Protecting America's Critical Infrastructure: From War Room to Boardroom
The National Press Club.
June 18, 2003.
JOHN MCCARTHY, EXECUTIVE DIRECTOR, CRITICAL INFRASTRUCTURE PROTECTION (CIP) PROJECT: Good afternoon. I'm John McCarthy, the Executive Director of the Critical Infrastructure Protection Project sponsored by the National Center for Technology and George Mason University School of Law.
We are very pleased to host today's conversation, "Critical Conversation: From War Room to Board Room." This is the first in what we hope will be a series of important discussions. The CIP project began just over a year ago. Its goal is to energize the research community, conduct outreach and education and focus on working with government and industry leaders to develop solutions to pressing national concerns.
We are working to build a program around law, economics, policy and technology sponsoring researchers and scholars focusing on critical infrastructure and homeland security studies. James Madison University serves as a key university partner with us in this unique endeavor.
Critical infrastructure protection was first conceptualized as a national issue in the aftermath of the Oklahoma City bombing. It was fully described in a landmark presidential commission in the mid 1990s and subsequent to the tragic events of 9-11 codified in the U.S.A. Patriot Act. In short, critical infrastructure are those systems and assets so vital to the nation that their incapacitation or destruction would have a debilitating impact on our security, our economy, our public health and safety and public confidence.
As 80 to 90 percent of the critical infrastructure in the U.S. is owned and operated by the private sector, its protection of the gray space where government's responsibility to protect citizens meets the dynamics of the free marketplace. Learning to manage this public private intersection is at the heart of our homeland security discussion today. We know that America's critical infrastructure can only be secured by a concerted team effort in which business to government and business-to-business relationships overcome historical areas of competition and contention to work for the greater national interest.
We are honored today to have six distinguished panelists, senior policy makers, law makers, and industry executives all engaged in our homeland security. Asa Hutchinson is the Undersecretary for Border and Transportation Security with the Department of Homeland Security (DHS). A three term Congressman from Arkansas, he served on the House Judiciary Committee, and Select Committee on Intelligence. Prior to joining DHS Mr. Hutchinson served as the head of the Drug Enforcement Administration.
Congressman Chris Cox is on the floor with a vote, so he'll be joining us in a few minutes, but I'll read his bio. From California's 48th district, Congressman Christopher Cox is Chairman of the House Select Committee on Homeland Security. Highly experienced in business, law, venture capital and corporate finance, he represents one of the world's leading centers of high tech commerce.
Congressman Jim Turner is the ranking member of the House Select Committee on Homeland Security, also a member of the Armed Forces Services Committee. Representative Turner is a tireless advocate on national security matters. Thank you, sir, for agreeing at the last minute to speak. Congressman Harman unfortunately had another commitment.
The honorable John Hager currently serves as assistant to the governor for Commonwealth Preparedness in Virginia. A former lieutenant governor, he is highly proactive in the national homeland security debate. He is a vigorous advocate for state and local perspectives. And has also been a strong supporter of George Mason and the CIP project.
Mr. John Derrick is the current Chairman of the Board and former CEO of Pepco Holdings, Incorporated. Mr. Derrick is co chair of the greater Washington Board of Trades emergency preparedness task force and a senior advisor for the emergency preparedness council of the national capital region.
Ms. Catherine Allen serves as the Chief Executive Officer of Bits, the technology group for the financial services roundtable representing CEOs and CIOs of the 100 largest financial service companies in America. She is an effective advocate for the industry and has instituted significant security programs throughout the financial sector. Both Kathy Allen and John Derrick truly represent what it means to be a private sector partner.
Finally, our moderator is my distinguished university colleague Mr. Frank Sesno. Frank is an award winning journalist with more than 25 years in the business, including 17 years at CNN where he's served as White House Correspondent, Network Anchor, Bureau Chief and Senior Vice President. He has interviewed the last five presidents, numerous members of Congress and many international and business leaders. George Mason University is fortunate to have Frank as a professor of public policy and communication. And I am pleased that he is a senior fellow with the CIP project. Frank.
FRANK SESNO, GMU PROFFESSOR OF PUBLIC POLICY AND COMMUNICATION AND SENIOR FELLOW, CRITICAL INFRASTRUCTURE PROJECTION PROJECT: John, thank you very much and let me, by way of greeting, thank everybody on the panel for joining us today. I hope this will be an engaging, enlightening and truly interesting conversation.
