A lesser known but crucial office in the Homeland Security Department passes the 15-year mark

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

When you think of the Cybersecurity and Infrastructure Security Agency, what comes to mind? Weekly patch updates. Log4j. Solar Winds. Ransomware. But the agency has a much wider mission than cybersecurity, critical as that might be. Another element of CISA recently noted its 15th anniversary. The Federal Drive with Tom Temin  heard that story from CISA’s associate...

READ MORE

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

When you think of the Cybersecurity and Infrastructure Security Agency, what comes to mind? Weekly patch updates. Log4j. Solar Winds. Ransomware. But the agency has a much wider mission than cybersecurity, critical as that might be. Another element of CISA recently noted its 15th anniversary. The Federal Drive with Tom Temin  heard that story from CISA’s associate director for bombing prevention, Sean Haglund.

Interview transcript:

Tom Temin: Mr. Haglund. Good to have you on.

Sean Haglund: I really appreciate the opportunity to talk with you today and to give some time to this very important subject.

Tom Temin: Alright, so first of all, tell us exactly what the bombing prevention function does. And I imagine that’s a lot of interagency coordination here.

Sean Haglund: Sure, Tom, if I could, though, I just kind of like to start a little bit about my background. I was an Air Force explosive ordinance disposal technician for 25 years. And so during my time as a bomb technician, I really had an opportunity both domestically and in combat environments to see firsthand what the impacts of improvised explosive device — or IED — attacks have on schools, markets, residences, critical infrastructure, and lost quite a few colleagues and teammates along the way. And so not only do I have a very professional interest in this line of work, I also take it very personally. So to answer your question, the Cybersecurity and Infrastructure Security Agency, or CISA’s Office for Bombing Prevention, is really focused on preventing, protecting against, mitigating the effects of and responding to improvised explosive devices here domestically, and helping our partners and allies do the same. And so that mission has us squarely focused on protecting critical infrastructure, working with private sector partners, our federal, state, local, tribal, and territorial entities, to mitigate those explosive effects on critical infrastructure.

Tom Temin: And how do you relate it? How does your mission, say, impinge on, or overlap with, or how do you draw the line with ATF — alcohol, tobacco, explosives and firearms?

Sean Haglund: So that’s a great question. And it’s not only limited to ATF. We have some fantastic partners that we work with across DoJ, FBI is a key partner, ATF is a key partner. Even within DHS, FEMA, TSA, we have a wide range of critical partners in this space. And it really does take a whole of government approach to attack this problem. So the way we coordinate our efforts — and this is truly critical — is through a couple different mechanisms. The first and probably foremost is the Joint Program Office for Countering IEDs. We have policy that this space is premised on, and that’s Presidential Policy Directive 17. And through PVD17, that Joint Program Office for Countering IEDs represents coordinated, whole-of-government approach in this space. And so we have that kind of formal mechanism. But we also have fantastic partnerships individually and collectively with those other departments and agencies and the other components within DHS.

Tom Temin: Because sometimes someone making a bomb is intent on hurting or killing people, which is not strictly critical infrastructure, as opposed to, say, placing the bomb at a base of a bridge or near a pipeline, that type of thing. So I guess at some point, you cooperate in tracking the bomb, making materials and tracking activities. But then at some point, you don’t know what the deployment objective will be for the criminal.

Sean Haglund: You don’t. And this threat space spans not only the actual attacks, but we also see a lot of bomb threats lately. We saw a string of bomb threats against historically black colleges and universities. In November of last year, we saw the same thing against Ivy Leagues. This has a real impact also — it’s loss of business, loss of productivity, evacuations, it takes a toll on people’s mindset. But to your point on the bomb-making materials, and whether you’re attacking a bridge or residents, in many ways our approach is the same. We have a fantastic program in partnership with the FBI known as Operation Flashpoint that we’ve stood up over the last year. It’s a next iteration of the Bomb-Making Materials Awareness Program, which has been part of our Office for Bombing Prevention Efforts for many, many years. But this partnership is key in terms of trying to get ahead of a bombing attack. And that’s really where we look to partner with the FBI to leverage the regional field forces and reach out to our point of sale retail partners, and have them become more familiar in recognizing suspicious purchasing activities and reporting those, so that the FBI can follow up and investigate and so on. There’s 250,000 retail point of sale locations across the U.S. that carry these types of commonly available materials that you can use to build a bomb.

