[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]



 
    THE MUMBAI ATTACKS: A WAKE-UP CALL FOR AMERICA'S PRIVATE SECTOR

=======================================================================



                                HEARING

                               before the

                SUBCOMMITTEE ON TRANSPORTATION SECURITY
                     AND INFRASTRUCTURE PROTECTION

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 11, 2009

                               __________

                            Serial No. 111-6

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC] [TIFF OMITTED] TONGRESS.#13


                                     

  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html

                               __________



                  U.S. GOVERNMENT PRINTING OFFICE
49-944                    WASHINGTON : 2009
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001



                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Loretta Sanchez, California          Peter T. King, New York
Jane Harman, California              Lamar Smith, Texas
Peter A. DeFazio, Oregon             Mark E. Souder, Indiana
Eleanor Holmes Norton, District of   Daniel E. Lungren, California
    Columbia                         Mike Rogers, Alabama
Zoe Lofgren, California              Michael T. McCaul, Texas
Sheila Jackson Lee, Texas            Charles W. Dent, Pennsylvania
Henry Cuellar, Texas                 Gus M. Bilirakis, Florida
Christopher P. Carney, Pennsylvania  Paul C. Broun, Georgia
Yvette D. Clarke, New York           Candice S. Miller, Michigan
Laura Richardson, California         Pete Olson, Texas
Ann Kirkpatrick, Arizona             Anh ``Joseph'' Cao, Louisiana
Ben Ray Lujan, New Mexico            Steve Austria, Ohio
Bill Pascrell, Jr., New Jersey
Emanuel Cleaver, Missouri
Al Green, Texas
James A. Himes, Connecticut
Mary Jo Kilroy, Ohio
Eric J.J. Massa, New York
Dina Titus, Nevada
Vacancy
                    I. Lanier Avant, Staff Director
                     Rosaline Cohen, Chief Counsel
                     Michael Twinchek, Chief Clerk
                Robert O'Connor, Minority Staff Director
                                 ------                                

 SUBCOMMITTEE ON TRANSPORTATION SECURITY AND INFRASTRUCTURE PROTECTION

                 Sheila Jackson Lee, Texas, Chairwoman
Peter A. DeFazio, Oregon             Charles W. Dent, Pennsylvania
Eleanor Holmes Norton, District of   Daniel E. Lungren, California
    Columbia                         Pete Olson, Texas
Ann Kirkpatrick, Arizona             Candice S. Miller, Michigan
Ben Ray Lujan, New Mexico            Steve Austria, Ohio
Emanuel Cleaver, Missouri            Peter T. King, New York (Ex 
James A. Himes, Connecticut              Officio)
Eric J.J. Massa, New York
Dina Titus, Nevada
Bennie G. Thompson, Mississippi (Ex 
    Officio)
                     Michael Beland, Staff Director
                   Natalie Nixon, Deputy Chief Clerk
              Joseph Vealencis, Minority Subcommittee Lead


                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas, and Chairwoman, Subcommittee on 
  Transportation Security and Infrastructure Protection..........     1
The Honorable Charles W. Dent, a Representative in Congress From 
  the State of Pennsylvania, and Ranking Member, Subcommittee on 
  Transportation Security and Infrastructure Protection..........     4
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security..............................................     5

                               WITNESSES
                                Panel I

Mr. James L. Snyder, Deputy Assistant Secretary, Infrastructure 
  Protection, Department of Homeland Security:
  Oral Statement.................................................     8
  Prepared Statement.............................................    10
Mr. Raymond W. Kelly, Commissioner, New York Police Department:
  Oral Statement.................................................    13
  Prepared Statement.............................................    17
Mr. James W. McJunkin, Deputy Assistant Director, 
  Counterterrorism Division, Federal Bureau of Investigation:
  Oral Statement.................................................    20
  Prepared Statement.............................................    21

                                Panel II

Ms. C. Christine Fair, Senior Political Scientist for South Asian 
  Political and Military Affairs, Rand Corporation:
  Oral Statement.................................................    38
  Prepared Statement.............................................    41
Mr. David Bradley Bonnell, Director, Global Security, 
  Intercontinental Hotels Group:
  Oral Statement.................................................    50
  Prepared Statement.............................................    53
Mr. William G. Raisch, Executive Director, New York University's 
  International Center for Enterprise Preparedness:
  Oral Statement.................................................    55
  Prepared Statement.............................................    57


    THE MUMBAI ATTACKS: A WAKE-UP CALL FOR AMERICA'S PRIVATE SECTOR

                              ----------                              


                       Wednesday, March 11, 2009

             U.S. House of Representatives,
                    Committee on Homeland Security,
Subcommittee on Transportation Security and Infrastructure 
                                                Protection,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:10 p.m., in 
Room 311, Cannon House Office Building, Hon. Sheila Jackson Lee 
[Chairwoman of the subcommittee] presiding.
    Present: Representatives Jackson Lee, Kirkpatrick, Cleaver, 
Himes, Titus, Thompson (ex officio), Lungren, Dent, Miller, and 
King (ex officio).
    Ms. Jackson Lee. The subcommittee will come to order.
    The subcommittee is meeting today to receive testimony on 
``The Mumbai Attacks: A Wake-Up Call For America's Private 
Sector.'' Our witnesses today will testify about the November 
attacks in Mumbai, the groups involved, and what we are doing 
here to secure American facilities of the type attacked in 
Mumbai.
    I am proud to convene today's hearing to engage our Members 
and the witnesses on important issues that have arisen from the 
terrorist attack in Mumbai last November. I sincerely hope that 
we can learn from the tragic event and apply its lessons to 
what we are doing to secure the same types of assets in the 
United States that were targeted in India. In the last 6 weeks, 
I have been both in Pakistan and in India, and stayed in the 
Taj in Mumbai, and so I have first-hand, or had a first-hand 
look on the issues involving this hearing, but more 
importantly, the question of protecting our infrastructure, 
because some might ask the question, why a hearing on Mumbai?
    This is not necessarily a hearing only on Mumbai. It is 
asking the serious question of, how do we protect the Nation's 
infrastructure, and to also ask the next question, how 
vulnerable is the 85 percent of the Nation's infrastructure 
held in our private hands? Responsibilities of this Nation, 
responsibilities of this committee are in fact to protect the 
homeland.
    I do want to welcome our Chairman of the full committee, 
Mr. Thompson, and thank him for his leadership, and of course, 
the Ranking Member of the full committee and thank him as well, 
Mr. King, for his leadership.
    As the subcommittee with jurisdiction over the security of 
critical infrastructure, 85 percent of which is owned by the 
private sector, it is imperative that we study these types of 
attacks, our government's outreach to its private-sector 
partners, and whether the private sector is acting on any 
information provided.
    That was a very important question in Mumbai: What kind of 
information was forwarded to those private owners, and what 
actions did they take? How did they coordinate with the 
government? This requires us to have an understanding of the 
groups involved in the attack and their international 
aspirations.
    I believe today's hearing will shed a great deal of light 
on these matters, and I am looking forward to our witnesses' 
testimony and our discussion. We look forward to collaborating 
in our work with our other subcommittees. The work we do in 
this committee dealing with critical infrastructure relates to 
the crisis on the Mexican border that asks the question, will 
the spill-over violence come on to our shores? Well, our 
question today, will attacks on infrastructure like hotels, 
hospitals and schools, in other parts of the world, will they 
spill on to the soil of the United States? We cannot be 
unprepared for the probability.
    But first, I would like to welcome back the subcommittee's 
returning Members and welcome the subcommittee's new Members.
    In particular, let me welcome our new Ranking Member, Mr. 
Dent. We thank him very much for his leadership, and I look 
forward to working with him.
    We take note of acknowledging Mr. Cleaver, who is here as a 
new Member, and we appreciate, again, his participation.
    The subcommittee deals in important, interesting, and 
demanding areas, and I am looking forward to working with all 
of you in a bipartisan manner to secure the transportation 
systems and infrastructure that support the American people and 
their way of life.
    I would like to extend an especially warm welcome to the 
new Ranking Member of the subcommittee, as I indicated earlier, 
Mr. Dent of Pennsylvania. We look forward to ensuring that this 
committee answers the concerns of Americans.
    The scope of this hearing includes several dynamics, all of 
which are necessary for us to understand in order to have a 
better idea about policy going forward. First, DHS, NYPD, and 
FBI are here to provide an overview of what happened in Mumbai, 
and we are grateful for their presence here. Both in terms of 
events and tactics, they will also provide their perspective 
about what steps need to be taken domestically to secure these 
types of assets from such attacks.
    Second, our witnesses, especially Dr. Fair, from RAND, will 
be able to shed some light on the group implicated in the 
attacks, the Lashkar-e-Taiba, or LeT, as well as its potential 
aspirations beyond South Asia.
    Third, we will examine the Department's outreach to the 
private sector during and in the aftermath of the attack to 
discern whether it provided private sector stakeholders, such 
as hotels, with meaningful information about these groups and 
relevant mitigation measures for bolstering security at their 
critical assets.
    Fourth, we will explore, with the help of Mr. Bonnell from 
InterContinental Hotels and Mr. Raisch of NYU, the 
implementation of security efforts at these types of critical 
infrastructure since September 11, 2001, and the status of 
security in America's hotels.
    As many of you know full well, this committee has the 
security of our Nation taken very seriously. In the last 
Congress, we held several hearings on the effectiveness of the 
Department's approach, and whether voluntary security efforts 
were working. I am proud of our work in the last Congress, 
particularly the work in and the legislation involving the 9/11 
Act, which sought to promote private-sector security in a 
market-based manner, and I stand ready to make improvements 
where they are necessary.
    In the 111th Congress, we will build our strong record and 
continue to engage in thoughtful and robust oversight of these 
issues. But passing legislation is key as well. We look forward 
to doing so, just as we are very proud of the language we put 
in the 9/11 bill that created the Transportation Security 
Centers of Excellence.
    There is more to be done legislatively to help our local 
law enforcement and to protect the critical infrastructure of 
America. In this context, the attack in Mumbai offers us a 
pivotal moment to reassess whether we are securing the types of 
targets that are being attacked world-wide, hotels, hospitals, 
rail stations, and I have mentioned schools, universities. 
Whatever we need to do to improve that, we must do it.
    We must also understand emerging tactics of groups like 
LeT, and whether our local law enforcement community is 
prepared to subdue them quickly and effectively. It must be 
said that DHS has taken many important steps to make America 
more secure since it was created, and the multidimensional 
issue of critical infrastructure protection cannot be resolved 
overnight. This subcommittee stands ready to aid the efforts of 
all stakeholders, whether Federal, State, local, or in the 
private sector, but we ask them to ask us for help as we reach 
out to help them.
    The time line of the events in Mumbai are familiar to many 
of us. On the evening on November 26, 2008, 10 men arrived in 
Mumbai, India, by way of small boats in the Arabian Sea and 
attacked a number of high-profile targets with automatic 
weapons and explosives. The physical site made it more evident 
as I viewed it. The water is very close to the Taj and there 
were no barriers, nothing to protect the people inside the 
hotel. By the time the siege was over, they had killed more 
than 160 people in many places around the city and terrorized 
the city for more than 60 hours.
    Among the sites attacked in Mumbai, India's business and 
entertainment capital, were two luxury hotels, the Taj and the 
Oberoi, along with the main railroad terminal, a Jewish 
cultural center, a cafe frequented by foreigners, a cinema 
house, and two hospitals. In fact, it was the Chabad House. Six 
Americans were among the 26 foreigners killed. These sites were 
and are the very types that we are concerned about, and we are 
committed to work with State and local law enforcement entities 
as well as the private sector. DHS is charged to protect those. 
As we continue to work on this issue, we will continue to be 
assured that we will look to new weapons and technology to see 
how we can prevent these kinds of attacks.
    It has become clear that attacks carried out in this kind 
of style, suicide incidents that saw nine of those involved 
killed, are something that we need to be concerned about. A 
recent op-ed in the New York Times by a professor at the Naval 
Postgraduate School posited that ``right now, most of our 
cities would be as hard-pressed as Mumbai was to deal with 
several simultaneous attacks.''
    My friends, the question is: How vulnerable are we? The 
question is: As we answer that one, how will we be prepared?
    Am I concerned? Absolutely. That is why this hearing is 
being held today.
    It is my pleasure now to recognize the gentleman from 
Pennsylvania, Mr. Dent, for an opening statement.
    Mr. Dent. First, thank you, Madam Chairwoman.
    Let me start off by saying how pleased I was that Ranking 
Member King appointed me as the Ranking Member of the 
Subcommittee on Transportation Security and Infrastructure 
Protection.
    I thank you very much for that, Mr. King.
    This subcommittee has a very ambitious oversight 
legislative agenda this Congress, and I very much look forward 
to working with the gentlelady from Texas in securing our 
Nation from terrorist threats to its aviation and critical 
infrastructure components. I thank you for your gracious 
welcome here, and I look forward to working with you over the 
course of this session.
    Let me also, of course, welcome the Ranking Member of the 
full committee, the gentleman to my immediate left from New 
York, Mr. King, who has made it his mission to ensure that the 
Federal Government takes a risk-based approach in managing 
Homeland Security approach. Also I would say similarly to that 
the Chairman of the full committee, Mr. Thompson of 
Mississippi, I know also very much embraces a risk-based 
approach to dealing with our Nation's homeland security issues.
    So welcome to both of you.
    Let me also recognize our new Members of the subcommittee, 
some of whom will be arriving here over the course of the 
hearing, deputy Ranking Member and also a fellow Texan, that is 
Mr. Olson; the gentlelady from Michigan, Ms. Miller; and the 
gentleman from Ohio, Mr. Austria.
    Today's hearing will explore the Mumbai terror attacks that 
occurred last Thanksgiving. However, rather than rehash what 
the Senate examined 3 months ago, I want to focus on the way 
forward on what the Department is doing to prepare for a 
similar attack in the United States and how it is working with 
State and local law enforcement as well as private-sector 
representatives.
    It took 12 hours for the Indian Emergency Services 
personnel to arrive on scene, and 10 terrorists, using everyday 
communication systems, held a nation hostage for more than 2 
days while they methodically killed hundreds of innocent 
bystanders. A 12-hour response time is simply unfathomable. I 
wanted to know with certainty that such a broken response 
scenario could never happen here in the United States.
    I truly appreciate the competing demands for all of your 
time, and so I thank all the witnesses for coming before the 
subcommittee today, and I look forward to your testimony. At 
this time, I yield back the balance of my time.
    Thank you, Madam Chairwoman.
    Ms. Jackson Lee. I thank the distinguished gentleman from 
Pennsylvania. It is my pleasure to yield now to the Chairman of 
the full committee, the gentleman from Mississippi, Mr. 
Thompson, who as I indicated, has been forthright on so many 
issues impacting the Nation's security.
    The gentleman from Mississippi is recognized.
    Mr. Thompson. Thank you very much, Madam Chairwoman, and I 
welcome our first panel of witnesses to this hearing.
    For more than 60 hours last November, the world watched as 
Mumbai, India's entertainment and financial capital, was 
terrorized by attacks on hotels, hospitals, the main railway 
station, and other public places. By the time the siege was 
over, 11 terrorists had killed more than 160 people using 
automatic weapons and explosives. The style of attack, the 
weapons, the technology used, and the diversity of the targets 
raise new questions for how we should approach counterterrorism 
and security measures here at home at all levels of government 
and in the private sector.
    It has become clear that the type of attack carried out in 
Mumbai, a Fedayeen-style attack, where small groups engage in 
combat operations, as distinguished from suicide bombings, pose 
a challenge to our soft targets in our law enforcement 
community.
    The committee has jurisdiction over the security of 
critical infrastructure, 85 percent of which is owned by the 
private sector. As such, it is critical that we study this 
emerging Mumbai-style of attack, evaluate how well DHS engages 
private-sector partners in efforts to secure against such 
attacks, and review how the private sector acts on shared 
information.
    By examining DHS's outreach to the private sector, during 
and in the aftermath of these attacks, we can determine whether 
it provided stakeholders, such as hotels, with actionable 
information about the threat situation, the groups involved and 
the mitigation measures to be implemented.
    DHS, NYPD and the FBI will address what happened in Mumbai, 
both in terms of events and tactics, as well as how information 
was shared in the United States. They can also provide insight 
into domestic measures we can implement to secure these types 
of assets from similar attacks.
    Dr. Fair, from RAND, will provide us with perspectives on 
the group implicated in the attacks, LeT, as well as its 
potential for operating outside of the South Asia region.
    Witnesses from InterContinental Hotels and NYU will address 
the implementation of security efforts at these types of 
critical infrastructures since September 11, 2001, and the 
status of security in America's hotels.
    I look forward to the testimony of all the witnesses today 
at this hearing about efforts to secure America's critical 
infrastructure throughout the Congress.
    I yield back.
    Ms. Jackson Lee. Thank you very much, Mr. Chairman, for 
your remarks. Much appreciated.
    The Chair now recognizes the Ranking Member of the full 
committee, the gentleman from New York, Mr. King, for an 
opening statement, with the acknowledgment that one of his 
constituents has been gracious enough to be part of this 
hearing.
    I yield the gentleman the customary 5 minutes.
    Mr. King. I thank you, Chairwoman Jackson Lee.
    I want to thank you for your courtesy today and also for 
the great job you do as Chair, and also Mr. Dent, who I know 
will do an outstanding job as your Ranking Member, and of 
course, my good friend Bennie Thompson, Chairman Thompson, who, 
he and I had a very wonderful lunch with Commissioner Kelly in 
New York a few years ago. Even then, I was perceptive enough to 
know that Bennie might be the Chairman some day, so I wanted to 
get him on the good side of New York. Sure enough, he became 
the Chairman, and he has been a staunch ally for the whole 
concept of risk-based funding.
    I want to welcome all the witnesses today.
    General, I certainly wish you the very best on your job.
    Deputy Assistant Director, we certainly appreciate your 
efforts.
    Commissioner Kelly, of course, I have known for many years 
and know first-hand the terrific job that he does with the 
NYPD.
    It happened in Mumbai, and it reminded us, all of us, how 
easy it could happen here. So I certainly look forward to the 
testimony today, especially Commissioner Kelly's, because he 
has brought the private sector so much into what has to be done 
in New York.
    General Snyder, that is part of your responsibility, also, 
on a national level.
    I think it is particularly important that we have hearings 
like this, because for instance, just last week in New York, 
the New York Times said that we should not be talking about 
terrorism, that we shouldn't be scaring people. Well, I think 
Mumbai showed just how essential it is that we do keep a level 
of awareness, a heightened state of awareness, because, to me, 
too many people have forgotten what happened on September 11; 
the fact that 7\1/2\ years has gone by without an attack, we 
can put it in the recesses of our mind, just like it was 8\1/2\ 
years between the first World Trade Center attack and the 
second. So I think, despite maybe certain elements in the media 
who say we shouldn't talk about it, if we don't talk about it, 
if you don't go out and do your job and keep the public 
engaged, they are not going to realize how vital this is.
    So I really commend all of you for keeping your sense of 
direction and your sense of motivation so high, and especially 
Commissioner Kelly of New York, and General Snyder. You have to 
keep the public engaged in this. You have to keep the private 
sector engaged. I give you credit for doing it, because, 
unfortunately, too many people have forgotten how terrible it 
was and how real a threat it can be.
    I also want to emphasize again the importance of 
cooperation between all of the levels of government. Ranking 
Member Dent and Chairwoman Jackson Lee spoke about the long 
delay that happened in Mumbai. We could not tolerate that here 
in the United States. I know that, certainly just speaking from 
the New York perspective, knowing how closely engaged the NYPD 
is with the Coast Guard and with Homeland Security, with the 
FBI, with the State police, how essential that is. I look 
forward in your testimony during the questioning to see again 
whether all of you feel that the level of cooperation is 
sufficient.
    Also, when we are talking about risk-based funding, what 
more has to be done on that as far as getting the type of 
training, the type of equipment, the type of technology into, 
especially in large cities like New York, Chicago, Boston, Las 
Vegas, Houston, where you could have this type of attack, where 
a hotel could be taken over, a house of worship could be taken 
over, a subway system could be taken over, how, what more has 
to be done in that regard?
    Also, General, I would really be interested in, and you 
have only had a few weeks on the job, but what do you think the 
level of public sector interest is in this? Are they willing to 
cooperate? I wonder, if the city has not been attacked, do they 
realize how important it is that they do work with the police?
    Also, obviously Homeland Security, but Homeland Security is 
always going to be somewhat removed. I believe for it to be 
successful, you have to have the private sector working with 
the local Police Department and State officials, and what you 
think the level of interest is around the country, or do we see 
too much of what we saw in the New York Times where people just 
say, ignore terrorism, and somehow it will go away or whatever 
the thinking is?
    So, anyway, I look forward to all your testimony. This is a 
vital, vital issue, and I think the Chairwoman, I know the 
Chairwoman deserves tremendous credit for taking an 
international issue and showing why it is such, unfortunately, 
such a local, State, and national issue to the United States of 
America and such a really vital Homeland Security issue.
    So, Chairwoman, again, I thank you for calling this 
hearing. I thank the witnesses for being here. I thank the 
Chairman and the Ranking Member.
    I yield back.
    Ms. Jackson Lee. Mr. Ranking Member, thank you for your 
remarks. It just causes me, again, to repeat the name of this 
committee, in terms of its focus on transportation, security, 
and infrastructure protection, very important elements, but 
also the name of the hearing, ``The Mumbai Attacks: A Wake-up 
Call for America's Private Sector.'' I might edit it and say 
private and public sector, and that is what we hope the 
testimony will present us with this afternoon.
    It is my pleasure to acknowledge Mr. Himes, who is a Member 
of the committee and brings great leadership and also 
knowledge. We thank you for you presence here.
    I want to also acknowledge, I believe, Mr. Austria here and 
thank him for his presence. We know, with Members' schedules 
that they will be here in the hearing room. We thank them all 
for their presence.
    I welcome our first panel of witnesses. Our first witness 
is Major General Jim Snyder, the Deputy Assistant Secretary for 
Infrastructure Protection at the Department of Homeland 
Security. In his capacity, he helps to lead the coordinated 
national effort to reduce the risk to the Nation's critical 
infrastructure posed by acts of terrorism and in increasing the 
Nation's preparedness, timely response, and rapid recovery in 
the event of an attack, natural disaster, or other emergency. 
In particular, he works with the private sector to secure our 
Nation's critical infrastructure.
    Our second witness, Commissioner Ray Kelly, of the New York 
Police Department, whom I had the pleasure of meeting with 
earlier on this very issue, and I thank him for his courtesies, 
was appointed police commissioner of the city of New York by 
Mayor Michael Bloomberg in 2002, making Commissioner Kelly the 
first person to hold the post for the second time in his 
career.
    Prior to his current position, Commissioner Kelly was a 
commissioner of the U.S. Customs Service, where he managed the 
agency's 20,000 employees and $20 billion in annual revenue. 
Commissioner Kelly spent 31 years in the New York City Police 
Department, serving in 25 different commands and as police 
commissioner from 1992 to 1994.
    It was reported last month that the NYPD launched a 
counterterrorism initiative to train a new team of officers in 
tactics for close quarters combat and rescuing hostages in 
hotels and other high-rise buildings. This initiative was an 
immediate response to lessons NYPD learned from Mumbai.
    Our third witness, James W. McJunkin, is the Deputy 
Assistant Director of the FBI Counterterrorism Division. Mr. 
McJunkin has been with the FBI for nearly 22 years. In 2005, 
Mr. McJunkin was selected as the Assistant Special Agent in 
Charge of the Washington, DC, Field Office, where he provided 
leadership and supervision to the Joint Terrorism Task Force, 
provided management to all substantive counterterrorism 
investigations conducted within the National Capital Region and 
supervised a number of significant overseas investigations 
involving terrorism attacks against U.S. citizens.
    In March 2006, he has led a team of FBI investigators with 
the on-scene investigation of a terrorist attack against the 
U.S. Consulate in Karachi, Pakistan, that claimed the life of a 
career diplomat and several foreign nationals. On January 24, 
2008, Director Mueller designated Mr. McJunkin as the Deputy 
Assistant Director for FBI Counterterrorism Operations, branch 
one.
    We appreciate very much the experience you bring to us this 
afternoon.
    Without objection, the witnesses' full statements will be 
inserted in the record. I now ask each witness to summarize his 
statement for 5 minutes.
    Before I conclude on that, acknowledging Deputy Assistant 
Secretary Snyder, let me also indicate that Members will have 
the opportunity to submit their statements into the record. We 
do appreciate it, without objection.
    Beginning now with the testimony from the witnesses, we 
will begin with the Deputy Assistant Secretary Snyder.