It is a pleasure and a challenge to moderate a discussion such as this and in doing the research for it, I came across a story I wrote while still at CNN. I have it here and it reads as follows. “A new report warns that America's physical and electronic infrastructure if dangerously vulnerable to terrorist attack.
The report which was entitled ‘America's Hidden Vulnerabilities’ warns that attacks on key parts of the infrastructure could have crippling effects.” The date on this was my second day at CNN in October of 1984. I was writing on a typewriter. My mistakes are scribbled out and “X’d” over. We were talking about critical infrastructure and America's vulnerability, when the President was Ronald Reagan.
Now much has changed. On September 11, 2001 the wall of the unimaginable was breached and we are now trying to figure out now how to assure that something of that magnitude or worse doesn't happen again.
So what I'd like to do if I could is start the group off, the panel off with asking each of you to make some brief comments on what should be our lead priorities right now if we are going to have a safer critical infrastructure a year from now? Asa Hutchinson, let me start with you, since you're now so in the hot seat on this in terms of priorities for making the critical infrastructure safer in a year.
ASA HUTCHINSON, UNDER SECRETARY FOR BORDER AND TRANSPORTATION SECURITY: Well, first of all, I think we're safer than we were in 1984 when you first did that story.
SESNO: I hope so.
HUTCHINSON: And Frank, I must say it's a little disconcerting to know that you kept your notes from 1984. You might qualify yourself to run for president.
SESNO: Or be subpoenaed.
HUTCHINSON: Let me just outline some of the priorities. First of all, we have made a significant amount of progress for the first steps of critical infrastructure protection. The first steps would be to know what is out there, starting to go through the assessments, and encouraging private industry and private partners, to take the necessary stages and take security seriously. We are over that hurdle and are making progress in that regard.
As I make comments to the private sector, no one understands how important it is to you because they're your assets to protect. It's your customer base and it's your market that could be destroyed in the event that your sector was harmed through a terrorist incident. So I think, the right strategy is assessments, knowing where we are, and identifying the critical assets and infrastructure that needs to be protected.
The second thing is intelligence. You know, we want to invest our money both publicly and privately in the right direction and we have to sure intelligence even with the private sector. I'm delighted that my former colleagues in Congress had the wisdom to direct the Department of Homeland Security to have a private sector coordinator. Al Martinez Fonce is doing a great job in that regard. We get intelligence and share it with the private sector. We alert them as to what they need to be doing and advising as to where the risks are.
We need to do a better job though. When we went to liberty shield, a higher state of alert, we had the National Guard out protecting some critical assets. One business owner had a call from his manager, who said, I don't know what happened boss, but we got the National Guard out here today. They were a little bit surprised but that's an example of the cooperation we're finding.
Partnerships are an important part of that cooperation. From a government standpoint, I think strict regulation is probably the last resort. So our emphasis should be on building the support in the private sector, building that cooperation, and increasing pilot projects with them when we have funding from Congress. I think those are all an important part of the strategy and the priorities in which we should engage.
At DHS, we are trying to implement the President's Strategy, national strategy to secure cyber space and the national strategy for physical protection and critical infrastructure. That falls in the responsibility of the directorate of infrastructure protection and intelligence analysis. Bob Loskowski is head of the infrastructure protection doing an outstanding job. But they are partnering. Partnering is the right word with those of us in the transportation responsibilities but also with the private sector, and with other government agencies that have responsibility over particular assets. Partnerships, intelligence sharing assessments, and knowing where we're going, pilot projects, are our priorities.
SESNO: Congressman Turner.
JIM TURNER, THE HOUSE SELECT COMMITTEE ON HOMELAND SECURITY: Thank you, Frank. And it's good to be on the panel with my former colleague. Asa, we miss you in the Congress and we're glad you're where you are.
When I try to answer the question, I look at it in kind of through the eyes of the ranking Democrat on the Homeland Security Committee. Our job is to have oversight over Asa's department and the legislation that the Congress passed consists of two groups of items. One is the massive merger of 22 agencies for the primary purposes of giving them a new direction and new sense of how to protect the security of the American people.
