Scott McPherson's Web Presence

A few weeks ago, I endured the fury of many in Flublogia when I called for the appointment of a pandemic Czar to lead the Federal flu planning effort.  My argument was, and is, that a politically-connected person with the right qualifications, working out of the White House, is the ideal choice.

Since then, we have seen the news stories that have come out regarding the politicization of the Office of the Surgeon General, supported by the sworn testimony of four past Surgeons General who served under Presidents Reagan, Bush 41, Clinton, and Bush 43.  Conspicuously missing was Clinton's outspoken SG Jocelyn Elder, who I am sure would have livened up the hearings!

But I digress.  Anyway, I still believe that a Pandemic Czar is the best way to coordinate the slobbering mess that is the Federal Government.  Clearly, however, every effort must be made to de-politicize the Office.  As former Bush 43 SG Carmona testified last week (photo above):  Having partisans censoring every bloody public health message is absurd, and reinforces the melange of mung that the political system has become (my words, not Carmona's, but I'll bet I am not too far off-base). 

Ordering Surgeons General to insert (name of president here) multiple times per page of a speech makes one wonder who won the Cold War.  And censoring medical debate because it might offend someone, somewhere, smacks of the abuses Galileo and Copernicus endured, let alone evoke the image of the Taliban, who are our enemies if I recall correctly. 

So I still call for a Pandemic Czar, but let's also immediately and permanently fix the problem of partisans trying to interfere with medical research and advise. Medicine and science are more important than "staying on message."

The astonishing, but not surprising report from Wageningen University and Research Center, The Netherlands -- published in the August CDC journal Emerging Infectious Diseases -- is a gripping read.

Influenza researchers have suspected for some time that common domesticated animals such as dogs and housecats might be vectors of influenza. 

So, too, does the government of South Korea -- and exercised that belief in horrifying fashion eight months ago, well before scientific research confirmed their actions.  At left is an article from MSNBC, dated Nov. 27 of last year.  The South Korean government made the strategic decision to euthanize every non-human creature within 3 kilometers of any bird cull from confirmed high-path H5N1.

Note that AP story's statement from "animal health experts" that there was "no scientific evidence" that dogs and cats could pass the virus to humans.

Based on the published study, they might want to rethink that statement.  The Dutch researchers concluded that dogs are able to catch H5N1, remain asymptomatic, and shed virus from their nasal passages.  Some dogs did not show antibodies to H5N1 until 14 days into their infection. More importantly, the dogs did not die.  At least, not in the experiment.  The research paper references the common belief held among flu researchers that Thai dogs were/are carriers of H5N1, and references an article confirming Thai dog H5N1 infection in the December, 2006 issue of EID.

The paper also references a particularly stressful experience in Florida over the past several years; namely, the outbreak of H3N8 canine influenza in 2004.  Originally confined to racing greyhounds, the disease spread through veterinary offices and animal hospitals, and led to the temporary closure of dog parks and dog shows across Florida.  Many dogs died.  Here in this study, the story is magnified that the virus was an equine influenza that jumped to dogs.

I quote directly from the study:

Conclusions

You know, you gotta love the Department of Homeland Security.

Anyone who has ever had intergovernmental dealings with Washington knows that the Federal government has a tendency to, well, to talk down to everyone.  I have had many, many dealings with "the Feds" over the years, from cybersecurity to the Census to you name it, and their collective attitude is astounding.  I don't know if it is endemic Washington culture, or some belief that the Federal fecal matter does not stink, but it is amazing that an entity that tells state and local governments how to run their business apparently cannot run its own business.

Two recent stories -- completely separate subjects -- collectively speak to this dysfunctionality in the agency charged with the responsibility of protecting We, the People.  First was the revelation that Mister Self-Important XDR-TB guy with the Hottie Wife actually was let back into the United States, despite every attempt to keep him out.  The DHS border guard who deliberately ignored the flashing computer screens (For God's Sake, Don't let This Guy In!) and waved him across, saying later "Duh, he didn't look sick!", shows that for all its hubris, DHS apparently can't guarantee we are intercepting important messages and acting on them quickly.