   STATEMENT OF JAMES L. SNYDER, DEPUTY ASSISTANT SECRETARY, 
   INFRASTRUCTURE PROTECTION, DEPARTMENT OF HOMELAND SECURITY

    Mr. Snyder. Thank you, Chairwoman Jackson Lee and Ranking 
Member Dent and Members of the subcommittee.
    I appreciate the opportunity to discuss the DHS Office of 
Infrastructure Protection interaction with our Government and 
private-sector partners during the Mumbai, India, attacks.
    The Mumbai attack reminds us that terrorism remains very 
real and that those who wish us harm are remaining dangerous 
and can adapt quickly. The commando-style attacks were well-
planned, well-coordinated and well-executed, striking multiple 
targets in the transportation and commercial facility sectors. 
The attacks were aided by the targets' open access, which 
presents an inherent security challenge.
    We also must adapt to this dynamic threat environment and 
to similar dangers posed by catastrophic natural events by 
remaining flexible and strengthening our coordination efforts 
with the Government and private sector.
    IP activities are based on the framework outlined in the 
National Infrastructure Protection Plan which was released in 
2006 and updated in 2009. Our mission is to work closely with 
our Government and private-sector partners across the 18 
critical infrastructure and key resource sectors to lead the 
effort to secure and enhance the resiliency of the Nation's 
infrastructure.
    Because most critical infrastructure is owned and operated 
by the private sector, the Department leverages partnerships to 
achieve success. We have successfully established more than 40 
voluntary partnership councils among Government and private-
sector entities. The value of these relationships has been well 
demonstrated in local and national responses to hurricanes, 
fire, and other incidents.
    During Mumbai, IP worked directly with the commercial 
facilities, banking and finance, and transportation sectors and 
religious organizations to share information and organize a 
response. On November 26, we disseminated reports on common 
vulnerabilities, potential indicators of terrorist activity and 
protective measures to our sector partners through the Homeland 
Security Information Network for Critical Sectors--it goes to a 
4,500-member user community--so that they could implement and 
increase their security posture.
    On the 27th, IP released the TRIPwire Significant Incident 
Report on the attacks to over 6,000 users in the TRIPwire 
community. TRIPwire is the Department's collaborative networks 
for bomb squads, law enforcement, and other emergency services 
personnel. IP issued three additional TRIPwire postings over 
the next 13 days and updated HSIN-CS on December 1.
    On December 2, IP's commercial facilities Sector-Specific 
Agency coordinated a conference call with over 200 leaders 
across the 18 sectors. On December 9, IP hosted a table-top 
exercise based on a multiple IED attack with representatives 
from all 18 sectors, and we reinforced the Mumbai lessons 
learned.
    On December 10, a conference call was held for 75 leaders 
of the banking and financial sector. On January 12, INA and IP 
conducted a classified briefing for senior security directors 
of major hotel chains and other commercial ventures, providing 
a detailed analysis of the Mumbai attacks.
    On January 29, IP's commercial facilities Sector-Specific 
Agency led a terrorism simulation exercise. It was conducted 
with the Real Estate Roundtable subsector, and designed around 
a Mumbai-style attack. Prior to the exercise, IP presented the 
roundtable a briefing and discussion on the Title IX Voluntary 
Private Sector Preparedness Program, now called PS-Prep, as we 
have to all sectors, and we think that this program will become 
a positive step forward in the process. These are only a few 
examples of activities with our partners that build the 
relationships and processes we use during response to an all-
hazard event.
    Critical IP work is conducted in the field by Protective 
Security Advisors. ADPSAs are in place around the Nation to 
assist with State, local, and private-sector efforts to protect 
critical assets. During national disasters and contingency 
events, PSAs work in State and local emergencies to provide 
real-time information on protective measures.
    It is important to note that individual facility owners and 
operators and their State and local officials know a specific 
asset and are best positioned to lead coordination of security 
and emergency response planning. DHS's role is to facilitate, 
provide expertise and tools to augment that planning, and 
advise on protective measures and response actions.
    I believe the next attack may be prevented when law 
enforcement or the private sector see something specific and 
take immediate action. We have seen that many times before. 
This, coupled with communications strengthened during hurricane 
experiences, has developed operational linkages that enable 
effective planning in advance of an incident, increase security 
and resiliency of our Nation's infrastructure, and produce the 
operational effect of a quick response should an incident 
occur.
    Thank you for your attention. I would be happy to answer 
any questions you may have at this time.
    [The statement of Mr. Snyder follows:]
                 Prepared Statement of James L. Snyder
                             March 11, 2009
    Thank you, Chairwoman Jackson Lee, Ranking Member Dent, and Members 
of the subcommittee. I appreciate the opportunity to participate in the 
hearing ``The Mumbai Attacks: A Wake-Up Call for America's Private 
Sector,'' and to discuss the Department of Homeland Security's Office 
of Infrastructure Protection's interaction with our Government and 
private sector partners during and following the terrorist attacks in 
Mumbai, India.
    As acknowledged with this hearing, the Mumbai attack on November 
26-30, 2008, served as a strong reminder that the threat of terrorism 
remains very real, and that those who wish us harm remain dangerous and 
adapt quickly to changing circumstance. The terrorist attacks were 
well-planned, well-coordinated, and well-executed. The terrorists 
carried out a complex attack and struck multiple targets in the 
transportation and commercial facilities sectors, particularly hotels 
and religious locations. One example of their ability to adapt was 
their decision to shift tactics and conduct a water-borne entry rather 
than the normal overland entry to the target area, thus avoiding 
observance. Their attacks were also facilitated by the targets' 
business requirements for open access, a reality that represents an 
inherent security challenge. This type of attack highlights the 
vulnerabilities of soft targets, and how difficult it is to prepare, 
prevent, and respond to such attacks.
    Consequently, we too must adapt to this dynamic threat 
environment--as well as to the dangers posed by catastrophic natural 
events--by remaining both nimble and flexible in our approach to 
infrastructure protection, and by continuing to enhance our 
coordination efforts with government at all levels and with the private 
sector.
    IP activities are based on the framework and approach outlined in 
the National Infrastructure Protection Plan (NIPP). Our mission is to 
work closely with our Government and private sector partners across the 
18 critical infrastructure and key resources (CIKR) sectors and to lead 
the effort to ensure that a comprehensive, multi-faceted framework 
exists to secure and enhance the resiliency of the Nation's CIKR. 
Because the majority of the Nation's CIKR are owned and operated by the 
private sector, the Department must leverage partnerships and 
relationships to achieve success. Using the NIPP framework, the 
Department has successfully established primarily voluntary 
partnerships among interested Federal, State, local, tribal, and 
private sector entities. These partners work within the framework to 
set goals and priorities, identify key assets, assign roles and 
responsibilities, allocate resources, and measure progress against 
national priorities. DHS released the NIPP in 2006 and, following its 
first triennial review and update, recently re-released it as the 2009 
NIPP. The subtitle of the 2009 NIPP is ``Partnering to Enhance 
Protection and Resiliency.''
    The value of the relationships we have built through this 
partnership has been demonstrated in local and national response to 
hurricanes, fires, and other real world incidents. In the steady-state 
environment, we sustain these relationships through information 
sharing, exercise, and training so that when an incident occurs, 
whether man-made or natural, we can respond and recover effectively and 
efficiently. For example, on December 9, 2008, IP hosted a tabletop 
exercise based on a multiple improvised explosive device attack with 
representation from all 18 critical infrastructure sectors. 
Additionally, IP's Commercial Facilities Sector Specific Agency 
Executive Management Office (SSA-EMO) participated in a January 29, 
2009, Terrorism Simulation Exercise. The tabletop exercise, Threat & 
Response Options--Public Communications Challenges, was conducted with 
the Commercial Facilities Real Estate Roundtable subsector. The 
exercise was designed around a Mumbai-style attack and facilitated 
active discussion on preventive, response, and recovery activities. 
These are only two of many exercises we conduct annually with our CIKR 
partners that build the relationships and processes we use during 
response to all-hazards events.
    In the case of Mumbai, IP worked directly with the Commercial 
Facilities Sector, Banking and Finance Sector, Transportation Sector, 
and leadership from religious organizations to share relevant 
information. To facilitate information collection, analysis, and 
distribution, IP leveraged the incident management capabilities built 
into its Incident Management Cell (IMC). The IMC is a cross-functional 
operations group that provides the core staff and facilities around 
which IP's scalable incident management capability coalesces during a 
large-scale CIKR incident. Prior to the Mumbai incident, the IMC 
provided effective leadership and coordination in communicating with 
our partners during Hurricanes Gustav and Ike. IP's response is guided 
by the National Response Framework and National Incident Management 
System which enable a systematic approach to response operations.
    IP's initial actions on the first day of the Mumbai attacks, 
November 26, were to disseminate Common Vulnerabilities (CV), Potential 
Indicators of Terrorist Activity (PI), and Protective Measures (PM) 
Reports to public and private sector partners through the Homeland 
Security Information Network for Critical Sectors (HSIN-CS) portal and 
its 4,500-member user community. These reports provide security 
officials with specific information on potential vulnerabilities and 
recommendations on specific protective measures that they can implement 
to increase their security posture.
    On November 27, IP released a TRIPwire Significant Incident Report 
(SIR) to provide information on the attacks to over 6,000 users in the 
TRIPwire community. TRIPwire is the Department's on-line, 
collaborative, information-sharing network for bomb squads, law 
enforcement, and other emergency services personnel. It provides 
continuously updated information about current terrorist improvised 
explosive device (IED) tactics, techniques, and procedures, including 
design and emplacement techniques. IP issued three additional TRIPwire 
postings over the next 13 days. These updates provided detailed 
analysis of the terrorist tactics, techniques, and procedures, and 
recommended protective measures based on the employed strategies. These 
updates, along with a Mumbai TRITON Special Report, were also shared 
with members of the private sector through postings on the HSIN-CS 
portal. TRITON reports are monthly or incident-reactive reports that 
assess terrorist tactics, techniques, operations, and strategies. 
TRITON reports are produced by a UK-based subject matter expert 
company, and are provided by IP to our State and local government 
TRIPwire users.
    On December 1, IP e-mailed an updated TRIPwire SIR that contained 
additional information to all TRIPwire system users and the National 
Infrastructure Coordinating Center (NICC). IP also posted the SIR to 
the TRIPwire web site ``What's New'' Portal and to HSIN-CS. Of note, 
during the 8-day time frame of November 27 to December 4, TRIPwire had 
over three times the average number of site visits, indicating intense 
user interest in the Mumbai attacks and the terrorist tactics, 
techniques, and procedures used in the attacks.
    On December 2, IP's Commercial Facilities SSA-EMO coordinated a 
conference call with over 200 leaders across all sectors. The 
Department's Office of Intelligence and Analysis (I&A), Homeland 
Infrastructure Threat and Risk Analysis Center (HITRAC), IP, and 
Transportation Security Administration provided detailed information on 
the Mumbai attacks to call participants. Their briefings included 
analyses of the tactics, techniques, and procedures used in the Mumbai 
attack, and provided security recommendations to address these attack 
methods. Specific protective measures were proposed to address 
surveillance, target selection, infiltration, target access, and 
engagement with security forces. Based on positive feedback from that 
call, an additional conference call was held on December 10 
specifically for 75 leaders of the Banking and Finance Sector.
    On January 12, I&A and IP conducted a classified briefing for 
senior security directors representing major hotel chains and other 
commercial venues. The briefing provided a detailed analysis of the 
tactics, techniques and procedures used in the Mumbai attacks, 
including specific details of the IEDs; terrorist exploitation of 
technology; surveillance techniques; timeline of the attack including 
the targets and tactics; and recommended protective measures for 
surveillance, port security, access control, and coordination with 
security forces on specific actions to improve the security posture at 
their location.
    In addition to the interactions with our NIPP partners in 
Washington, DC, a significant portion of IP's work is conducted in the 
field, across the United States, by the Protective Security Advisor 
(PSA) cadre. Eighty PSAs are in place in communities throughout the 
Nation to assist with State, local, and private sector efforts to 
protect critical assets, providing a Federal resource to communities 
and businesses. During natural disasters and contingency events such as 
Mumbai, PSAs often work in State and local Emergency Operations 
Centers. PSAs also provide real-time information on facility 
significance and protective measures to facility owners and operators, 
as well as State and local representatives. For example, during the 
Mumbai event, the PSA for Las Vegas met with hotel, casino, and resort 
security officials to answer questions and distribute our CV/PI/PM 
reports that provide details on enhanced security recommendations and 
best practices.
    PSAs also conduct Enhanced Critical Infrastructure Protection 
(ECIP) assessment visits to assess overall site security, identify 
gaps, recommend protective measures, educate facility owners and 
operators on security, and promote communication and information 
sharing among facility owners and operators, DHS, and State 
governments. Information collected during ECIP visits will be used to 
develop ECIP metrics; conduct sector-by-sector and cross-sector 
vulnerability comparisons; identify security gaps and trends across 
CIKR sectors and sub-sectors; establish sector baseline security survey 
scores; and track progress toward improving CIKR security through 
activities, programs, outreach, and training. This information is 
utilized during incidents to help focus national and local response 
efforts on identified areas of criticality within the impact area and 
assist in the prioritization of reconstitution efforts.
    In addition to the PSA program, IP has provided support for 
reducing risk of a terrorist attack to the Nation's CIKR by conducting 
vulnerability assessments for assets in the Commercial Facilities 
Sector. The Buffer Zone Protection Program (BZPP) is a DHS-administered 
grant program designed to help local law enforcement and owners and 
operators of CIKR increase security in the ``buffer zone''--the area 
outside a facility that can be used by an adversary to conduct 
surveillance or launch an attack. The BZPP focuses on identifying and 
mitigating vulnerabilities at the highest-risk critical infrastructure 
sites and is designed to increase local law enforcement capabilities 
and preparedness.
    Additional support is provided through Site Assistance Visits 
(SAVs). These are ``inside the fence'' vulnerability assessments 
conducted jointly by IP in coordination and cooperation with Federal, 
State, local, and CIKR owners and operators that identify critical 
components, specific vulnerabilities, and security enhancements. During 
an SAV, consequence and vulnerability information is collected to 
inform risk data, which is then used as supporting information for 
risk-based decisionmaking.
    IP has also conducted training for more than 1,900 stakeholders in 
the Commercial Facilities Sector and law enforcement officials who 
protect assets in the Lodging and Resorts Subsectors. Relevant courses 
include Soft Target Awareness, Surveillance Detection, IED Awareness, 
and Protective Measures.
    To provide additional assistance to the Commercial Facilities 
Sector, IP is currently deploying Risk--Self-Assessment Tool (R-SAT), 
an upgraded, re-engineered version of the Vulnerability Identification 
Self-Assessment Tool (ViSAT). ViSAT is a Web-based self-assessment tool 
developed by IP and provided free of charge to CIKR asset owners/
operators, primarily in places of mass gatherings such as arenas and 
stadiums. This tool assists owners/operators to raise the level of 
security at CIKR facilities and establish a common baseline of security 
from which all assets in certain sectors or subsectors can identify 
weaknesses and establish protection plans. Modules have currently been 
deployed for stadiums, arenas, convention centers, performing arts 
centers, and speedways. Commercial facilities members currently have 
access to ViSAT, and DHS has provided a grant to the International 
Association of Assembly Managers, a co-chair of the Public Assembly 
Subcouncil, to promote and provide training for this tool.
    IP also provides the Constellation/Automated Critical Asset 
Management System (C/ACAMS) to State and local communities at no cost. 
Currently, 30 States use 
C/ACAMS, a CIKR asset management system that focuses on the unique 
requirements and information needs of first responders. It provides 
vulnerability and consequence scoring tools that aid the user's 
subjective analysis of criticality; an integrated open source 
information portal, Constellation, which ties together critical asset 
data and reporting about the current threat environment; a tailored 
reporting capability to assist in data calls on critical assets; Buffer 
Zone Generation capability; capability to generate pre-incident 
operational plans; on-line resources for first responders; and an 
integrated geographic information system via the Department's 
Integrated Common Analytical Viewer.
    Additionally, the Regional Consortium Coordinating Council (RCCC) 
was established in Fall 2008 to bring the unique perspectives of 
geographically based public and private partnerships into the NIPP 
framework. The RCCC comprises existing functional and active regional 
entities that include both Government and private sector members. The 
RCCC provides a critical link between CIKR owners/operators and key 
homeland security officials and activities at the regional, State, and 
local levels.
    These Departmental efforts and resources are critically important. 
However, as we move forward and enhance our efforts, and recall the 
lessons learned from Mumbai, it is also important to acknowledge that 
individual facility owners and operators, and their State and local 
officials, know the unique circumstances facing a specific asset and 
are, therefore, best positioned to serve as primary lead in 
coordination of security and emergency response planning. DHS's role is 
to facilitate and augment planning and support where necessary and 
appropriate.
    I believe a key opportunity to prevent the next attack in this 
country will be by local law enforcement and the private sector seeing 
something suspicious and taking action or calling that information into 
the proper authorities. Time and again, we have witnessed this 
effective solution both here in the United States during the Fort Dix 
and South Carolina incidents and overseas. The Federal Government and 
the Department of Homeland Security can and do assist with these 
efforts by providing valuable information to our local Government and 
private sector partners.
    As I have described, IP is focused on continuing to improve our 
capability to provide timely and actionable information to our public 
and private sector partners. This, coupled with partnerships 
strengthened during recent hurricane experiences, has reinforced the 
operational linkages that will enable effective planning in advance of 
an incident, result in enhanced safety, security and resiliency of our 
Nation's CIKR, and produce an operational effect for expeditious, 
efficient, and effective response should an incident occur.
    Thank you for your attention, and I would be happy to answer any 
questions you may have at this time.

    Ms. Jackson Lee. I thank the gentleman for his testimony.
    I would like to acknowledge the presence of Congresswoman 
Titus from Nevada. We appreciate her service on this committee.
    I now recognize Commissioner Kelly to summarize his 
statement for 5 minutes.

 STATEMENT OF RAYMOND W. KELLY, COMMISSIONER, NEW YORK POLICE 
                           DEPARTMENT

    Mr. Kelly. Thank you, Madam Chairman.
    Chairman Thompson, Congressman King, Congressman Dent, 
Members of the subcommittee, thank you for the opportunity to 
testify about the New York City Police Department's response to 
the terrorist attacks in Mumbai.
    I want to begin my remarks by saying that partnership with 
the private sector has been a hallmark of the NYPD's 
counterterrorism program since 2002. It is our collective 
responsibility to learn from events like those that took place 
in Mumbai and adapt our programs to prevent them. That is 
exactly what we have endeavored to do in New York.
    We have a program called NYPD Shield that includes over 
6,000 private security personnel who train with us and function 
as additional eyes and ears. We held a briefing with 400 
members of this group immediately after the attacks in Mumbai. 
At that meeting, we had the lead officer in a three-man team 
that we sent to Mumbai call in from Mumbai and share the 
lessons that we learned with the audience.
    I will update you on our response to those lessons shortly. 
Before I do that, I want to make you aware of a more recent 
study conducted by our intelligence division analyzing the 
similarities between the Mumbai assault and the attack in 
Lahore, Pakistan, on March 3, targeting the Sri Lankan national 
cricket team. Eight people were killed in that incident, 
including six Pakistani police officers. That terrorists would 
attack a cricket team to attract maximum attention should not 
come as a surprise considering the sport's immense popularity 
in South Asia. Last year when the NYPD formed a cricket league 
as part of our outreach efforts with the South Asian community 
in New York City, it received scant attention in the New York 
media but was widely covered in India, Pakistan, and other 
countries in South Asia and Europe.
    The attacks in Mumbai and Lahore are evidence of a shift in 
tactics from suicide bombs to a commando-style military assault 
with small teams of highly trained, heavily armed operatives 
launching simultaneous sustained attacks. We are paying very 
close attention to this trend.
    Other similarities we identified include choice of 
location; dense, relatively unprotected urban areas where the 
terrorists could establish strategic choke points to impede the 
response of authorities.
    We also know that some form of detailed pre-attack 
surveillance was carried out in both cases, as evidenced by the 
terrorists' thorough familiarity with their target.
    Likewise, both sets of attackers coordinated their 
movements closely through the use of basic technology, cell 
phones in Mumbai and small battery-powered two-way radios in 
Lahore.
    The assault teams themselves are composed of physically fit 
males between the ages of 20 and 30. They were similar in 
composition and in size with 10 people involved in the Mumbai 
attack and an estimated 12 in Lahore.
    In each instance, the teams appeared to break down into 
smaller two-man operating units once the attack was launched.
    In both Mumbai and Lahore the attackers were armed with 
assault rifles, semiautomatic pistols, and grenades. They 
carried backpacks with additional ammunition and explosives, 
more than enough to sustain a prolonged siege. The attackers 
were casually attired in Western clothing with oversized 
jackets, button-down shirts and cargo-style pants that could 
conceal contraband.
    Both groups were calm, unhurried, and methodical. They also 
carried food and drugs to enhance their performance and 
stamina. In Mumbai, the terrorists reportedly used cocaine and 
amphetamines to stay awake. In Lahore, remnants of unspecified 
high-energy foods were recovered from the scene.
    It appears both attacks were not initially designed to be 
suicidal. The goals of the terrorists include hostage taking, 
extending the violence and the resulting media coverage, and 
escaping. In Mumbai, the terrorists were able to take captives. 
However, they were captured or killed before they issued 
demands or escaped. In Lahore, they were unsuccessful in taking 
hostages, but they did manage to evade capture.
    Both operations focused on highly symbolic targets. By 
impacting tourism and international sports, they were intended 
to instill fear and cause economic damage. They were also aimed 
at attacking the global reputations of India and Pakistan and 
heightening regional tensions between the two.
    While the political root causes of these attacks appear to 
be local, the terrorist networks behind them are global, well-
funded, and interconnected. The militant Islamic groups 
suspected in these cases, mainly Lashkar-e-Taiba, have deep and 
long-standing ties to al Qaeda. In fact, LeT has trained such 
terrorists as convicted shoe bomber Richard Reid and Essa Al 
Hindi, who surveilled buildings in New York's financial 
district prior to September 11. They are also believed to have 
trained militant Islamic fighters for conflicts around the 
world, including in Iraq and Afghanistan. As far as we know, 
they have not directly targeted a Western country, but they 
specifically sought out locations in Mumbai with Western and 
Jewish clientele. Hopefully we won't see their tactics migrate 
to the United States, but if they do, we certainly intend to be 
prepared.
    Within hours of the end of the attacks in Mumbai, the NYPD 
began making arrangements to send personnel there. This is in 
keeping with the practice we followed for several years. In all 
cases, our officers do not take part in investigative activity. 
In Mumbai, our officers toured crime scenes, took photographs, 
and asked questions of police officials.
    They relayed what they learned back to New York. These 
officers are a part of a Police Department overseas liaison 
program in which we have posted experienced personnel to 11 
cities around the world. They partner with local police and 
intelligence agencies and respond when terrorist incidents 
occur.
    In this case, the most senior officer in the group had 
served as the liaison in Amman, Jordan. In July 2006, when 
seven bombs exploded in Mumbai trains and rail stations, he 
flew to the city on a similar mission. The relationships he 
forged during that trip proved helpful in December.
    Our liaisons arrived in Mumbai on December 2, 3 days after 
the attacks ended. By December 5, our intelligence division had 
produced an analysis which we shared with the FBI. As I noted 
that morning, we convened a special meeting with the members of 
NYPD Shield. During the live conference call with our team 
leaders in Mumbai, we posted photographs and maps to help the 
audience visualize the locations he was describing.
    We also conducted two exercises, one a tactical drill for 
emergency service unit officers, the other a table-top exercise 
for commanders. Both scenarios mirrored the attacks in Mumbai.
    Based on our analysis of what took place in Mumbai, we have 
been training additional officers to use heavy weapons in close 
quarter battle tactics. In the event of a sustained attack such 
as you saw in India, these officers will be able to support and 
relieve the more than 400 members of our emergency service unit 
who already have these skills.
    Last month, 134 officers from our Organized Crime Control 
Bureau became the first to complete the new course of heavy 
weapons and tactics training. We are continuing this month with 
another group of 135. Our goal is to qualify up to 1,500 
officers in these special skills.
    We also provided basic heavy weapons instruction for our 
most recent class of over 1,000 police recruits. We will do the 
same for our current academy class.
    In Mumbai, the local police were simply outgunned by the 
terrorists. We don't want that to happen in New York. We are 
also meeting with service providers to see if a means can be 
developed to pinpoint disruption of cell or satellite phones 
used by a terrorists during an attack without the wholesale 
disruption of communications in the immediate vicinity.
    We also saw that, in Mumbai, the local authorities had 
insufficient knowledge of the layouts of targets. In light of 
this observation, we have assigned our emergency service unit 
supervisors to tour major hotels and other landmarks. Out of 
each visit, they develop a briefing book with a description of 
the location and detailed diagrams, as well as a video that can 
be used for training purposes. We have conducted 11 in-depth 
tours of major hotels so far, and we are continuing to select 
new locations.
    At our December 5 Shield meeting, we also reviewed a list 
of best practices in hotel security. This is a set of items we 
routinely share when our counterterrorism officers conduct 
training with hotel security.
    Through another partnership, Operation Nexus, NYPD 
detectives have made thousands of visits to the kind of 
companies terrorists might seek to exploit, truck rental 
businesses, scuba diving schools, or hotels. We let them know 
what to look for and what to do if they observe suspicious 
behavior.
    As part of this initiative we have assigned a senior 
officer to work exclusively with hotels. After Mumbai, he and 
his team visited numerous hotels where they met with security 
directors and developed emergency procedures to use in the 
event of a Mumbai-style attack.
    As part of our training, we also emphasize with hotel staff 
the importance of knowing who is inside and recognizing that 
the attack may be initiated from within the facility. We talk 
about how to identify hostile surveillance or the stockpiling 
of materials, controlling points of entry, and having a 
thorough knowledge of the building's layout and a widely 
distributed emergency action plan.
    We also ask the hotel personnel to be acutely aware of 
suspicious behavior on the part of visitors, such as denying 
staff access to rooms for extended periods, loitering on guest 
floors or in the lobby, requesting specific rooms, receiving 
unusual parcels, and inquiring about hotel security. Along with 
an array of other sensitive landmarks, major hotels are also 
the site of visits by our Hercules teams and critical response 
vehicles.
    In addition to hotels, locations also include hospitals, 
houses of worship, critical infrastructure and tourist 
attractions, such as Times Square.
    While we have to learn from Mumbai and Lahore and prepare 
to defend ourselves against similar attacks, we cannot focus 
too narrowly on any one preventive method.
    Ms. Jackson Lee. Commissioner, are you wrapping up?
    Mr. Kelly. I am. I am sorry. I apologize.
    Ms. Jackson Lee. We want to hear you. Just wanted to----
    Mr. Kelly. Let me stop here.
    I want to thank you for inviting me, Madam Chairwoman.
    [The statement of Mr. Kelly follows:]
                 Prepared Statement of Raymond W. Kelly
                             March 11, 2009
    Chairman Thompson; Chairwoman Jackson Lee; Congressman King; 
Congressman Dent; Members of the subcommittee.
    Thank you for this opportunity to testify about the New York City 
Police Department's response to the terrorist attacks in Mumbai. I want 
to begin my remarks by saying that partnership with the private sector 
has been a hallmark of the NYPD's counterterrorism program since 2002. 
It is our collective responsibility to learn from events like those 
that took place in Mumbai, and adapt our programs to prevent them. That 
is exactly what we've endeavored to do in New York.
    We have a program called NYPD Shield that includes over 6,000 
private security personnel who train with us and function as additional 
eyes and ears. We held a briefing with 400 members of this group 
immediately after the attacks in Mumbai. At that meeting, we had the 
lead officer in a three-man team we sent to Mumbai call in from 
overseas and share the lessons we learned with the audience.
    I will update you on our response to those lessons shortly. Before 
I do that, I want to make you aware of a more recent study conducted by 
our Intelligence Division analyzing the similarities between the Mumbai 
assault and the attack in Lahore, Pakistan on March 3 targeting the Sri 
Lankan national cricket team. Eight people were killed in that 
incident, including six Pakistani police officers.
    That terrorists would attack a cricket team to attract maximum 
attention should not come as a surprise considering the sport's immense 
popularity in South Asia. Last year, when the NYPD formed a cricket 
league as part of our outreach efforts with the South Asian community 
in New York City, it received scant attention in the New York media but 
was widely covered in India, Pakistan, and other countries in South 
Asia and Europe.
    The attacks in Mumbai and Lahore are evidence of a shift in tactics 
from suicide bombs to a commando-style military assault with small 
teams of highly trained, heavily armed operatives launching 
simultaneous, sustained attacks. We're paying very close attention to 
this trend.
    Other similarities we identified included the choice of locations: 
dense, relatively unprotected urban areas where the terrorists could 
establish strategic choke points to impede the response of authorities. 
We also know that some form of detailed, pre-attack surveillance was 
carried out in both cases, as evidenced by the terrorists' thorough 
familiarity with their targets. Likewise, both sets of attackers 
coordinated their movements closely through the use of basic 
technology: cell phones in Mumbai and small, battery-powered two-way 
radios in Lahore.
    The assault teams themselves were composed of physically fit males 
between the ages of 20 and 30. They were similar in composition and in 
size, with 10 people involved in the Mumbai attack and an estimated 12 
in Lahore. In each instance, the teams appeared to break down into 
smaller, two-man operating units once the attack was launched.
    In both Mumbai and Lahore the attackers were armed with assault 
rifles, semi-automatic pistols and grenades. They carried backpacks 
with additional ammunition and explosives, more than enough to sustain 
a prolonged siege. The attackers were casually attired in western 
clothing, with oversized jackets, button down shirts and cargo style 
pants that could conceal contraband.
    Both groups were calm, unhurried, and methodical. They also carried 
food and drugs to enhance their performance and stamina. In Mumbai, the 
terrorists reportedly used cocaine and amphetamines to stay awake. In 
Lahore, remnants of unspecified high energy foods were recovered from 
the scene.
    It appears both attacks were not initially designed to be suicidal. 
The goals of the terrorists included hostage-taking, extending the 
violence and the resulting media coverage, and escaping. In Mumbai, the 
terrorists were able to take captives. However, they were captured or 
killed before they issued demands or escaped. In Lahore, they were 
unsuccessful in taking hostages but they did manage to evade capture.
    Both operations focused on highly symbolic targets. By impacting 
tourism and international sports they were intended to instill fear and 
cause economic damage. They were also aimed at attacking the global 
reputations of India and Pakistan and heightening regional tensions 
between the two.
    While the political root causes of these attacks appear to be 
local, the terrorist networks behind them are global, well-funded, and 
interconnected. The militant Islamic groups suspected in these cases--
mainly Lashkar-e-Taiba--have deep and long-standing ties to al Qaeda.
    In fact, L.E.T. has trained such terrorists as convicted shoe-
bomber, Richard Reid, and Essa Al Hindi who surveilled buildings in New 
York's financial district prior to September 11. They are also believed 
to have trained militant Islamic fighters for conflicts around the 
world, including in Iraq and Afghanistan. As far as we know, they have 
not directly targeted a western country but they specifically sought 
out locations in Mumbai with western and Jewish clientele. Hopefully, 
we won't see their tactics migrate to the United States, but if they do 
we intend to be prepared.
    Within hours of the end of the attacks in Mumbai, the NYPD began 
making arrangements to send personnel there. This is in keeping with a 
practice we have followed for several years. In all cases, our officers 
do not take part in investigative activity. In Mumbai, our officers 
toured crime scenes, took photographs, and asked questions of police 
officials. They relayed what they learned back to New York.
    These officers are part of the Police Department's overseas liaison 
program in which we post experienced personnel to 11 cities around the 
world. They partner with local police and intelligence agencies and 
respond when terrorist incidents occur. In this case, the most senior 
officer in the group had served as a liaison in Amman, Jordan. In July 
2006, when seven bombs exploded in Mumbai trains and railway stations, 
he flew to the city on a similar mission. The relationships he forged 
during that trip proved helpful in December.
    Our liaisons arrived in Mumbai on December 2, 3 days after the 
attacks ended. By December 5, our Intelligence Division had produced an 
analysis, which we shared with the FBI. As I noted, that morning we 
convened a special meeting with the members of NYPD Shield. During the 
live conference call with our team leader in Mumbai, we posted 
photographs and maps to help the audience visualize the locations he 
was describing.
    We also conducted two exercises, one a tactical drill for Emergency 
Service Unit officers, the other a tabletop exercise for commanders. 
Both scenarios mirrored the attacks in Mumbai.
    Based on our analysis of what took place in Mumbai, we've been 
training additional officers in the use of heavy weapons and close 
quarters battle tactics. In the event of a sustained attack, such as we 
saw in India, these officers will be able to support and relieve the 
more than 400 members of our Emergency Service Unit who already have 
these skills. Last month, 134 officers from our Organized Crime Control 
Bureau became the first to complete this new course of heavy weapons 
and tactics training. We're continuing this month with another group of 
135. Our goal is to qualify up to 1,500 officers in these special 
skills. We've also provided basic heavy weapons instruction for our 
most recent class of over 1,000 police recruits. We will do the same 
with our current class. In Mumbai, the local police were simply 
outgunned by the terrorists. We don't want that to happen in New York.
    We are also meeting with service providers to see if a means can be 
developed to pinpoint disruption of cell or satellite phones used by 
terrorists during an attack, without the wholesale disruption of 
communications in the immediate vicinity.
    We also saw that in Mumbai, the local authorities had insufficient 
knowledge of the layouts of the targets. In light of this observation, 
we've assigned our Emergency Service Unit supervisors to tour major 
hotels and other landmarks. Out of each visit they develop a briefing 
book with a description of the location and detailed diagrams, as well 
a video that can be used for training purposes. We've conducted 11 in-
depth tours of major hotels so far and we are continuing to select new 
locations.
    At our December 5 Shield meeting we also reviewed a list of best 
practices in hotel security. This is a set of items we routinely share 
when our counterterrorism officers conduct trainings with hotel 
security personnel.
    Through another partnership, Operation Nexus, NYPD detectives have 
made thousands of visits to the kind of companies terrorists might seek 
to exploit: truck rental businesses, scuba diving schools, or hotels. 
We let them know what to look for and what to do if they observe 
suspicious behavior.
    As part of this initiative, we've assigned a senior officer to work 
exclusively with hotels. After Mumbai, he and his team visited numerous 
hotels where they met with security directors and developed emergency 
procedures to use in the event of a Mumbai-style attack.
    As part of our training, we also emphasize with hotel staff the 
importance of knowing who's inside and recognizing that the attack may 
be initiated from within the facility. We talk about how to identify 
hostile surveillance or the stockpiling of materials, controlling 
points of entry and having a thorough knowledge of the building's 
layout and a widely distributed emergency action plan.
    We also ask hotel personnel to be acutely aware of suspicious 
behavior on the part of visitors, such as: denying staff access to 
rooms for extended periods; loitering on guest floors or in the lobby; 
requesting specific rooms; receiving unusual parcels; and inquiring 
about hotel security.
    Along with an array of other sensitive landmarks, major hotels are 
also the sites of visits by our Hercules teams and Critical Response 
Vehicle Surges. The former consist of heavily armed members of our 
Emergency Service Unit, who appear unannounced at key locations in a 
show of force designed to disrupt terrorist surveillance. This is also 
the goal of our daily CRV surges, in which large convoys of patrol cars 
proceed with emergency lights and sirens to a pre-arranged site based 
on intelligence. In addition to hotels these locations include 
hospitals, houses of worship, critical infrastructure, and tourist 
attractions like Times Square.
    All of the measures I have discussed are part of a robust 
counterterrorism program we built from the ground up in 2002, when we 
realized that it in addition to our focus on crime-fighting, the Police 
Department needed to build the intelligence collection, analysis, and 
infrastructure protection capabilities to defend New York City from 
another terrorist attack.
    We established the Nation's first municipal counterterrorism 
bureau, and we restructured our Intelligence Division. We recruited the 
best that the Federal Government had to offer to head those two 
operations. We created a new civilian intelligence program to support 
our field commanders with timely information and analysis. We tapped 
the incredible linguistic diversity of the police department. We 
assigned native speakers of languages such as Arabic, Urdu, and Pashto 
to counterterrorism duties. We strengthened our patrols of key 
infrastructure in the city, including bridges, tunnels, and a host of 
landmarks and other sensitive locations. We forged collaborative 
relationships with the private sector, with law enforcement 
organizations up and down the east coast, and with Federal agencies, 
especially the FBI and the Department of Homeland Security.
    In the last 7 years, working with the FBI through the Joint 
Terrorism Task Force, we've stopped multiple plots against New York 
City. I know that this productive collaboration will continue to 
thrive.
    The Police Department's strongest and most innovative regional 
partnership is the one supported by the Department of Homeland 
Security, our Securing the Cities program. This is an unprecedented 
initiative to protect New York with advanced radiation detection 
devices installed at all points of access to the five boroughs, 
including roads, bridges, tunnels, and waterways. We now train and 
share information with dozens of neighboring jurisdictions.
    Our collaboration with the Federal Government has been essential. 
Through the Homeland Security, Transit Security, and Port Security 
Grant Programs, among others, we have instituted effective and 
innovative programs. In the past, the NYPD worked directly with the 
Transportation Security Administration to obtain grants and steer 
Federal funds to the most effective programs. We believe it is vitally 
important to maintain this direct connection and to ensure that DHS's 
transit security program preserve its distinct mission, purpose, and 
management, without undue bureaucratic layers. It is our hope the 
Congress will work with the new leadership at DHS to ensure that the 
agencies with the shared mission of protecting the transit system be 
allowed to work together.
    While we have to learn from Mumbai and Lahore and prepare to defend 
ourselves against similar attacks, we cannot focus too narrowly on any 
one preventive method. We need to strengthen our defense on every 
front, stay sharp, well-trained, well-equipped, and constantly 
vigilant. And we must continue to work together at every level of 
government and with the private sector to defeat those would harm us.
    I want to thank the committee Members for your crucial support in 
making this possible, and for this opportunity to update you on our 
initiatives.