The other part, the other group of items in that bill are what I call the new things, the things we weren't doing before. From my perspective, the important thing for us to accomplish here in the shorter term is to make the new things that were in that legislation work.
For example, there is an office in that department called the Office of Information Analysis. That office collects information about the critical vulnerabilities we have and matching those up. Now that office from what we could tell in our committee hearing is not even off the ground yet in accomplishing that task. Testimony we recently heard from the gentleman that heads that department, indicated that the information from the critical infrastructure side was delivered to that office a few weeks ago from the White House, where that task previously resided before the creation of the department. That office is not yet capable of receiving the high level intelligence information yet.
So I think, the priority that we ought to have is to be sure those new functions actually happen and happen quickly. Because until you get the right information on the threats flowing to one office, and the information regarding our critical vulnerabilities to that same office and you match those up, you don't know what the priorities are. Then you end up with everybody running around from folks in business, folks in the department, folks in Congress saying “we've got to do this, we've got to do this, we've got to do this,” and nobody really has sat down and said, “OK, here are the first five things that we've got to do. Here are real problems when you match up the threat with what our critical vulnerabilities are.”
I hope that we can do that, and come out with a set of priorities. This will give us the courage and the commitment to address those problems first. Now that is a tough responsibility and the gentleman that has that task in his office is certainly in a key position to protect the security of this country. But to make those choices, and to set those priorities, the initial collecting has to be done. It's a hard task because in many ways, you'd rather not be responsible for telling the Congress here's where you need to put your limited dollars first, because you might be wrong. But somebody has got to do that, and I consider it the job of the new Department of Homeland Security. I hope that they can get that done because I believe that is first priority.
SESNO: All right. Thank you very much. That's something that I'll call on Secretary Hutchinson to comment on in just a little bit. John Hager, why don't we listen to the state perspective here for just a moment.
JOHN HAGER, ASSISTANT TO THE GOVERNOR OF VIRGINIA FOR COMMONWEALTH PREPAREDNESS: Right. Thank you so much. I too, am pleased to serve on this panel. As the paradigm has shifted in homeland security to more of prevention and vulnerability reduction, I think it's time that we talk about critical infrastructure, because that's where the action is. That's what we owe to our citizens for their safety and security.
So why focus on critical infrastructure? Well number one, we owe it to our citizens. Number two, it is the total economic backbone of the Commonwealth and the income to the State. How we handle it will determine our future from an economic development standpoint as we go down the road.
We tend to be very much more action oriented at the state level to try to get things done in this whole arena of critical infrastructure. Let me give some examples. Take the transportation arena. We went through a risk assessment process with the various transportation pieces in Virginia, risk modeling them to identify the significant intersections and the sources of maximum exposure . We then took extra protective measures to deal with those situations, some of which even in transportation are private sector situations where we partner with the private sector.
With utilities, we began to have trouble because they're concerned about information being released to the public, of course. We took the lead to pass the sensitive records protection act, and the freedom of information act, exemption, preparedness infrastructure and vulnerability information last January in our general assembly. Both those bills were passed. And we were able to insert a no fault environment collaborative approach with our utilities bring together their information to executives with the criminal investigation bureau of the state policy and the emergency managers in a fusion effort to be better prepared to deal with the challenges to the industry.
We decided we had to do a thorough audit of state government infrastructure in the cyber world. We had to first protect our systems before we could go out and ask others in the private sector to take similar actions. So we're trying to develop a model.
Schools are a good example. We passed a piece of legislation in January for mandatory annual school safety and security audits with emergency preparedness action plan, which had never been done before.
Public health is a good example is dealing with the SARS threat. What does SARS have to do with critical infrastructure? Well it has a lot to do with our hospitals and all of the facilities we use in health and medicine. But the way you would deal with SARS is the same way you would deal with bioterrorism. And so developing the National Capital Region’s SARS plan is a good example of how we're taking an action oriented approach in the health and medical field.
SESNO: All right. Cathy Allen?
CATHERINE ALLEN, CEO, BITS : OK. The numbers are bantered around but anywhere between 80 to 95 percent of the critical infrastructure is in private hands. A good part of that is in the financial services industry. We view the financial sector as being one of the very top major targets. Look at the 9-11 attack. It was an attack not only on an icon of America, but it was an attack on the heart of the financial sector. It was an attack on public confidence, in a way, undermining the economy.
