30.9 F
Washington D.C.
Friday, January 17, 2025

COLUMN: Converging Risks Define Homeland Security Challenges in 2025

The second Trump Administration will assume office on January 20th with homeland security concerns dominating the news.  The ISIS-inspired (if not ISIS-directed) attack in New Orleans is the most significant terrorist attack in the United States since the last time President Trump was in office but its far from the only homeland security risk of consequence.  Chinese actors remain engaged in a full on, sustained cyber campaign against U.S. critical infrastructure and government services.   An opaque and unexplained level of drone activity in December reminded us of the immaturity of our counter-UAV systems and the lack of an effective drone risk management system. 

Those are specific examples of enduring threats – Jihad inspired terrorism, Nation-state cyber attacks, weaponization of new technologies.  And that list goes on – the proliferation of extreme weather and a built environment that is susceptible to natural disasters, underinvestment in critical technologies and materials, global conflict that challenges supply chains where impact could spill over domestically, illegal border crossings of both people and narcotics, institutional and resource deficiencies in critical organizations like the U.S. Secret Service.  In 2022, I proposed a Risk Register as a guiding strategic document for the Homeland Security mission.  That remains a useful concept – and one that my old organization, the National Risk Management Center, continues to propagate.  As 2025 gets underway, such a register would likely reflect a landscape marked by significant risk. 

In this period of heightened threats, the Homeland Security Enterprise must rise to meet the moment. But what does that entail? As I assess the state of homeland security, five strategic imperatives stand out:  

  • Prepare for Converged Risks.    Homeland security was initially designed around scenario-based contingencies.   However, the current primary threat involves converged risks—simultaneous physical, cyber, and supply chain disruptions with both cross-border and domestic impacts. These events are often sustained rather than acute, targeting vulnerable sectors over time. Planning must account for this shift, requiring greater executive commitment, imagination, and scalable capabilities. 
  • Build Trust in Professionals.  The core disciplines of homeland security—law enforcement, emergency management, and public health—face declining public trust. Gallup reports that only 51% of Americans have a great deal or quite a lot of confidence in the police and significantly fewer have confidence in the medical system.  The mis- and disinformation campaign around hurricane response and recovery efforts in North Carolina following Hurricane Helene undermined confidence in the work of emergency managers.  The homeland is weaker if those tasked with securing communities are not viewed as trustworthy.  Strengthening faith in those professions, and the people that serve communities, is an imperative.   
  • Practice Enhanced Risk Communications.  Risk Communications, as defined by DHS  is the “exchange of information with the goal of improving risk understanding, affecting risk perception, and/or equipping people or groups to act appropriately in response to an identified risk.”  While we still don’t have all the details about the surge of reported drone activity last month, it is clear that the risk communications around the incident were unsuccessful.  There was no consistent message or real effort to equip people to respond to the risk other than to downplay it.  In an era where social media platforms dominate news coverage that approach is insufficient and new strategies to effectively communicate around risks in the modern media environment are needed.  Another example of that is the still unclear public articulation of the risk associated with TikTok, an app that national security professionals believe strongly presents risk but where associated risk information hasn’t broken through to the public. Communicating more clearly about risks through multiple channels is necessary. 
  • View Technology More as a Force Multiplier For Security as a Novel Risk.  There is a tendency in homeland security to focus on the downside of adversaries exploiting new technologies to cause damage.  While, undoubtedly, with every new innovation come new risks, focusing too much on the harm that can be caused by artificial intelligence, autonomous technologies, or new mechanisms for communications can often limit the willingness to use those technologies to arm defenders with the ability to generate more information quickly, speed the pace of decision making, build protective measures or keep humans out of harm’s way.  To keep up with the pace of risk, there needs to be dedicated effort to bring the expertise, commitment to innovation, and associated contracting and research and development efforts into the homeland security environment.  Dynamic risk demands dynamic response.   
  • Focus on Reforms of Mission Execution but Limit Organizational Churn.  In the zeal for government efficiency, one of the obvious areas that will get attention is whether to re-organize elements of DHS – and even transfer or close agencies.  For example, Project 2025 argued for doing so with CISA and FEMA.  Having been in government during multiple reorganizations, I can attest to the amount of work and, frankly, inefficiency that goes with such moves.  There is a degree to which that churn can be worthwhile – making CISA an operational agency was worth the effort to prioritize Federal and critical infrastructure cyber defense, for example. However, too much churn simultaneously can be a significant drag on effectiveness of security efforts and a more sustained focus should be on getting programmatic strategies, objectives, and resources aligned and assigning accountability to delivering risk reduction results as opposed to using capital to reorganize organization chart boxes.          

The throughline between these areas of strategic focus is that homeland security is only achieved with a strong homeland security enterprise that is empowered within communities to innovate and engender trust.  Metrics in those areas have been trending in the wrong direction and the start of 2025 gives an opportunity for somewhat of a reset.  The risks the country is facing have converged and the most significant are caused by adversarial Nation States and ideologies that are targeted at exploiting America’s vulnerabilities.  Addressing those vulnerabilities has to include systemic improvements in the discipline of homeland security as well as bold efforts to mitigate risk.  This new year presents an opportunity to do so.

Bob Kolasky
Bob Kolasky
Bob Kolasky is the Senior Vice President for Critical Infrastructure at Exiger, LLC a global leader in AI-powered supply chain and third-party risk management solutions. Previously, Mr. Kolasky led the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center. In that role, he saw the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. As head of the National Risk Management Center, Mr. Kolasky had the responsibility to develop integrated analytic capability to analyze risk to critical infrastructure and work across the national community to reduce risk. As part of that, he co-chaired the Information and Communications Technology Supply Chain Risk Management Task Force and led CISA’s efforts to support development of a secure 5G network. He also served on the Executive Committee for the Election Infrastructure Government Coordinating Council. Previously, Mr. Kolasky had served as the Deputy Assistant Secretary and Acting Assistant Secretary for Infrastructure Protection (IP), where he led the coordinated national effort to partner with industry to reduce the risk posed by acts of terrorism and other cyber or physical threats to the nation’s critical infrastructure, including election infrastructure. . Mr. Kolasky has served in a number of other senior leadership roles for DHS, including acting Deputy Under Secretary for NPPD before it became CISA and the Director of the DHS Cyber-Physical Critical Infrastructure Integrated Task Force to implement Presidential Policy Directive 21 on Critical Infrastructure Security and Resilience, as well as Executive Order 13636 on Critical Infrastructure Cybersecurity.

Related Articles

- Advertisement -

Latest Articles