Every threat we discuss in the homeland security enterprise — every lone actor, every accelerationist cell, every state-sponsored proxy network — eventually becomes an operational problem. At some point, a person carrying something dangerous enters a public space. And in that moment, the question is no longer who radicalized them, how they were funded, or which ideology they claimed. The question is whether the systems we have built can detect the threat and enable a response before the window closes.
After years of operating Chemical, Biological, Radiological, and Nuclear (CBRN) detection programs in some of the most complex environments in the country, if there is one thing I have learned, it is that we have invested heavily in detection capability while not investing proportionally in detection readiness.
Those are not the same thing. And the gap between them is where the policy failure lives.
The Prevailing Assumption Is Wrong
The dominant logic driving CBRN detection investment runs something like this: more technology equals more protection. Buy more sensors, deploy them more broadly, and the threat environment becomes safer. It is an intuitive argument. It is also incomplete in ways that matter operationally.
The problem is not the sensors. The technology has proven its merit in laboratory and controlled conditions. We deploy sophisticated instruments capable of detecting trace quantities of chemical, biological, radiological, and nuclear materials with precision. The problem is what happens when that technology leaves the lab and enters the operational environment it was purchased to protect.
Three distinct failures emerge at that transition point. They are interconnected, they are underacknowledged in current policy, and no amount of additional acquisition spending will fix them.
Failure One: We Measure the Wrong Things
CBRN investment programs have historically evaluated performance through acquisition metrics: how many detectors were procured, how many were deployed, what percentage of target environments have some form of coverage. These are inputs. They tell us what was bought. They do not tell us whether what was bought is working.
Performance in a laboratory, where atmospheric conditions are controlled, test agents are known in advance, and operators are poised and prepared, is categorically a different thing than performance in a deployed operational environment. Temperature swings, humidity variation, airflow patterns, ambient chemical noise from everyday materials, and the sheer density and movement of people in a public space all affect how a sensor performs. In many cases, they affect it significantly.
The federal record documents what this looks like in practice. A 2022 GAO review of DHS’s effort to replace aging radiation portal monitors at U.S. ports found the program running years behind schedule, with replacement units generating alarm rates in field testing that exceeded what the existing monitors produced. That was the exact opposite of what the program was designed to achieve. The core objective was to reduce false positives from benign cargo, and yet field conditions produced more of them. GAO concluded DHS needed to fundamentally revisit how it was pursuing the acquisition before moving forward.
The pattern extends across programs. A 2024 GAO assessment examining DHS’s Countering Weapons of Mass Destruction portfolio found that the department had not shown it was evaluating whether its biosurveillance technologies were operationally mature before committing to acquisition. That represents a gap that leaves programs vulnerable to the same lab-versus-field divergence. The report documented years of recommendations on this point, with DHS still working to demonstrate meaningful follow-through.
The fix is straightforward in principle, if not in implementation: require operational performance evaluation as a condition of continued investment. We should look not only to lab certification, but also to ways of measuring performance in the actual environments where the equipment will be asked to function. This reframes the core evaluation question from “what does this sensor do?” to “what does this sensor do here, under these conditions, with these operators?” That is the question that determines whether an investment is buying capability or buying the appearance of it.
Failure Two: We Fund Acquisition, Not Integration
Detection is not a standalone function. A sensor that identifies a chemical agent, a radioactive nuclide, or a biological marker produces a data point. What converts that data point into a protective action is a system. Our systems comprise a chain of people, protocols, communications infrastructure, and decision authority that receives the alarm, interprets it, verifies it where possible, and acts on it within a window that is often measured in seconds to minutes.
Federal funding has been far more comfortable paying for the front end of that chain than the back end. Sensors are discrete, visible, and auditable. Integration is messy, environment-specific, and requires sustained investment in people and process rather than a single procurement event. As a result, many jurisdictions have detection assets that are genuinely capable of identifying threats, while at the same time, they are deploying response architectures that cannot act on that information in time to matter.
The federal government’s own flagship radiological detection initiative illustrates the gap. The DHS Securing the Cities program has channeled roughly $300 million into high-risk urban regions through fiscal year 2023 to build out detection equipment and train the personnel who operate it. Yet a 2024 GAO review found that the program office had not established clear performance targets or communicated to participating regions how their effectiveness would actually be measured. Significant investment had gone into building the capability; the framework for determining whether it was working had not kept pace.