What I believe terrorists would like to do is undermine that public confidence and really shut down our economy. That could occur if, major financial institutions and payments and settlements infrastructure was affected. Now what do we think is most important? Because of that, we focus very much on cyber security and the concerns about making sure that electronic systems have redundancy and are up and running. We also pay attention to things like communications. The ability to get our CEOs and Department of Treasury and BHF and other groups to be able to talk if there is an incident because it's as much about ensuring public confidence as it is about fixing those systems in the back rooms. We also are concerned about interdependencies. Our regulators hold us responsible for end-to-end safety and soundness in business continuity. But yet we're entirely dependent, almost entirely dependent on the telecommunications and electric infrastructure. So what we do with them is critically important for our business continuity.
Lastly, it's very important that we can do information sharing. That we have the ability with some protections both anti trust, and for FOIA to be able to share with each other valuable data about what is happening in our institutions. The number of attacks or attempts on financial institutions is every day, every hour, every minute because not only do they want our money, they want to shut down the system. So we have some of the best experts in the industry on security. This is an important thing to be able to share with other people.
SESNO: And finally, John Derrick.
JOHN DERRICK, CHAIRMAN AND FORMER CEO, PEPCO HOLDINGS, INCORPORATED: If I might speak a little bit to the bigger picture here for a minute because in answer to your question, what I'd like to see a year from now is a lot of answers, and a lot of action on some of the things that have been touched on here.
I would say there are three overarching questions that we're all engaged with here. One, what should be done? Two, who pays? Three, who decides the first two? The electric systems and all of the infrastructure systems in this country, most of which are in private hands have been mentioned were designed in an open way in a country designed and built in an open way.
The contingencies we've built in to our systems are normal probabilistic failure circumstances empirically developed over time. You learn in this industry over 15 or 20 or 30 years how many spare transformers you need to deal with probabilistic things. We had some real significant milestones. We had a black out in '65 in the Northeast which led to the foundation of something called the North America reliability Council through which our industry does an awful lot of its coordination and so forth.
There are also local circumstances. It’s not surprising that the electric system designed to supply downtown New York City or downtown Washington D.C. is a little different than the way it's designed to supply El Paso, Texas. So all of those factors we are based on the history and 9-11 has brought mega changes.
One change is how to restrict this openness that's been touched on here. I've just jotted down the way I would put it to you. We've closed the door, then I've got FIRC. Read the federal government. We've closed the door that the federal government opened a number of years ago as our industry was going to be going through a transition to open markets. We were all told to provide all kinds of information which we did which would sit up on the Internet. And today, you can go in to the Internet, buy a book for $1,400 which locates every power plant, every major switching station, every gas pipeline mode. You can buy it on the open market over the Internet. How do we deal with that? Well what we've done is we've closed the door on refreshing that information but nonetheless it's out there, and it's a big concern.
Second, 9-11 has brought to us is the question of how do we design, or change our design or operating paradigms to accommodate sensitivity to terrorism. That is a contingency we never designed for. And in our industry, a very important question is “is it the grid?” In other words, is it my system or is it behind the meter? Obviously some of both, but an awful lot I would submit is behind the meter as opposed to the grid, if in fact you want to make sure you keep the lights on under a broad range of terrorism scenarios.
Traditionally, the cost in our business is born by the users or the customers on both sides of the beaters. State regulators have been the arbiters and the gatekeepers for cost associated with the grid. State regulatory authorities have made decisions about what we could charge for. And those decisions, obviously, were important as to what we build and what we didn't build. The federal government has had very, very little roll in the past. The federal government is going to have a huge roll going forward because of the weakness in our industry. Secondly, the general economic softness does not provide fertile ground for revenues coming from shareholders or from customers of utilities. There is no incremental revenue to cover this. Many of the companies in my industry are in pretty bad shape.
So who decides to help sort all of this? Obviously, the Congress has got a key roll as well as DHS. My personal view is the most significant thing that was done in this whole area was the establishment of the DHS and then the National Capital Region. But there's a bunch of other players that pertain to our industry that are very important. The regulatory commissioners, are Edison Electric Institute, the National Rural Electrification Administration, American Power, and the Public Power Association. A whole bunch of people have a say in this. Finally, the North American Reliability Council which is a volunteer organization, now needs to have the weight of federal law behind it. That's a component of the energy bill. Are we every going to get an energy bill? I don't know. We need to have the NERC authority in law sooner rather than later, or we're just going to miss a big opportunity to really be able to do what we need to do.
I would say the answer to the question who decides all this is a hodge podge of all of those factors with DHS as a designated leader. And in our industry the North American Reliability Council is the principal, technical help mate.
So that's a quick summary of what I would like to see a year from now. Hopefully if we met a year from now, we would have some of these things checked off and hammered down and say “Yes, we got it.”
Let me talk very briefly about the local situation. My company and the other companies in our industry have done all kinds of things in a post 9-11 world that you would expect. We have upgraded and enhanced our security. We've turned up those relationships we have with local and state governments. We had all of those relationships anyhow, but we have gone through a process together working all of that out. In today's environment, we're having drills and all of that.
But one of the things that concerns me and anybody else in similar circumstances, I was in a meeting the other day and someone said, “you know, we have done all that is reasonable to prepare for terrorism.” My answer to that was, “what's going to be determined reasonable -- who will determine reasonableness is the front page of the Washington Post or the New York Times or CNN.” So if we don't work together on what is and is not reasonable preparation steps, then I think we're all going to be very, very sorry if something happens.
One of the things we did in this region, as I mentioned I was co-chair or the Washington Board of Trade entity that's dealing with this. We work very hard along with some others to have established a National Capital Region Office of the Department of Homeland Security, because those of you from this area know how difficult this area is to govern. Two states and the District of Columbia, all have significant federal presence. Our view was we had to have something special. Well we prevailed in that view. There was a national capital region office of the Department of Homeland Security, a very competent person named Michael Byrne is the director of that office. Under his leadership we are now doing a whole lot things in this area to just keep coming up this ramp of preparedness.
That was a very, very critical thing to do Asa and we're very, very thankful that that happened.
I can tell you right now we're more ready than we were in 1984 or prior to 9-11. A year from now, we'll be even more ready. But what means ready is something that I think we need to spend a fair amount of time working together on. Or otherwise, we're all going to be hanging out there in some fashion when some particular instant comes out.
SESNO: All right. Let me open the conversation up amongst you, if I may, and we'll start with Asa Hutchinson and your response to what the Congressman said at the outset of this. If I have followed your comments up in the past, and up until now, the resources that are necessary to get that done internally as well as move it through externally. Do you want to respond and then start talking about priorities here?
HUTCHINSON: Well I think the Department of Homeland Security has made enormous progress since it was set up less than six months ago and we had 22 agencies come on board March one. When you think about the fact that you had the hostilities in Iraq, we went through 30 days of a higher alter status here, operation liberty shield that we successfully defended our country for a counter attack, which is in essence what we we're having to do at that point. These are good things I think the Department has done. We have been careful as we've moved forward organizationally not to jeopardize our security and so we've tried to move forward thoughtfully, methodically under Secretary Ridge's leadership.
When it comes to infrastructure protection, you know, the head of that director is being confirmed as we speak. So, yes, it is taken some time to get all of the players on board. But despite that fact, they have moved forward at the staff level tremendously. We are capable, whenever we had to call the governors and tell them what they need to protect in their states. We had a list of the critical infrastructure that they needed to guard we could provide that to them. We asked them to take the measures and it was a successful endeavor.
When it comes to intelligence, the Congressman is right, we have more progress to make. But I assure you that I receive the highest level of intelligence compartmentalized that I need to get my job done and so does everybody at the Department of Homeland Security. We've got work to do, but I think that we have the right strategy. And we hope that one year from now that strategy will be way down the line in terms of implementation.
SESNO: Congressman, does that answer your question?
TURNER: Not bad.
HUTCHINSON: We've been doing this for awhile.
TURNER: Since you gave me the opportunity let me say this, I certainly am sympathetic to the fact that the department is relatively new and the task of putting all these 22 agencies together is very time consuming, which in many ways is part of the problem.
I know that when we debated the creation of the Department of Homeland Security, there were many who said that this massive merger of federal agencies was going to bog these agencies down in reorganizational task, and management decisions, and human resource decisions, and detract from the central focus that the Department needed to have. And I think it's apparent that there is a tendency to have your time and your energy consumed by those kind of reorganizational functions.