    Ms. Jackson Lee. We look forward to the opportunity to 
engage in questioning. Thank you for that very helpful 
testimony.
    It is my pleasure now to recognize Mr. McJunkin to 
summarize his statement for 5 minutes. The gentleman is 
recognized.

  STATEMENT OF JAMES W. MCJUNKIN, DEPUTY ASSISTANT DIRECTOR, 
   COUNTERTERRORISM DIVISION, FEDERAL BUREAU OF INVESTIGATION

    Mr. McJunkin. Good afternoon, Chairwoman Jackson Lee, 
Ranking Member Dent and Members of the committee. Thank you for 
inviting me here today to discuss lessens learned from the 
recent terror attacks in Mumbai, and how the FBI is working 
with our U.S. and international intelligence and law 
enforcement partners to apply those lessons to protect the 
homeland and U.S. interests overseas.
    Within hours of the first attacks on Mumbai, the FBI had a 
representative on the scene, the assistant legal attache to our 
New Delhi office, who was traveling in the direction of Mumbai 
when he was notified of the attacks. He immediately made his 
way to the Taj Mahal hotel.
    Ms. Jackson Lee. Mr. McJunkin, is your microphone on, or 
could you move it closer to you, please? Thank you.
    Mr. McJunkin. He immediately made his way to the Taj Mahal 
hotel, which was still under siege, and contacted his Indian 
counterparts. From there, he took part in the rescue of 
Americans trapped in the hotel. He also worked with the U.S. 
Embassy to obtain approval from the Indian government to deploy 
our Los Angeles Rapid Deployment Team and key personnel from 
FBI headquarters to assist with the investigation.
    The team, which arrived in Mumbai on November 29, had two 
major jobs. One is the pursuit of justice, which involves 
traditional forensic-based investigative work to track down 
those who were murdered Americans and determine who the 
attackers co-conspirators were. Two, and equally important, is 
the prevention mission, which involves generating new 
information to determine who else might still be out there who 
potentially poses a threat to the United States, our citizens, 
and our allies.
    The investigation continues, and we still have personnel in 
India who have been working with our Indian law enforcement and 
intelligence partners to help uncover information about how the 
attacks were executed, how the attackers were trained, and how 
long the attacks took to plan. We have been sharing that 
information with our Federal, State, and local and 
international law enforcement partners and using it to bolster 
our efforts to protect the homeland.
    So far, the Mumbai attacks have reinforced several key 
lessons. One, terrorist organizations don't need weapons of 
mass destruction or even large quantities of explosives to be 
effective. The simplest weapons can be as deadly. It comes as 
no surprise, therefore, that a small disciplined team of highly 
trained individuals can wreak that level of havoc that we saw 
in Mumbai. Last week's attack on the Sri Lankan cricket team in 
Lahore, Pakistan, is another example of a low-tech but 
potentially high-impact operation. We are concerned about the 
possibility that other foreign terrorist groups, including al 
Qaeda or its affiliates, will take note of those attacks and 
attempt to emulate them.
    The take-home lesson for the FBI and DHS is that we must 
continue to look at both large and small organizations with the 
right combination of capability and intent to carry out 
attacks. Two, we need to reenergize our efforts to keep the 
American public engaged and vigilant. That is critical to the 
effort to prevent something like the Mumbai attacks from 
occurring on our shores. As we engage the public, we want to 
encourage them to be cognizant of and report suspicious 
activity that comes to their attention to their local, State, 
and Federal law enforcement agencies.
    A key tool for engaging the public and our law enforcement 
partners is Guardian, a Web-based application to track 
suspicious incident reporting. As we receive information on 
threats from law enforcement, other Federal agencies, and the 
general public, we input these reports into the system where 
they can be tracked, searched, analyzed, and triaged for 
action. No threat report is left unaddressed. Although roughly 
97 percent of these incidents are ultimately determined to have 
no conclusive nexus to terrorism, we believe we cannot afford 
to ignore potentially important threat indicators.
    We have begun a pilot deployment of eGuardian, an 
unclassified system that enables participation by our State, 
local, and tribal law enforcement partners. eGuardian will 
enable near real-time sharing and tracking of terrorist 
information and suspicious activities among State, local, and 
tribal and Federal entities.
    Another key lesson the Mumbai attacks reinforced is the 
importance of international partnerships. As Director Mueller 
said during his visit to India and Pakistan last week, 
terrorism is not an issue for one country alone. We are all 
fighting a common enemy. We all continue to work with our 
counterparts in India and around the world to bring the 
perpetrators of these attacks to justice and to prevent further 
attacks.
    In conclusion, Madam Chairman, as the threats to the United 
States become more global, the FBI is expanding our 
collaboration with our law enforcement and intelligence 
partners here at home and around the world. We are working with 
our international counterparts to prevent terrorist attacks and 
assist in their investigation when they do occur. As we have 
done with the Mumbai attacks, we will continue to analyze and 
share lessons learned from these investigations to help prevent 
future attacks at home or against U.S. interests abroad. Thank 
you.
    [The statement of Mr. McJunkin follows:]
                Prepared Statement of James W. McJunkin
                             March 11, 2009
    Good afternoon Chairwoman Jackson-Lee, Ranking Member Dent, and 
Members of the committee. I appreciate the opportunity to be here today 
to discuss the FBI's role in investigating the November 2008 terrorist 
attacks in Mumbai, India. I will also describe how we are working with 
our U.S. intelligence and law enforcement partners to apply lessons 
learned from the Mumbai attacks to protect the U.S. Homeland, as well 
as how we are collaborating with our international partners to help 
prevent attacks on U.S. interests and our allies overseas.
                    fbi role in mumbai investigation
    As the committee knows, on November 26, 2008, several men armed 
with hand grenades, automatic weapons, and satellite phones landed in a 
rubber raft on the shores of Mumbai. They scattered to soft targets 
across the city, launched simultaneous attacks that held India's 
financial capital under siege for days, and killed more than 170 
individuals, including six American citizens. Within hours of the first 
attacks, the FBI had a representative on the scene: our Assistant Legal 
Attache in the FBI's New Delhi office, who was traveling in the general 
direction of Mumbai when he was notified of the attacks. He immediately 
made his way to the Taj Mahal hotel, which was still under siege, and 
contacted his Indian counterparts. From there, he took part in efforts 
to rescue Americans trapped in the hotel, set up lines of communication 
with his FBI and U.S. Intelligence Community (USIC) counterparts, and 
coordinated the arrival of our Los Angeles Rapid Deployment Team.
    Even before the crisis ended, the investigation had begun. Agents 
from FBI offices in New Delhi, Islamabad, and Los Angeles joined forces 
with the Indian government, the CIA, the State Department, and foreign 
partners. Through these partnerships, we had unprecedented access to 
evidence and intelligence. Agents and analysts interviewed more than 70 
individuals, including the sole surviving attacker. Our forensic 
specialists pulled fingerprints from improvised explosive devices. They 
recovered data from damaged cell phones, in one case by literally 
wiring a smashed phone back together.
    At the same time, we collected, analyzed, and disseminated 
intelligence to our partners at home and abroad--not only to determine 
how these attacks were planned, and by whom, but to ensure that if a 
second wave of attacks was planned, we had the intelligence to stop it.
    I also want to acknowledge the very fine work that the FBI's Office 
of Victim Assistance, working in concert with U.S. consular officers in 
Mumbai and the State Department's Bureau of Consular Affairs, undertook 
to assist the U.S. citizen victims and their families. That work 
continues to this day.
        threats posed by suspected sponsors of mumbai attackers
    The surviving Mumbai attacker has claimed that the Pakistan-based 
terrorist organization Lashkar-e-Tayyiba (LT) provided him training and 
direction for the attack. The FBI assesses that LT, which is well known 
to the U.S. Intelligence Community (USIC), remains a threat to U.S. 
interests in South Asia and to the U.S. homeland. We have no current 
intelligence indicating that there is an organized LT presence in the 
United States or that LT senior leadership is seeking to attack the 
U.S. homeland. LT does maintain facilitation, procurement, fundraising, 
and recruitment activities worldwide, including in the United States. 
For example, in 2003, several followers of ``Virginia Jihad'' cleric 
Sheikh Ali Al-Timimi were convicted of providing material support to 
terrorism relating to their training at an LT-sponsored training camp 
in Pakistan, with the intention of fighting against Coalition Forces in 
Afghanistan. In addition, the FBI is investigating a number of 
individuals across the United States who are linked in some way to LT--
primarily through witting and unwitting fundraising for the group, as 
well as the recruitment of individuals from the United States to attend 
LT camps.
                  lessons learned from mumbai attacks
    The principal lesson from the Mumbai attacks remains that a small 
number of trained and determined attackers with relatively 
unsophisticated weapons can do a great deal of damage. Last week's 
attack on the Sri Lankan cricket team in Lahore, Pakistan, is another 
example of a low-tech, but potentially high-impact operation. We are 
concerned about the possibility that other terrorist groups, including 
al Qaeda or its affiliates, will take note of these attacks and attempt 
to emulate them.
    The FBI is implementing the lessons learned from the Mumbai attacks 
by continuing to maintain a high level of vigilance for all indications 
of developing terrorist activity. We recognize that the planning for 
the Mumbai attacks likely unfolded over a relatively long period of 
time with careful surveillance of the target sites and transportation 
routes. We are continuing to work closely with our State, local, and 
tribal law enforcement partners in our Joint Terrorism Task Forces to 
follow up on indications of suspicious activity that could potentially 
be related to terrorism.
    We are also sharing relevant information from the Mumbai 
investigation with our intelligence and law enforcement partners. 
Classified information is available to cleared State and local law 
enforcement personnel in Joint Terrorism Task Forces and Fusion 
Centers. In addition, the FBI and the Department of Homeland Security 
(DHS) jointly issued an unclassified alert about the attacks to State, 
local, and tribal officials on November 27, 2008. The FBI and DHS also 
issued an Intelligence Bulletin on December 3, 2008, to building owners 
and operators, as well as the law enforcement community, to alert them 
to preliminary findings regarding the techniques and tactics terrorists 
used in the Mumbai attacks. The bulletin indicated that the FBI and DHS 
had no credible or specific information that terrorists were planning 
similar operations against public buildings in the United States, but 
urged local authorities and building owners and operators to be aware 
of potential attack tactics. We continue to work with our partners to 
heighten the public's awareness of the continued threat of terrorist 
attacks and the need to report suspicious incidents.
    One key lesson the Mumbai attacks have reinforced is the importance 
of international partnerships. The unprecedented collaboration we 
developed with our Indian law enforcement and intelligence counterparts 
in this investigation has strengthened our relationship with the 
Government of India. As Director Mueller said during his visit to India 
and Pakistan last week, terrorism is not an issue for one country 
alone--we are all fighting a common enemy. We will continue to work 
with our counterparts in India, and around the world, to bring the 
perpetrators of these attacks to justice, and to prevent further 
attacks.
                               conclusion
    As the investigation into the Mumbai attacks progresses, FBI 
counterterrorism agents and analysts continue to analyze all available 
information to determine who was responsible, assess lessons learned, 
determine if the United States may be vulnerable to a similar attack, 
and determine the threat posed by the group--or individuals tied to the 
group--to the United States. We are working closely with our USIC and 
law enforcement partners in these efforts, and will continue to 
disseminate information about lessons learned.
    In summary, Madam Chairwoman, as the threats to our Nation and our 
allies become ever-more globalized, the FBI is expanding our 
collaboration with our international and U.S. law enforcement and 
intelligence partners to prevent terrorist attacks and to assist in 
investigating them when they do occur. We will continue to build on 
these relationships to advance the FBI's national security mission. 
And, as we have done with the Mumbai attacks, we will continue to 
analyze and share lessons learned from these investigations to help 
prevent future attacks at home or against U.S. interests abroad.