Then comes this juicy little ditty, listed below.  Whenever I attend IT conferences, the panelists always seem to include an array of Federal IT "geniuses," strolling onto the stage with supreme self-assurance, and I am reminded of the line from Bowie's classic line from China Girl, "I stumble into town, like some sacred cow."  Building a cult of personality and protecting turf are far more important, apparently, than protecting the public and the public interest.  The Feds are always quick to administer advice, but are the last to take it. 

PS, the only guy running for president who even addresses these issues is Fred Thompson.

Lawmakers assail DHS cybersecurity

The Homeland Security Department’s IT security posture came under fire from lawmakers after the Government Accountability Office found “systemic and pervasive” problems.

At a hearing yesterday, House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology members grilled DHS chief information officer Scott Charbo about the state of the agency’s cybersecurity, including the U.S. Visitor and Immigrant Status Indicator Technology (US-Visit) program.

“[I]nformation provided by DHS suggests that the CIO is failing to engage in defensive best practices that would limit penetrations into DHS networks,” said Rep. Jim Langevin (D-R.I.), subcommittee chairman. “The department’s failure to implement the Einstein program, contracts with Sprint and MCI where the carrier has misconfigured the firewall, and other problems are quite disturbing.”

Charbo said the agency’s cybersecurity posture is getting better, but could not answer a lot of questions around the problematic configurations of DHS’ systems.

When Langevin questioned whether Sprint, MCI or even DHS’ National Cyber Security Division has audited the ISP providers, Charbo said while he is ultimately responsible for the security, the issue of auditing contractors is not a decision any CIO could make. Charbo said it needs to be addressed from a higher authority.

Charbo also couldn’t answer how long the vulnerabilities in the ISP have been open and when the last audit of the data network occurred.

Langevin once again called Charbo’s lack of response disturbing.

“It was a shock and a disappointment to learn that the Department of Homeland Security … has suffered so many significant security incidents on its networks,” the congressman said. “DHS reported to the committee that it experienced 844 cybersecurity incidents in fiscal 2005 and 2006.”

Langevin pointed out these included workstations infected with Trojans and viruses, a workstation infected with a Trojan scanning for port 137, which demonstrates that “individuals attempting to scan DHS systems through the Internet,” and PCs containing suspicious beaconing activity and a botnet that lets a hacker control the compromised computer.

GAO’s chief technologist Keith Rhodes said Charbo’s claim about auditing the ISP is incorrect.

“The Centers for Medicare and Medicaid audited their telecommunications contractor,” he told lawmakers. “We have reviewed the [ISP] at CMS, identified vulnerabilities and made recommendations.”

Charbo countered by saying just because there was an incident doesn’t mean there is success in breaking into DHS systems.

“We monitor routers on the edge,” he said. “If we find suspicious activities, we track it on our network and take care of it immediately. We do forensic analysis if we identify malware too.”

Rhodes said a lot of these problems could be fixed by improving DHS network configuration of specific hardware devices or software.

“There are zero cost fixes,” he said. “DHS has made some fixes, but there are others they could do.”

Rep. Bennie Thompson (D-Miss.), chairman of the full committee, asked Charbo whether the lack of cybersecurity for U.S. Visit made it vulnerable to hacking. Charbo said there was no evidence of any breaches.

But Rhodes said DHS does not have the controls in place to protect the system had there been an intrusion.

“If someone was smart enough to get in, they could get out and no one would know about it?” asked Rep. Bob Ethridge (D-N.C.)

Charbo said DHS has made some fixes to immediate problems, but they still are working with GAO. He said one example GAO recommended would be to encrypt their LAN, but he believes that wouldn’t be necessary.

“We encrypt the data going out of the network, but not while it is in the network,” Charbo said. “We will mitigate the risks and if there are easy controls we will sit down with GAO and discuss them.”

But Alan Paller, director of research for the Sans Institute, said Charbo’s rationale for not encrypting data on the LAN is faulty.

Paller, who attended the hearing, said one successful spear phishing attack would wreak havoc on the LAN.

