repeatedly stated that the homeland security grant funds have been essential in developing the capabilities necessary to quickly and effectively respond to a terrorist attack or natural disaster. Indeed, at the Committee on Homeland Securitys Hearing on the Boston Marathon Bombings in May, Boston Police Commissioner Davis stated that without grant funding, the response would have been much less comprehensive than it was and without the exercises supported through UASI funding, there would be more people who had died in these -- in these attacks. Unfortunately, the funding for the Homeland Security Grant Program has been reduced significantly under Republican leadership of the House. For example, the last year the Democratic majority made fullyear appropriations for DHS - Fiscal Year 2010 - Congress appropriated about $2.75 billion 6 for the targeted homeland security grant programs. For FY 2011, however, Congress reduced funding to about $1.9 billion.7 As a result of these cuts, 32 cities were eliminated from the UASI program. The following year, FY 2012, Congress appropriated only $1.35 billion for these important grant programs. 8 Although grant funding was restored to about $1.5 billion for FY 2013, 9 sequestration will further reduce the
3

States and territories receive a statutory minimum level of funding under the State Homeland Security Grant Program. The remainder of the funds is allocated according to risk and anticipated effectiveness.
4

The Implementing Recommendations of the 9/11 Commission Act, P.L. 110-53. The Security and Accountability For Every (SAFE) Port Act of 2006, P.L. 109-347.

For FY 2010, the $2.75 billion includes Urban Area Security Initiative ($887 million, up from $838 million in FY 2009 these figures include Nonprofit Security Program), State Homeland Security Grant Program ($950 million, level with FY 2009 these figures include Operation Stone Garden), Buffer Zone Protection Program ($50 million in FY 2010, and FY 2009), Transportation Security Grant Program ($612 million, including PSGP), Metropolitan Medical Response System ($41 million in FY 2009 and 2010), Citizen Corp ($13 million, down from $15 million in 2009), Regional Catastrophic Preparedness ($35 million in FY 2009 and FY 2010), Interoperable Emergency Communications Grants ($50 million in FY 2010 and FY 2009), and Emergency Operations Centers ($60 million in FY 2010, up from $35 million in FY 2009). Neither EMPG nor Fire Grants are included.
7

For FY 2011, the $1.9 billion includes Urban Area Security Initiative ($725 million), State Homeland Security Grant Program ($725 million, which includes funding for Drivers License Security Program, the Metropolitan Medical Response System, Operation Stone Garden and Citizen Corps), Transportation Security Grant Program ($500 million, including PSGP), Regional Catastrophic Preparedness Grants ($15 million), and Emergency Operations Centers ($15 million). Interoperable Emergency Communications Grants (IECGP) were zeroed out. Neither EMPG nor Fire Grants are included.
8

For FY 2012, Congress allocated about $1.35 billion to allocate among the State Homeland Security Grant Program (SHGP), the Urban Area Security Initiative (UASI) , the Metropolitan Medical Response System (MMRS), Operation Stonegarden, the Citizen Corps Program, the Port Security Grant Program (PSGP), the Transit Security Grant Program (TSGP), the Interoperable Emergency Communications Grant Program, the Buffer Zone Protection Program Grant program, the Drivers License Security Grant program, Emergency Operations Centers, and non-profit organizations. This level was $1.5 billion below the Presidents request. Neither EMPG nor Fire Grants are included.
9

For FY 2013, the approximately $1.5 billion appropriated includes Urban Area Security Initiative ($500.3 million, including $10 million for non-profits), State Homeland Security Grants ($346.6 million, including $46

amount available to be awarded to support State and local preparedness and response capabilities. Without this Federal support, State and local governments, who are already struggling to stretch their budgets, may not be able to maintain the capabilities, training, planning, and expertise developed over the past decade. In addition to reductions in funding appropriated to support the Homeland Security Grant Program, structural changes have reduced or otherwise modified the entities eligible to compete for funding. For example, report language accompanying the final DHS spending bill for FY2013 limited the number of cities eligible to compete for UASI grant funding to 25, although 31 cities had received funding under the program in FY 2012 and FY 2011. Additionally, the 8 highest-risk port areas are eligible to compete for 60% of all PSGP funding. All other ports must compete for the remaining 40% of available funds. Although risk assessments purport to be based on objective criteria, it appears that policy (and political) judgments factor into a Homeland Security Grant applicants risk assessment score. However, the limited funds available under the Homeland Security Grant Program, have brought the need for objective and transparent risk assessments to determine eligibility into sharp relief. Risk Assessment Formula The risk assessment formulas used to allocate funding for SHSGP, UASI, TSGP, and PSGP have been adjusted repeatedly to more accurately assess risk in response to recommendations by the Government Accountability Office and Congress. The risk assessment formulas used to allocate funding for SHSGP, UASI, TSGP, and PSGP for FY 2013 are based on threat (30%), vulnerability (20%), and consequence (50%). A threat assessment includes the identification and evaluation of adverse events that can harm or damage an asset.10 A vulnerability assessment identifies weaknesses in physical structures, personal protection systems, processes, or other areas that may be exploited. 11 And a consequence assessment is the process of identifying or evaluating the potential or actual effects of an event, incident, or occurrence.12