The timeline problem is more severe than it appears on paper. In a high-density public environment such as a transit hub, a stadium, or other major event venue, a release event begins affecting the people around it immediately. The detection system, wherever it is placed, needs time to sample, analyze, and alarm. That alarm then needs to reach a controller or supervisor with the authority and training to act on it. That person faces a decision with incomplete information, high stakes, and a strong institutional bias toward continuity of operations rather than shutdown.
By the time that decision chain runs its course, the operational window in which meaningful protective action can limit harm has often already narrowed severely. In some scenarios, it is already closed.
This is not a technology failure. It is a decision-architecture failure. And it cannot be solved by buying more sensors. The policy answer is to fund integration alongside acquisition. CBRN systems architects must look more to machine-learning-enabled fusion tools, pre-configured alert routing, and the systems engineering work that connects what a sensor detects to what a human does about it.
Failure Three: Decision Authority Has Not Kept Pace With the Threat
The third failure is the most difficult to solve because it lives at the intersection of technology, policy, and organizational culture. Even in programs where sensors are performing and integrated systems are routing information appropriately, the final link in the chain, the decision to act, is often inadequately prepared for the conditions it will face.
In most jurisdictions, the decision to take protective action in response to a CBRN alarm requires authorization from senior leadership. This is understandable. Stopping operations, initiating evacuation, or implementing shelter-in-place are high-consequence, high-visibility decisions with significant operational and economic implications. A false alarm that triggers a full evacuation of a major transit system or other large public venue carries real costs: disruption, reputational damage, and erosion of the public confidence that makes future protective actions credible.
But the timeline does not wait for a director to be reached. The gap between when an alarm is generated and when a senior official with authorization authority can be contacted, briefed, and positioned to make a decision is itself a threat vector. Sophisticated adversaries who understand this architecture can structure attacks to exploit it.
The solution is not to remove human judgment from high-stakes decisions. It is to pre-authorize specific response thresholds so that trained operators can take defined, bounded actions. Taking actions such as stopping inbound traffic, initiating localized alerts, or activating pre-positioned response teams cannot wait for authorization because the timeline for meaningful intervention does not allow for these delays. The framework for doing this already exists at the federal level. FEMA’s National Incident Management System establishes the concept of formal delegations of authority and pre-established response boundaries that allow responders to act within sanctioned limits before senior leadership can be engaged. CBRN detection programs need to apply that same logic systematically to their own standard operating procedures. This cannot be an afterthought; it must be a design requirement.
What This Requires From Policy
These three failures of measuring the wrong things, funding acquisition without integration, and leaving decision authority structures unresolved are interconnected. Fixing one without the others produces marginal gains. Addressing them together requires sustained attention from federal program offices, SLTT leaders, and the oversight community that funds these programs.
The good news is that none of this requires new technology. The detection capability exists. What is needed is a reorientation of how we evaluate it, how we fund the systems around it, and how we structure the authority to act on it.
For federal program managers: build operational performance evaluation into grant conditions and procurement standards. Stop accepting lab certification as a proxy for field readiness.
For state and local practitioners: push your vendors and your command structures equally. A sensor that works and an SOP that cannot execute on time are together worth less than either would be if the other half of the equation were fixed.
For the policy and oversight community: the metric you should be asking for is not detectors deployed. It is the response time from alarm to protective action in real operational conditions. That is the number that reflects actual readiness.
The Variable We Cannot Buy Our Way Out Of
The homeland security enterprise spends considerable energy on the question of who the threat is. We examine how actors radicalize, how they finance operations, and how they select targets. That work is essential. But the threat landscape produces operational problems, and operational problems require operational answers.
Detection is not a solved problem because sensors exist. It is solved (or not) by whether those sensors perform in the environments where the threat will actually appear, whether the systems around them can translate an alarm into action, and whether the people in that chain have the authority and training to move when the window is open.
Time is the one variable we cannot procure our way out of. The policy frameworks that govern CBRN detection investment need to catch up to that reality.


