More Than Human: A Conversation with Bob Weaver for Secure Business Quarterly

by rthieme on November 16, 2001

More Than Human:

The Network is More Than the Sum of its Parts when Disaster Hits

by Richard Thieme

A friend who immersed himself in the study and practice of karate left the late show at the movies one night and turned a corner toward his car. A hand came out of the darkness and grabbed him by the shoulder. He immediately turned and with one swift cut, broke his assailant’s neck.

Except it wasn’t an assailant. It was a friend who had wanted to say hello.

“Be sure that what you practice is what you want to do,” he told me, “because when you don’t have time to think, what you have practiced is what you will do.”

Bob Weaver, the Assistant Special Agent in charge of the US Secret Service New York Field Office, which includes the Electronic Crimes Task Force, has been practicing for a long time. He has more than twenty-five years of government service, and as head of the NYECTF, he supervises a dedicated staff of high tech crime fighters and criminal investigators. When the attack on September 11 put their office at the center of Ground Zero, they did what they had practiced.

That practice plus their ability to execute under fire in a war zone is a pattern for all organizations.  Sec. 105 of the “Patriot Bill,” the “expansion of the national electronic crime task force initiative,” requires that the Director of the United States Secret Service “develop a national network of electronic crime task forces, based on the New York Electronic Crimes Task Force model, throughout the United States, for the purpose of preventing, detecting, and investigating various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems.”

How did the New York Electronic Crimes Task Force become a model for the rest of the country?

“Our unique skill set starts with protection,” Weaver said, “which I see as an asset, not a detriment. We had to learn how to share. We’re a small agency and our weakness is our strength – we have to partner. We can’t be the guys in the plane, on the boat, on the corner, so we have to partner with corporations, with state city and local, with military, and depend on all of them for key strategic pieces. This created our institutional culture and made us responsive. That’s why we became a model for local inter-agency cooperation and private-public partnership.”

The NYECTF represents a confederation of law enforcement agencies, public prosecutors, academia, and private industry institutions in a strategic alliance to pool their core competencies to address electronic crimes. The Task Force surrounded itself with some of the best people in technology, which meant joining forces with the private sector.

“When it comes to technology,” Weaver said, “we don’t always have the expertise, the right tools or the people with the right type of knowledge to work some of our cases. The private sector gives us that.”

So “partnership” is more than a  buzzword for the NYECTF. It’s the essence of their culture.

On September 11, it saved the day.

“We used bricks and mortars like everybody else,” Weaver said, “but when the bricks and mortar went down, we were comfortable in the virtual world.  If we had not been, we would not have been operational within 48 hours. We would have been wiped out and we would have stayed wiped out.”

The Secret Service offices were on the 9th and 10th floors of 7 World Trade Center, one of several buildings in the WTC concourse, connected to the complex at the base of the north tower so their windows faced the front of the WTC and looked up at the north tower.

“When the first plane hit we looked up out of our building and saw the fire and explosion. It was easy to see that it was time to evacuate.

“Because we were so flexible, we were able to have our ‘bricks and mortar’ 100% catastrophically destroyed but our virtual component had us operational within 48 hours. I attribute that directly to the corporate partnerships that we had developed, plain and simple.”

The cell phones went down in the immediate aftermath of the attack so they used two-way pagers to communicate. Once they were back, they used cell phones too.

Cellular and paging networks are the only wireless networks currently used. “We don’t use wireless computer networks. It’s not that they cannot be secure, but they are currently not at the level of security which would enable us to use them.”

The decision on the right time to use wireless networks will be made by the Investigative Research Management Division (IRMD) of the Secret Service and the CIO, not at the level of the field office.

But on September 11, cellular and pager networks plus the human network – alliances built with the corporate sector – provided the resiliency they needed.

“We were virtually indestructible because we’re community based,” Weaver said. “We are a distributed network, so strong that its like trying to step on mercury. This is a new model in law enforcement, where we’re not 100% bricks and mortar. We’re as comfortable in the virtual world as in the physical.

“What was theory before is now battle-tested. Redundancy in our network made it robust, not only survivable but operational.”