“Spear phishing eliminates the perimeter defenses,” he said. “It could create a rogue tunnel out of the system through Port 80.”

GAO will issue a report on DHS cybersecurity problems in July, said Greg Wilshusen, the watchdog agency’s director of information security issues.

© 1996-2007 1105 Media, Inc. All Rights Reserved.

And I nominate Admiral John Agwunobi.

Folks,

In July,1998, I was sitting in my office at the Republican Party of Florida when Jeb Bush's head appeared in the doorway -- followed by the rest of him, of course.  I had known Jeb since 1983, when I was one of the "dirty dozen" who conspired in Miami to get him started on his path to elected office .

Jeb said, "Scooter, what's Y2K?"  (Scooter is his nickname for me.)  I said I would give him a full briefing.  This was when he was running for governor again (this time successfully), and people were emailing him with concern about the Year 2000 issue.  I gave him regular reports on where Florida was vulnerable, using my syndicated weekly newspaper column as cover to get the information I needed.  In January, 1999, a week after he took office, Governor Bush commissioned me to set up a statewide Y2K awareness and preparedness effort, called Team Florida 2000.  It was a national model and was held up by Clinton's Y2K czar, John Koskinen, as a shining example of a partnership between government, the private sector and the service sectors.

I became Jeb's Y2K "czar," although he is loathe to use that term (using "czarina" instead).  I had the entire resources and gravitas of the governor at my disposal.  I had more money than time, so I tried to "buy time" whenever and wherever possible, including making heavy use of State aircraft (bumping Bobby Bowden occasionally!). 

The effort was incredibly successful.  The effort was "componentized," meaning sections of it were designed to be leveraged outside of Y2K.  And indeed two areas were heavily leveraged afterward; first, the Office of Information Security, which I built in early 2001; and the entire critical infrastructure monitoring effort, which we built to mitigate Y2K disruptions, but was made permanent the morning of 9/11.  So Y2K was, and is, a huge success, from many standpoints.

One of my favorite agency heads who I worked with closely during my tenure with Governor Bush was then-Department of Health Secretary, Dr. John Agwunobi.  John is, of course, now Admiral Agnuwobi, and he serves the people as Assistant Secretary for Health, U.S. Department of Health and Human Services.  John is a blogger on the HHS Pandemic Flu Blogsite, and I wanted to publish my response to his latest blog so you can read it here, as well as (hopefully) at http://blog.pandemicflu.gov/.

John,
We have known each other for some time, and we worked together during post-9/11 efforts for the Jebster. I am so very proud of the job you are doing in Washington, and I know you are a man of deep commitment and absolute professionalism. You are one of the “good guys.”

Please remind Secretary Leavitt that Y2K was a non-event because we planned and executed the largest successful IT project in the state’s/nation’s/world’s history. He has a tendency to speak of Y2K in disparaging terms. We “worked the problem” and solved the issues that I guarantee were NOT “non-issues”, had they been left unremediated.

Let me draw another parallel, to the effort we are involved in here in Florida. Having watched the pandemic preparedness situation for the past sixteen months, and having established relationships with some of the giants of the public health/policy and influenza sectors (Osterholm, Webby, Fineberg, et al), I am absolutely convinced that we are in dire need of a “pandemic czar.” We need someone who can address both the public health and economic/security calamities that will almost certainly occur if we experience a pandemic of any significant lethality in the near future. And that person needs the resources of the White House to be effective.

HHS is doing its job, but I do not see evidence at the local level that DHS is shaking the trees violently enough to force local domestic security committees to action. I speak nationally on the subject of pandemic preparedness and have probably given upwards of fifty speeches at state and national conferences in the past year. But I have given only two presentations at the direct request of law enforcement (Infragard chapters in Tallahassee, FL and Springfield, Illinois).

A pandemic is not just a public health event. The homeland security. public safety, supply chain and long-term economic ramifications both dwarf and substantially magnify the impact of a pandemic.

We cannot reasonably expect HHS to do it all. Someone in the White House needs to coordinate the total awareness and response efforts.

I hope we get the opportunity to see each other soon. Everyone in Tally says hello!