    Ms. Jackson Lee. Let me thank the witnesses for their 
testimony. I am looking forward to the opportunity, again, of 
all our Members being able to engage.
    I will remind each Member that he or she will have 5 
minutes to question the panel. I will now recognize myself for 
questions.
    Let me start with you, Mr. Secretary Snyder, and each 
person I would appreciate answering the question. How 
vulnerable are we in America? Is it important that we recognize 
that the vulnerabilities today still exist with respect to an 
attack on our infrastructure?
    Mr. Snyder. Well, Madam Chairwoman, certainly, we use a 
process beginning with a risk assessment that goes through 
every sector to determine the vulnerabilities that are common 
across sectors as well as within facilities in that sector. We 
have an annual process called the SHIRA, which seeks input from 
all the sectors, as well as States for the facilities that they 
think are at most risk.
    We look and develop a national risk profile. This year it 
is based on an all-hazards risk, which is a wider-based risk 
approach than what we have had in the 2008 risk assessment, and 
that was based on a terrorist-specific risk. So we measure risk 
in a relative sort of way, across the sectors, based on the 
vulnerabilities of those facilities, based on the capabilities 
that the terrorists or other disasters could have on that 
facility, and then the consequences, you know, that would be 
impacted upon the local populace, either economic or certainly 
loss of life and property.
    Ms. Jackson Lee. So you do an analysis to determine so?
    Mr. Snyder. Yes, ma'am.
    Ms. Jackson Lee. I think, in addition to the analysis it is 
important to have real-life experiences as well, and I hope 
that that is part of your assessment.
    Commissioner Kelly, how many hotels in America, and again, 
this is a question that is rhetorical. But what is your thought 
about whether our hotels today in America have preparation 
plans that would have addressed the commando attacks? Would you 
also answer the question: How vulnerable do you think we are in 
large sites, as in a hotel or stadium, around the country?
    Mr. Kelly. Well, any free society is going to be 
vulnerable. There is no question about it that we are 
vulnerable. The issue is: What can we do to reduce that 
vulnerability? I can really only speak for New York, what we 
have done. We have done a lot. We certainly intend to do more.
    I think the hotel industry, as the title of this hearing 
says, I think they have had a few wake-up calls here, certainly 
in Islamabad and certainly in Mumbai, and I think they are 
responding to it. But it is difficult to redesign hotels. I 
mean, these are standing structures.
    I can tell you what we do. I mentioned in my lengthy 
prepared remarks that we do talk to the industry, literally, on 
a daily basis, the hotels in New York. We work with them as far 
as developing best practices. We do inspections; we communicate 
that information to them.
    But, you know, there is only so much that you can do. We 
are going to continually remain a free and open society. Hotels 
themselves have to be accessible. They have to have, certainly, 
elements of security, but they don't want to look like armed 
camps. We understand that. So it is a big challenge in a free 
and open society.
    But as I say, I am really speaking for New York. We believe 
that we are doing everything that we reasonably can do, given 
the resources that we have, and certainly working closely with 
our Federal partners.
    Ms. Jackson Lee. Planning is extremely important.
    Mr. McJunkin, in the course of the testimony of witnesses 
that we have heard, the use of the word commandos versus 
suicide bombing. Would you comment on what you think the 
increase of that tactic may be, such as the commandos, and your 
assessment of whether or not we continue to be vulnerable in 
sectors like hotels, resort areas where we are close to water?
    Mr. McJunkin. Madam Chairwoman, I would say that we are 
always vulnerable, and these types of attacks continue to 
mature. They also change tactics to thwart our efforts, and 
they will continue to find any means necessary within their 
capabilities to hit us. I believe that that is in fact true.
    I also would say that, within the United States, we have, 
within the FBI, 56 field offices, over 61 legal attaches 
overseas; 100 JTTF or JTTF annexes working Nation-wide on this 
problem full-time. We are assertive in our approach, and we 
conduct on-going investigations. Beyond the State and local, 
the FBI and our partners have teamed up with more closely than 
ever with our intelligence community partners in order to spot 
and assess potential threats before they ever enter our shores. 
We work with the Department of Homeland Security to make sure 
that we have TRIPwires in place to identify those people as 
they come into the United States. We also look, on the local 
and State departments, my experience is that we have come a 
long way. Those departments have greatly enhanced their 
capabilities. They are constantly vigilant, and they haven't 
lost the scent. We are encouraged by that.
    I would say that we have vulnerabilities, and it would 
depend on the part of the country that we are talking about as 
far as resources and training and all of that that rolls in. 
But I am still encouraged by our improvements and our 
continuing working relationships.
    Ms. Jackson Lee. This is my last quick question to Mr. 
Snyder, and it has to do with information. I have tasked the 
subcommittee staff with looking into DHS coordination efforts 
with the private sector, very important. But I was troubled to 
hear that information about mitigation measures was not posted 
on the Homeland Security Information Network for nearly a week 
following the Mumbai attack. Could you please explain, in light 
of the fact that similar information was provided to the law 
enforcement network, TRIPwire, which is good, the day following 
the attack, following this, have you made improvements so that 
the information and outreach can get to its needed source as 
quickly as possible?
    Mr. Snyder. Thank you, ma'am. The system that we used or 
the process we used for Mumbai was on the Wednesday evening, 
the 26th, as the attack began, basically, we posted on HSIN-CS 
existing products that had dealt with the common 
vulnerabilities, the potential indicators of terrorist attack, 
and the protective measures that had been developed generically 
for hotels, as well as rail stations previously. Then, as you 
mentioned, TRIPwire, we posted on the 27th, Thanksgiving 
Thursday, some information that was beginning to come out of 
the law enforcement channels related to Mumbai as the attack 
unfolded. We updated that a couple of times on TRIPwire, and at 
that point, we were beginning a process to integrate TRIPwire 
with HSIN-CS, but we did not yet have it to the point where we 
had tear lines to remove the law enforcement sensitive 
information from the information available to go out to HSIN-CS 
on the FOUO level. So, first thing Monday, with the new things 
out of the TRIPwire development over the weekend, we did the 
tear line posting of updated common vulnerabilities, potential 
indicators, and protective measures to HSIN-CS.
    Now, since then, we have linked those two things together 
so that you actually see, the products are developed with that 
tear line information, and you see it almost seamlessly from 
one to the other.
    Ms. Jackson Lee. Well, thank you. I know that that is 
something that we need to further review.
    Let me now recognize the gentleman from Pennsylvania, Mr. 
Dent, for 5 minutes.
    Mr. Dent. Thank you, Madam Chairwoman.
    Commissioner Kelly, I just wanted to just raise a question 
for you. Obviously, many of the people on this committee and 
elsewhere are certainly very concerned about terrorist attacks, 
and we have observed over the years that al Qaeda has looked to 
attack great American symbols, whether they be the World Trade 
Center or the Pentagon or wherever else they may be planning. 
That said, you have talked about the Mumbai attack as a turning 
point, and that the other groups could mirror the relative 
simplicity of that type of attack on perhaps a soft target like 
a hotel, which you talked about. Could you expound a little bit 
about that and what your views are about New York and perhaps 
other communities, the type of threat that is posed to us by 
terrorists on softer targets?
    Mr. Kelly. Well, we have seen a change from the patterns 
that have developed with Mumbai and Lahore, as we said, in 
groups of well-trained, small number of, relatively small, 10 
or 12, armed with fairly basic weapons. Our folks who went to 
Mumbai don't believe that the weapons were even automatic, that 
they were semiautomatic hand guns. Yet they killed and wounded 
almost 500 people. They were well trained. They were armed with 
hand grenades. They were armed with improvised explosive 
devices. So we don't want to put ourselves in a corner. We want 
to be flexible in our planning and flexible in our ability to 
respond to any contingency.
    The concern that developed with Mumbai was the fact that 
you might have multiple sustained events happening in the city 
at one time. So we have responded by increasing, as I said in 
my remarks, the number of people trained to sort of back up our 
heavy weapons first responders, which are emergency service 
units. There is a cadre of 400 officers that do that. We spend 
a lot of effort in training them. We are now expanding that to 
a goal of having 1,500 officers who will be able to back them 
up, so to speak, and be sufficiently trained in both the use of 
weapons and tactics to help us in a sustained attack. So we are 
gaming these sorts of thing. We have table-top exercises. We 
just had one last Friday for our commanders and a similar fact 
pattern and that is what we believe is going to help us respond 
if, in fact, there is an event such as Mumbai in New York City.
    Mr. Dent. Also mention, too, that it seems that New York 
and Mumbai share some striking similarities in that both are 
financial centers of their countries, both are accessible by 
sea, and both are premier terrorist targets. I guess what I 
want to know is that the perpetrators of the attacks in Mumbai 
entered the country via the ocean, I believe. How would you 
describe the New York Police Department's relationship with the 
U.S. Coast Guard? How confident are you that a suspicious 
vessel entering New York Harbor would be detected?
    Mr. Kelly. Well, we have an excellent working relationship 
with the Coast Guard. We have personnel assigned to their 
operational headquarters in New York City. The members of our 
Harbor Unit, which is our maritime unit, are cross-designated 
by the Coast Guard so that they are able to board ships. We 
have exercises on a regular basis. When an event happens on the 
waterways, we frequently have a joint response. So I believe we 
have a very high level of cooperation and camaraderie with the 
Coast Guard.
    Mr. Dent. Well, I am glad to hear that. I guess my final 
question before I run out of team here is this: You mentioned 
during your remarks that you have been reaching out to hotel 
owners trying to work with them about the various threats that 
they may face. How seriously do you think that these hotel 
owners and others are taking the recommendations that you are 
providing to them? Are they taking these tips seriously? Are 
they training their staff appropriately? Do you think they are 
engaged enough?
    Mr. Kelly. I think they are taking it very seriously. We 
have had a strong working relationship with them for quite a 
while. Under the NYPD Shield rubric it has only gotten 
stronger. As I said, we have a special unit now that just works 
with hotels. They are, you know, they are concerned, and they 
are serious about investing in training for their staffs and 
investing to the extent they can to sort of harden the target 
without, you know, making it look like an armed camp. So they 
are very much engaged in this issue.
    Mr. Dent. Thank you.
    I thank you all for your service.
    Yield back my time.
    Ms. Jackson Lee. I thank the gentleman.
    The Chair will now recognize other Members for questions 
they may wish to ask the witnesses. In accordance with our 
committee rules and practice, I will recognize Members who were 
present at the start of the hearing based on seniority on the 
subcommittee, alternating between majority and minority. Those 
Members coming later will be recognized in the order of their 
arrival. I would like to get to as many Members as possible and 
ask them to also return after the last votes of the day.
    The Chair recognizes for 5 minutes the distinguished 
gentleman from Mississippi, the Chair of the full committee, 
Mr. Thompson.
    Mr. Thompson. Thank you, Madam Chairwoman.
    Deputy Assistant Secretary Snyder, did DHS produce any 
recommendations after the Mumbai incident?
    Mr. Snyder. Yes, sir. We did produce through the TRIPwire 
and out through the law enforcement community, as well as 
posting on HSIN-CS a couple of pieces on the specific tactics, 
techniques, and procedures used by the terrorists in Mumbai and 
the potential protective measures that might be taken by the 
facilities to become aware of something like that, raise their 
security files.
    Mr. Thompson. Were these advisory in nature? Or have we 
established some policy?
    Mr. Snyder. They are always advisory in nature, due to the 
partnership framework and the 85 percent of the critical 
infrastructure that is owned and operated by the private 
sector. The tactical level of that is the vulnerability 
assessments and the recommended actions provided by the 
protective security advisers, when they visit the actual 
facilities in the field, the high-risk facilities. But what we 
try to do is analyze what went on and then advise those 
partners on the actions they might take. Many of them are 
things that you would think of, such as surveillance cameras, 
such as you mentioned, training.
    Mr. Thompson. Thank you. Can you provide the committee with 
whatever recommendations the Department provided, whether they 
were advisory or whatever, after Mumbai?
    Mr. Snyder. Yes, sir.
    Mr. Thompson. Commissioner Kelly, I know you work with New 
York. When your teams go out working with hotels or whomever, 
is the protocol to make suggestions as to how they can do 
better if it is an existing structure, or is there some 
protocol established through the city for new construction that 
would be a little more than advisory?
    Mr. Kelly. No, it is right now, at this time, advisory. 
There has been some discussion about putting forward best 
practices, as far as construction is concerned, the actual 
construction of buildings. Of course the Building Code itself 
has been somewhat upgraded, perhaps it needs to be, some of my 
staff believes it needs to be upgraded even more.
    But since September 11, there have been upgrades in the 
Building Code. But to answer your question specifically, when 
we work with our hotel management, for instance, we are 
strictly in an advisory capacity. There are not too many hotels 
that look exactly alike, certainly in New York. So we make 
suggestions, make recommendations, but they have to adapt them 
to their own situation, their own structure.
    Mr. Thompson. To the extent, Deputy Secretary Snyder, how 
many other cities would you say are as prepared for these 
situations as New York?
    Mr. Snyder. Well, certainly, you know, I think you will 
find or what we have found through our coordination with these 
associations and our sector councils and subcouncils that deal 
with the hotel and resort industry, you will find areas that 
are highly populated, resort areas or highly populated cities 
with a hotel industry that is pretty robust, you will find, you 
know, quite a bit of preparedness and an awareness of measures 
that go on routinely about training personnel what to look for 
and so forth, when you, and of course----
    Mr. Thompson. I just need a number.
    Mr. Snyder. Oh yes, sir. Oh the number of cities? Certainly 
there is----
    Mr. Thompson. Name, number.
    Mr. Snyder. The top five, you know, New York, Washington, 
Chicago, Los Angeles.
    Mr. Thompson. So you are comfortable that those cities meet 
some standard that your Department is comfortable with.
    Mr. Snyder. Well, as Commissioner Kelly said, there is not 
a specific standard that exists right now. As I touched on 
during my opening testimony, there is this potential for the 
voluntary private-sector standards. That has some promise in 
it, that will balance.
    Mr. Thompson. Madam Chairwoman, I yield.
    Ms. Jackson Lee. Obviously, the Chairman has raised 
questions about preparedness, and certainly five cities out of 
what I think may be thousands in this country leads us to 
believe we have some important questions to ask.
    I would ask now that the witnesses, if they would, would 
wait on our return. We will recess the committee for votes, and 
we will return immediately. This committee is now recessed.
    [Recess.]
    Ms. Jackson Lee. The meeting will come to order.
    Mr. King, if you would indulge the witness from the FBI who 
indicated to staff that he had not completed his answer on the 
tactics question. Once he completes, I will yield to the 
distinguished gentleman from New York.
    Mr. McJunkin, would you finish your answer, please.
    Mr. McJunkin. Thank you, Madam Chairwoman.
    I just wanted to expand on one point. It was something that 
was addressed in Commissioner Kelly's earlier testimony to the 
Senate, and it addresses your point to Mr. Dent's earlier 
question as well.
    We have seen similar tactics in prior investigations here 
in the domestic United States. In fact, there are three that 
come right off the top of my head: one in Los Angeles, one in 
Chicago, and one more recently in Fort Dix, New Jersey, where 
those individuals had similar types of weaponry, similar types 
of planning and plotting, similar types of targeting.
    We had Jewish synagogues in Los Angeles as well as military 
recruiting stations, shopping mall in Chicago, and then in Fort 
Dix, it was the military installation there.
    I would like to point out that these things don't occur by 
accident. It is the close working relationship that we enjoy of 
cross-agencies, Federal, State, and local, Department of 
Homeland Security, certainly the New York City Police 
Department, and our agency as well where we take advantage of 
each other's resources, we take advantage of each other's time, 
and we are able to thwart these efforts before they take route.
    That is the conclusion of my statement, ma'am.
    Ms. Jackson Lee. Let me thank you.
    At this time, I will recognize the gentleman from New York, 
Mr. King, for 5 minutes, the Ranking Member of the full 
committee.
    Mr. King. Thank you, Madam Chairwoman.
    I would like to address my questions to Commissioner Kelly.
    Assuming the worse, assume there is an attack on a New York 
hotel similar to Mumbai. Do you feel confident that you would 
have immediate contact with the hotel security, and they would 
be responsive to you, and you would be on the same page, the 
same wave-length?
    Mr. Kelly. That is certainly our goal. That is what we are 
training for, and yes, I feel reasonably confident, given our 
activities of the last few months, that we would be able to 
work closely, contact them very quickly and work closely with 
them if a similar event happened.
    Mr. King. Are most of those security directors retired law 
enforcement?
    Mr. Kelly. Many of them are. Sometimes a big change will 
bring people in from other areas of the country who not 
necessarily are law enforcement, but there is also kind of a 
homegrown cadre of former law enforcement people and are in 
charge of securing the hotels.
    Mr. King. Assuming there was an overlap between the hotel 
and transit system, how closely coordinated are you with the 
MTA police or the Port Authority police? What I am looking for 
is the level of cooperation in those first few minutes or 
hours.
    Mr. Kelly. I think the level of cooperation in those 
instances would also be very high. We work within the port 
authority. Obviously we have interactions on a daily basis. The 
port authority is on the Joint Terrorist Task Force, the MTA 
police representative as well. So that is another venue when 
you would come together.
    The MTA police chief, Michael Coan, less than a year ago 
left the NYPD. He was a chief in the NYPD. He is now chief of 
the MTA police. We have a close relationship.
    Bill Morange is the executive vice president and security 
is under his bailiwick. He is a former NYPD chief. So just on a 
person-to-person basis, we have a good working relationship. 
But operationally, we have a good working relationship.
    Mr. King. How about FBI and Homeland Security?
    Mr. Kelly. We have an excellent working relationship. We--
over 120 of our detectives working with the FBI and the Joint 
Terrorist Task Force. Homeland Security, we have the contacts 
on a daily basis. I was just talking to the general about 
Securing the Cities program that we have been involved in 
Homeland Security for the last 2 years. That is a program where 
state-of-the-art radiation detection equipment is being 
distributed to an area, in essence, a 50-mile radius from New 
York City. That is going extremely well. Homeland Security is 
helping us with our Lower Manhattan Security Initiative.
    So I think we have excellent cooperation and daily 
interaction with both agencies.
    Mr. King. If a hotel or a transit system is attacked, 
basically, all you can do is minimize the damage and fight 
back. I think you have always taken the approach of having to 
layer defenses, of knowing in advance. That is why you have the 
11 police overseas to get intelligence, why you have the Secure 
the Cities to detect radiation devices coming into the city.
    How important is intelligence both overseas and what you 
get from the Federal Government, and how vital do you believe 
the Secure the Cities program is going to be as far as building 
up those layers of defense? Mr. Lungren is always talking about 
layers of defense. There is no silver bullet that we have to 
have those structured layers.
    Mr. Kelly. Intelligence is the key. No question about it. 
You want to stop them before you have to respond to an event, 
and intelligence is the essence of prevention. We rely on our 
Federal partners for our intelligence. The things that we do 
supplement what the Federal Government does. We certainly can't 
substitute. We can't do it on our own. We need a strong Federal 
partnership. So intelligence is, in essence, coming from 
Federal resources.
    It is probably the most important element of them all. We 
get information that enables all of our agencies to intercept, 
to prevent before we have to be a first responder. It is key.
    Securing the Cities is, as I said, a very important 
initiative. We are the first city in the country to have this 
program. The Homeland Security has been extremely supportive in 
that regard. It is well on its way, and the concept is to have, 
as I say, sort of concentric rings of radiation detection 
equipment starting approximately 50 miles away from the city 
but certainly right into the heart of the city itself and of 
all of the tunnel and bridge entrances going into Manhattan. 
That program is progressing well.
    Mr. King. Thank you.
    Ms. Jackson Lee. Now I will recognize Congresswoman Titus 
for 5 minutes.
    Ms. Titus. Thank you, Madam Chairwoman, and thank you for 
having this hearing on a topic that is very important to me.
    I represent parts of Las Vegas where we have dozens of 
hotel casinos with some of the most top-notch security 
technology and personnel in the private sector. I am sure you 
have all heard of the eye in the sky that watches you on the 
casino floor, and if you saw Oceans 11, it is not far wrong.
    So I would direct my question to Mr. Snyder and invite the 
rest of you to comment, too.
    I am glad to hear that you have so many planning and 
assessment programs in place. I think I counted 13 acronyms in 
two paragraphs. They range from the BZPP to the C/ACAMS. But 
what troubles me a bit is in your statement you say, for 
example, during the Mumbai event, the PSA for Las Vegas met 
with hotel, casino, and resort security officials to answer 
questions and distribute our CVPIPM reports that provide 
details on enhanced security recommendations and best 
practices.
    Now, the reason that bothers me is that it seems to suggest 
it is kind of late in the game that they are getting this 
information about best practices and recommendations, and 
secondarily, if they are getting it, that means they haven't 
been involved in the process. So we are not taking advantage of 
all of the assets that they have already in place.
    So could you tell us, and in kind of layman's terms, what 
is going on with all of the hotels in Las Vegas, and if we 
could find a way to take better advantage of that security 
system that is so incredible already.
    Mr. Snyder. Well, I would, ma'am, want to make sure that 
that wasn't the only perception of what I provided in the 
statement.
    The reason that they were calling the PSA is that there was 
already a relationship established through prior associations. 
I don't it have exactly in front of me, but the regular 
engagement between the PSA, for instance, there has been over 
100 liaisons and outreach visits in the lodging sector, but 
they are continuously engaged, particularly in the Los Angeles 
or the Las Vegas area because of the mass of the activities 
there of high value and the State Homeland Security adviser, 
the State police, the Las Vegas Metropolitan Police Department, 
State Gaming Commission representatives and corporate security 
managers.
    So there are regular meetings there with all of those 
partners and the protective security adviser, as well as 
members from the Department level that come down to do either 
table-top exercises or assessments.
    So that relationship is a strong one, and certainly we took 
advantage of that at Mumbai, and they called the PSA and we 
pushed out that information.
    Ms. Titus. Any other comments?
    Mr. Kelly. I really have nothing to add. I am focused, of 
course, on New York. I think it is safe to assume that hotels 
in New York don't have that level of technology that exists in 
Los Angeles. But the people I talked to are very aware of 
technology in the hotel.
    So I really have nothing to add.
    Ms. Titus. Thank you, Madam Chairwoman.
    Ms. Jackson Lee. I can assure you being on this committee, 
help is on the way.
    We thank our witness.
    I now yield 5 minutes to the gentleman from California, Mr. 
Lungren.
    Mr. Lungren. Commissioner Kelly, now do I understand it 
right that you went to a Catholic grade school called St. 
Therese?
    Mr. Kelly. Yes, sir. I did.
    Mr. Lungren. I was told by Mr. King that he followed you by 
2 years and beat every one of your academic records; is that 
right?
    Mr. Kelly. That was easy. I am sure he did.
    Mr. Lungren. It just shows you how someone can rise to a 
position of prominence and other people are stuck where Mr. 
King is.
    Commissioner Kelly, in your written testimony, you talk 
about your Department's analysis of the attacks that took place 
in Pakistan and the fact that your Department has three liaison 
offices overseas.
    Some people have suggested that you folks ought not to be 
in that, that is the business of the Federal Government, the 
FBI, the CIA, the operatives that we have. Some have said you 
are not the FBI and that you may have gone too far. Now, I 
don't know what they meant by that, but I would like to hear 
from you why your Department thought it was necessary and how 
you, I presume, feel that that is value added to whatever your 
Department would normally do domestically and value added to 
what you get from the FBI, the Federal Government, or any other 
links that you have to other agencies.
    Mr. Kelly. I sit in a building that is five blocks away 
from the World Trade Center. I live a block away from the World 
Trade Center where almost 3,000 people were killed. I was 
police commissioner in 1993 when we had 1,000 people injured at 
the World Trade Center site. No other U.S. city has suffered 
the losses that New York City has. We have had six plots 
against New York since September 11. So we see ourselves as top 
of the target list, and I think that is supported by a 
consensus of people in the intelligence community.
    We are looking for any bit of information that can better 
protect our city. That is what our overseas liaisons give us. 
We were able to get real-time information. As a matter of fact, 
I was talking to our officer in an operation center at new 
Scotland Yard on July 7, 2005 when the subway attacks took 
place. Obviously, that happened during their rush hour. New 
Yorkers getting on the subway 5 hours later would be concerned. 
We wanted to raise their comfort label and enable us to deploy 
additional resources, I think, to ease that concern that people 
have.
    So it gives us real-time information about what is 
happening overseas.
    Now, I must also tell you that taxpayer money is not 
funding the cost of these officers overseas. It is funded by 
private foundation. Salaries are paid by public funds, their 
expenses are paid by a foundation.
    But we think it is value-added. We are able to get 
information quickly. We got information very quickly about the 
Madrid bombings that took place in March 2004. We just see 
ourselves as being positioned differently than other U.S. 
cities.
    Mr. Lungren. I am from the West Coast, for instance. Used 
to be from Long Beach, I am now from Sacramento. But if I am 
one of those departments, do I have a relationship with your 
department so that I can get information on a timely basis, or 
would that be a mistake if you had to respond to all other 
departments?
    What I am saying is you have actionable information, you 
believe you get it in a timely fashion, you take certain steps 
based on that. Some of that information might be a benefit to 
your brethren in other departments. Is there a means, a 
mechanism by which you share that information, or does that go 
through the Feds or how does that happen?
    Mr. Kelly. I mean, logically, if there was a threat against 
Long Beach, we would notify the Long Beach authorities.
    But the natural vehicle for the information is through the 
Joint Terrorist Task Force. That is the entity that has the 
broadest reach and the quickest reach as far as disseminating 
information of that type.
    Mr. Lungren. So what I am getting at is if you have 
information through your chain of command, as opposed to DHS or 
FBI or so forth, and then you thought it may not be specific to 
Long Beach or specific to Sacramento but it would be of 
interest to them, would you share that through the joint task 
force; is that how you would do it?
    Mr. Kelly. Absolutely. The information sharing has never 
been better. There is a concern, really, years ago, about the 
lack of information sharing. I think that is ancient history. 
Now, the information exchange and information sharing has never 
been better.
    Mr. Lungren. Could I ask you, with the indulgence of the 
Chair, with respect to the attack in Mumbai or the attack in 
Pakistan, were you satisfied with the timeliness of the 
information that you received from the National Terrorism 
Center or the Department's national operations center?
    Mr. Kelly. You know, we always want a little more. I think 
we get probably----
    Mr. Lungren. I understand that, but we are trying to figure 
out--I am not trying to point fingers at anybody.
    Mr. Kelly. We are not taking away from anybody. I think you 
have to understand, this is--we are supplementing. This is 
value-added.
    Mr. Lungren. My question was were you satisfied with the 
timeliness of the information that you received from the 
National Terrorism Center, Counterterrorism Center, or the 
National Operations Center?
    Mr. Kelly. We didn't get the depth of the information from 
the national assets in a timely fashion like we were able to 
get from our own people.
    As I said, on December 5 not only, you know, our own 
people, we obviously use it in-house, but we had a meeting of 
security directors in New York City, had 400 of them in our 
auditorium on December 5. The attacks happened November 26 and 
November 29. On December 5, we had 400 people there. We had 
independent information, and we had our team in Mumbai on a 
telephone hook-up with pictures that they had taken giving them 
specific information.
    So that is why I say it is value-added, it is something 
more. That is what we feel that we have to do given the history 
of New York City. We want that leg up.
    Ms. Jackson Lee. The gentleman's time has expired.
    I recognize now the distinguished gentleman from Missouri, 
Mr. Cleaver.
    Mr. Cleaver. Thank you, Madam Chairwoman.
    Let me apologize to the panel. I would like to come and 
stay to the end, but I have a Financial Services Committee 
hearing going on at the same time. But this is extremely 
important, and I am very much concerned about what I consider 
to be the inevitability of such strikes as Mumbai because while 
I guess we can't categorize the hoodlums as terrorists who were 
coming in with explosives tied to their bodies, I think, at 
least based on what I read, they came realizing they would not 
get out alive.
    Am I on the right track that when terrorist groups decide 
that they will sacrifice their life or their lives, that it is 
difficult for us to stop it? I mean, there are preventative 
steps we can take, but I mean, what I think people say quite 
often and you hear on television, ``We want this never to 
happen again.'' I want to know about the impracticality of such 
a statement based on what happened in Mumbai.
    Mr. McJunkin.
    Mr. McJunkin. Yes, sir. I believe that the--I learned from 
an AUSA in Texas that people move through time and space, and 
when they do, they leave clues. In that, our ability to thwart 
such attacks, regardless of the determination of the individual 
attacker, it comes from our ability to share information 
effectively and to be cognizant of the threat and to be 
assertive in our searching of clues that will allow us to bring 
them, dismantle them, and disrupt them before they have an 
opportunity to strike.
    I think that the important takeaway here is that any group, 
no matter what their intent is or what their target is, has to 
obtain a certain level of capability. It is our job, DHS's, the 
FBI certainly, and the New York City police, as well as every 
other police department in the United States, to be attuned to 
the clues that we learned, particularly to attacks occurring 
overseas, and look at them in the United States.
    It could be a police officer that is answering a domestic 
call that notices a strange odor in an apartment near by the 
call. It is incumbent upon that officer to knock on that door 
and find out what that smell emanates from. It is clues like 
that that allows us to attack their capability.
    We also have to be with the private sector. It has been 
brought up here a number of times today that the private sector 
has to be engaged. That is never truer than it is today. It is 
those corporations and companies through their normal business 
protocols and processes that will just in the normal course of 
business stumble onto the clues that if we have an effective 
sharing operation amongst ourselves and them, we will be able 
to provide the links that give us that opportunity to disrupt 
their ability to build capability.
    Mr. Cleaver. Which is comforting, brings some comfort.
    I guess maybe the answer I am looking for probably might 
not bring comfort, which is these were suicidal terrorists. I 
mean, they went in without any expectations of leaving, they 
didn't have bombs strapped to their bodies; but they realized 
at one point they were not going to get out alive. I guess my 
question is, and maybe I asked poorly the first time, is: Isn't 
it infinitely, for us, more difficult for us to say to the 
public things like ``this will never happen again,'' when we 
realize that if people are willing to sacrifice their lives, 
they can kill others?
    Mr. McJunkin. Sir, yes. I would agree with you.
    I think that we are--in these times, we have to accept that 
reality and understand that and determined people will, in 
fact, be able to successfully accomplish their missions. Our 
job is to make sure that we minimize that before and after they 
begin their quest.
    Mr. Cleaver. To any of the three of you, is there anything 
that we need to do legislatively to equip all of the agencies 
involved, including Homeland Security, to do it just as you 
said, minimize the likelihood of such an event here on our 
shores?
    Mr. Snyder. I would just say certainly the continued 
support of the committee is very helpful to us at the 
Department, particularly infrastructure protection with the 
private sector; specifically, being able to continue to develop 
these operational relationships so we can have a deterrent 
effect in time in advance and doing the training and the 
exercises that we do is very helpful in trying to prevent what 
you are talking about.
    So we want to continue that work.
    Ms. Jackson Lee. I thank you, Congressman.
    I am pleased to yield 5 minutes to the gentlelady from 
Arizona, Ms. Kirkpatrick. Welcome. Thank you very much.
    Ms. Kirkpatrick. Thank you. I represent a vast rural 
district in Arizona, and it includes ranches, right along the 
border between Arizona and Mexico, it includes agriculture, 
farming, and also rural electric co-ops which are sort of the 
energy center for the district.
    What kinds of things do you have in place to let them know, 
to communicate, to share information specific to those groups?
    Mr. Snyder. Well, we do, in our sector coordinating 
councils partner with the Department of Energy to reach the 
energy industry, including the rural electric co-ops, so that 
these, similar to the hotel industry, the dialogs, the 
preventative measures, those things that are developed, the 
risk assessments not only happens at the strategic level, at 
the Federal, national level, but they also take place down in 
the local levels and get passed down, communicated, passed down 
by the sector coordinating councils, the associations that are 
members of that and corporations and all of the cooperatives 
that belong to a larger corporation.
    So they participate in that same level of interest and of 
preparation and of risk assessment, vulnerability assessment on 
their facilities.
    So we think that they are engaged at that level and know 
what their vulnerabilities are and what their preparatory 
actions might be. They also, I am sure, are linked with their 
local law enforcement for response measures.
    Ms. Kirkpatrick. Interoperability in our district is a huge 
problem, and I am a former prosecutor so I have been in talking 
with law enforcement agencies. They can't yet communicate 
seamlessly with each other let alone with many of these 
communities.
    So what is being done specifically to bolster that system 
so that there can be continuous communication, and especially 
in an emergency?
    Mr. Snyder. I do know there is specific work being done on 
the interoperability issue, and I am personally not versed 
enough in it to offer an answer here, but I will be happy to 
get back to you with information on those, some of which are in 
the science and technology area.
    Ms. Kirkpatrick. I yield back my time.
    Ms. Jackson Lee. I thank the gentlelady very much. Let me 
prepare the witnesses as we move to the next panel to just 
clarify the record through Commissioner Kelly for a very brief 
moment to ask a question that seems to need clarifying.
    Commissioner Kelly, I think in your testimony--and you can 
just, if you would, clarify it--that either in your research or 
the visits of your officers glean that these commandos did not 
intend to commit suicide; they intended to survive; is that 
correct?
    Mr. Kelly. I believe it is not all----
    Ms. Jackson Lee. They were not suicide bombers.
    Mr. Kelly. I believe there are still questions in the 
intelligence community as to whether or not the Mumbai 
attackers initially decided to or had a mission to kill a lot 
of people and then die. It was some belief that it may have 
changed.
    We look at the transmissions. The Indian government put out 
a report of the exchange of messages that took place from 
people in Pakistan talking to the individuals in Mumbai, and 
some believe that it may have just sort of moved in that 
direction.
    If you recall when you look at the report, two individuals 
that are--one is captured and one is killed--they are driving 
past the hospital. It looks like they were driving north on the 
Peninsula perhaps attempting to get away. Now, we talk about 
the Lahore attack, of course all of those individuals escaped. 
None of them committed suicide.
    Ms. Jackson Lee. Thank you, Commissioner.
    To follow up with you, Mr. McJunkin, because I think your 
testimony suggested the decentralizing of terrorism, and if 
not, testimony has been said today the decentralizing like LeT 
and others.
    With that in mind, do you feel that our mechanism, DHS, 
FBI, and others, are moving toward understanding the potential 
for commando-type activities on the soil of the United States?
    Mr. McJunkin. Yes, ma'am. I think that our intent across 
the board across governmental agencies is to be ready for 
anything. It is tough to game plan every possible scenario. But 
I think we are naturally able to respond to this type of an 
attack just because of the way of our law enforcement is 
structured in the State, local, and Federal levels.
    I think that our influx of intelligences and combined with 
the information that is coming off the street from the patrol 
officer allows us, the way we move information, rather than in 
selected sleeves that were traditionally law-enforcement based, 
criminal prosecution driven, ways we moved information--we have 
now sort of wiped those walls away and with all of the 
information now flows equally left and right, north and south.
    So I think that advantage that we have gained since 2001 
has moved the ball down the field considerably for us in the 
law enforcement communities.
    I think we game-planned for the big scenario, the WMD. We 
have to have the resources and the capabilities necessary to 
continue to confront that threat. But I also think that our 
cities, particularly our States and also in the rural areas of 
our country, our law enforcement officers are better trained 
today than they have ever been. The local crime and the normal 
crime that they see in these cities in these rural areas very 
much mirrors this type of threat.
    So I think we are very well-suited to address it. It is 
just a matter of raising the level of awareness and making sure 
that we don't lose our edge.
    Ms. Jackson Lee. I am very glad that you ended on that note 
because Alabama, the incident over the last 20 hours, was not a 
terrorist act, but what it did show us was someone who is 
interested in doing harm can move from one jurisdiction to the 
next on our own soil and we have got to work with each other.
    I want to thank the witnesses, Secretary Snyder, Secretary 
Kelly, and Assistant Director McJunkin from the FBI for giving 
us what I believe is vital testimony.
    As I indicated, this is a question of resources, 
intelligence, but it is also a question possibly of enhanced 
legislation to sort of get our hands around the next step in 
fighting terrorism here and abroad. So I thank the witnesses. 
The witnesses are now complete with their testimony.
    We now welcome our second panel to the witness table.
    Our first witness, Dr. Christine Fair, is a senior 
political scientist with the RAND Corporation. Prior to 
rejoining RAND, she served as a political officer to the United 
Nations Assistance Mission to Afghanistan in Kabul. Dr. Fair's 
research focuses upon the security competition between India 
and Pakistan, Pakistan's internal security, the causes of 
terrorism in South Asia, and U.S. strategic relations with 
India and Pakistan. She has authored, co-authored, and co-
edited several books, and recently co-authored a RAND report 
about the attack in Mumbai entitled ``The Lessons of Mumbai.''
    Our second witness is Mr. Brad Bonnell. He is the director 
of global security at InterContinental Hotels Group, 
InterContinental Hotels Group includes seven hotel brands, over 
160 million stays per year, almost 620,000 rooms, and more than 
4,150 hotels across nearly 100 countries. As director of global 
security, Mr. Bonnell's primary duties include directing the 
corporate counterterrorism program, providing internal security 
services, and crisis management planning.
    InterContinental Hotels Group has been involved with the 
real estate information sharing and analysis center in 
partnership with DHS, and it is aligned with the State 
Department's overseas security advisory council. Through its 
membership on the real estate round table, it is a member of 
DHS Commercial Facility Sector Coordinating Council. Welcome.
    Our third witness is Mr. William Raisch. Mr. Raisch is the 
director of the International Center for Enterprise 
Preparedness at New York University. He founded the Center with 
initial funding from the Department of Homeland Security as the 
world's first academic research center dedicated to private 
sector emergency preparedness and resilience.
    Directly prior to founding the Center, Mr. Raisch served as 
the private sector preparedness adviser to the 9/11 Commission 
and assisted in developing the Commission's recommendations on 
private sector emergency preparedness.
    He continues to support the efforts of the 9/11 Public 
Discourse Project in its on-going reporting and advocacy 
activity. Mr. Raisch is actively involved in the 9/11 Acts 
Voluntary Private Sector Preparedness accreditation and 
certification program. Established in Title 9 of the act, this 
program has the potential to help foster preparedness and 
security at the types of assets in the United States that were 
attacked in Mumbai.
    Without objection, the witnesses' full statements will be 
inserted into the record.
    I now ask each witness to summarize his or her statement 
for 5 minutes beginning with Dr. Fair.

STATEMENT OF C. CHRISTINE FAIR, SENIOR POLITICAL SCIENTIST FOR 
  SOUTH ASIAN POLITICAL AND MILITARY AFFAIRS, RAND CORPORATION

    Ms. Fair. Thank you, Madam Chairman, and your esteemed 
colleagues, for the opportunity to speak about Lashkar-e-Taiba 
and its parent organization Jamaat ul Dawa the group that 
perpetrated the terrorist attack on Mumbai.
    I was asked to focus on four specific areas, and I will do 
so briefly in term.
    The first situating Lashkar-e-Taiba among Pakistan's 
numerous terrorist organizations. I have a much more lengthy 
written statement that really distinguishes Lashkar from the 
other groups but also shows how it resembles other groups in 
many important ways. But I would like to make the following 
points here.
    First and foremost, Pakistan has used militancy as a tool 
of foreign policy since 1947. With very few exceptions, 
Pakistan's militant groups enjoy, enjoyed, and likely will 
enjoy state patronage including financial, military, and other 
assistance. Among these groups, Lashkar-e-Taiba is the most 
lethal. LeT differs from the numerous other groups operating in 
Pakistan in that its ideologies are actually Ahl-e-Hadith. The 
other groups are actually Deobandi, and the Deobandi groups 
include the Afghan Taliban, the Pakistan Taliban, etc.
    What this means is there are important ideological 
differences despite similarity of rules.
    Now, Pakistan frequently points out that it is, itself, a 
victim of terrorism, and it surely is. But I would like to 
point out that the groups targeting Pakistan has been Deobandi. 
Lashkar-e-Taiba has never attacked a target, either state or 
international, within Pakistan itself; and as of yet, there is 
no credible evidence linking the attack on the Sri Lankan 
Cricket Team to Lashkar-e-Taiba. This fact has led many 
analysts to believe that Lashkar-e-Taiba has continued to enjoy 
state support in various guises despite the state's recent 
efforts to ban that organization, actually the parent 
organization.
    Turning to its origins, operatives, and operations, I would 
like to point out that we may just be hearing about it now in 
2008, but it has been around since 1986. It was founded by two 
engineering professors along with Abdullah Azan, a close 
associate of bin Laden. Its parent organization was actually 
set up to fight in Afghanistan and it set up its own camps to 
do so. It became operational in the Indian Kashmir in 1990. I 
have been perusing LeT literature now for years since I was a 
graduate student, and going back to the 1990's, you can see in 
their literature and in their posters a very clear desire to 
target Indians, especially Hindus, Jews, Americans, and other 
infidels and apostate Muslims.
    They have been long interested in stoking larger Hindu-
Muslim discord in India and liberating all of India in 
establishing a caliphate there.
    MDI which is its parents organization, Lashkar-e-Taiba, 
they claim to have participated in a number of national jihads 
since their setup in 1986. Most of these can't be independently 
confirmed. However, what we do know is that LeT-associated 
individuals have appeared in Iraq, Australia, the United 
States, United Kingdom and numerous European cities and 
Lashkar-e-Taiba attacks U.S., NATO and Afghan allies in 
Afghanistan.
    LeT has a hallmark modus operandi. It is not suicide 
attacks, as we have heard. Rather they are high-risk commando-
style missions. They always pick missions in which there is a 
slim chance that they will survive. But the preference is to be 
killed killing as many people as possible rather than being 
taken hostage or taken captive by the authorities. The reason 
for that is very clear as we have seen from the loan surviving 
gunman: once captured you talk.
    So the preference is to kill as many people as possible 
before you yourself are killed.
    I would like to point out that this particular style of 
Fidayeen attack is also not new in the Lashkar-e-Taiba 
repertoire. They have in fact been doing this since 1999. They 
first attacked outside of Kashmir in 2000 when they did a 
Fidayeen attack on the Red Fort in New Delhi.
    Turning to the third section, the antecedents and 
innovations of the Mumbai attack, in many ways that attack 
resembled other attacks perpetrated by LeT. What differed, of 
course, was the scope and the number of targets. LeT has 
actually long pioneered the use of sea routes to get explosives 
and personnel into theater. Certainly, this particular attack 
pushed the use of sea routes farther than it had ever used 
before. The sea routes and other logistical networks that 
Lashkar has been able to build in India has actually been very 
important. Lashkar's been operating outside of Kashmir against 
since the late 1990's, and to do they rely upon international 
networks, such as those based in Bangladesh. They also rely 
upon domestic Indian collaborators as well.
    When I look at the Mumbai attack, two elements strike me 
apart from the number of targets involved.
    First is that even though they have been attacking U.S. 
soldiers in Afghanistan since at least 2007, maybe earlier, 
this is the first time, despite a dedicated rhetoric of 
attacking Americans and other internationals, that they have 
actually done so.
    The second interesting target was the Chabad House. Lashkar 
has always been deeply anti-Semitic, but I would like to point 
out Mumbai has a very historical Jewish community. In fact, 
India has a number of Jewish communities. Yet despite the 
decades of Islamists and avowedly anti-Semitic militant groups 
attacking within the Indian homeland, never before has an 
Indian-Jewish target ever been assaulted. So Chabad is not 
simply Jewish in the Lashkar-e-Taiba targeting logic. It is 
explicitly Israeli. We now know from the intercept of phone 
conversations it wasn't simply anti-Semitism, it also had the 
additional value of disrupting the important India-Israeli 
security intelligence relationship that has developed in recent 
years.
    So very briefly in conclusion, I think the question that we 
all have is whether or not Lashkar-e-Taiba can undertake such 
operations in the United States. I am going to give a firm 
``maybe.'' There is never a penalty for exaggerating a threat, 
but if you underestimate it, you get dinged.
    There have been a number of individuals, including converts 
who have radicalized in the Diaspora and who have traveled to 
Pakistan to train with the Lashkar-e-Taiba and other militant 
groups, such as Jaish-e-Mohammad. Lashkar-e-Taiba and other 
militant groups in the Pakistani province of the Punjab 
comprise an important link between those who have radicalized 
in the Diaspora and elsewhere in Pakistan's tribal area where 
al Qaeda is firmly ensconced.
    During my recent trip to Pakistan a week and a half ago, 
one of my interlocutors described these Punjabi groups as the 
escalator that connects the foreign militants to the tribal 
areas.
    Given the difficulty in Pakistan-based operatives in 
obtaining a visa to come to western countries, the strategy of 
pulling people in from the West is likely to be the most 
productive strategy as those individuals likely speak English, 
have the appropriate passport, they are more able to gain 
access to the targeted countries, and especially those with the 
visa waiver program are countries of origins that are of 
considerable concern.
    Thus to conclude, LeT certainly poses a number of concerns 
for the United States, not the least of which include LeT-
supported cells attacking U.S. assets, citizens, etc., either 
at home or abroad, on-going operations against the United 
States and its allies in Afghanistan, the likelihood of future 
attacks in India with the ever-present possibility of prompting 
yet another Indo-Pakistan military crisis.
    For these and other reasons, it is absolutely imperative 
that Washington insists that Pakistan not only ceases all forms 
of active and passive support for Lashkar-e-Taiba and similar 
groups, but, in fact, actively undertake efforts to eliminate 
them.
    Ms. Jackson Lee. Thank you.
    [The statement of Ms. Fair follows:]
    Prepared Statement of C. Christine Fair,\1\ The Rand Corporation
---------------------------------------------------------------------------
    \1\ The opinions and conclusions expressed in this testimony are 
the author's alone and should not be interpreted as representing those 
of RAND or any of the sponsors of its research. This product is part of 
the RAND Corporation testimony series. RAND testimonies record 
testimony presented by RAND associates to Federal, State, or local 
legislative committees; government-appointed commissions and panels; 
and private review and oversight bodies. The RAND Corporation is a 
nonprofit research organization providing objective analysis and 
effective solutions that address the challenges facing the public and 
private sectors around the world. RAND's publications do not 
necessarily reflect the opinions of its research clients and sponsors.
---------------------------------------------------------------------------
Antecedents and Implications of the November 2008 Lashkar-e-Taiba (LeT) 
 Attack Upon Several Targets in the Indian Mega-City of Mumbai \2\ \3\
---------------------------------------------------------------------------
    \2\ This testimony is available for free download at http://
www.rand.org/pubs/testimonies/CT320/.
    \3\ The author is grateful to Peter Chalk, Lisa Curtis, James 
Dobbins, and Praveen Swami who reviewed earlier drafts of this 
testimony.
---------------------------------------------------------------------------
                             March 11, 2009
                              introduction
    On November 23, 2008 ten Pakistani terrorists associated with 
Lashkar-e-Taiba (LeT)/Jamaat ul Dawa (JuD), operating in four attack 
teams, rampaged across some ten different targets in the Indian port 
city of Mumbai. In part due to the complexities of the counterterrorist 
operations, the tenacity and training of the attackers, and the 
inadequate capabilities of the Indian security forces, it took some 4 
days to end the terrorist campaign which claimed the lives of at least 
172 victims.
    In this testimony, I have been asked to focus upon four specific 
concerns emerging from this attack and its perpetrators. First, I 
contextualize LeT among the proliferating expanse of militant groups 
operating in and from Pakistan. Second, I provide specific information 
about LeT, the militant group responsible for this and many other 
attacks within India. Third, I draw out both the antecedents and 
innovations of the 2008 Mumbai attack. I conclude with a discussion of 
some of the important implications that emerge from this and other LeT 
activities for regional and international security generally and U.S. 
security in particular.
    While LeT was banned in 2002, the LeT began operating under the 
banner of JuD, which was overtly operational until the Pakistan 
government formally banned it following immense international pressure 
in late 2008, including a resolution in the U.N. Security Council that 
JuD is a terrorist organization. In the service of brevity, I use LeT 
and JuD somewhat synonymously even though there are a few important 
technical differences.\4\
---------------------------------------------------------------------------
    \4\ Technically, LeT remained the militant wing while JuD engaged 
in a wider array of charitable activities such as establishing 
hospitals, clinics, schools, and madrassah and other poverty relief 
activities. Since LeT was outlawed, it largely operated under the 
umbrella of JuD. Proponents of JuD's innocence assert the separation of 
the organizations.
---------------------------------------------------------------------------
         pakistan's myriad militants: situating lashkar-e-taiba
    Pakistan has given rise to numerous militant groups in recent 
decades that operate to secure Pakistan's state interests in India and 
Afghanistan. In addition, Pakistan has sustained numerous covert 
operations campaigns in Indian-administered Kashmir since 1947.\5\ 
Many--if not most--of these militant groups have enjoyed the specific 
patronage of the Pakistani state intelligence and military agencies to 
prosecute Islamabad's interests in India (with particular focus upon 
Kashmir) and Afghanistan.\6\ These varied militant groups, until circa 
2002, could largely be disaggregated according to religious ideology 
(school of Islamic thought) and operational goals.\7\
---------------------------------------------------------------------------
    \5\ In their most maximal objectives, these campaigns have aimed to 
wrest from New Delhi the portion of Kashmir which it administers. 
(India controls about two-thirds of the collective area known as Jammu 
and Kashmir.) These campaigns have sought to secure Pakistani 
sovereignty over the expanse of the disputed territory. In their most 
minimalist objectives, these campaigns have sought to ``bleed India'' 
by requiring it sustain a large (often locally resented) counter-
insurgency grid in Jammu and Kashmir. For a discussion of the various 
covert campaigns, see Praveen Swami. Indian Pakistan and the Secret 
Jihad: The Covert War in Kashmir, 1947-2004 (London: Routledge, 2006).
    \6\ Ashley J. Tellis writes on this point that ``In fact, of all 
the Pakistani-sponsored Deobandi [sic] terrorist groups operating 
against India in Kashmir and elsewhere, only one entity--the Hizbul 
Mujahideen--began life as an indigenous Kashmiri insurgent group; the 
others, including the most violent organizations such as the Lashkar-e-
Toiba, the Jaish-e-Muhammad, and the Harkat-ul-Mujahideen, are all led, 
manned, and financed by native Pakistanis.'' See Ashley J. Tellis, 
Pakistan and the War on Terror Conflicted Goals, Compromised 
Performance (Washington, DC: CEIP, 2008), p. 5. Also see among numerous 
other sources Ahmed Rashid, Descent into Chaos: The U.S. and the 
Disaster in Pakistan, Afghanistan, and Central Asia (New York: Penguin, 
2009); See Husain Haqqani, Pakistan Between and Military (Washington, 
DC: CEIP, 2005); Hassan Abbas and Jessica Stern, Pakistan's Drift Into 
Extremism: Allah, then Army, and America's War Terror (New York: M.E. 
Sharpe 2004).
    \7\ This draws from C. Christine Fair, ``Who Are Pakistan's 
Militants and Their Families?'' Terrorism and Political Violence, Vol. 
20, No. 1 (January, 2008).
---------------------------------------------------------------------------
    Among Pakistan's various Islamic interpretative schools, the 
Deobandi school of thought claims the most militant groups. Key 
Deobandi militant groups include the Taliban (Afghan and the 
Pakistani), Jaish-e-Mohammad (JM), Harkat-ul-Jihad-Islami (HUJI), 
Harkat-ul-Ansar/Harkat-ul-Mujahideen (HUA/HUM), Lashkar-e-Jhangvi (LeJ) 
and Sipah-e-Sahaba-e-Pakistan (SSP) among numerous offshoots. The 
Deobandi tradition emerged as a puritanical movement to uplift Muslims 
by purifying Islamic practice through discouraging mystical beliefs 
such as intercession by saints and veneration of graves and shrines. 
Deobandi institutions, notably a burgeoning archipelago of Deobandi 
madaris across the Pashtun belt and beyond, received support from the 
Pakistani government and others to produce mujahideen for Afghanistan 
both in the Soviet and post-Soviet periods.\8\ These Deobandi militant 
groups also have enjoyed both close connections to and overlapping 
membership with Deobandi political organizations including personalized 
factions of the Jamiat Ulema-e-Islam (JUI). Until the February 2008 
elections, JUI factions comprised important partners in the Islamist 
coalition (Muttahida Majlis-e-Amal or MMA) that formed the provincial 
government in Pakistan's Northwest Frontier Province (NWFP), a 
coalition government with President Musharraf's political ally (the 
Pakistan Muslim League-Q) in Balochistan, and the loyal opposition in 
the national parliament.
---------------------------------------------------------------------------
    \8\ Steve Coll, Ghost Wars: The Secret History of the CIA, 
Afghanistan, and Bin Laden, from the Soviet Invasion to September 10, 
2001 (New York: Penguin, 2004). Pakistan developed and supported 
Islamist proxies in Afghanistan before the Soviet invasion by 
mobilizing those Islamists who had been ousted by President Daud after 
1973.
---------------------------------------------------------------------------
    A second important school of thought that animates militancy in 
Pakistan is the Ahl-e-Hadith interpretative tradition. The most 
prominent Ahl-e-Hadith militant group is the Lashkar-e-Taiba (LeT). 
Ahl-e-Hadith is a Sunni interpretative tradition associated with 
Hanbali school of jurisprudence, which in Pakistan is sometimes called 
Salafist or derogatorily ``Wahabbist.'' The Ahl-e-Hadith tradition is 
the South Asian variant of the theological tradition motivating core al 
Qaeda ideologues. While LeT is most known for its militant activities, 
one of the organization's crucial functions is the expansion of the 
market share of Ahl-e-Hadith adherents in Pakistan. For this reason, 
LeT trains many more potential militants than it will ever deploy for 
operations. LeT expects these recruits to return to their localities 
and continue propounding support for LeT and its creed.\9\
---------------------------------------------------------------------------
    \9\ See C. Christine Fair, ``Militant Recruitment in Pakistan: 
Implications for Al-Qa'ida and Other Organizations,'' Studies in 
Conflict and Terrorism, Vol. 27, No. 6 (November/December 2004).
---------------------------------------------------------------------------
    Several groups operating in Kashmir (e.g. Hizbul Mujahideen and 
related factions such as Al Badr) are associated with Jamaat-e-Islami 
(JI), which is a supra-sectarian school of thought and Islamist 
political party in Pakistan. Jamaat-e-Islami, while formally a 
political party, espouses the ideological leanings of its founder 
Maulana Maududi. Jamaat-e-Islami is similar in goals and outlook to the 
Muslim Brotherhood. JI was, until the 2008 elections, a member of the 
Islamist bloc (the MMA) despite growing differences between JI and the 
Musharraf government and with other Islamist leaders within the MMA who 
continued to support Musharraf. JI boycotted the 2008 elections.
    In addition to these schisms across interpretative traditions, 
Pakistan's militant groups can in some measure be distinguished by 
their historical and current goals. As will be discussed herein some of 
these goals have changed or have not always been stable. For example, 
groups such as Jaish-e-Mohammad (JM), Lashkar-e-Taiba (LeT) and Hizbul 
Mujahideen (HM) have traditionally focused upon the Kashmir issue. Only 
the HM and other JI-related groups have limited their operations to 
Indian-administered Kashmir.\10\ From 1999 if not earlier, LeT and JM 
began operations in the Indian hinterland both in the name of 
``liberating Kashmir'' but also in the name of a wider jihad in India 
and exacerbating Hindu-Muslim discord within India to undermine India's 
claims to be a diverse democracy that accommodates the aspirations of 
its varied religious and ethnic groups.\11\
---------------------------------------------------------------------------
    \10\ There have been some reports that these groups are operating 
in Afghanistan. I have been unable to confirm these reports.
    \11\ In 1999, the LeT attacked an intelligence outpost attached to 
the Red Fort, a high profile tourist destination in New Delhi. In 2001, 
Jaish-e-Mohammad attacked India's parliament building.
---------------------------------------------------------------------------
    In addition, Pakistan hosts a number of sectarian groups such as 
the Deobandi Lashkar-e-Jhangvi (LeJ) and Sipah-e-Sahaba-e-Pakistan 
(SSP) which traditionally focused upon anti-Shia targets. These groups 
have also had a historical presence in Afghanistan as well. In the 
past, Iranian-backed Shia militias such as the Tehreek-e-Jafria and the 
Sipah-e-Muhammad have targeted Sunnis, especially those propounding an 
explicit anti-Shia agenda. These groups were particularly active 
throughout the 1990's. While the Deobandi-Shia axis garners the most 
attention with respect to sectarian violence, it should be noted that 
considerable violence and discord exists among Pakistan's various Sunni 
traditions (maslaks).
    From as early as 2002, some elements of Pakistan's varied Deobandi 
groups (e.g. JM, HUJI, LeJ, SSP) began targeting the Pakistan state as 
evidenced by the attacks on then President Musharraf, various civilian 
leaders including the Ministry of Interior and former Prime Minister 
Benazir Bhutto, and numerous military, police and intelligence 
individuals and organizations. Analysts believe that these groups 
disagreed with President Musharraf's policies of supporting the United 
States and its military campaign in Afghanistan as well as Musharraf's 
policy of ``moderated jihad'' in Kashmir. Musharraf adopted this 
approach due to, inter alia, increased international pressure in the 
wake of the Indian Parliament attack in December 2001 by Pakistan-based 
militants. That attack triggered the largest amassing of Indian and 
Pakistani troops and stoked international fears of an Indo-Pakistan 
war. Indian diplomatic fortitude was again tested when the LeT 
massacred wives and children of army personnel in Kaluchak. The United 
States engaged in vigorous diplomacy to dampen the compound crisis and 
avert conflict. In response to the Indian mobilization, Pakistani 
troops swung from the west to the east which compromised U.S. 
operations in Afghanistan.
    Pakistan's various Deobandi groups have also been responsible for 
numerous attacks against international targets such as the various 
attacks on the U.S. Consulate in Karachi, the suicide attack against 
numerous French naval engineers working in Karachi, a church in 
Islamabad frequented by foreigners, among numerous others.\12\ Notable 
among these groups attacking Pakistani and international targets within 
Pakistan are JM, HUJI, and LeJ/SSP.
---------------------------------------------------------------------------
    \12\ For an inventory of post-9/11 ``western'' attacks in Pakistan, 
see South Asia Terrorism Portal, ``Post-9/11 Attacks on Western Targets 
in Pakistan,'' no date. Available at http://www.satp.org/satporgtp/
countries/pakistan/database/westerntargets.htm.
---------------------------------------------------------------------------
    Following Pakistan's military operations in the Pashtun belt and 
U.S. military operations in Afghanistan, a series of Pashtun-led 
militant commanders emerged that began targeting the Pakistani security 
forces including the regular army, paramilitary organizations such as 
the Frontier Corps and police. In late 2007, many of these commanders 
coalesced under the banner of the ``Pakistani Taliban'' (e.g. Tehreek-
e-Taliban-e-Pakistan) under the leadership of Baitullah Mehsood based 
in South Waziristan in Pakistan's federally Administered Tribal Areas 
(FATA). Mehsood claims many allies all of whom to seek to establish in 
various degrees sharia (Islamic governance) across the Pashtun belt in 
Pakistan including the FATA and settled areas such as Swat.\13\ In late 
February 2008, two dissident commanders (Mullah Nazir of South 
Waziristan and Gul Bahadur of North Waziristan) set aside their 
differences with Baitullah Mehsood and forged the Shura Ittehad-ul-
Mujahiden.\14\
---------------------------------------------------------------------------
    \13\ See Hassan Abbas, ``Increasing Talibanization in Pakistan's 
Seven Tribal Agencies,'' Terrorism Monitor Vol. 5, No. 18 (September 
27, 2007), pp. 1-5; Hassan Abbas, ``A Profile of Tehrik-i-Taliban 
Pakistan'' CTC Sentinel, Vol. 1, No. 2, January 2008, pp. 1-4; Syed 
Shoaib Hasan, ``Profile: Baitullah Mehsud,'' BBC News, December 28, 
2007. Available at http://news.bbc.co.uk/2/hi/south_asia/7163626.stm.
    \14\ Pakistan has considered Maulvi Nazir an ally because he helped 
oust or kill numerous Uzbeks in South Waziristan. He is considered to 
be a dedicated foe of U.S. and NATO forces as he dispatches fighters to 
Afghanistan. Gul Bahadar has had a number of differences with Baitullah 
Mehsood. It is not clear what this alliance means for Pakistan or for 
the United States and allies in Afghanistan. See Saeed Shah, ``Taliban 
rivals unite to fight US troop surge,'' The Guardian, March 3, 2009. 
Available at http://www.guardian.co.uk/world/2009/mar/03/taliban-
pakistan-afghanistan-us-surge.
---------------------------------------------------------------------------
    In addition to the above noted Pakistani groups, Pakistan also 
hosts elements of the Afghan Taliban, with leadership committees 
(shuras) in Quetta, Peshawar, and Karachi.\15\ The Afghan Taliban 
remains focused upon ousting foreign forces in Afghanistan, 
overthrowing the Karzai regime, and restoring their role in governing 
Afghanistan. As is well known, Pakistani territory is also used by al 
Qaeda. Al Qaeda operatives are known to reside in North and South 
Waziristan and Bajaur among other areas in the Pashtun belt. Moreover, 
many al Qaeda operatives (such as Abu Zubaidah, Khalid Sheikh Mohammad 
among numerous others) have been arrested in Pakistani cities.\16\
---------------------------------------------------------------------------
    \15\ See, inter alia, Senator Carl Levin, ``Opening Statement of 
Senator Carl Levin, Senate Armed Services Committee Hearing on 
Afghanistan and Pakistan,'' February 26, 2009. Available at http://
levin.senate.gov/newsroom/release.cfm?id=308740; Ian Katz, ``Gates Says 
Militant Sanctuaries Pose Biggest Afghanistan Threat,'' Bloomberg News, 
March 1, 2009. Available at http://www.bloomberg.com/apps/
news?pid=20601087&sid=aehmlRXgKi2o&refer=home; Barnett R. Rubin. 
``Saving Afghanistan,'' Foreign Affairs, January/February 2007. 
Available at http://www.foreignaffairs.org/20070101faessay86105-p0/
barnett-r-rubin/saving-afghanistan.html;[sic]
    \16\ See comments made by National Intelligence Director John 
Negroponte cited in ``Al-Qaeda `rebuilding' in Pakistan,'' BBC News 
Online, January 12, 2007. Available at http://news.bbc.co.uk/2/hi/
south_asia/6254375.stm; K. Alan Kronstadt, U.S.-Pakistan Relations 
(Washington, DC: Congressional Research Service, 2008). Available at 
http://fpc.state.gov/documents/organization/115888.pdf.
---------------------------------------------------------------------------
    Pakistan has rightly noted that it is a victim of sanguinary 
terrorist violence that has escalated since joining the U.S.-led war on 
terror. Indeed, the TTP and other sectarian and ethno-nationalist 
militants in Pakistan have wreaked considerable havoc in Pakistan with 
63 suicide attacks and an astonishing 2,148 attacks or clashes with 
security forces in 2008 alone.\17\
---------------------------------------------------------------------------
    \17\ See Pak Institute for Peace Studies, Pakistan Security Report 
2008 (Islamabad: PIPS, 2009) p. 3.
---------------------------------------------------------------------------
    Howsoever horrific these facts are, the LeT has never targeted the 
Pakistani state or international targets within Pakistan. This has led 
many analysts within and without the region to intuit that LeT 
continues to enjoy special relations with Pakistan's intelligence and 
military agencies notwithstanding much-touted Pakistani efforts to 
proscribe LeT's activities and those of its cover organization, the 
Jamaat ul Dawa (JuD). The March 2, 2009 attack on the Sri Lankan 
cricket team in Lahore may signal an important shift in LeT operations 
and its ties to the state. In that incident, several heavily armed men 
viciously assaulted the team, umpires, and related officials as well as 
their police escort in the Punjabi city of Lahore, killing six police 
officers and two civilians. Speculation is rife that the commando 
operation may have been the handiwork of the LeT. If so, this attack 
will be the first LeT attack on Pakistani soil. At the time of writing, 
it is too early to inveigh upon the evidence for or against these 
allegations of LeT involvement.
    While the verdict is out on perpetrators of the attack on the Sri 
Lankan cricketers, few analysts and journalists interviewed during my 
recent trip to Pakistan believed that Pakistan could or would 
decisively eliminate JuD despite its late 2008 ban on the organization. 
This is both because JuD/LeT is still considered to be an important 
asset in Pakistan's quest to secure its regional objectives and because 
it, unlike the proliferating morass of Deobandi groups, has never 
targeted the state. However, even if Pakistan were to resolve to 
eliminate JuD/LeT, few believe that Pakistan has the ability to do so.
          lashkar-e-taiba: origins, operatives, and operations
    The LeT has focused the attention of policymakers in recent months 
because it perpetrated the November 2008 terrorist attacks in Mumbai. 
As this section narrates, the LeT has a long-standing presence in 
Pakistan and South Asia. Since 2001, it has increasingly established a 
presence well beyond the region. LeT emerged as the military wing of 
the Markaz Daawat ul Irshad (MDI), headquartered in Muridke near the 
Punjabi city of Lahore. MDI was founded in 1986 by two Pakistani 
Engineering professors, Hafiz Muhammad Saeed and Zafar Iqbal. Abdullah 
Azzam, a close of associate of Bin Laden who was affiliated with the 
Islamic University of Islamabad and the Maktab ul Khadamat (Bureau of 
Services for Arab mujahideen), also provided assistance. He was killed 
in Peshawar 2 years after the Markaz was founded. MDI, along with 
numerous other militant groups, was involved in Afghanistan from 1986 
onwards and established militant training camps for this purpose. One 
camp was known as Muaskar-e-Taiba in Paktia (in Afghanistan bordering 
Pakistan) and a second known as Muaskar-e-Aqsa in the Kunar province of 
Afghanistan.\18\ (Kunar is known to be home to numerous Ahl-e-Hadith 
adherents in Afghanistan, which overall has few followers in that 
country. For this reason, Kunar has been an attractive safe-haven for 
Arabs in Afghanistan.) Pakistan-based analysts note that MDI/LeT's 
training camps were always separate from those of the Taliban, which 
hosted Deobandi militant groups such as HUJI and Harkat ul Mujahideen. 
This has led some analysts to contend that LeT has not had the 
sustained and organic connections to al Qaeda as enjoyed by the 
Deobandi groups, many of which became ``out sourcers'' for al Qaeda in 
Pakistan.\19\
---------------------------------------------------------------------------
    \18\ See Yoginder Sikand, ``The Islamist Militancy in Kashmir: The 
Case of the Lashkar-e-Taiba,'' in Aparna Rao et al. Eds. The Practice 
of War: Production, Reproduction and Communication of Armed Violence 
(New York: Berghahn Books, 2007), pp. 215-238; Mariam Abou Zahab, ``I 
Shall be Waiting at the Door of Paradise: The Pakistani Martyrs of the 
Lashkar-e-Taiba (Army of the Pure)'', in Aparna Rao et al. Eds. The 
Practice of War: Production, Reproduction and Communication of Armed 
Violence (New York: Berghahn Books, 2007), pp.133158 [sic]; Saeed 
Shafqat, ``From Official Islam to Islamism: The Rise of Dawat-ul-Irshad 
and Lashkar-e-Taiba,'' in Christophe Jaffrelot Ed. Pakistan: 
Nationalism without a Nation (London: Zed Books, 2002), pp. 131-147.
    \19\ In 1998, the United States bombed several al Qaeda/Taliban 
training camps in retaliation for the al Qaeda attacks on U.S. 
embassies in Africa. Militants of several Pakistani Deobandi groups 
were killed including operatives of HUJI and HuM among others. See 
Barry Bearak, ``After The Attacks: In Pakistan; Estimates Of Toll In 
Afghan Missile Strike Reach As High As 50,'' The New York Times, August 
23, 1998. Also see Dexter Filkins, `` `All of Us Were Innocent,' Says 
Survivor of U.S. Attack on Camp,'' The Los Angeles Times, August 24, 
1998. Available at http://articles.latimes.com/1998/aug/24/news/mn-
16045.
---------------------------------------------------------------------------
    In 1993, MDI divided its activities into two related but separate 
organizations: MDI continued the mission of proselytization and 
education while LeT emerged as the militant wing. The ISI is believed 
to have funded the organization and analysts continue to believe that 
LeT is a close proxy of Pakistani intelligence agencies.\20\ After the 
Soviets withdrew from Afghanistan, LeT/MDI shifted focus to Indian-
administered Kashmir. It staged its first attack (against a jeep 
carrying Indian air force personnel) in Kashmir in 1990. The vast 
majority of LeT operatives are Pakistanis (often Punjabis) and the 
organization has spawned a vast training infrastructure throughout the 
country to support its dual mission of training militants and 
converting Pakistanis to the Ahl-e-Hadith interpretative tradition. For 
much of the 1990's (with few exceptions), LeT operations were 
restricted to Indian administered Kashmir.
---------------------------------------------------------------------------
    \20\ Analysts believe that the LeT, with its explicit Islamist and 
pro-Pakistan orientation, was established to counter the ethno-
nationalist and pro-independence militant group Jammu Kashmir 
Liberation Front (JKLF). The JKLF eventually abandoned militancy and 
assumed political activism. For more information about LeT's origins, 
see Yoginder Sikand, ``The Islamist Militancy in Kashmir: The Case of 
the Lashkar-e-Taiba,'' in Aparna Rao et al. Eds. The Practice of War: 
Production, Reproduction and Communication of Armed Violence (New York: 
Berghahn Books, 2007), pp. 215-238; Mariam Abou Zahab, ``I Shall be 
Waiting at the Door of Paradise: The Pakistani Martyrs of the Lashkar-
e-Taiba (Army of the Pure)'', in Aparna Rao et al. Eds. The Practice of 
War: Production, Reproduction and Communication of Armed Violence (New 
York: Berghahn Books, 2007), pp.133158[sic]; Saeed Shafqat, ``From 
Official Islam to Islamism: The Rise of Dawat-ul-Irshad and Lashkar-e-
Taiba,'' in Christophe Jaffrelot Ed. Pakistan: Nationalism without a 
Nation (London: Zed Books, 2002), pp. 131-147.
---------------------------------------------------------------------------
    A perusal of LeT literature demonstrates a commitment to targeting 
Indian Hindus, Jews, Americans and other infidels and apostate Muslims; 
stoking larger Hindu-Muslim discord in India; and liberating all of 
India and establishing a caliphate.\21\ MDI claims that it has had a 
leading role in armed struggles across the Muslim world, first in 
Afghanistan, then in Bosnia, Chechnya, Kosovo, the Philippines, and 
Kashmir among other venues.\22\ While there is no independent 
verification of these claims, as discussed herein, many LeT-associated 
individuals and cells have appeared in Iraq, Australia, the United 
States, the United Kingdom and several European countries.
---------------------------------------------------------------------------
    \21\ The author has collected LeT poster work and written materials 
since 1995.
    \22\ Sikand, ``Islamist Militancy in Kashmir,'' P. 219. Also see 
discussion of LeT in Muhammad Amir Ranan (trans. Saba Ansari) The A to 
Z of Jehadi Organizations in Pakistan (Lahore: Mashal, 2004), pp. 324.
---------------------------------------------------------------------------
    LeT has a hallmark modus operandi which has often been misconstrued 
as ``suicide operations.'' In fact, LeT does not do suicide operations 
per se in which the goal of the attacker is to die in the execution of 
the attack. Rather, LeT's ``fidayeen'' missions are more akin to high-
risk missions in which well-trained commandos engage in fierce combat 
during which dying is preferable to being captured. While martyrdom is 
in some sense the ultimate objective of LeT operatives, the LeT selects 
missions where there is a possibility (howsoever slim) of living to 
kill more of the enemy. The goal of LeT commandos therefore is not to 
commit suicide in the execution of an attack. Rather, they seek to kill 
as many as possible until they either succumb to enemy operations or 
manage to survive, perhaps by decisively eliminating the enemy in the 
battle.
    Zahab has described a typical LeT encounter in the following way 
``the fighters are well trained and highly motivated and they engage 
the enemy on its own territory. Small groups of fedayeen . . . storm a 
security force camp and kill as many soldiers as possible before taking 
defensive positions within the camp and engaging security force 
personnel till they attain martyrdom. Battles often last twenty hours, 
if not more.''\23\ She further notes that these spectacular and well-
planned attacks bring the LeT maximum publicity, expands recruiting and 
donations and demoralizes the enemy which must resort to heavy fire, 
which destroys their own buildings and causes substantial collateral 
damage in the process. While LeT claims that it has only assaulted hard 
targets, their record demonstrates an absolute willingness to kill 
civilians in cinemas, hotels, tourist destinations, airports, etc.
---------------------------------------------------------------------------
    \23\ Zahab, ``I Shall be Waiting,'' p. 138.
---------------------------------------------------------------------------
    Consonant with the rigor of a typical LeT mission, LeT recruits do 
not predominantly draw from Pakistan's madaris (pl. madrassah). Rather 
LeT recruits are generally in their late teens or early twenties and 
they tend to be better educated than Pakistanis on average or even 
other militant groups such as the Deobandi SSP or JM. A majority of LeT 
recruits have completed secondary school with good grades and some have 
even attended college. This reflects both the background of LeT's 
founding fathers who were engineering professors and their commitment 
to technical and other education. Many LeT operatives likely came into 
contact with LeT through proselytization programs on college campuses, 
which in turn lured the potential recruits to the large ``ijtema'' 
(congregation) held annually in Muridke. The fraction of madrassah-
educated LeT operatives is believed to be as low as 10 percent.\24\ 
Clearly not all LeT cadres are well-educated as attested by the lone 
surviving Mumbai gunman, Azam Amir Kasab, a Punjabi with only a fourth-
grade education. By comparison, the mean years of schooling for males 
in the Punjab is 4.7 years.\25\ LeT also actively targets women both to 
expand their recruitment base of males and reportedly to recruit women 
for militant operations.\26\ In sharp contrast, many of the Deobandi 
groups including the Afghan Taliban rely upon madrassah and mosque-
based networks.\27\
---------------------------------------------------------------------------
    \24\ Zahab, ``I Shall be Waiting,'' p. 140, Shafqat, ``From 
Official Islam to Islamism,'' p. 142.
    \25\ Data on mean years of schooling is given for 2005. See Social 
Policy Development Center. Social Development in Pakistan: Annual 
Review (Karachi: SPDC, 2007), p. 152. Available at http://www.spdcpak. 
com/pubs/sdip0607.pdf.
    \26\ Farhat Haq, ``Militarism and Motherhood: The Women of the 
Lashkar-i-Tayyabia in Pakistan,'' Signs, vol. 32, no. 4, Summer 2007, 
pp. 1023-1046.
    \27\ For a more throughout discussion of the connections between 
militancy and education, see C. Christine Fair, The Madrassah 
Challenge: Militancy and Religious Education in Pakistan (Washington, 
DC: USIP, 2008).
---------------------------------------------------------------------------
    Since the late 1990's, LeT has cultivated significant operational 
reach beyond Kashmir and into India. While Indian citizens were always 
required for facilitating LeT and other militant groups' actions within 
Indian-administered Kashmir and the Indian hinterland, LeT has 
successfully cultivated active cadres and figures preeminently in 
founding of the Indian Mujahideen. In 2002, at least 14 young men from 
Hyderabad left for Pakistan for training, reportedly motivated by the 
massacre of Muslims in Gujarat in 2002. (Praveen Swami reports that 
even as early as 1992 some Indian Muslims sought training in Pakistan 
in response to the demolition of the Babri Masjid by Hindu extremists.) 
The Hyderabad operatives received training in LeT and JM camps and 
enjoyed operational assistance from Bangladesh-based Harkat-ul-Jihad-
Bangladesh (HUJI-B). This cell was responsible for the May 18, 2007 
terrorist attack in Hyderabad's Toli Chowki area.\28\ LeT has moved 
Indian personnel into and out of Pakistan via Bangladesh and other 
countries through criminal syndicates as well as other Islamist and 
militant groups such as the Students Islamist Movement of India (SIMI) 
and Harkat-ul-Jihad-Bangladesh (HUJI-B) among others.\29\
---------------------------------------------------------------------------
    \28\ Praveen Swami, ``Terror Junction,'' Frontline, Vol. 24, No. 
11, June 2-15, 2007. Available at http://www.hindu.com/fline/fl2411/
stories/20070615002303500.htm.
    \29\ Praveen Swami, ``Lashkar-trained Indian Terrorists Pose 
Growing Threat,'' The Hindu, December 19, 2008. Available at http://
www.hindu.com/2008/12/19/stories/2008121956141200.htm.
---------------------------------------------------------------------------
    Despite the rhetoric surrounding the horrific events in Mumbai on 
November 26, 2008, there were important antecedents of that attack. 
Most recently, in July 2006, LeT working with local operatives, 
detonated seven explosions across Mumbai's commuter rail system. That 
2006 assault was even more lethal than the 2008 carnage, killing at 
least 187. While that attack focused the public's attention upon LeT's 
ability to strike deep within India, LeT had reportedly established 
networks in Mumbai as early as August 1999. India's intelligence bureau 
disrupted a pan-India network led by LeT-operative Amir Khan who was 
tasked with recruiting from India's communal-violence afflicted 
communities. In 2000, Indian authorities intercepted three Pakistani 
LeT cadres who had planned to kill Bal Thackeray, leader of a Hindu 
nationalist group called the Shiv Sena.\30\
---------------------------------------------------------------------------
    \30\ Praveen Swami, ``Road to Unimaginable Horror,'' The Hindu, 
July 13, 2006. Available at http://www.hindu.com/2006/07/13/stories/
2006071303420800.htm.
---------------------------------------------------------------------------
    In 2004, another LeT cell was disrupted that aimed to attack the 
Bombay Stock Exchange. (The Bombay Stock Exchange had been attacked 
previously in 1993. The then India-based Mafioso, Dawood Ibrahim, 
orchestrated that attack using Indian militants with Pakistani 
support.) In June 2006, the Maharashtra police arrested an 11-member 
LeT cell that shipped some 43 kilograms of explosives, assault rifles 
and grenades to India using sea routes. Several of those militants had 
ties to SIMI. Indian analysts believe that LeT, working with SIMI and 
smuggling rings, have been able to successively move large amounts of 
explosives and weapons by sea along the Gujarat coast.\31\ The movement 
of explosives through the Maharashtra and Gujarat coastlines was 
reminiscent of logistical routes used to supply explosives for the 1993 
Bombay Stock Exchange.\32\
---------------------------------------------------------------------------
    \31\ In May 2006, Mohammad Iqbal, an LeT activist from Bahawlpur (a 
city in southern Punjab in Pakistan), was shot dead by Delhi Police. 
Iqbal had worked through mafia-linked traffickers to ship a consignment 
of explosives through Gujarat that was used in the February 2006 attack 
on an Ahmedebad (Gujarat) train platform, See Praveen Swami, ``Road to 
Unimaginable Horror,'' The Hindu, July 13, 2006. Available at http://
www.hindu.com/2006/07/13/stories/2006071303420800.htm.
    \32\ See Praveen Swami and Anupama Katakam, ``Investigators Shut 
Down Terror Cells Tasked with Executing Strikes in Gujarat, but the 
Threat Remains,'' Frontline, Vol. 23, No. 10, May 20-June 2, 2006.
---------------------------------------------------------------------------
    Needless to say, these are only illustrative--not exhaustive--
examples of LeT's penetration of India and cultivation of Indian 
networks to conduct terror operations. With respect to the November 
2008 attack, at least two Indian operatives played critical roles: 
Fahim Arshad Ansari, a key LeT operative from Mumbai, and Sabahuddin 
Ahmad of Uttar Pradesh. Both men helped prepare maps and videotapes to 
guide LeT's operatives to their targets. Their contributions--perhaps 
more so than the use of GPS devices--likely guided the terrorists' 
movements through Mumbai.\33\
---------------------------------------------------------------------------
    \33\ Y.P. Rajesh and Sagnik Chowdhury, ``26/11 The Indian hand,'' 
Indian Express, February 27, 2009. Available at http://
www.indianexpress.com/news/26-11-the-indian-hand/428565/.
---------------------------------------------------------------------------
    Finally, the early connections between MDI/LeT to Azam, along with 
the organization's Salafijihadi outlook, fosters suspicion that LeT and 
al Qaeda enjoy tight linkages. These suspicions are buttressed by a 
number of developments and observations. First, al Qaeda operatives 
(e.g. Abu Zubaidah) have been arrested in LeT safe houses. In addition, 
LeT has been operating against U.S., NATO and Afghan forces in Kunar 
and Nuristan in close proximity to al Qaeda, which operates in the same 
region.\34\ Third, in recent years, LeT operatives have appeared in 
small numbers in other theatres. For example, British forces captured 
two Pakistani LeT operatives in Iraq and rendered them into U.S. 
custody.\35\ A number of Australians (including apparent converts to 
Islam) have been trained in LeT camps and have plotted to attack 
Australian targets, discomfiting Australian authorities.\36\ Reports 
persist that a wide array of American, Canadian, and British nationals 
have trained in LeT camps.\37\ At least one of the bombers (Shahzad 
Tanveer) in London's ``7/7'' subway attack is alleged to have contacted 
LeT officials while in Pakistan as well as those associated with JM. 
Apart from that incident, British officials contend that LeT has 
numerous links with many terror cells and plots disrupted in the United 
Kingdom. For example, Dhiren Barot, a Hindu convert to Islam and LeT 
activist was arrested in the United Kingdom and charged with planning 
several chemical and radiological attacks on financial offices in the 
United States. LeT is also tied to Richard Reid (a.k.a. ``the shoe 
bomber'') as well as a Virginia-based ``paintball jihad'' cell in which 
several Islamists, including an American Muslim convert named Randall 
``Ismail'' Royer, trained to participate in LeT's campaign against 
India. Royer, who was convicted, dispatched recruits to an LeT camp in 
Pakistan where they learned to use small arms, rocket-propelled 
grenades, among other military resources to fight in India.\38\
---------------------------------------------------------------------------
    \34\ Author fieldwork in Afghanistan between June and October 2007; 
Kathy Gannon, ``Pakistan militants focus on Afghanistan: Jihadist 
groups are increasingly attacking U.S., NATO forces in Afghanistan,'' 
Associated Press, Web site, July 14, 2008.
    \35\ Richard Norton-Taylor, ``Britain aided Iraq terror renditions, 
government admits,'' The Guardian, February 26, 2009. Available at 
http://www.guardian.co.uk/world/2009/feb/26/britain-admits-terror-
renditions.
    \36\ Recently, during a trial of several men plotting to attack the 
United States from Sydney, a participant (a Korean-American Muslim 
convert) alleged that an Australian citizen known as Abu Asad trained 
with Lashkar-e-Taiba at a camp in Pakistan in 2001. See Geesche 
Jacobsen, ``Australian in training camp named,'' Sydney Morning Herald, 
January 13, 2009. Available at http://www.smh.com.au/news/national/
australian-in-training-camp-named/2009/01/13/1231608682540.html. For 
information on another collective of Australians trained in LeT camps, 
see Ashok Malik, ``Lashkar link in Aussie terror net,'' Indian Express, 
June 12, 2004. Available at http://www.indianexpress.com/
oldstory.php?storyid=48832. Perhaps the most famous Australian to train 
at an LeT camp is David Hicks who was recently freed from Guantanamo. 
See ``David Hicks: `Australian Taleban,' '' BBC News, May 20, 2007. 
Available at http://news.bbc.co.uk/2/hi/asia-pacific/3044386.stm.
    \37\ See for example ``Lashkar training in US, Canada, UK, 
Australia,'' Rediff.com, December 10, 2008. Available at http://
www.rediff.com/news/2008/dec/10mumterror-lashkar-training-in-us-canada-
ukaustralia.htm.
    \38\ For more details about the ``paintball jihad'' cell, see 
Stephen Schwartz, ``Lashkar-e-Taiba in America: A convicted terror 
recruiter plays victim of the NSA,'' The Weekly Standard, December 16, 
2006. http://www.weeklystandard.com/Content/Public/Articles/000/000/
015/927uxqry.asp.
---------------------------------------------------------------------------
    Pakistan-based analysts of LeT, among others, tend to discount the 
claims of explicit al Qaeda-LeT linkages and note that al Qaeda 
operatives have been arrested in Jamaat Islami safe houses as well and 
note that LeT infrastructure in Afghanistan, as described above, was 
separate from that of Al Qaeda and their patrons, the Taliban.\39\ Thus 
the actual degree to which LeT is allied to al Qaeda remains an 
important empirical question. However, LeT threatens U.S. interests 
irrespective of its formal ties--or lack thereof--to al Qaeda. LeT has 
well-established linkages to international terrorism and it espouses 
goals that are similar to those of al Qaeda as the foregoing discussion 
illustrates.
---------------------------------------------------------------------------
    \39\ See Yoginder Sikand, ``The Islamist Militancy in Kashmir: The 
Case of the Lashkar-e-Taiba,'' in Aparna Rao et al. Eds. The Practice 
of War: Production, Reproduction and Communication of Armed Violence 
(New York: Berghahn Books, 2007), pp. 215-238; Saeed Shafqat, ``From 
Official Islam to Islamism: The Rise of Dawat-ul-Irshad and Lashkar-e-
Taiba,'' in Christophe Jaffrelot Ed. Pakistan: Nationalism without a 
Nation (London: Zed Books, 2002), pp. 131-147. Why their infrastructure 
was apart from the other Deobandi camps is an important question even 
if there are no solid answers. Two possible explanations include: (1) 
Be deliberate ISI decision to keep MDI/LeT separate from other groups' 
camps or, (2) more likely, the deep-seated hostility that MDI/LeT has 
historically had toward Deobandis and vice versa.
---------------------------------------------------------------------------
   implications of the november 2008 mumbai attack: antecedents and 
                              innovations
    The November 2008 attack bears many hallmarks of previous LeT 
attacks. The assault employed dedicated and well-trained commandos who 
used explosives, small arms and grenades--all but one of whom fought 
until their deaths. While the available evidence suggests that the main 
operators were Pakistani, the attack relied upon crucial domestic 
assistance. Like previous LeT attacks in Mumbai and elsewhere, this 
assault involved exclusively soft targets with little or no defenses. 
Several of the targets (such as the Taj and Oberoi hotels) were Indian 
icons and reflected the opulence of India's elite. They also attracted 
wealthy international visitors. Other targets such as the Chatrapati 
Shivaji Station rendered India's middle and lower-middle classes 
vulnerable. (The train station was previously known as Victoria 
Terminus and was renamed after an important 17th century Hindu leader 
who re-established Hindu political dominance in the region after a long 
period of Muslim rule.) Other targets, such as the Chabad House, 
reflect an explicit expansion of LeT's focus as described below.
    Most accounts of the attack dilate upon the daring infiltration of 
the attackers who traveled from Pakistan by sea. While the sea-based 
landing of the ten militants was exceptionally daunting, the concept 
was not entirely new even if the complexity of the movement was. As 
noted, mafia syndicates and Islamist militant groups have moved 
explosives, guns, grenades and other illicit cargo through similar 
routes since at least 1993. In the conduct of the 1993 Bombay Stock 
Exchange, mafia leader Dawood Ibrahim working with an associate named 
Tiger Memon, arranged for considerable illicit cargo to move into a 
small fishing village near Mumbai via a small motorboat. In one of the 
few comprehensive accounts of that conspiracy, S. Hussain Zaidi 
describes how Memon and his crew boarded a small motorboat which 
``sailed toward the open sea'' where it ``rendezvoused [sic] with a 
large red speedboat,'' from which it loaded the weapons and other 
materials (including AK-47s, large quantities of a military grade 
explosive called RDX, pencil detonators, grenades, pistols) used for 
the attack. They then returned to the fishing village and offloaded the 
cargo. While the operatives of the 1993 blast exploited the widespread 
belief that that Mumbai security forces were inept, the locally 
recruited participants were ill-prepared for the operation and 
unfamiliar with the weapons to be used. Dawood Ibrahim and Tiger Memon 
arranged for their transportation to and from Pakistan where they were 
reportedly trained by Pakistani intelligence.\40\
---------------------------------------------------------------------------
    \40\ S. Hussain Zaidi, Black Friday: The True Story of the Bombay 
Bomb Blasts (New Delhi: Penguin, 2002), pp. 50-67.
---------------------------------------------------------------------------
    However, other aspects of this attack were notable and distinctive. 
While LeT has been operating against U.S., NATO, and Afghan forces in 
Kunar and Nuristan \41\ and while LeT operatives went to fight allied 
forces in Iraq, this was the first known LeT assault upon American and 
international civilians. While it is now believed that LeT did not 
single out foreigners across the targets, one target in particular was 
distinctive: the Chabad Center. Mumbai, among other cities, hosts a 
historical albeit shrinking Jewish population and boasts many 
historical synagogues and Jewish cultural facilities. Despite the 
decades of Islamist violence perpetrated by a range of groups espousing 
an anti-Semitic agenda, no Islamist militant group had ever targeted 
India's Jewish community. Chabad was distinctive because it was not 
merely Jewish, but also associated with Israelis and other 
international Jewish visitors.\42\ This target is most curious of all 
as few from or familiar with Mumbai have ever heard of this 
institution.\43\
---------------------------------------------------------------------------
    \41\ Author fieldwork in Afghanistan between June and October 2007; 
Kathy Gannon, ``Pakistan militants focus on Afghanistan: Jihadist 
groups are increasingly attacking U.S., NATO forces in Afghanistan,'' 
Associated Press, Web site, July 14, 2008.
    \42\ Yair Ettinger, ``Mumbai attack sends shock waves through 
Chabad community worldwide,'' Haaretz, November 29, 2008. Available at 
http://www.haaretz.com/hasen/spages/1041785.html; Anshel Pfeffer, ``9 
dead in Mumbai Chabad house attack; Israel to help identify bodies,'' 
Haaretz, November 30, 2008. Available at http://www.haaretz.com/hasen/
spages/1041834.html.
    \43\ Conversations with Indian journalists and others during a 
recent trip to India and based upon conversations with a relative who 
lives in Mumbai.
---------------------------------------------------------------------------
    While LeT and other groups have often posited and resisted the 
``Brahmanic-Talmudic-Crusader'' alliance, no militant group within 
South Asia violently operationalized this agenda until the Mumbai 2008 
attack. In the case of LeT, it is puzzling that despite advocating this 
agenda since the late 1980's, it took nearly two decades to act upon 
it. Possible explanations for the choice of that target include the 
growing Indo-Israeli military, counterterrorism, and intelligence 
relationship which has long irritated Pakistan and animated the 
rhetoric of Islamist militants across the region.\44\ Moreover, Israeli 
lobby apparatus in the United States has nurtured India's own emergent 
lobbying organizations and is rightly or wrongly associated with 
helping India achieve the Indo-U.S. nuclear deal.\45\ Thus the 
selection of the Chabad center--rather than any of India's domestic 
Jewish institutions--may have sought to undermine this important 
bilateral relationship. Transcripts of the phone intercepts of the 
attack at the Chabad house buttress this explanation. The Pakistan-
based caller encouraged the attacker to kill the hostages arguing that 
``If the hostages are killed, it will spoil relations between India and 
Israel.''\46\ Another explanation may be that LeT was emboldened by its 
attacks against U.S. forces in Afghanistan and influenced by al Qaeda 
co-located with LeT in Afghanistan's Kunar and Nuristan provinces. Of 
course, both may be valid.
---------------------------------------------------------------------------
    \44\ Military and intelligence ties have in many ways formed the 
backbone of the Indo-Israeli relationship and Israel is now India's 
pre-eminent arms supplier. For an early account of the emerging 
relationship see P.R. Kumaraswamy, ``Strategic Partnership Between 
Israel and India,'' MERIA Journal, Vol. 2, No. 2, May 1998. Available 
at http://meria.idc.ac.il/journal/1998/issue2/jv2n2a6.html. See Embassy 
of Israel, New Delhi, ``Indo-Israel Relations,'' n.d. Available at 
http://delhi.mfa.gov.il/mfm/web/main/
document.asp?SubjectID=2010&MissionID=93&LanguageID=0&StatusID=0&Documen
tID=-1; P R Kumaraswamy, ``Indo-Israeli military ties enter next stage: 
A US$2.5 billion Indo-Israeli defense project marks a new phase in the 
two countries' relations,'' ISN, August 3, 2007. Available at http://
www.isn.ethz.ch/isn/Current-Affairs/Security-Watch/Detail/
?ots591=4888CAA0-B3DB-1461-98B9-E20E7B9C13D4&lng=en&id=53611; Efraim 
Inbar, ``The Indian-Israeli Entente,'' Orbis, Vol. 48, No. 1, Winter 
2004, Pages 89-104.
    \45\ This judgment is based upon numerous visits to Pakistan since 
the discussion of the deal emerged.
    \46\ Andrew Buncombe and Omar Waraich in Islamabad, ``Mumbai siege: 
`Kill all the hostages--except the two Muslims' Phone conversations 
between Mumbai attackers and their `Pakistani handlers' cast chilling 
new light on massacre,'' The Independent, January 8, 2009. Available at 
http://www.independent.co.uk/news/world/asia/mumbai-siege-kill-all-the-
hostages-ndash-except-the-twomuslims-1232074.html.
---------------------------------------------------------------------------
conclusions: implications for u.s. regional, and international security
    U.S. policymakers and analysts have pondered whether LeT could or 
would undertake such operations within the United States. As the 
foregoing suggests, a number of individuals (including converts) who 
appear to have radicalized in the diaspora have traveled to Pakistan to 
train with the LeT and other militant groups (e.g. JM). LeT and other 
militant groups in the Punjab, comprise an important link between those 
who have radicalized in the diaspora and Pakistan's tribal areas where 
al Qaeda is ensconced. (In turn Pashtun militants from the tribal areas 
rely upon Pashtun networks as well as Punjabi networks to execute 
attacks throughout Pakistan.) During my recent trip to Pakistan, one 
interlocutor described these Punjab-based groups as the ``escalator for 
foreigners to get to FATA.''\47\ As FATA remains an important epicenter 
for international terrorism, the importance of groups like LeT (among 
others) cannot be understated and should motivate Washington to insist 
that Pakistan cease all forms of active and passive support for these 
groups and act decisively to eliminate them.
---------------------------------------------------------------------------
    \47\ Author interviews with Pakistani and foreign journalists, 
analysts and diplomats in Islamabad in late February 2009.
---------------------------------------------------------------------------
    A smaller number of Pakistani LeT operatives have found their way 
to other theatres such as Iraq. Given the tenacity of opposition to the 
U.S. invasion and occupation of Iraq, it is surprising that only two 
LeT operatives made their way to Iraq suggesting limited capacity or 
will. Given the difficulty in Pakistan-based operatives to obtain a 
visa to visit western countries, the strategy of pulling in operatives 
from the west is likely to be the most productive strategy as these 
individuals speak English, have the appropriate passport, and are more 
likely to gain access to targeted countries. Thus even if LeT (and 
other such groups) may be less capable of dispatching Pakistan-based 
militants outside of the South Asian theatre, LeT and other militant 
camps in Pakistan remain destinations for international jihadists who 
are not so restricted in reaching their desired theatre of operation. 
Given the terrorist cells that have been disrupted in the United 
States, United Kingdom, Europe, and Australia (among other venues) and 
in light of the challenges posed by the visa waiver program, one cannot 
rule out an LeT-facilitated attack within the United States. After 
Mumbai, one absolutely cannot rule out further attacks against U.S. 
citizens or interests abroad or those of U.S. allies.
    Even if an LeT attack within the United States may be a low-
probability event, LeT poses a number of concerns for the United States 
not the least of which include on-going operations against U.S. and 
allied forces in Afghanistan, the likelihood of future attacks in India 
with the ever-present possibility of prompting yet another Indo-
Pakistan military crises, and ``copy cat'' attacks in the United States 
or elsewhere.
    The challenges faced by the Indian security forces are also 
illuminating.\48\ First, the Indian authorities lacked basic 
information about the floor plan. Second, the Indian counterterrorism 
forces were undermined by the media coverage which televised in real 
time their efforts to eliminate the terrorists. The Pakistan-based 
handlers, during on-going phone conversations with the militants, 
relayed critical information gleaned from the coverage, as the 
intercepted phone conversations attest. Third, given that many of these 
targets are deeply embedded within organic urban growth, even under the 
most optimistic assumptions, many of India's numerous high-value 
civilian (e.g. tourism, commercial, industrial) targets will be 
difficult to secure.
---------------------------------------------------------------------------
    \48\ Some of the challenges faced by the Indian authorities also 
stemmed from particular enduring lapses in Indian internal security 
apparatus. These include, among other durable problems, the inability 
of the National Security Guards to get to Mumbai, police ineptitude, 
poor means to share intelligence between and across external and 
domestic intelligence agencies, a deficient system for naval and 
coastal security. See Angel Rabasa et al. The Lessons of Mumbai (Santa 
Monica: RAND, 2008).
---------------------------------------------------------------------------
    Finally the Mumbai attack and its sustained media coverage reminds 
one that militants need not use extravagant suicide bombs to wreak 
havoc. Rather militants waging coordinated attacks, against several, 
soft and poorly defended--if not utterly indefensible targets--targets 
using only small-arms can inflict considerable damage.\49\
---------------------------------------------------------------------------
    \49\ Notably, the Indian government did not limit the televised 
images of the attack even as Indian commandos began their offensives 
against the militants.

    Ms. Jackson Lee. Mr. Bonnell.

STATEMENT OF DAVID BRADLEY BONNELL, DIRECTOR, GLOBAL SECURITY, 
                 INTERCONTINENTAL HOTELS GROUP

    Mr. Bonnell. Madam Chairwoman, Members of the committee, I 
want to express my appreciation. It is an honor to speak to 
you, and I hope that you will find my testimony to be useful. 
It will certainly be less cerebral than Dr. Fair.
    As the terrorist attack on Mumbai unfolded, as it was 
unfolding, I was in contact with my counterparts with Marriott, 
Starwood, Hyatt, and Hilton as a direct result of the 
association that had come to exist as a result of the 
Department of Homeland Security and the Overseas Security 
Advisory Council. We were in constant contact throughout the 
attack sharing information with each other, corroborating fact 
from fiction, sharing information about resources available to 
us. We have two managed hotels in Mumbai, two InterContinental 
hotels. We were able to give them information that was useful.
    So, armed with reliable intelligence concerning the nature 
of the attack as it was occurring, we were able to provide our 
two properties with useful intelligence that enabled them to 
increase the level of security in response to this event.
    In days following the attack, the Association of Corporate 
Security Professionals shared information concerning various 
resources that enabled recovery and the restart of the Mumbai 
business operations confident that reasonable action had been 
taken to mitigate what was now a foreseeable and predictable 
threat in that part of the world.
    This association of corporate security professionals 
evolved as the results of the efforts of the Department of 
Homeland Security. In bringing private sector security crisis 
management personnel together in an effort to increase 
preparedness in the private sector, DHS laid the foundation for 
an association of hotel corporations that has served my company 
very well. This relationship between the DHS and the IHG, the 
InterContinental Hotels Group, has been beneficial about the 
strategic and tactical level. From enabling corporations to 
understand what constitutes a viable and defensible disaster 
recoverable business continuity plan, to how a hotel should 
effect an evacuation response to a bomb threat, that the 
Department of Homeland Security has shown us how it can be 
done.
    I would like to refer to Title 9 compliance. Title 9 of the 
9/11 Commission Act provided us with a map to crisis management 
planning expressed in terms of preparedness in the private 
sector and public sector for rescue, restart, and recovery of 
operations, they should include a plan for evacuations, 
adequate communications capabilities, and a plan for continuity 
of operations.
    In seeking to achieve the stated goals of Title 9, 
Department of Homeland Security enabled private sector security 
professionals to share best practices through its meetings, 
conferences, and frequent communications. What has evolved in 
the hospitality private sector as a result of this information 
sharing are crisis management counterterrorism programs that 
are threat-based and intelligence-led.
    DHS and the Overseas Security Advisory Council both provide 
much of the intelligence that is used in deploying resources 
against emerging threats.
    Since the 19th century the legal and moral duty of a hotel 
concerning safety and security has been articulated in terms of 
reasonable care, which is legally defined as the manner in 
which a prudent and responsible person responds to a 
foreseeable and predictable threat. The threat of a terrorist 
attack against a hotel has now become a conspicuously 
foreseeable threat, particularly in those parts of the world 
where a jihadist threat exists.
    There are currently 4,186 hotels around the world bearing 
the InterContinental hotels groups brands of InterContinental 
Crowne Plaza Hotels, Indigo Suites, Holiday Inn, Holiday Inn 
Express, Candlewood Suites and Staybridge Suites. The majority 
of these hotels are franchised and privately owned.
    The world headquarters of my company is located in the 
United Kingdom near London. The regional office for properties 
in the Americas is located in Atlanta, Georgia, and the Office 
for the Asia Pacific region of IHG is located in Singapore.
    There are 27 corporate facilities that support the business 
to include business service center reservation centers, data 
centers and sales offices.
    We seek to fulfill our legal and moral duty concerning 
safety and security through a crisis management system that has 
taken a great deal of direction from the goals of Title 9.
    Integrated throughout the corporate structure, culture and 
operation of the InterContinental group is a comprehensive 
crisis management system that provides a flexible and effective 
response to foreseeable and predictable threats. The system 
consists of continuous threat assessment, site-specific 
emergency action plans and business continuity plans, a senior 
executive crisis response plan, crisis response teams, an 
internal communications network and crisis emergency response 
training program.
    The crisis management system responds to a crisis through a 
process that follows operational management structures, 
existing lines of communication and established business 
relationships. By following the organizational chain of 
command, crisis management escalates as needed through a 
process that connects all corporate operations to a common 
crisis command organization.
    Our counterterrorism program, as previously stated, is 
threat-based and intelligence-led. The program consists of 
categorizing all hotels against a terrorist risk profile, 
conducting a regional strategic threat assessment from each 
local hotel, conducting a comprehensive assessment of the 
capabilities of a hotel to resist an attack, providing a 
management action plan for increasing security capability, 
monitoring plan compliance. Our counterterrorism program has 
been implemented within the context of mandatory compliance 
with brands standards concerning both operational and 
structural safety and security.
    For example, if a hotel is to be constructed within a 
region that is categorized as high-risk, security design and 
engineering requirements are imposed on both corporate and 
franchise properties. The program is then reinforced through 
security site visits and quality audits.
    It is during the assessment of the property that a 
determination is made as to plan for evacuation, communication 
capabilities, and a plan for continuity of operations.
    As the counterterrorism evolved, the value of the 
intelligence and information provided by the U.S. State 
Department sponsored Overseas Security Advisory Council became 
apparent. Of equally obvious value was the OSAC-sponsored Hotel 
Security Group, of which IHG is a member.
    We are closely affiliated with the American Society of 
Industrial Security and NFBA in seeking to acquire knowledge 
concerning emerging risks and methods of mitigating those 
risks.
    Thank you very much.
    Ms. Jackson Lee. I thank the gentleman for his testimony.
    [The statement of Mr. Bonnell follows:]
              Prepared Statement of David Bradley Bonnell
                             March 11, 2009
                           summary statement
    As the terrorist attack unfolded in Mumbai on 23 February, 2009, 
individuals responsible for the counter terrorism program of their 
respective corporations were in almost constant contact sharing with 
each other timely and detailed information concerning the events and 
circumstances of the attack. From this association of corporate 
security professionals came a flow of intelligence that facilitated 
critical crisis response decisionmaking, the effective deployment of 
resources and the flow of constructive internal communications between 
global corporate headquarters and hotels impacted by the attack.
    Armed with reliable intelligence concerning the nature of the 
attack as it was occurring, the InterContinental Hotels Group (IHG) was 
able to provide its two Mumbai properties with instructions and 
resources that enabled those hotels to quickly secure and defend 
against an attack.
    In days following the attack, this association of corporate 
security professionals shared information concerning various resources 
that enabled recovery and restart of Mumbai business operations 
confident that reasonable action had been taken to mitigate what was 
now a foreseeable and predictable threat in that part of the world.
    This association of corporate security professionals evolved as the 
result of the efforts of the Department of Homeland Security (DHS). In 
bringing private sector security and crisis management personnel 
together in an effort to increase preparedness in the private sector, 
DHS laid the foundation for an association of hotel corporations that 
has served IHG well.
    The relationship between DHS and IHG has been beneficial at both a 
strategic and tactical level. From enabling corporations to understand 
what constitutes a viable and defensible disaster recovery/business 
continuity plan to how a hotel should effect an evacuation in response 
to a bomb threat, DHS has shown how it can be done.
                          title ix compliance
    Title IX of the 9/11 Commission Act provided us with a map to 
crisis management planning expressed in terms of,

``Preparedness in the private sector and public sector for rescue, 
restart and recovery of operations should include (1) a plan for 
evacuation, (2) adequate communications capabilities, and (3) a plan 
for continuity of operations.''

    In seeking to achieve the stated goals of Title IX, DHS enabled 
private sector security professionals to share best practices through 
its various meetings, conferences, and frequent communications.
    What has evolved in the hospitality private sector as a result of 
this information sharing are crisis management/counterterrorism 
programs that are threat-based and intelligence-led. DHS and the 
Overseas Security Advisory Council (OSAC) both provide much of the 
intelligence that is used in deploying resources against emerging 
threats.
                               legal duty
    Since the 19th Century, the legal and moral duty of a hotel 
concerning safety and security has been articulated in terms of 
``reasonable care'' which is legally defined as the, ``manner in which 
a prudent and responsible person responds to a foreseeable and 
predictable threat.'' The threat of a terrorist attack against a hotel 
has now become a conspicuously foreseeable and predictable threat, 
particularly in those parts of the world where a Jihadist threat 
exists.
                                  ihg
    There are currently 4,186 hotels around the world bearing the 
InterContinental Hotels Group (IHG) brands of, InterContinental Hotels, 
Crowne Plaza Hotels, Indigo Suites, Holiday Inn, Holiday Inn Express, 
Candlewood Suites and Staybridge Suites. The majority of these hotels 
are franchised and privately owned.
    The world headquarters of IHG is located in the United Kingdom near 
London. The regional office for properties in the Americas is located 
in Atlanta, Georgia and the office for the Asia Pacific region of IHG 
is located in Singapore. There are 27 corporate facilities that support 
the business to include business service centers, reservation centers, 
data centers, and sales offices.
    IHG seeks to fulfill its legal and moral duty concerning safety and 
security through a crisis management system that has taken a great deal 
of direction from the goals of Title IX.
                      ihg crisis management system
    Integrated throughout the corporate structure, culture and 
operation of the InterContinental Hotels Group (IHG) is a comprehensive 
Crisis Management System that provides a flexible and effective 
response to foreseeable and predictable threats. The system consists 
of: continuous threat assessment; site-specific emergency action plans 
and business continuity plans; a senior executive crisis response plan; 
crisis response teams; an internal communication network; and crisis/
emergency response training programs.
    The IHG Crisis Management System responds to crisis through a 
process that follows operational management structures, existing lines 
of communication and established business relationships. By following 
the organizational chain of command, crisis management escalates as 
needed through a process that connects all corporate operations to a 
common crisis command organization.
    The IHG Crisis Management System incorporates for its 27 corporate 
support facilities viable disaster recovery/business continuity plans 
and programs. Monitored and tested annually, IHG is confident in its 
ability to quickly restore essential business functions either from 
temporary or permanent locations.
    Another critical component of the IHG Crisis Management System is 
the counter terrorism program.
                       counter terrorism program
    The IHG counter terrorism program is, as previously stated, is 
threat-based and intelligence-led.
    The program consists of:
   Categorizing all IHG hotels against a terrorist risk 
        profile.
   Conducting a regional strategic threat assessment for each 
        hotel location.
   Conducting a comprehensive assessment of the capabilities of 
        the hotel to resist an attack.
   Providing an management action plan for increasing security 
        capability.
   Monitoring plan compliance.
    Our counter terrorism program is then implemented within the 
context of mandatory compliance with brand standards concerning both 
operational and structural safety and security. For example, if a hotel 
is to be constructed within a region that is categorized as being high 
risk, Security Design and Engineering requirements are imposed.
    The program is then reinforced through both security site visits 
and quality audits.
    It is during the assessment of the property that a determination is 
made as to plan for evacuation, communication capabilities and a plan 
for continuity of operations.
                                  osac
    As the IHG counter terrorism program evolved, the value of the 
intelligence and information provided by the U.S. State Department-
sponsored Overseas Security Advisory Council (OSAC) became apparent. Of 
equally obvious value was the OSAC sponsored Hotel Security Group of 
which IHG is a member.
    Like DHS, the OSAC brought private sector security professionals 
together in an effort to improve the security capability of the 
business.
    IHG is also closely affiliated with the American Society of 
Industrial Security (ASIS) and NFPA in seeking to acquire knowledge 
concerning emerging risks and methods of mitigating those risks.

    Ms. Jackson Lee. Mr. Raisch, you are recognized for 5 
minutes.

 STATEMENT OF WILLIAM G. RAISCH, EXECUTIVE DIRECTOR, NEW YORK 
 UNIVERSITY'S INTERNATIONAL CENTER FOR ENTERPRISE PREPAREDNESS

    Mr. Raisch. Madam Chairwoman, Ranking Member Dent, and 
distinguished Members of the subcommittee. It is my sincere 
honor to yet again provide testimony to this committee.
    Our primary goal at InterCEP is simple. We have the 
opportunity to bring together key stakeholders to identify and 
collaboratively solve problems in the area of emergency 
preparedness, security, and risk management. It is that 
problem-solving orientation that I would like to bring to my 
discussion this afternoon and touch on several key points which 
are discussed in greater detail in my written remarks, but 
focus on two particularly foundational opportunities.
    The first is that presented in what has been termed Title 
9, the Private Sector Preparedness Program called for by Public 
Law 110-53. This is a program that was championed by this 
committee and that offers the unique opportunity to begin to 
establish corporate resilience and preparedness as a core 
business discipline and connected more clearly with bottom-line 
benefits than perhaps ever before.
    Second, I would like to make a point in the course of my 
discussion--an appeal, really, for collaborative action to 
design and build in resilience into the current infrastructure 
initiatives that are underway by Congress. We have a unique 
opportunity to, in fact, prepare while we repair our 
infrastructure. This is an opportunity that should not be lost 
as we move forward. It is an opportunity that can yield 
tremendous returns in minimizing impacts of future crises on 
our people and our economy.
    The primary focus of this hearing without doubt is a 
specific risk, terrorism. In particular, Mumbai-style attack 
perhaps on a soft target in the United States. This committee 
has assembled a diversity of true experts in the terrorism risk 
and the specific strategies that would flow from that.
    I would not pretend to approach their expertise, but I 
would suggest and stress that these specific risk strategies 
optimally are built upon a foundation of basic all-hazards 
preparedness, that this approach that acknowledges that many 
different risks can, in fact, have common impacts on people, 
property, processes; and that these impacts, these common 
impacts can be addressed by a set of core capabilities of an 
organization to essentially prepare, respond, and recover from 
crisis.
    These core capabilities can be dramatically advanced by the 
Private Sector Prepared Preparedness Program called for by 
Title 9 Public Law 110-53.
    The program essentially provides a set of common criteria, 
a standard for private sector preparedness, yet in a flexible 
framework. It provides a measurement or assessment approach to 
assure that criteria are in fact in place, and ultimately it 
provides the foundation or the opportunity to link compliance, 
conforming with those criteria with bottom-line impacts. It is 
that bottom-line impact that will assure on-going and recurring 
investment by the private sector in preparedness.
    Yet there are critical next steps that must be taken to 
assure that this program is successful. In particular, the 
Department of Homeland Security needs to, in relatively short 
order, designate one or more core standards as soon as possible 
to move the private sector preparedness certification program 
forward. The Department has already discussed the program with 
the private sector widely through a diversity of forums. Now is 
the time to move forward with one or more standards required by 
the legislation.
    DHS should also continue to build upon and support the 
efforts of the designated accrediting body, which has a long 
history in certification and long interface with the private 
sector itself.
    Furthermore, DHS should fund and work with appropriate 
stakeholders to support a mapping of industry-specific 
practices, best practices, if you will, in each of the major 
sectors using the common criteria of the Title 9 program as if 
you will, the Rosetta Stone that will allow us, once and for 
all, to begin to gather perspectives that may come from the 
elements of the private sector, including the hospitality 
industry, and including utilities, financial services programs, 
and begin to share these across sectors.
    Furthermore, DHS should support the development and 
delivery of training to assist in implementing the criteria of 
the private sector preparedness programs. It should also 
support and fund the development and delivery of the 
appropriate tools to enable the implementation, including risk 
assessment methodologies online resources.
    There are a diversity of resources out there and potential 
training available from various professional associations and 
nongovernmental sources. These should be capitalized upon and 
funded by the Department in this regard.
    DHS should also support and fund a first wave of company 
certifications under the PS-Prep program. Participants should 
include high-profile opinion-leading companies, optimally with 
significant supply chains, and working with these suppliers, 
including both large, medium and small businesses. This will 
provide a proof of concept and an opportunity to test the 
program out on a small basis, if you will, and an opportunity 
to learn those lessons, to capture them, to inform a wider 
effort down the road, including, again, the critical small 
business community.
    DHS should also fund and support what is perhaps the most 
long-term seminal impacting project. That is a research project 
that uses the measurements of the Title IX program to 
ultimately decide what the difference is, what the impact is of 
preparedness over time. There is no data currently on the 
impact of programmatic preparedness because, to date, there has 
been no effectively commonly accepted measure of what 
preparedness is, and there has been no commonly accepted 
approach to, in fact, confirm that those criteria are in place.
    With the Title IX program, we have an opportunity to begin 
perhaps what is the first long-term effort to define the 
financial rationale that is the real value of investment and 
preparedness. Congress needs to continue its efforts, its 
active oversights of key program initiatives in this area, as 
evidenced by this committee's activity. It also needs to fund 
DHS to accomplish the various initiatives that I briefly 
outlined.
    Businesses need to look to the PS-Prep program as, at the 
very least, an informal internal assessment of their own 
activities, and over time, they need to look at it specifically 
for applications in their supply chain with the focus on supply 
chain resilience. They need to continue to actively partner 
with Government in information-sharing and public-private 
partnerships, and they need to consider being part of that 
first wave of company certifications under the new Private 
Sector Preparedness Program.
    Finally, I would suggest that all parties need to look at 
the opportunity inherent in this new infrastructure program 
that is certainly being funded as part of the overall stimulus 
effort but to revisit this opportunity to prepare and repair as 
we move forward in substantiating and really rebuilding our 
infrastructure. Adding resilience to what essentially would be 
the considerations and the design stage for much of the 
existing infrastructure that has been targeted for rebuilding 
could pay tremendous dividends down the road, and a risk-
assessment should and can be a standard step in advancing 
planning for all infrastructure projects, much the same as 
environmental impact studies have become in many other 
development efforts.
    Our center stands ready to assist wherever appropriate and 
collaborate with all key stakeholders in the achievement of 
these critical initiatives. I thank you again for the 
opportunity to present to the committee.
    [The statement of Mr. Raisch follows:]
                Prepared Statement of William G. Raisch
                             March 11, 2009
    Chairwoman Jackson-Lee, Ranking Member Dent, and distinguished 
Members of the subcommittee, it is my sincere honor to again provide 
testimony to this committee.
    I join you today as past private sector advisor to the Federal 9-11 
Commission and currently as Director of InterCEP, the International 
Center for Enterprise Preparedness at New York University. InterCEP is 
the world's first research center dedicated to private sector 
resilience.
    In my capacity today, I am at best a channel for the many insights 
that are shared with the Center from hundreds of businesses and other 
organizations that participate in InterCEP forums and initiatives.
    Our primary goal at InterCEP is simple. We work with key 
stakeholders to identify, understand, and collaboratively solve real 
problems in the area of emergency preparedness, security, operational 
continuity, and risk management.
    I will now outline what we see as the current challenge of private 
sector preparedness (with a particular focus on the hospitality 
industry), the opportunity provided by the new Private Sector 
Preparedness Program (PS-Prep) and then address urgently needed actions 
in this arena for both Government and business.
                             the challenge
    Preparedness can be generally seen as an effort to develop 
capabilities to prevent a hazard where possible (and feasible) and to 
mitigate the impacts of a hazard should it nonetheless occur including 
capabilities to respond and recover while maintaining continuity of 
core operations.
    The significant law enforcement expertise assembled by this 
committee today can better comment on the specifics of appropriate 
prevention strategies for a Mumbai-style attack in the United States. 
Clearly such prevention strategies would likely involve effective 
public-private coordination in terms of advance warning and 
intelligence sharing, a heightened level of awareness among staff and 
customers alike as well as a level of physical security generally only 
applied to VIP appearances in our country.
    I would like to focus my comments today on ``all hazards'' 
emergency preparedness which should be, but often is not, the general 
foundation upon which specific strategies to address any new or 
evolving threat is built. At the center of all hazards preparedness is 
preparing for the often common impacts of emergencies with common core 
capabilities. It involves developing capabilities for such activities 
as on-going threat assessment and situation analysis, a clearly 
understood incident management structure, effective warning and crisis 
communications with employees and customers alike, basic resource 
management and logistics necessary to access needed supplies, targeted 
training and exercises as well as effective relationships and 
communications capability with public safety organizations. All hazards 
programs should be what we fall back on in the event of the unexpected.
    Overall preparedness appears to vary greatly among businesses 
generally and key drivers appear to include the size of firm, 
experience with crisis, and presence of regulatory requirements.\1\
---------------------------------------------------------------------------
    \1\ While there is still no consensus-based measurement of 
preparedness for the private sector (pending the implementation of PS-
Prep), we can draw on personal observations, anecdotal information, and 
what might be considered indicators of preparedness elements, such as 
surveys of expenditures on security or the presence of certain plans or 
programs. From these inputs, overall assertions can be made.
---------------------------------------------------------------------------
   Larger firms or facilities (with more overall staff and 
        other resources) tend on the whole to be more prepared than 
        smaller firms.
   Firms that have experienced a crisis or recurring threats 
        tend to be more prepared than those that have not.
     (For example, the well-established threat of room theft in 
            hotels has resulted in the general addition of room safes 
            and restrictions in some cases of who can enter guest room 
            areas).
   Firms that have regulatory requirements for overall 
        preparedness (e.g., utilities and financial services firms) 
        tend to be more prepared on a programmatic basis than those 
        that do not. Similarly, specific requirements for elements of 
        preparedness (such as fire and life safety) are clearly 
        prompted by regulation. Such codes play an important role in 
        the hospitality industry.
   Availability of financial resources and expertise is always 
        a limiting factor. Unfortunately, security and preparedness 
        expenditures are generally considered by most firms to be 
        ``overhead'' costs and these have been severely cut and likely 
        will continue to be further eroded should economic conditions 
        worsen.
     In the hospitality industry this can be exacerbated by the 
            franchise system, whereby major hotel corporations may 
            manage properties but these are owned by their franchisees 
            who may have to approve operating budgets. While issues 
            such as life safety and food safety are considered must-do 
            regulatory requirements and are an accepted element of 
            budgets, security is often considered optional in nature.
   Even among the most prepared firms, research suggests that 
        preparedness and security overall can be significantly 
        improved. But to maintain even the current levels of 
        preparedness will require sustained funding but the current 
        economic environment is resulting in significant across-the-
        board cutbacks to the area of preparedness and security.
                                the need
    In large part, it can be argued that the current situation is due 
to a lack of a clear ``what'' to do, ``how'' to do it and a compelling 
``why'' to do it. In line with our prior testimony to this committee, 
several factors contribute to this situation primarily focused on these 
three considerations:
   What to do.--A set of clear criteria for what constitutes 
        effective preparedness and security is needed. The criteria for 
        what good preparedness is can be difficult to ascertain. There 
        are a diversity of strategies, technologies, and approaches to 
        preparedness and effective security. Most firms are not aware 
        of any standards in this regard.
     The criteria must optimally be derived from the private 
            sector and based upon actual business experience to assure 
            that it is applicable in the business environment.
     Current successful industry practices must be acknowledged 
            and built upon, not displaced. As with a number of other 
            industries, the hospitality industry has significant 
            history internationally as well as domestically in the 
            security and preparedness arena; this experience should be 
            at the core of any effort.
   How to do it.--Implementation strategies including risk 
        assessment methodologies, training, and planning resources are 
        necessary to apply the general criteria to specific business 
        facilities/operations. ``How'' preparedness criteria (if 
        identified) should be applied to a particular operation may not 
        be clear. Size, geographic location, type of industry, current 
        intelligence, etc. all can inform the nature of preparedness 
        actions to be undertaken. Likely a small motel along an 
        interstate does not require the same approach as a large hotel 
        property next to an iconic building in a major city. How should 
        risks be identified and prioritized? What training is 
        necessary? What resources are available to support planning and 
        implementation?
     A risk-based methodology that can identify and prioritize 
            risks and inform prevention, preparedness, response, and 
            recovery activities is vital.
     Appropriate training and other tools necessary to develop 
            and implement preparedness programs on a company basis are 
            needed.
     Public-private partnerships in information sharing and 
            intelligence with an emphasis on actionable information 
            must be sought.
   Why to do it.--A compelling business case and the 
        development of new incentives for preparedness with linkage to 
        the common criteria is needed. The business case for 
        preparedness is not always evident. Preparedness requires 
        investment of time and resources. Businesses invest in efforts 
        that increase profitability. It is not apparent to most 
        businesses that an investment in preparedness will either 
        increase revenue or decrease expense. The probability of 
        hazards and their potential impacts on a business are difficult 
        to assess. The perception that ``it's not going to happen to 
        me'' is widespread. Thus, unless there are clear bottom-line 
        reasons or regulatory requirements for preparedness and 
        security, activity in this area tends to be minimal.
     An approach is needed that does not rely solely on the 
            risk of terrorism as the primary motivator (which will 
            likely be discounted by many) but rather looks to the 
            common impacts of many different risks on an operation and 
            focuses on common strategies of preparedness, response, and 
            recovery which can be established at a relatively lower 
            cost than developing a number of individual risk-specific 
            programs.
     A serious and on-going research effort must be developed 
            that not only documents current anecdotal impacts of 
            preparedness but also develops new approaches to more 
            comprehensively clarify the economic benefits of 
            preparedness to the corporation and wider society.
     The active engagement of key stakeholders in the 
            development of new incentives must be promoted and 
            maintained.
        an opportunity: the private sector preparedness program
    The new Private Sector Preparedness Program (PS-Prep) championed by 
this committee and reflected in Public Law 110-53 holds great promise 
in addressing a number of these needs. It is as you know, currently 
under development by DHS. Key elements of the program include the 
following.
   The program is to be based on existing business preparedness 
        standards by the private sector based upon its experiences over 
        time, not by Government.
   The program will be risk-based. All of the standards in this 
        arena require as a starting point a risk assessment and thus 
        would suggest activity appropriate to the risks identified for 
        each operation and not a one-size-fits-all approach.
   Core standards in the arena also incorporate cost-benefit 
        analysis as part of their processes. Thus, firms are encouraged 
        to prepare reasonably and to the extent allowed by available 
        resources based upon true business value.
   The program is poised to be link preparedness over time with 
        potential benefits and incentives. InterCEP currently has five 
        Working Groups involving approximately two hundred individuals 
        providing input on linkage to potential incentives over time in 
        supply chain management, legal liability mitigation, rating 
        agency acknowledgement, more rationalized business reporting on 
        preparedness and insurance.
    Nonetheless, the PS-Prep Program is only an element of a more 
comprehensive strategy needed to secure our businesses in general and 
the hospitality industry in particular. Additional elements are 
included below.
                          critical next steps
    There are several critical steps necessary to move forward 
preparedness within the private sector as a whole including the 
hospitality industry. Critical next steps must be taken by the 
Department of Homeland Security, Congress, and businesses.
    The U.S. Department of Homeland Security (DHS):
   DHS must designate one or more core standards as soon as 
        possible to move the PS-Prep certification program forward. 
        While promising, this program is far from complete and the 
        designation of standards is a necessary precursor to further 
        activity. The Department has discussed the program with the 
        private sector widely through a diversity of forums. It has 
        developed and vetted its target criteria for the choice of 
        standards and announced them publicly in the Federal Register. 
        It has held two highly interactive national meetings with the 
        private sector on the program. Now is the time to move forward 
        and designate the one or more standards required by the 
        legislation.
   DHS must continue to support the efforts of the designated 
        accrediting body, ANAB, to assure that this program has a firm 
        base in the historically proven private sector voluntary 
        accreditation process. ANAB has administered accreditation 
        programs in such areas as quality management (ISO 9000) and 
        environmental management (ISO 14000) for decades. It has 
        established relationships with the business sector and a time-
        validated approach to conformity assessment of businesses.
   DHS must support an outreach to the critical infrastructure 
        sectors to engage them in the on-going development and 
        implementation of the PS-Prep Program. These sectors are vital 
        to a resilient society and they often have a well-developed 
        appreciation of the importance of resilience. This outreach 
        must:
     Educate these sectors on the opportunity presented by 
            certification program.
     Clarify the program as an opportunity to identify and 
            credit best practices already existent in each sector and 
            not an effort to supplant existing and effective practices 
            where they exist.
   DHS must fund and work with appropriate stakeholders to 
        support the mapping of existing industry specific practices in 
        preparedness and security, especially those in the critical 
        infrastructure sectors. The common criteria of the new 
        certification program offer a unique opportunity to identify 
        and categorize good practice in these sectors.
     Such a mapping could be used to assist in crediting these 
            practices in the PS-Prep Program, so that those industries 
            and companies with strong preparedness programs would be 
            appropriately recognized.
     Furthermore, and perhaps more importantly, this mapping 
            could create an opportunity to cross-walk practices across 
            industries allowing for cross-pollination of approaches and 
            strategies. Such an effort could create a ``rosetta stone 
            of preparedness'' which could establish a more robust body 
            of good practices for all organizations. InterCEP is 
            actively looking to engage with key industries in this 
            regard.
     Given the importance of the hospitality industry and its 
            history to date, this industry could be one of the initial 
            targets for collaboration on a mapping of existing 
            practices.
     DHS should coordinate this effort but consider that the 
            outreach might best be undertaken in conjunction with non-
            governmental parties to minimize potential concerns about 
            creeping regulation.
   DHS must support and fund the development and delivery of 
        training to assist in implementing the common criteria of the 
        PS-Prep program. Key professional associations should be 
        considered for this effort including the American Society for 
        Industrial Security (ASIS), Disaster Recovery Institute 
        International (DRII), the National Fire Protection Association 
        (NFPA) and the Risk Insurance & Management Society (RIMS).
   DHS must support and fund the development and delivery of 
        appropriate tools to enable implementation including risk 
        assessment methodologies and on-line resources. Risk assessment 
        tools such as RAMCAP Plus (developed by ASME-ITI) should be 
        considered. On-line resources such as the DHS Ready.gov site, 
        the Open for Business planning tool offered by the Institute 
        for Business & Home Safety (IBHS) and the Red Cross Ready 
        Program from the American Red Cross should be considered.
   DHS must support and fund a first wave of company 
        certifications under the PS-Prep Program. Participants should 
        include high-profile, opinion-leading companies with 
        significant supply chains as well as their suppliers including 
        small businesses.
     This will provide a proof of concept and an opportunity to 
            test the program out on a small scale before being rolled 
            out on a wider basis.
     Lessons learned can be captured and used to inform the 
            wider effort, including lessons for both large and small 
            businesses.
     Leading corporations can both become familiar with the 
            certification program (on a pilot basis) as well as provide 
            high-profile leadership.
     By including corporations with significant supply chains, 
            these initial undertakings could set the foundation for 
            supply chain-focused resiliency initiatives underscore a 
            clear economic rationale for preparedness among small 
            businesses. Such efforts could involve larger corporations 
            working with a targeted group of their critical suppliers. 
            In various InterCEP forums, several leading corporations 
            have already indicated their interest in potentially 
            mentoring their key suppliers in preparedness.
     This first wave initiative should be funded by DHS and 
            potentially utilize the DHS grant mechanism.
   DHS must support and fund a long-term seminal research 
        project to begin to measure the economic value of preparedness 
        over time. This project could ultimately provide the most 
        compelling rationale for widespread investment by the private 
        sector in resilience. There is no data on the impact of 
        programmatic preparedness because prior to the inception of PS-
        Prep there has been: (a) No commonly accepted definition of 
        what constitutes effective preparedness and (b) no method to 
        measure if these preparedness criteria were in place. Lacking 
        these fundamental elements (a definition and a measure), there 
        has been no ability to see if prepared companies fare better 
        after emergencies occur versus those companies that are not 
        prepared. This lack of data has kept preparedness as a common-
        sense strategy but one that lacked any financial rationale that 
        informed the real value of investment in preparedness. Hence, 
        corporate efforts have tended to be notional and other actors 
        such as insurance and rating companies have failed to strongly 
        acknowledge and reward preparedness. They have lacked any real 
        actuarial data on this vital area. With the PS-Prep Program in 
        place, a long-term project can now be undertaken to identify 
        different outcomes over time based upon whether or not a firm 
        is ``prepared'' as indicated by its PS-Prep status. InterCEP 
        seeks to be instrumental in this undertaking.
    Congress:
   Congress must continue its active oversight of key programs 
        and initiatives. Congress' wide perspective on this arena is 
        critical to a comprehensive and sustainable strategy for 
        private sector and overall society resilience.
   Congress must fund DHS and other stakeholders as appropriate 
        to enable the above initiatives including the accrediting body 
        required by the legislation, the mapping of existing industry 
        practices to the common criteria of the designated standards, 
        training and tools necessary to implement preparedness, the 
        first wave of company certifications under the PS-Prep Program 
        and the long-term research initiative.
    Businesses:
   Businesses must look to the PS-Prep program for voluntary 
        guidance and, as a first step, undertake an informal internal 
        assessment of their operations based on the criteria of the 
        program. Core to this will be an initial risk assessment to 
        inform what preparedness measures are appropriate. Further 
        application of the PS-Prep program should be considered if it 
        presents additional business value.
   Additionally, businesses should evaluate the use of the PS-
        Prep Program in assuring supply chain resilience, especially 
        for suppliers of mission critical services to core business 
        operations. Firms with high priority needs and regulatory 
        requirements for continuity such as the utility and financial 
        services industries should especially evaluate this opportunity 
        to assess the resilience of their critical suppliers.
   Businesses must actively partner with government in 
        information sharing and other public-private partnerships. 
        Information gained from these partnerships can inform risk 
        assessment as well as other preparedness, response, and 
        recovery activities. Federal programs include DHS Sector 
        Coordinating Councils, DHS Information Sharing & Analysis 
        Centers (ISAC's), DHS Protective Security Coordinator Division, 
        FBI InfraGard, U.S. State Department Overseas Security Advisory 
        Council (OSAC). State and city programs such as Chicago First, 
        NYPD Shield, New York City Office of Emergency Management 
        CorpNet/PALMS and the wide diversity of others should be 
        considered. Private not-for-profit organizations such as 
        Business Executives for National Security (BENS) should also be 
        considered.
   Businesses should consider participation in the first wave 
        of company certifications under the new Private Sector 
        Preparedness Program.
   Businesses must promote and participate in an industry-by-
        industry effort to map and recognize existing preparedness and 
        security practices utilizing the criteria of the PS-Prep 
        certification program as the organizing theme.
    Finally, all parties must work to assure that resilience is 
designed into our Nation's infrastructure projects from the beginning 
(not added after a crisis). We must prepare as we repair and expand our 
infrastructure. The private sector and Federal, State, and local 
governments must take constructive action to assure this.
   Our goal must be to create a more resilient Nation as well 
        as a better supported one.
   Adding resilience considerations at the design stage can 
        generally be done at minimal costs. Yet, resilience can pay big 
        dividends in reducing the cost of future disruptions that are 
        inevitable due to both natural and man-made hazards.
   Risk assessments should be a standard step in the advance 
        planning for all infrastructure projects. Such risk assessments 
        could lead to designing in appropriate mitigation and 
        prevention measures for identified hazards as well as measures 
        which could facilitate response and recovery in any crisis, 
        large or small.
   Existing strategies should be utilized to advance resilience 
        including the both programmatic standards such as those under 
        the PS-Prep program as well as risk assessment tools such as 
        RAMCAP Plus.
   Infrastructure projects should consider local, State, 
        regional, and Federal preparedness planning.
   In addition to protecting our people, a more resilient 
        infrastructure will make for a more competitive America in the 
        global marketplace.
    Our Center stands ready to assist wherever appropriate and 
collaborate with all key stakeholders in the achievement of these 
critical initiatives.