No government group can give details of their network operations, which would constitute a playbook for enemies, so Weaver can only affirm the importance of the wireless network and the operational model they had built.

“It was totally unexpected, of course, a complete surprise when it happened. We evacuated – which is easy to say but not easy to do when there are 200-300 people in the building on your floors for whom you’re responsible. We needed to seek all of them out to be sure they left safely. That was a coordinated effort – it wasn’t just me, it was all of us, all of the agents in the office. Heroic things were done that day. Great responsibility was taken at great risk, at great sacrifice. We lost Craig Miller, an employee that we still can’t find. His body has never been recovered. People here are still grief-stricken.”

As wireless networks become ubiquitous because of mobility, redundancy, and flexibility, it is unthinkable to allow them to grow without adequate security, given what’s at stake.

For wireless networks to thrive, “you need bandwidth,” Weaver notes, “and the capability to encrypt very heavily. You’re protecting operational data and intellectual property. ‘Operational security’ is our watchword these days.

“For the last quarterly meeting of the NYECTF, we scanned lower Manhattan for wireless networks. We were pleased that some were heavily encrypted and had changed default settings, which is good, but we found that 50% of all wireless networks scanned were unprotected. We had full access to them.

“That is not good,” he said dryly, “particularly in the financial district.”

“We shared that information with them, not to embarrass them, but because making them aware of the truth about less protected or unprotected networks enabled them to take appropriate action.

“The time has come to pay attention. If not now, when? If September 11th wasn’t enough, what is?”

The vulnerability of wireless networks is a consistent factor in incidents investigated by the Secret Service. A news agency in New York intercepted the data streams of the New York city police and fire departments. Mobile data terminals were intercepted. In fact, anything and everything that can be sent by wire or orally over the airwaves has been intercepted in New York.  For every wireless possibility – fax, pagers, wireless computer networks, cellphones – the Secret Service has arrested people and confiscated equipment.

Often it’s not a criminal doing mischief but a commercial enterprise selling large numbers of appliances. In the Breaking News Network case, thousands of customers were sold technology for decoding software over the Internet. The only way to defend against the decoding software was to be encrypted at a level that the software couldn’t crack. That held true for mobile data terminals as well. If not protected with encryption, they were vulnerable.

So the NYECTF frequently issues public safety and service messages and takes a systemic approach. They respond to criminal activity, issue public notices, and talk to companies so they understand how criminal ingenuity has compromised their software or products.

Weaver is heartened by the degree of responsiveness in New York City. “The private sector is increasingly aware and people are taking appropriate counter-measures. They are getting the game. There’s a surge in the dollars spent on security. People doing physical security in New York can not keep up with demand. There’s a lot more willingness by corporations to spend money on disaster recovery and network security.

“The same thing happened at Y2K,” Weaver recalls. “Some said, it was good we had Y2K for practice, but in a way, it was almost a shame there wasn’t a little nip there because afterwards, in the afterglow, it was almost as if it was much ado about nothing. But we learned lessons that helped when disaster really hit. It can come in an earthquake, a flood, a catastrophic terrorist event. Y2K raised the bar and the industry and community are better off for it.”

At this point in the conversation, a colleague handed Weaver a picture of his former office in flames.

“I can’t believe this picture,” he said, the tone of his voice lowering. “There are flames shooting out of my office. There is no other fire on that side of the building (the West Broadway side) but there is in my office. It’s incredible.

“I knew we lost everything in the attack, but I guess my friend wanted to be sure I didn’t forget.”

Memories of those events are never far from Weaver’s conscious thoughts.

“After we evacuated and relocated, we went back in for rescue. You have to understand that everything caught fire and was burning. The building had long since been evacuated but all of our equipment was lost. The evacuation was not a safe evacuation. It was a dangerous environment. Shrapnel was flying and falling, fires were everywhere, the evacuation was like trying to walk through a mine field.

“Contingency plans are a wonderful thing. Either you have them or you don’t. Our plans said, take the stairs, so we did, but at the lobby level, where the stairs ended, it would have been unwise to go outdoors because shrapnel was falling, hitting the building, setting cars on fire, so people had to be rerouted through a side door to the side and rear of the building. That was done by some key people who took initiative.”