But I do also believe that the responsibility was given to the Department in this area of collecting the intelligence information in a central place, and matching that up with a fair and clear analysis of our vulnerabilities is the key to making it work. The Office of Information Analysis, is in many ways the nerve center of that department and it has to function in order for the rest of the agencies to know what they're to do on a daily basis. At some point, it is also clear that this information has got to flow down to the states and the localities. Because one of the things you hear most commonly from local officials, law enforcements, mayors, is “what's this alert about and what am I supposed to get ready for?”
I certainly think there is a need to revise the alert system because the information should flow which triggers alerts, could be information that would cause you to alert a certain geographic area, or a certain industry. But most certainly, not in all cases, would the entire nation need to take steps that cost literally millions of dollars to local governments, to businesses who make the adjustments to move up the chain to the higher alert level.
That issue is one that should be dealt with, but I think it's also symbolic of the problem that I mentioned and that is, right now we are in a stage where we're saying we've got to get ready for everything and everybody's got to do everything. And I hear a lot of complaints from business folks who come through my office saying, you know, they're about to put on a bunch of new regulations and requirements. I had a group in my office just before I walked in the room here today and they were in the distilled spirits business. They have to face all these new regulations coming out of the FDA to tell them to give prior notice before they move food product and all this kind of stuff. So, there's a real need to go through that assessment.
SESNO: Are you opposed to that? Do you think they shouldn't be giving prior notice because whether it's chemical shipments on trains that are moving through population centers, or in some cases, food stuffs and that kind of thing as you've just pointed out.
TURNER: Obviously
SESNO: Much of the discussion about protecting critical infrastructure deals with information that can be debilitating in terms of slowing things down or costing money, and yet where's the balance between that and security?
TURNER: There's certainly a great risk of over regulation here.
SESNO: What did you tell the spirits folks?
TURNER: I told them that I wanted to hear what their meeting this afternoon with the FDA revealed, because I'd like to know what kind of restrictions the Department is planning. But the bottom line is that these decisions can't be made by one congressman. It can't be made by the Congress as a whole. The right place to make these decisions is through the Department of Homeland Security. This responsibility to DHS was charged by the Congress in Homeland Security Act.
SESNO: John Hager, what about the notion of information sharing and preparedness, and intelligence, as the Congressman lays out, that is trickling down to state, and local, and first responders, and others?
HAGER: Well, certainly, the Congressman has described how it's evolved out of the Congress very well.
You know, we talk a lot about shared responsibility when we get to critical infrastructure, but I think equally important of shared responsibility is defined roles. Now, an example of that is Border Security.
Asa Hutchinson has done a sensational job with land, sea, and air border security in the last few months. And they've really made giant strides. That's a role that they have at the federal level.
We have certain roles at the state level. One role is to work with our universities in this benchmark. George Mason’s project on critical infrastructure, which is designed to define the roles of local, state, federal, government and the private sector across the 13 critical infrastructure sectors, particularly here in the national capital region, is model for the country. That project, I think, is going to go a long way in helping to define these roles of the players here.
So often, those roles muddy and they cross over. When you talk about the national capital region, you're talking about crossing over jurisdictional lines. That's why we got the two governors, and the mayor got together last August the 8th for a summit where we defined eight commitments to action that we would pursue as a collective group over the next year.
And in fact, the senior policy group, which is headed up by Mike Byrne has two representatives from Virginia, Maryland, D.C., and the federal government each. We work together every week to try to push the ball forward on these eight commitments to action, defining the role of the jurisdictions, and then taking actions to try to carry out that role.
I think this role defining, and intelligence is a good example. Intelligence, comes from all sources. But you've got to bring it together and fuse it, and then turn it back around rapidly so that it can be used by the people on the ground at the state and local level who really need it and who can do something with it.
SESNO: The electricity generation industry, depends on oil and gas. One hundred sixty-one oil refineries in the country and 1.3 million miles of natural gas pipeline. The oil and gas and electricity worlds are in different orbits, with thousands of owners and operators and many of them competing. Many in the sector aren't doing very well frankly right now with their values and their cash flow, and their profits. Can these industries possibly protect this infrastructure voluntarily? What is the incentive to get this done.
HAGER: I don't think they can protect them to the level that ultimately the media would determine is appropriate if something happened.
SESNO: No. This is not about the media, trust me.
HAGER: No. But, I mean, this has got to be the measure.
SESNO: The measure is the safety of the American people and the satisfaction of the Department of Homeland Security and the industry.
HAGER: And I can tell you from the perspective of this company and this industry, there's nothing that we can do in this company and this industry to protect the gas pipelines or the oil refineries. That is somebody else's responsibility. I'm responsible to keep the lines on and the lights go off because I'm out oil, that's not my problem. So dividing up who's responsibility it is and what are the circumstances we're designing against is very important.
But the money to do anything materially different than we have done up to this point is going to have to come from the federal government. If not, the governors are going to have to tell the state regulators to allow these rates to go up considerably and I think there will be an awful lot of pushback to that.
HUTCHINSON: In regard to the energy sector that you described, it's a layer protection. No one entity, private sector, state, local, or federal government can handle at all. When I say "layer protection", the first protection against that type of incident on a pipeline, would be knowing who comes in and out of our country, and having good intelligence as to who's trying to come in to do us harm. If we have a good layered protection on our borders and our transportation industry, that's going to help us in our pipelines to protect them.
The second thing is to limit vulnerability. As John pointed out, there's not one segment that's responsible for the whole thing. We do not want to have damage that destroys one area, and causes a cascading failure for an entire system. Vulnerability needs to be limited. It cannot be a perfect system because we are a free society, but with layered protection and division of responsibilities, we can create a good mosaic of protection.
ALLEN: I would say I can give an example of at least where two infrastructures working with the federal government are trying to address those interdependencies. That's in the telecommunications area through the NCS, which is now a part of National Communications System, which is now a part of the department. We have been working with the telecommunications industry, CEO's, the financial sector and telecom, to identify some of the vulnerabilities and to identify ways to recover.
We're actually doing this on a geographic region by region in almost. It's an unparalleled event where we're bringing the players together to share data. This goes back to the information sharing, in a secure environment that allows us to share very sensitive data, look at where the vulnerabilities might be and what we need to recover together as two industries. In the end, however, it's going to take more than us. It's going to take the government and incentives to help make the needed changes in the telecommunications infrastructure. But there are ways that two industries can work together in very specific areas.
HAGER: Certainly. Let's use the example of a nuclear power plant. When they do everything they can do and that they have to call on government because protection is beyond the resources that they have available, we step in. The feds deal with the airspace issue. The Virginia Marine Resources Commission deals with the water side issue. The Virginia State Police provides a greater buffer around the plant on the land side. It's a cooperative effort, and then everybody recognizes that mores needs to be done.
SESNO: If I can play the role I'm supposed to play for just a moment, if I listen to you, mostly I think everybody's holding hands and singing Kumbaya together. It’s a big challenge but we're making progress. But Congressman, some believe that industry, the private sector, at least parts of it, are fundamentally opposed to the kind of information sharing that you're talking about for a variety of reasons.
For example, the chemical industry is resistant to new regulations, and has been writing to senators just last month urging them to block security requirements for chemical plants. Manufacturers are opposed to the kind of regulations you talked about to disclose cargo manifests the day before shipping, because it just slows things down. Financial institutions are opposed to the idea that they're supposed to be keeping tabs on foreign account holders and others.
HAGER: We debated this issue when we passed the Homeland Security Act. I came out on the side of trying to protect the private sector's confidential information, to allow them to provide it to the Department of Homeland Security and know that it would not be made public. My reasoning was that if there was no effort or need to improved security, we never would've been asking for this information. So if the private sector's going to provide it, then the government ought to honor the confidentiality of that information.
I understand the implications are in terms of the bottom line, particularly in certain sectors. In the banking sector, for example, if you had to announce every time your system had been intruded, nobody would bank with you. I mean, the truth is it happens all the time. That kind of information should be able to flow to government so that there can be a cooperative effort to try to solve the problem. So I supported the effort to try to protect the private sector by providing of information on a confidential basis.
SESNO: … On that particular example, what does government, DHS, law enforcement, intelligence need from the financial sector to track those who would launder money.