million for Operation Stonegarden), Transit Security Grant Program ($97.5 million), Port Security Grant Program ($97.5 million), $188.932 million to allocate among UASI, SHSG, Operation Stonegarden, Nonprofit Organizations, Transportation Grants, Port Grants, Over-the-Road Bus Security Grants, MMRS, Citizen Corps, Drivers License Security Grants, Interoperable Emergency Communications Grants, Emergency Operations Centers, the Buffer Zone Protection Program, and Regional Catastrophic Preparedness, and $235.174 million to sustain current training and exercise operations. Neither EMPG nor Fire Grants are included. These are prerescission and pre-sequester figures.
10

Government Accountability Office, Federal Protective Service: Actions Needed to Assess Risk and Better Manage Contract Guards at Federal Facilities, at 4 (August 2012) (GAO-12-739).

11

Id.

12

Id.

In carrying out the assessment of threat, vulnerability, and consequence to calculate an applicants relative risk score, FEMA inputs specific data for each grant program. See charts attached. Issues Related to Risk Assessments Lack of Transparency and Understanding in Risk Assessment Scores Each year, FEMA performs new risk assessments to determine a Homeland Security Grant Program applicants relative risk assessment score and awards grant money to States, high-risk urban areas, port authorities, and transit authorities accordingly. Although FEMA releases general information regarding the factors its risk assessment scores, the type of data plugged into the formula and the sources of the data are less clear. Additionally, it is unclear how intermittent activity such as tourist season or other events - affects an applicants risk assessment score. Members may be interested in learning the sources of the data used in the risk assessment, how the data is weighted, and how intermittent activity affects a relative risk assessment score. Members may also be interested in asking how FEMA resolves disputes with grantees regarding relative risk assessment scoresfor instance when a jurisdiction believes FEMA has failed to factor pertinent information into its risk assessment. Threat and Hazard Identification Risk Assessments (THIRAs) In Fiscal Year 2012, States, UASIs, and FEMA regions applying for grant money were required to complete THIRAs for the first time. However, this requirement seems to be a non sequitur because FEMA has stated that THIRAs will not be used to award baseline funding under the current grant program but are instead intended to be used to identify the capability targets and gaps and to prioritize investment. However, it appears that THIRAs would be used to allocate grant money under FEMAs grant consolidation proposal. Members may wish to learn about the quality of THIRAs submitted to FEMA and what efforts FEMA is undertaking to provide technical assistance and other guidance to assure that a jurisdiction is able to submit a THIRA that includes all accurate and relevant information. Members may wish to ask witnesses how soft targets inform risk assessments and THIRAs. Moreover, Members may wish to ask witnesses how States and UASIs use grant funding to include private sector partners in training activities that will enhance response to events at soft targets. Finally, Members may wish to ask witness how reductions in grant funds have affected preparedness and training efforts targeted toward improving preparedness for soft targets.

Why are Al Shabaab and Al Nusra of Interest? On September 21, 2013, unidentified gunmen staged a coordinated effort to attack the upscale Westgate Shopping Mall in Nairobi, Kenya. The attack, which lasted until September 24th, resulted in at least 72 deaths, including 61 civilians, 6 Kenyan soldiers, and 5 attackers. The attackers held hostages and later engaged in gun battles with Kenyan security forces. Over 200 people were reportedly wounded in the mass shooting. It is believed that the gunmen who carried out the attack are affiliated with the terrorist organization, Al Shabaab. Additionally, it is believed that several American citizens of Somali descent have left the United States to fight with Al Shabaab. Additionally, media reports indicated that during the