The genuine heroism of ordinary people under conditions of extraordinary stress was exemplary.

“What kind of person,” Weaver asked, “is a private citizen in a plane flying over Pennsylvania who takes it on himself along with people he never met before to make a decision that they are going to take the plane back? When you consider that person – how he grew up, his ethics, his principles, his values – you have to put him on a level with the police and firemen and Port Authority personnel and all the others including Secret Service who ran in when everyone else was running out.”

Because of the shift in how Americans experience themselves in light of the attack, words that might have seemed affected before September 11th are now the simple truths of our lives.

“There really is a call to public service,” Weaver acknowledged. “In the Secret Service Headquarters in Washington DC, in the main entrance, etched in stone, is a five-pointed star. On the points of the star are five words: duty, justice, courage, honesty, and loyalty. Those attributes were chosen for a reason. The words are indelible, etched in stone, and they mean something important to us.”

Out of his tested commitment and twenty-five years experience, Weaver has solid advice for anyone willing to listen.

There must be a systemic approach to security that addresses the real underlying issues. That means working first in a preventive mode, a risk management mode.  “No one wants to be in a crisis response mode, but when we do have to go there, when we can’t control things, we can manage things. If we could control things we would have prevented the second plane from hitting. We couldn’t.  But we can manage how we respond.”

Again and again, wireless networks as a metaphor for human networks emerged from our discussions. The level of security demanded by electronic networks is now demanded by society.

“We have to approach security issues as a community,” Weaver said. “That’s what partnerships have taught us.  When corporations find a way to have a value-added relationship that is mutually beneficial with government entities like ourselves, they become aware of what’s going on in the community and with our help get a peek under the hood that keeps them forewarned. This is always a work in progress – none of us really anticipated the degree to which there would be such a misuse of technology – so the work in progress is very high maintenance.

“But even when we have that mutually beneficial relationship, many stop once they know the problem and identify a solution. That’s not enough. Implementing solutions and producing a work product that has deliverables and outcomes is the end game. That’s how businesses keep score and we run parallel with that.

“When it’s in our best interest, we form alliances and creates bridges to one another. But those bridges must be built before critical incidents happen.

“People in New York that worked with us knew about pager intercepts of data, cellular intercepts, computer intercepts, and wireless networks because we shared that information with them. That enabled them to protect their bottom line.”

Weaver knows that corporations want to answer one question when they spend money on security: are they getting a bang for their buck? Businesses spend an average of 3-5% of their budgets on security. Does that investment return a profit?

Weaver can’t provide numbers to answer that question but knows from experience that “if you’re not exercising due diligence at this stage of the game, you’ll pay for it later. Do you want to pay now or pay later? Are you willing to risk corporate assets on a gamble that it won’t happen to you? If you are, best of luck.”

Physical security is impossible to separate from IT security. “They will be joined together forever,” he said. “Information is a hard asset. People must understand it’s value.”

Maybe there is a simple way to quantify these issues, he added.

“What don’t you want people to have? That’s exactly what they want. Then, what would your company be without it?”

The NYECTF reports quarterly to the community on its efforts. At an invitation-only meeting on November 27, 2001, many of the 200 corporations, 12 universities, and 50 law enforcement agencies that belong to the Task Force sent representatives to hear Weaver and his colleagues describe a new initiative. They announced a program to support homeland defense by creating programs for education and awareness at the community outreach level. This effort includes a partnership with this writer who is Founder and Director of the Homeland Defense Network, a grassroots effort to identify and make available a wide variety of opportunities for people on the home front/front lines to be educated, trained and supported in realistic ways for their roles in a protracted war with terrorism. They also announced a new initiative to help businesses with physical security audits.

“We do come back,” Weaver concluded, looking at the picture of his office in flames. “There’s a resiliency in the human spirit that’s wonderful. Just pour a little ‘miracle grow’ on it and – here we are again.”

Richard Thieme (rthieme@thiemeworks.com) speaks and writes about “life on the edge,” including the impact of technology on people, organizations and society. He is Founder and Director of the Homeland Defense Network (www.homelanddef.net).

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: