The appropriate curriculum to build a strong Homeland Security Master’s program is challenging because the environment has no well-defined boundaries. Indeed, creating a static curriculum would not adequately address the ever-changing needs of our global security concepts. Furthermore, academia is not constrained to a particular definition of Homeland Security (HS) by the role of their respective agency or institution. Subsequently, we are forced to continuously reshape HS programs in order to fill the gaps from novel vulnerabilities. Therefore, recognizing that certain aspects of a strong HS program must remain fluid, essential elements are necessary for HS graduates to be adequately prepared to face current challenges. In this paper we describe the experience acquired in the last eight years managing the post-graduate Master’s in Homeland Security at University Campus Bio-Medico of Rome (Italy). Its analysis allows us also to outline the peculiarity of the HS scenario in Europe.
Homeland Security definition
Although a universal consensus does not exist for the definition of both domestic and international Homeland Security, it is still possible to reach an agreement on its key features; one of the most established definitions, for instance, is the one provided by the National Research Council (United States): “Any area of inquiry whose improved understanding could make U.S. (and International) people safer from extreme, unanticipated threats.”[1]
According to the Quadrennial Homeland Security Review Report of the U.S. Department of Homeland Security, HS can be defined as: “intersection of evolving threats and hazards with traditional governmental and civic responsibilities for civil defense, emergency response, law enforcement, customs, border patrol, and immigration.”[2]
The lack of a universally adopted definition of HS is reflected by the operative choices of the different National and International governments and Institutions.
For example, although the United States continues to focus on a wholesale approach to domestic security and border protection issues, European countries have largely preferred to work within their existing institutional architectures to combat terrorism and respond to other security challenges and disasters, both natural and man-made.[3]
Such diversity certainly has a deep echo in the way HS training is conceived across different countries and different institutions, in terms of intended audience, contents, occupation of trainees, etc.
This paper aims to describe the training approach in the field of HS, experienced in Italy, within the post-graduate Master’s in Homeland Security (MHS) at University Campus Bio-Medico of Rome (UCBM).
The training structure of the MHS will be described, motivating the construction of the training course through its intended and actual audience, and the expectations the students had and currently have across the eight editions of the Master’s program.
Teaching Homeland Security in the experience of the post-graduate Master’s in Homeland Security
Teaching HS is, at the same time, a hard challenge and a great opportunity.[4] In fact, unlike other disciplines, no standard baseline for academia exists for the HS arena. Subsequently, “Homeland Security Experts” graduate into the field with no oversight or guarantee that the appropriate knowledge base was explored.
In HS literature, several research studies conducted on how to teach Homeland Security. As explained by Linda Kiltz,[5] the need for the coexistence of HS and Emergency Management in the same program is stressed. Donald Wallace, et al. provide a comparison between how the US and EU approaches to homeland security teaching are performed, pointing out that, while the United States has garnered much attention in centralizing and unifying HS efforts, EU governments tend to maintain the existing institutional settings; and (unlike the United States) there is no dedicated Department of HS in many European countries. Instead the responsibility is often delegated to several ministries, law enforcement and intelligence forces.[6] Moreover, while in the United States the HS training audience is largely composed of governmental authorities, in the European Union these types of courses are more tailored to the private sector and specifically to critical infrastructures’ operators.
The Congressional Research Service provides an overview of the European HS situation in its report entitled European Approaches to Homeland Security and Counterterrorism.[7] Of particular concern is the scenario outlined for Italy, which is seen as the main entrance of immigration, potentially exposing the country to risks of a terroristic nature and fostering the development of border control activities, thus creating a situation that is more comparable to the United States with respect to other countries.
The post-graduate MHS at the UCBM provides an example of what is expected in Europe by a complete training course in HS.
Despite courses in the United States, the MHS attendance is not limited to law enforcement and governmental representatives, but is addressed to a wide range of students, including public and private critical infrastructure operators, civil protection representatives, and also recent graduates that want to become HS experts in their own fields of knowledge.
The MHS adopts an All-Hazard philosophy, trying to merge security and safety perspectives across physical, cyber, and organizational dimensions, in order to prepare professionals able to holistically manage all the aspects related to the “sicurezza”[8] of people, employees and properties. Security is, in fact, a very complex domain integrating technological, legal, sociologic, business, mathematical, economic, etc. competences and knowledge. Modern societies are so complex that they are intrinsically very susceptible to extreme events, i.e. events that cannot be foreseen on historical data, described as black swans,[9] or better known as “normal accidents.”[10] This is an impetus to develop approaches that are able to prevent and especially mitigate the negative consequences of unpredictable events.
The structure of the annual program of the MHS reflects the current needs of security professionals and covers a wide range of topics in a transversal framework, which allows each student to take advantage of new knowledge in their respective field of application. The program is divided in 5 modules:
- Risk Management: identification and assessment of threats and opportunities, understanding and evaluation of risks and analysis of possible consequences in order to adopt the most adequate mitigation strategies. This module provides both theoretical elements and practical aspects on how to perform a risk analysis in complex scenarios, providing also a set of logic, mathematical and software tools to be used in different frameworks and under several hypotheses;
- Business Continuity & Crisis Management: skills and knowledge allowing the management of a crisis and the setup of an organizational structure as resilient as possible (both in private and public environments). This module aims to provide an overview of the most consolidated strategies to be prepared, respond, and manage a recovery phase starting from concrete episodes and experience. The module also embraces aspects related to internal and external communication and to public-private cooperation and information sharing;
- Technologies supporting Homeland Security: how to design and integrate an efficient protection system using basic, newest, and sophisticated technologies. In this module the students become familiar with the most traditional technologies and instruments related to passive and active physical security (fences, sensor networks, surveillance, etc.) and to cyber issues (firewalls, anti-viruses, IDS, etc.), to allow them to holistically design an effective security system;
- Critical Infrastructures: fundamentals of the actual characteristics of critical infrastructures, their dependencies and interdependencies. This module allows the students to become familiar with the methodologies and tools useful to manage the complexity of interdependent scenarios, in order to prevent and mitigate domino effects. Specific sections of the module is devoted to the analysis of SCADA and ICS systems, due to their relevance for the Critical Infrastructures, and to the analysis and strengthening of the human factor, to prevent social engineering and insider attacks;
- Soft Skills and Career Orientation: notions of helping to become future managers and security experts. This module condenses several of the inputs acquired by UCBM within the SLO project,[11] where experts stressed the importance for a security manager to have enhanced technical competences, as well as strong interpersonal competences (e.g. team building, etc.).
Lessons of each module are provided as both frontal lessons and group exercises. A two-month internship provided within national critical infrastructures completes the 12-month Master’s.
In line with the All-Hazard philosophy, the students are driven to deeply analyse all the aspects of the scenarios in terms of threats, vulnerabilities, and dependencies, and then carefully plan detailed procedures in order to better manage the different situations. However, they have to know that such procedures are not “check lists” to be servilely followed, but an outline to be interpreted and adapted to the real scenarios.
So far eight editions of the Master’s program have been held, and statistics show the composition of the Master’s audience. In a group consisting of 21% female students, nearly one out of four MHS program participants is 35-40 years old, and one of three is more than 40 years old (see Figure 1). This statistic is extremely relevant because it highlights that most participants in upper-level programs are already entrenched within their career. Thus, we can assume that their respective opinions have already been influenced and subsequently formed. These data show one of the added values of the MHS attendance: young professionals and recent graduates with their fresh open minds are seated with experienced security experts, benefiting from the active debate that this heterogeneous attendance encourages.
Regarding the expected professionalism developed by the MHS, it has the ability to produce students that are directly shaped through their studies. In Figure 1, two graphs illustrate both studies background and working experience of the MHS students for the past eight editions. Most of the students have a technical degree, i.e. 42% in Engineering and 5% in Computer Science, while 11% hold a degree in Economics and 12% in Law. Among other backgrounds, 6% of students with a Master’s Degree in Criminology emerges. Regarding their job origin, almost half of the students come from private companies (typically critical infrastructure operators) or are independent security experts, while 29% come from law enforcements and 27% are recent graduates. The MHS aims at training the new generation of security experts, providing a wide range of knowledge in the field, including cyber and physical security, management and operational aspects, highlighting in particular the importance, over all these aspects, of the human factor, as a common and weak factor for all aspects of security. Therefore, the MHS teaches procedures and methods that can be applied to the background of each of the students, offering intellectual stimulation in order to apply procedures to their own field of work or expertise. The students’ feedback shows a high and increasing level of satisfaction for the course (a global satisfaction of 4.35 out of 5 has been registered for the last edition).
Conclusions
How does one prioritize threats? Is it truly rational to place focus on one disaster over another? Should we focus more on the domestic or international front? Should an HS program be tailored to counter a specific threat (i.e. cyber-security, industrial, private, transportation, emergency planning, natural disasters, etc.) or should it be a more all-encompassing approach? All these questions represent a real challenge in molding an appropriate curriculum. Once again, we believe that an All-Hazard approach is the answer. The real challenge lies in balancing probability, vulnerability and, most importantly, consequence. A curriculum focused on these elements, with the heaviest emphasis on consequence, is a sound recipe for success.
Is it really possible to have a static curriculum? One cannot know for sure. But, it is possible to create a framework (prioritizing the threats to citizens and subsequently forming a core curriculum) and to allow each program to communicate with others.
References
[1] Frameworks for Higher Education in Homeland Security. Washington DC: National Research Council, 2005 (Issued by the Committee on Educational Paradigms for Homeland Security Policy and Global Affairs).
[2] Quadrennial Homeland Security Review Report: A Strategic Framework for a Secure Homeland. U.S. Department of Homeland Security, Feb. 2010, https://www.dhs.gov/xlibrary/assets/qhsr_report.pdf.
[3] See Kristin Archick, et al., Cong. Research Serv., RL33573 European Approaches to Homeland Security and Counterterrorism (2006), https://www.fas.org/sgp/crs/homesec/RL33573.pdf; Donald H. Wallace, et al., “Exploring Homeland Security Education across the Atlantic,” J. of Homeland Security Educ. 1, no. 1 (2012), http://www.journalhse.org/sft710/exploringhomelandsecurityeducationacrosstheatlanticfinal.pdf.
[4] William V. Pelfrey Sr. & William V. Pelfrey Jr., “Curriculum Evaluation and Revision in a Nascent Field: The Utility of the Retrospective Pretest-Posttest Model in a Homeland Security Program of Study,” Evaluation Rev. 33, no. 1 (Feb. 2009), http://erx.sagepub.com/content/33/1/54.long.
[5] Linda Kiltz, “The Benefits and Challenges of Integrating Emergency Management and Homeland Security into a New Program,” J. of Homeland Security Educ. 1, no. 2 (2012), http://www.journalhse.org/sft710/finalkiltzbenefitschallengesofintegratingemhs.pdf.
[6] Wallace, et al., supra note 3.
[7] Archick, et al., supra note 3.
[8] The Italian word “sicurezza” is used both for safety and security. Its epistemology comes from the Latin “sine cura”, i.e. one does not need to take care for something because some other one does it for him.
[9] Nassim Nicholas Taleb, The Black Swan: The Impact of the Highly Improbable. New York: Random House, 2007.
[10] Charles Perrow, Normal Accidents: Living with High Risk Technologies. Princeton: Princeton Univ. Press, 2011.
[11] Maria Carla De Maggio, Marzia Mastrapasqua, and Roberto Setola, “The Professional Figure of the Security Liaison Officer in the Council Directive 2008/114/EC,” in Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin Germany, October 5-7, 2015, Revised Selected Papers (Switzerland: Springer International Publishing, 2015).