Westgate attack, Al Shabaab indicated that Americans were among the gunman. These reports have not been officially confirmed. Al Shabaab emerged about a decade ago in Somalia amid a proliferation of Islamist and clan-based militias. It has been linked to Al Qaeda for years and was designated by the United States as a Foreign Terrorist Organization in 2008. The group, which also maintains ties with Al Qaeda in the Arabian Peninsula (AQAP), announced its formal merger with Al Qaeda in February 2012. Al Shabaab, as it exists today, appears to be a hybridit is both a locally focused Islamist insurgent group and a transnational terrorist affiliate of Al Qaeda. Like several other AQ affiliates, the group appears to operate largely independently from core Al Qaeda. Al Shabaab was formed as a militia loosely affiliated with a network of local Islamic courts that emerged in the 1990s in the absence of central authority in Somalia. The courts' leaders varied in their ideological approaches, which reflected diverse views on political Islam, clan identity, and Somali nationalism. Unlike the courts and their individual militias, which were largely clan-based and nationalist in agenda, Al Shabaab's leadership drew members from across clans, ascribing to a broader irredentist and religiously driven vision of uniting ethnic Somali-inhabited areas of East Africa under an Islamist caliphate. Some of its leaders reportedly trained in Afghanistan. Al Shabaab's vision for Somalia runs counter to long-running international efforts to create a stable, inclusive Somali government. Somali authorities, unable to secure territory on their own, have relied on the African Union Mission in Somalia (AMISOM) forces to retake and secure the capital, Mogadishu, from Al Shabaab, which has controlled much of southern and central Somalia since 2006. Since February 2011, military offensives by AMISOM, allied regional forces from Ethiopia and Kenya, Somali government troops, and allied militia have pushed Al Shabaab out of the major cities and ports, but it continues to enjoy some freedom of movement and to control territory in rural areas. These setbacks have deprived Al Shabaab of major sources of revenue and have resulted in a shift in its operations. Since what it termed a "strategic withdrawal" from Mogadishu in August 2011, the group has conducted almost-daily guerilla-style attacks on government, civilian, AMISOM, and other foreign targets, in both urban and rural areas. Notable attacks against foreign targets in 2013 include a June attack against the U.N. compound in Mogadishu, in which 22 people were killed, and a July attack on the Turkish diplomatic residence there. Al Shabaab conducts assassinations and attacks using improvised explosive devices of various types, mortars, grenades, and automatic weapons, causing hundreds of civilian casualties. Syria and Al-Nusra The Al-Nusra Front is an Al Qaeda affiliate operating in Syria. The group announced its creation in January 2012 during the Syrian civil war. Fighting alongside the Syrian opposition, it is described as "the most aggressive and successful arm of the rebel force." During the Syrian civil war, the group has claimed credit for several attacks against targets affiliated with or supportive of the Syrian government. The Al-Nusra Front has been credited with responsibility for 57 suicide bombings in the Syrian civil war. In December 2012, the group was designated by the United States and the United Nations as a foreign terrorist organization. It has been reported that individuals have left the United States to fight against the Syrian regime. It is suspected that these individuals may have joined Al-Nusra.

Do we have mechanisms to detect and prevent individuals who have committed terrorist acts abroad from returning home? Yes. Customs and Border Protection (CBP) currently operates an Immigration Advisory Program (IAP). IAP officers work in partnership with foreign law enforcement officials, to identify and prevent terrorists and other high-risk passengers, and then work in coordination with commercial air carriers to prevent these individuals from boarding flights destined to the United States. IAP officers conduct passenger interviews and assessments to evaluate the potential risks presented by non-watchlisted travelers. The IAP currently operates at eleven airports in nine countries including Amsterdam, Doha, Frankfurt, London Heathrow and Gatwick, Madrid, Manchester, Mexico City, Panama City, Tokyo and Paris. Since the inception of the program in 2004, IAP officers have been successful in preventing the boarding of more than 15,700 high-risk and improperly documented passengers. While no system is perfect there is a substantial process in effect to prevent individuals who may intend to do harm to the people of the United States from boarding a plane and reaching domestic airspace.

PASSENGER PRESCREENING

In accordance with 9/11 Commission recommendations, Congress mandated the collection and transmission of advance passenger information under the Aviation Transportation Security Act of 2001 13 (for commercial passenger flights arriving in the United States) and the Enhanced Border Security and Visa Entry Reform Act of 2002 14 (for flights and vessels arriving in and departing from the U.S.). Subsequently, the Intelligence Reform and Terrorism Prevention Act of 2004 15 required DHS to perform preflight terrorist watchlist screening for all passengers and crew onboard aircraft bound for or departing from the U.S. Automated Targeting System. Within DHS, CBP is responsible for prescreening international air travelers to the U.S.16 At 72 hours prior to departure, CBP receives Passenger Name Record (PNR) information17 from international air carriers in its Automated Targeting System-Passenger (ATS-P). Through ATS-P, CBP checks and analyzes each passenger record against various law enforcement, customs, and immigration databases to focus CBPs inspection and screening resources on high-risk individuals either upon arrival at a U.S. port of entry or at airport security checkpoints in the nine

13

P.L. 107-71. P.L. 107-173. P.L. 108-458.