Tom Temin: We’re speaking with Sean Haglund. He’s associate director for bombing prevention at the Cybersecurity and Infrastructure Security Agency. So in what you say, in many ways, points to Oklahoma City as kind of a turning point for this need for this type of awareness and tracking, more so even the 9/11.

Sean Haglund: Absolutely. This is really, truly an enduring threat. It’s an enduring tactic that we’ve seen for many years. There was the World Trade Center bombing in 1993. The Oklahoma City bombing in 1996. In fact, two years ago on Christmas, we had the Nashville bombing. It’s an enduring tactic that poses a threat to the American public, our critical infrastructure, mass gatherings. But there is a solution. There are steps that we can take to get ahead of this. And that Flashpoint program is one truly great example of it. But it’s not our only approach. We leverage a lot of different complementary programs across the Office for Bombing Prevention to try and stay ahead of this threat.

Tom Temin: And you have a program called Tripwire, the Homeland Security’s information-sharing website that focuses on IED threats and preparedness, which gets me to the question that are most of the threats reported, and sometimes uncovered and sometimes unfortunately carried out, in the improvised explosive device — the homemade type of realm? Or does ordnance, say, from other countries or stolen whatever also get into this issue?

Sean Haglund: Domestically, it’s much, much more common that these are commonly available materials. There are episodic instances where a piece of military ordnance is recovered or potentially used. But that’s very rare domestically. Our primary threat here are those just commonly available materials that people can use to build a bomb at home. And there are several challenges on this front that we attack directly through that presidential policy directive and the implementation plan. And one is just the wide availability of not only the materials, but also the information. There are so many encrypted web-based platforms that allow our adversaries to share information on where to get these materials, how to build a bomb, how to conduct an attack. And so that’s another aspect that we carefully consider.

Tom Temin: So it sounds like you need to coordinate a lot of intelligence gathering almost, say, a retail pattern if it’s reported, or shipments or something in that sense. And also the dark web, where people get together to exchange tricks of the trade.

Sean Haglund: And that’s really where our partnership with the ATF and FBI, our DoJ partners, comes into play. We’re not a law enforcement entity. We focus mainly on that preparedness, aspect — training, information sharing, those types of things. But we do have to maintain a situational awareness of the threats face. And that’s where those law enforcement investigations and other facets come into play and are very important for us.

Tom Temin: And by the way, how often do bomb threats and bomb incidents happen in the United States?

Sean Haglund: So we’ve seen, over the last couple years, a pretty disturbing trend. So from 2019 to 2020, we saw about a 71% increase in actual bombing events. And that equated to over 12,000 explosive-related incidents. And that could be bomb threats, materials recovered, the statistics from 2021 are still being compiled between the various agencies. But certainly for 2019 to 2020, we saw a very significant uptick.

Tom Temin: Wow. And so is there anything that the general public can do to help in this effort of explosive prevention?

Sean Haglund: Absolutely. We have a ton of resources available on the cisa.gov website that are applicable to the general public, to first responders, to our critical infrastructure stakeholders. So there’s a lot of good information there. But really, if you think about it, the public are kind of first line of defense. They are our eyes and ears across the community. They see things that maybe haven’t risen to the level of law enforcement involvement. And so the public certainly plays a key role. There is a lot of good information out there, 1-800-CALL-FBI. There are several resources out there that the public can leverage not only to become more aware of what the threat is, but also what what they can do to report suspicious activities.

Tom Temin: Sean Haglund is associate director for bombing prevention at the Cybersecurity and Infrastructure Security agency. Thanks so much for joining me.

Sean Haglund: Thanks for your time, Tom.