    Ms. Jackson Lee. We thank all the witnesses for their 
testimony, and we will begin questioning the witnesses.
    I will yield myself 5 minutes. We thank them for their 
testimony.
    It would appear that, in the quietness of this room, we 
have nothing to fear. The reason that is so, because in the, if 
you will, in the emergence after 9/11, we began to wake up and 
understand the issues of terrorism and protecting the homeland. 
We are grateful to all the witnesses for recognizing their role 
in that. So we have, in fact, warded off, stopped, if you will, 
pressed back terrorist acts on our soil.
    But I think that if we have not gotten a wake-up call over 
the last series of years, noting the numbers of terrorist acts 
that have occurred on trains, the ones that were attempted on 
airplanes, the ones that have been attempted in settings like 
hotels and sports events, then I think we are not getting the 
wake-up call that we should.
    Let me start with you, Mr. Raisch, because you made a very 
interesting point. How long has Title IX been law?
    Mr. Raisch. I believe it was August 3, 2007. That would 
make it roughly, what, 1 year and 6 months roughly, 6 or 7 
months.
    Ms. Jackson Lee. Enough time, if we were unlucky to have a 
number of terrorist acts, if that was what terrorists intended 
to do in the United States, and we were not prepared. Is that 
not right?
    Mr. Raisch. Certainly.
    Ms. Jackson Lee. So your point is a point that I think 
should be made very clearly. In that Title IX, I understand it 
was established a Voluntary Private Sector Preparedness 
Accreditation and Certification Program. Why don't you restate 
for us your point about the actions of the Department of 
Homeland Security from 2007 in terms of moving forward on 
reaching out to create, if you will, action on that voluntary 
accreditation certification?
    Mr. Raisch. To be fair to DHS, there have been significant 
actions on their part. At the same time, and over the course of 
that period of time, there has been outreach by the Department. 
There has been diversity of meetings. Most recently, two public 
forums were held in January and February of this year.
    Ms. Jackson Lee. Where were they held?
    Mr. Raisch. They were held in Washington, one at the U.S. 
Chamber of Commerce and the second one at the American Red 
Cross Headquarters here in the District of Columbia. There have 
been, my understanding, though, some outreaches. We 
participated in hosting a number of them whereby DHS has tried 
to get the word out.
    Ms. Jackson Lee. So what have been the obstacles of moving 
forward almost a year and a half to be able to establish the 
program?
    Mr. Raisch. I think the remaining obstacle right now, quite 
frankly, is simply designating a standard and/or standards. The 
legislation itself calls for one or more standards to be 
designated. That, quite frankly, with a year, 6, 7 months into 
it, we are beginning to lose potentially some momentum in that 
regard. I think DHS has made a concerted effort to outreach and 
vet. I think that vetting has been done, and I think it is time 
to move forward in that regard.
    I think the private sector is ready to move forward. I 
think there has been input from a diversity of associations. 
There has been some very good work done by the Alfred P. Sloan 
Foundation. We brought together four major entities, 
professional entities in this case, and they have chimed in on 
it. We have heard InterContinental really speak about their use 
of the program, even in its infancy. As such, I think we are 
ready to move forward.
    I think this needs to be a step progression, though. I 
think moving forward involves, first and foremost, designating 
the one or more standards. But then let's move out and in a 
logical progression, I think, the possibility of some pilot or 
first-wave projects.
    Ms. Jackson Lee. I think we need to move out, if you would, 
beyond the Beltway and establish some meetings on that issue as 
well.
    The point that I think I would like to make in that is we 
recognize that there has been a new administration, changing of 
leadership. But I intend to and hope my Ranking Member will 
join me on encouraging, by way of letter, DHS to move forward 
on the characterization of the standards.
    I would like to ask Mr. Bonnell, just to follow up in the 
line of questioning, would InterContinental seek to be 
certified and accredited?
    Mr. Bonnell. Yes, ma'am. We in fact have applied for a 
Safety Act Compliance Certification. We are in the application 
process now.
    Ms. Jackson Lee. Let me move forward, Mr. Bonnell, and 
since I am going down the line, and thank you very much for 
representing a hotel family, is that not correct?
    Mr. Bonnell. That is correct.
    Ms. Jackson Lee. So you are separate and apart; you are a 
member of the Hotel Association, but you actually represent 
active hotels.
    Mr. Bonnell. That is correct.
    Ms. Jackson Lee. In the course of the council that has been 
set up, the commercial council, the DHS Commercial Facilities 
Sector Coordinating Council, are hotels actually sitting on as 
members?
    Mr. Bonnell. We are on the Real Estate Roundtable 
committee.
    Ms. Jackson Lee. Alright. That is an interesting name. Are 
you sitting on the Commercial Facilities Sector Coordinating 
Council?
    Mr. Bonnell. No, ma'am.
    Ms. Jackson Lee. Do you have a representative on that 
council?
    Mr. Bonnell. My company does not directly. I think through 
the American Hotel Lodging Association we do have participation 
indirectly.
    Ms. Jackson Lee. I don't know the semantics, but I am much 
more comforted by the fact that you would be on the Commercial 
Facilities Coordinating Council than I might be on real estate. 
There must be something in that real estate name that someone 
attributes to covering the issues that we are concerned about. 
But let me just ask you the question. Is there too much money? 
Can we say that there is ever too much money invested in 
security?
    Mr. Bonnell. No, ma'am.
    Ms. Jackson Lee. Particularly in commercial facilities.
    Mr. Bonnell. Absolutely not.
    Ms. Jackson Lee. Can we be partners in helping commercial 
facilities be more security wise?
    Let me indicate, as I said before, I stayed at the Taj, and 
so I understand what the post-November 26, what the description 
that we have heard of the commandos going through hallways. The 
question is, how much invasion of privacy are hallway cameras, 
for example, safe places, training staff on how to act? There 
were some heroic actions by hotel staff, and let me commend the 
hotel industry, saving, if you will, the clientele, those who 
were in the hotel as actual customers, not only of the 
restaurants but elsewhere, actually saving them, moving to 
their own safe spots. What is too much? What do you want from 
the Government in terms of assistance?
    Mr. Bonnell. Well, I don't know how I can say what is too 
much.
    I would say, to address some of the points, cameras in 
hallways are not intrusive. There is no expectation of privacy, 
and in many of our hotels, we strongly recommend the use of 
CCTV where appropriate.
    In terms of training, you can't do enough. I will say this: 
The Department of Homeland Security, the U.S. State Department 
has been a tremendous source of information in developing 
training programs. For us, half of all knowledge is knowing 
where to find it. If I have questions about vendors, products, 
procedures, methods, I can go to these sites, the Web sites.
    Ms. Jackson Lee. This is DHS?
    Mr. Bonnell. DHS, OSAC, and NYPD Shield. Tremendous sources 
of information. As I said, our security, and our 
counterterrorism programs are all intelligence-led. As hotels 
are being built, as the luxury class, full-service hotels are 
being built, we are now incorporating security design in the 
engineering phase, and we are making a requirement, both 
company-managed and franchise properties. So we are changing 
the way we are building hotels.
    Existing properties, we have to do the best we can. But 
again, could we do more? Could we get more from the Government? 
I would certainly welcome any support. Again, for us, it is 
intelligence. As the Commissioner said, no two hotels are the 
same. So it is hard to come up with a one-size-fits-all 
solution to security. We talk about the hotels that sit on 
waterfronts, that, similar to the Taj, unique set of threats, 
as opposed to say a hotel located in Phoenix. It is, again, 
when we go to addressing the issues of security, we have to 
look at what is reasonable, what is foreseeable, what is 
predictable.
    Now as terrorist attacks against hotels have become more 
sophisticated, it is apparent that there are certain things 
that we should invest in. Again, talking about the performance 
of security personnel, for instance, the case at Islamabad, 
over 20 security officers were killed at the Marriott 
Islamabad. You will find that in many of the attacks, the 
security personnel are doing a good job, particularly those 
that are properly trained to look out as part of a 
counterterrorism program.
    Ms. Jackson Lee. Well, we thank you for that explanation.
    With that, let me yield to the gentleman from Pennsylvania, 
Mr. Dent, for his questioning.
    Mr. Dent. Thank you, Madam Chairwoman.
    Thank you all for being with us this afternoon. Media 
reports coming out of Mumbai indicate that the LeT attackers 
had conducted significant surveillance prior to carrying out 
those attacks, so that they had an in-depth knowledge of the 
layout of the targets, even better than that of the first 
responders. This is a general question. You all feel free 
respond this. Is the U.S. private sector in a position to 
recognize pre-attack surveillance and report to Federal 
authorities? Anybody want to take a shot at that?
    Mr. Bonnell. If I may, that is part of our counterterrorism 
program, when we train people to look out, to look at these 
points where the terrorists are going to be conducting these 
surveillance. We know from past attacks that they do counter 
surveillance and they invest heavily in counter surveillance, 
so we train our people to be on the lookout for it. In fact, 
there is an initiative underway now where hotels, different 
brands are sharing information, where we are watching each 
others' hotels, essentially watching each others' backs in 
areas where we have high concentrations of hotels that are 
close to each other.
    So your point is absolutely spot on with our approach to 
counterterrorism is to train our line-level employees to be 
looking out and looking for the obvious indicators of counter 
surveillance. If you are being surveilled, if you look for it, 
you will see it.
    Mr. Dent. Anybody else want to make a comment?
    Mr. Raisch. I guess I could chime in there. In prepping for 
this discussion here, I had the opportunity to reach out to a 
number of chief security officers in various hotel chains, and 
my understanding is it is definitely evolving. I think I was 
astounded by most of them I spoke to had at least one of their 
staff, if not themselves, had been in short order out to India 
and had done some post-event analysis out there. My 
understanding is there is an outreach to a great extent to the 
back to the house right now where they are trying to develop 
essentially posters that would reinforce suspicious activity, 
what cues would be in that regard. So I think it is evolving. I 
think there is some good work being done across the industry.
    The interesting thing about preparedness is that sometimes 
an industry will collectively look at issues that otherwise 
might appear to be competitive because they have realized that 
if one attack occurs in the United States at a single hotel, 
people won't differentiate what flag is on that hotel. They 
will become increasingly cautious about all hotels. So I think 
we have a foundation for collaborative effort without question.
    Mr. Dent. Finally, I just want to make a comment. Do high-
priority targets in the U.S. private sector adequately train 
and exercise with first responders or provide critical 
information to first responders in the event of some kind of an 
attack, in your view?
    Mr. Bonnell.
    Mr. Bonnell. Do we train with first responders? We do. More 
so in some markets than in others. For instance, take Orlando, 
because of the high concentration of high-end hotels, we work, 
in fact, I know the regional coordinator for the Department of 
Homeland Security there who makes available resources for 
training. So I would say that does take place. For instance, in 
New York, we have the Barclay and the Crown Plaza Times Square, 
both security directors are retired NYPD police detectives, 
work closely with the local authorities. New York is really 
probably gone a step above as far as preparing for a crisis in 
terms of being certain the first responders are trained, that 
we know exactly where the ambulances and the fire trucks are 
going to come and the people know exactly what their assigned 
duty stations are. I would say in some markets more so than 
others.
    Mr. Raisch. If I could elaborate, I would also say this, 
and I would hope Mr. Bonnell would concur with me. There is a 
stratification in the industry. You have the major players in 
major, you know, certainly the larger hotels in larger cities 
tend to be the ones where there is more staff and arguably more 
cash-flow to rationalize much of the investment. There is a 
different level of staffing. There may be three people in a 
roadside, an interstate-side size hotel, and consequently, your 
capability to have a significant security presence there is 
minimal.
    But I think the core approach to preparedness that I think 
I heard from Mr. Bonnell here was something that you can roll 
out through large and small entities and at least have the 
threshold level of preparedness and security even at the 
relatively smaller entities.
    Mr. Dent. Thank you.
    At this time, I have no further questions.
    I yield back the balance of my time. Thank you for your 
testimony.
    Ms. Jackson Lee. Thank you, Mr. Dent, for your questions.
    The Congresswoman from Nevada, Ms. Titus.
    Ms. Titus. Thank you very much, Madam Chairwoman.
    My last question yielded little more than a mouth full of 
bureaucratese, but I am going to try again with this panel, so 
I appreciate your indulgence.
    I would just ask you, either in your family of hotels or in 
your study of hotels, if you have looked at those that have 
gaming. You know, there are special needs when you have gaming. 
Your lobby is a casino. They are built in such a way that you 
can't find the door. We want you to come in, but we don't 
necessarily want you to leave. So that makes it difficult. 
There are no clocks, there are no water fountains. It is a 
different setting. So I wonder if any of the study that you 
have been doing or any of the standards that you have been 
setting take into account those special needs.
    Second, I want to be sure that everybody has the 
information and knows the best practices. I know the security 
forces do. I know the executives do. But what about the 
cocktail waitresses? What about the card dealers? What about 
the ladies that make the beds? Is that information getting 
down? Is it available to the public? Would they know where to 
go, where to stand to be rescued like you used to know where to 
go with a fire, if you had a fire, and what elevator not to 
take?
    Finally, I would just ask you if you were going to rate how 
prepared the private sector is, especially in terms of hotels, 
how are we today on a scale of 1 to 10?
    Mr. Raisch. I will yield to my industry colleague here.
    Mr. Bonnell. Well, let me say, having been at the 30th 
floor of the Bellagio during an earthquake, I had an 
opportunity to watch the hotel deal with the crisis, and it was 
clear they were prepared. They knew what to do. Again, this was 
a shelter-in-place situation, as opposed to an evacuation. What 
is unique about Las Vegas is you have these hotels with 3,000 
rooms, versus a hotel with maybe 300 rooms; generally better 
staffed in terms of security, emergency medical personnel that 
are actually on staff. So what I find in Las Vegas and in Reno 
is a very high level of preparation for crisis.
    Now, traditionally, the investment in security had been in 
the casinos. As the super hotels came along, and they became 
victim, fell victim to premise security liability litigation, 
they found themselves in court, being sued for negligence, they 
began to increase the level of operational security on the 
hotel side.
    Having been involved, through the American Society of 
Industrial Security, with the Gaming Committee, I tend to think 
the hotels that I have seen in Reno and Las Vegas are superior 
in many respects because, again, I think they anticipate these 
events occurring. That is from my own personal knowledge. I 
haven't conducted a study. I am more familiar with hotels in 
the range of say 350 to 750 rooms, business and leisure, so I 
am not well versed in casino.
    Again, I think you draw a unique set of threats associated 
with casino more in terms of criminal behavior. Again, as I 
said, when I saw the folks at the Bellagio and the MGM Grand 
respond to the earthquake, I was very impressed with their 
knowledge of directing people. In fact, they were actually at 
the bottom of the elevator banks with robes because they knew 
that people were going to come fleeing out of the rooms in 
their night clothes. So I was very impressed with that.
    The other question--how do we rate? The hospitality 
industry is highly regulated. We have to deal with OSHA, ADA, 
NFPA, the constant threat of litigation in the form of premise 
security liability lawsuits. Our insurance carriers want to 
make certain that we are managing our hotels in preparation for 
these foreseeable risks. So I would say, compared to say, 
retail, we are doing pretty good. I can't say, I don't want to 
say that we are doing a lot better, but I think that because we 
are held to a higher level of accountability than say our 
colleagues in retail, we do a better job overall. But of 
course, when people check into our hotels, they are trusting us 
with their lives and their safety. And generally we have much 
longer contact with them. So I would be reluctant to give us a 
score. I would say C-plus, maybe a B-minus.
    Mr. Raisch. It is my hope in 2 years hence that that 
question of what level is security and preparedness at hotels 
can be met by giving you a number as to how many have actually 
been certified under the program. That is inherent really in 
one of the goals of the program is to provide some measurement 
and common criteria because, to date, what your concept of 
preparedness is or mine or any one of the folks on the panel in 
this room, none of them would exactly jive.
    In this case, we have the opportunity to look at some 
bubble-up standards that have come from the industry, not 
arbitrarily chosen in the Beltway, and to begin to apply those 
and evolve them. Each of these standards are not frozen in 
time. They actually have committees that maintain them on an 
on-going basis, so they will adjust over time to other threats 
as they evolve, perhaps along the lines of the Mumbai attack. 
So I think there is an opportunity inherent in the Title IX 
program to begin to measure that.
    As we often know in many cases, until you measure 
something, it is very difficult to manage it. So my sense is 
that that is a strong opportunity really for the Title IX 
program.
    The other observations we have made essentially is, 
obviously, as I mentioned before, larger firms with more 
facilities, larger, in this case, larger facilities with more 
staff, distinct from larger firms, because we have in this 
industry a stratification of everything from 30-, 40-, 50-, 60-
unit hotels to 500- or 1,000-unit hotels, each of them with 
different staffing levels, each of them following different 
pricing mechanisms.
    One factor that I did, became apparent to me, is the 
franchise system. We have the opportunity here to talk to, if 
you will, one of the major flags, InterContinental. While they 
manage the hotels, they don't necessarily own them, and their 
operating budgets are oftentimes approved by the local owners. 
Unfortunately, on the regulatory side, fire was mentioned 
before, OSHA, and so forth, there is a given in every budget 
for that number.
    The security side is a little bit more iffy, and as such, 
oftentimes, I think security professionals like at this table 
have to, if you will, make an argument to the local operators, 
sometimes successful, sometimes not successful in what level of 
security that they are willing to buy into.
    Ms. Titus. Madam Chairwoman, thank you.
    I think that Las Vegas does do a good job and has some 
things to offer, especially that they have developed. So I 
hope, as you develop these standards and this certification 
program, that Las Vegas can play a part in helping to flesh out 
some of that.
    Thank you, ma'am.
    Ms. Jackson Lee. Madam Congresswoman, we hope to certainly 
involve your constituents who certainly have had their 
experience with large volumes of customers and revelers, if you 
will, and that is a question that we ask today, is to move 
quickly on the standards being, if you will, being put in 
place. So we thank you for that offer. I know that the 
committee will take up both your advice and counsel.
    I am going to seek to yield myself 5 minutes just to 
conclude. I don't know if Mr. Dent cares for that at this time, 
but I want to clear up some issues that are on the record.
    Dr. Fair, you have mentioned radicalization and LeT. I want 
to make sure you are not suggesting that the people of Pakistan 
are comfortable with terrorist acts and are not making efforts. 
I was in Pakistan as well, post the November 26 incidents, and 
I know that, though it might not have been fast enough, they 
have come to recognize that there were Pakistani nationals 
participating. They have made a commitment to prosecute them, 
hopefully swiftly. Of course, they have themselves been victims 
of terrorist acts, including the issue dealing with the 
Marriott at Islamabad.
    So my question to you is, how can we be effective in 
collaborating with our world partners when terrorism is 
becoming both decentralized and radicalized?
    Ms. Fair. Actually, I want to respectfully disagree with I 
think some of the points that you just made. There is a 
tendency to think of this broad swath of militant groups as all 
being interchangeable. In my written testimony, I go to great 
lengths to talk about how Lashkar-e-Taiba is very different. 
Lashkar has never targeted the Pakistani state. Lashkar-e-Taiba 
has never targeted an international target within Pakistan.
    Ms. Jackson Lee. So what are you disagreeing with me on----
    Ms. Fair. No, no----
    Ms. Jackson Lee. Because all I said was that they were 
becoming decentralized terrorist groups so that they are 
decentralized from al Qaeda and radicalized. Those are just the 
two points that I made.
    Ms. Fair. The part in particular that I think is an 
important question that really requires vigilance on the part 
of Washington is actually the extent to which they are 
undertaking efforts to wrap up Lashkar-e-Taiba. I personally--
--
    Ms. Jackson Lee. Who is ``they''?
    Ms. Fair. The Pakistani government. I was not--there is a 
pattern that has been followed here as has been followed in the 
past; that is, before the organization is officially 
proscribed, the moneys in the bank accounts are moved, and the 
organization reconstitutes under another name.
    The leader of the organization has not been arrested. He 
has been under house arrest. There have been a number of 
individuals who have been detained. Their actual accounting, 
the accounting of where they are is absolutely unclear. I was 
actually not impressed that the Punjab government, the 
provincial government, simply took over----
    Ms. Jackson Lee. Is that the state government?
    Ms. Fair. The state government. The state government took 
over the assets of an organization that the government itself 
had declared to be a terrorist organization.
    What government takes over the operating of enterprises 
associated with a terrorist organization as opposed to shutting 
them down and arresting the leadership?
    So I think there are a lot of questions, particularly about 
Lashkar-e-Taiba.
    Ms. Jackson Lee. How can we be more effective in 
collaborating with countries that have sovereign governments 
who represent that they are trying to fight terrorism and to be 
effective?
    Ms. Fair. Well, I think we have to be very forthright with 
them, both publicly, if need be, but certainly privately. Over 
the last 7 years the United States has really given Pakistan a 
mixed message about the groups that we think it should shut 
down.
    For much of the global war on terrorism, we emphasized al 
Qaeda. We were actually very episodic in our emphasis upon 
groups like Lashkar-e-Taiba and Jaish-e-Mohammed. I am sure, as 
you know from previous testimony on the Hill, we were even 
ambivalent about Pakistan's efforts against the Talibans.
    So I think the first thing that we need to do is resolve in 
our own discourse that groups like Lashkar-e-Taiba are not 
simply India's problem, but they are also our problem, and they 
are also Pakistan's problem.
    Second, we really need to focus much more intelligence 
resources to really understand what the government is and, more 
importantly, what it is not doing. We have a tendency to look 
at these attacks through the optic of as if it just happened, 
and we tend to forget that in fact this group has been 
operating since 1986, and there is a pattern of state behavior 
with that particular group.
    Ms. Jackson Lee. I think your point is well taken, but we 
also need to distinguish what is state government and what is 
federal government in the context of Pakistan. We also need to 
be assured that we promote and encourage those efforts where 
the government is trying to at least work on a plan or an 
effort to fight terrorism.
    I think the point is well taken. I think, in addition, we 
would hope that there would be notice, as I think your 
testimony said, that there were Indian facilitators. So working 
regionally, with India, Afghanistan, and Pakistan, I hope would 
be also an important point for us. But I thank you very much 
for your testimony and those very vital points.
    Mr. Bonnell, let me ask, you want to certify under the 
SAFETY Act. But you would be willing to have InterContinental 
Hotel certify under the voluntary certification under Title IX?
    Mr. Bonnell. Yes, ma'am.
    Ms. Jackson Lee. Do you think it would be helpful for DHS 
to reach out, beyond the meetings that they have already had, 
to really get, as Congresswoman Titus has indicated, sort of 
insight and instruction for hotels beyond the Beltway and be 
out in the areas, resort areas, for example, we have a lot of 
coastline in the United States, Las Vegas, for example, and 
other intense areas, do you think that would be helpful in 
terms of quickly moving and trying to establish some standards?
    Mr. Bonnell. Yes, ma'am. I totally agree. I think that 
there are many best practices out there that we could share, 
work with DHS, consolidate this, and crystallize this 
information, and get it back out to where it would do the most 
good.
    Ms. Jackson Lee. I do want to emphasize, since I was 
physically on-site, using my somewhat non-, both nonscientific 
and non-law-enforcement eye, the importance of internal 
preparedness plans for hotels. Though you represent one chain 
and one family, is there a standard, without the involvement of 
the Federal Government, where you would assess that hotels have 
their own individual plans? Are they wide enough to, for 
example, capture what Dr. Fair has said in terms of 
organizations that may be even beyond the borders of where we 
have seen them act out their terrorist acts? Are U.S. hotels 
with preparedness plans that could respond to a commando-type 
incident?
    Mr. Bonnell. Limiting the discussion to the category and 
class of hotel that we have been discussing, again, like the 
Taj, the Oberoi or an InterContinental Hotel, you will find 
that there are plans. Is there a standard? Is there continuity 
and consistency? I don't think so. I can speak only to my 
brands. Now I work closely with my colleagues, with Starwood 
and Marriott, and we share information. I would say, within 
this small group of the major brands, we share best practices, 
and you would find some degree of continuity and consistency. 
But when you look at all of the hotels in this country, I am 
afraid the answer would be no. I think, again, setting a 
standard and providing and offering that standard up as a best 
practice would be very useful.
    Ms. Jackson Lee. I thank you very much.
    Mr. Raisch, you have expressed the offering of your 
center's assistance and also your assistance for what has to be 
an important charge and challenge, and that is for the overall 
preparedness under Title IX, but in particular, establishing 
these standards. What is your sense of urgency on helping us 
move in that direction?
    Mr. Raisch. That is the designation, and let's make it 
clear, too, that really we are talking about designating 
existing standards that actually are bubbling up or have 
already bubbled up for some time for the private sector. So DHS 
need not create something in this regard. It in fact is charged 
by the legislation to designate an existing standard. So that 
is the opportunity that we have, not to attempt to build from 
scratch but rather to designate something that already has, 
again, come from the private sector. It is the next step that 
really is critical to move forward.
    Absent a standard, really, the measurement process, the 
assessment process can't go forward absent one or more 
standards maybe designated by the Department in this regard. 
But that is the final element. Quite frankly, we are working on 
the bottom-line side of the house.
    We have five different working groups over 200 
organizations actively involved in it; that is, looking, once 
the standard itself has been defined, to look for benefits and 
insurance, mitigating legal liability, and acknowledgment by 
rating agencies and moving forward with really supply chain 
management where, perhaps, the most economic rationale----
    Ms. Jackson Lee. You are looking across the private sector 
in its totality, not isolating hotels. You are looking across 
the board.
    Mr. Raisch. We have representatives from utilities, from 
financial services, from the major retailers across the board, 
and all of them are really participating. The goal in all this 
is, by getting the private sector involved in it up front, we 
are essentially building something that is business and value-
oriented as opposed to--we referenced the Beltway before--
building something in here and trying to make it work out 
there.
    Ms. Jackson Lee. If I had to ask the question on a scale of 
1 to 10, with 10 being the highest, how would you rate the 
preparedness of America's private sector?
    Mr. Raisch. I would really hesitate to put a specific 
number because, quite frankly, the private sector is not a 
homogeneous entity. It is big, small, you know, large. 
Certainly the smaller businesses are more concerned about 
meeting payroll in the next 4 weeks than they are necessarily 
of putting their preparedness program together. I will tell you 
that those entities that have experienced some sort of crisis 
or near-miss, have gotten religion, those folks tend to be more 
prepared. We tend to see preparedness paralleling, at least on 
the life-safety side of the house--we reference NFPA and fire 
safety and life safety. There are elements of that because it 
has been required.
    The typical business continuity and the more general 
elements of preparedness still are looking for something in the 
way of a definition as to what good preparedness is and a 
bottom-line rational to undertake it. That is why I think, 
once, if we link those two, which I think Title IX has the 
opportunity to do, not immediately but a little bit over time, 
then I think we will have the business rationale to make this 
go forward.
    Ms. Jackson Lee. Well, we certainly have an obligation to 
provide them that. But I imagine what you are saying is that 
they have not reached 10 yet.
    Mr. Raisch. There is no question in my mind they have not 
reached 10. I would say, on the whole, we are far; that is a 
long reach.
    Ms. Jackson Lee. I think you have given us our marching 
orders.
    Let me thank our witnesses, of course, for their very 
instructive testimony.
    Dr. Fair, Mr. Bonnell, Mr. Raisch, we appreciate the 
insight.
    This hearing started off as I opened to connect the issue 
of the terrible tragedy in Mumbai with a wake-up call for 
America. Obviously, in order to fulfill the purpose of this 
hearing, we will be instructing and requesting certain 
responses from DHS of recognizing that we have a committed new 
administration ready to answer some of the questions that have 
been somewhat delayed.
    We also will be actively engaged in pushing for the 
standard and certification process under Title IX. We welcome 
your input, and as well, we will be looking for a combination 
of working with intelligence committees, our foreign affairs 
committees, and this committee on the issue of terrorist 
groups, that Dr. Fair has mentioned and how do we be 
instructive with our allies who themselves are looking for a 
way out of the burden of terrorism. So let me, again, thank you 
for contributing to that.
    Peter King mentioned a quote or a statement from one of our 
very famous newspapers that I tend to agree with all the time 
and has indicated we shouldn't be talking about terrorism. 
Well, we should be talking about terrorism and preparedness, 
because both of those, coming together, meaning prepared to 
fight terrorism and being prepared will help to save lives, and 
that is what this committee is about.
    I want to thank my Ranking Member, Mr. Dent, for his 
service. At this time, we will provide you with just a few 
instructive remarks and then the hearing will be adjourned.
    The Chair wants to acknowledge that the witnesses have 
given valuable testimony. We thank the Members for their 
questions. The Members of the subcommittee may have additional 
questions for the witnesses, and we ask that you respond to 
them expeditiously in writing.
    Hearing no further business, the subcommittee stands 
adjourned, and we look forward to submitting our questions. 
Thank you.
    [Whereupon, at 5:23 p.m., the subcommittee was adjourned.]

                                 