14

15

16

Under its Secure Flight program, the Transportation Security Administration (TSA) is scheduled to assume from CBP transportation security-related terrorist watch list vetting for international aircraft passengers later this year.
17

PNR data may include date of reservation/ticket issuance, dates of intended travel, payment and billing information, travel agency/travel agent, baggage information, and travel itinerary.

overseas locations where CBP has personnel under its Immigration Advisory Program (IAP). 18 Much of this targeting occurs at CBPs National Targeting Center (NTC) located in the Washington, DC area. Advance Passenger Information System. In addition to PNR information, CBP uses its Advanced Passenger Information System (APIS) to capture personal identity and travel information from passenger manifests provided by air carriers prior to departure. Personal identity information is generally collected electronically by air carriers from a travelers passport. For Visa Waiver Program travelers, CBP provides confirmation to the carrier about whether a passenger has an approved ESTA authorizing travel to the U.S. APIS information is then fully processed through DHSs Treasury Enforcement Communications System (TECS). This processing may occur after a flight has departed for the U.S. CBP cross-references the data against several law enforcement, customs, and immigration databases and watchlists, including: the Terrorist Screening Database (TSDB), the Federal Bureau of Investigations (FBI) list of active wants and warrants; FBI criminal history information (for foreign nationals only); U.S. government travel document databases (visas, passports, and permanent resident cards); lost and stolen passport lists; and special lookouts generated through ATS-P. Once enforcement queries are complete, results are posted in TECS for CBP officers to review prior to a flight arriving in the U.S. TERRORIST SCREENING DATABASE PROCESSES No-Fly List Administration/Function The No-Fly List is comprised of a list of persons, including U.S. citizens, who are considered a direct threat to U.S. civil aviation. The list was established in 1990 in response to aircraft bombings in the late 1980s. With enactment of the Aviation Transportation Security Act ,19 the Transportation Security Administration (TSA) was established and assumed the administrative responsibility for the No-Fly List. Terrorist Screening Center/Nomination Process Pursuant to Homeland Security Presidential Directive 6, the Terrorist Screening Center (TSC) was established to create and maintain the U.S. governments consolidated watchlistthe Terrorist Screening Database (TSDB) and to provide for use of watchlist records during security-related and other screening processes.20 The No-Fly List is a subset of the TSDB. The TSC receives watchlist information for inclusion in the TSDB from two sources, the National Counterterrorism Center (NCTC) and the FBI. The vast majority of the information received by the TSC comes from the NCTC, which compiles information on known or suspected international terrorists. The FBI provides the TSC with information about known or suspected domestic terrorists. In general, the FBI nominates individuals who are subjects of ongoing
18

The key objectives of IAP are: 1) to enhance air travel safety by preventing terrorists from boarding commercial aircraft destined for the United States and 2) reduce the number of improperly documented passengers traveling to the United States. CBP currently operates nine IAP locations in seven countries: Amsterdam, Netherlands; Warsaw, Poland; London, United Kingdom (Heathrow and Gatwick airports); Manchester, United Kingdom; Tokyo, Japan; Frankfurt, Germany; Seoul, Korea; and Madrid, Spain.
19

P.L. 107-71.

20

Homeland Security Presidential Directive/HSPD 6, Integration and Use of Screening Information (Sept. 16, 2003).

FBI counterterrorism investigations to the TSC for inclusion in the TSDB, including persons the FBI is preliminarily investigating to determine if they have links to terrorism. The NCTC and the FBI apply a reasonable-suspicion standard to determine which individuals are appropriate for inclusion in the TSDB. The NCTC and the FBI are to consider information from all available sources to determine if there is a reasonable suspicion of links to terrorism that warrant a nomination. Once the NCTC and the FBI determine that an individual meets the reasonable suspicion standard and find that minimum biographic information exists, they extract sensitive, but unclassified information on the individuals identitysuch as name and date of birthfrom their classified databases and send the information to the TSC. The TSC reviews these nominationsevaluating the derogatory and biographic informationto decide whether to add the nominated individuals to the TSDB. CONCLUSION Unfortunately, the issues raised by this hearing could be explored in a meaningful fashion if the federal government shutdown did not prevent the appearance of government witnesses. Unfortunately, without the testimony of officials charged with implementing these important programs, there is little from a policy, legislative or oversight perspective that can be gained.