HUTCHINSON: Well, first of all, information that's provided of critical infrastructure should be protected. We're taking steps to do that, by publishing the rules to protect that information. Secondly, there has to be a good flow of information. Certainly, we should be able to tell the financial sector as to intelligence that we have that might impact them whether they're a target and it should be, as Congressman said, as specific as possible.
But in terms of what we should gain from them, they have a responsibility in the banking sector, the financial sector, to do diligence on their customers, to make sure that they do the proper checks, to make sure that they are not facilitating someone who wants to engage in criminal enterprise or terrorist activity, and to aid them in an endeavor. We have a strong level of cooperation. Sometimes there's tension there, because obviously you want to protect your customer base and the privacy there, which leads to some resistance. But I think we've got to a much greater comfort level in recent years as to the critical role they play. We expected they would cooperate in the national interest and with the regulatory guidelines in providing some of the essential information to us that might be helpful to know who the bad actors were, and to prevent them from using the integrity of our financial systems for their own gain.
Whether you're looking at alien smuggling, terrorist activity, drug criminal activity, or a whole host of others, they have to get the money out of this country, and that's where it goes to support the illegal activities and are using our systems to do it. Therefore, that's where we have to have the cooperation and help of the financial industry.
ALLEN: I would say we've had unparalleled cooperation, and especially in the last couple of years, on fraud, prevention on money laundering vis-à-vis anti-terrorism , whether it's the Patriot Act or some of the requirements from our regulators in providing information and working very cooperatively with law enforcement. Because there is much at risk in the cyber security side, where we're concerned about our systems being compromised, as in the protecting the trust factor we have with our customers and with the government. As an industry we have requested certain protections to communicate with each other to share this information and to help track types of activities that are going on.
SESNO: Are you supportive of the kind of information sharing and proactive information sharing? Essentially profiling your, you know, banks -- financial institutions profiling their customers as they come to you?
ALLEN: No, we're not. It's very difficult.
SESNO: They want Kumbaya here
ALLEN: Exactly. I think it's one issue to comply with suspicious activity reports, known terrorists, known criminals, no problem whatsoever. It's that gradation, that gray area between, which is a problem. What's the balance between invasion of privacy, and customer protection, and the need to know on the part of the law enforcement or the Department? I think that's where the negotiation comes in.
SESNO: You want them to go first. You want them to be doing something -- the financial institutions to be doing some of this due diligence closer to the customer and the transaction, correct?
ALLEN (ph) (?): Well, I agree that there is a balance that could be crossed or line that could be crossed.
The Suspicious Activity Report is a very good tool and if the banks use that effectively, we will accomplish the common goals that we have. Whenever you're looking at the due diligence requirements, I think that there's some liability incentives for the banks to make sure that they do that for their own protection. I don't think that the banks or anyone should be snooped. They ought to be reporting to the government. That's not the design there. I think there's rules to be followed and there's common sense to be followed there. But clearly there would be some instances where there would be an affirmative duty and my judgment upon a financial institution to give us information that would be helpful to prevent an attack if that comes across their plate just like they would any citizen. I think they understand that.
ALLEN: Not only do we understand that, but I think we're proactively doing that.
One of the things in cooperation is we look at where there are temps (ph) and if there's patterns. A good example is the bug there, the virus that was -- that came out last week, which implied then that it really attacks towards financial institutions. It's something that we worked very closely with the department, with Treasury, and others to try to understand the implications. Was it just a test? Or what was happening. Nothing really happened to financial institutions on that. But often times, the cyber terrorists are testing to see what systems they can get into. And I think that's where we need to work very, very closely.
SESNO: John Hager, let me ask you something that we saw in the paper the other day. I'm interested in your response to this from the state level. Brian Bayer, the NFC Counter Terrorism Official resigns, goes off to work for John Carey. In The Post, it says, Homeland Security is suffering from what he called "policy constipation" because nothing gets down. He says, "There's insufficient progress on cyber security, port security, infrastructure protection, immigration." I'll let you -- from the state level, I mean, you've got a lot of this happening there, right?
HAGER: Absolutely.
SESNO: Is he right? Is he even close to right?
HAGER: No, I don't think he's even close to right. I think we're making tremendous progress. Recognize that we'll never be totally safe and secure. Everybody says that, they know that. It's a vast country. We're a free country. So you've got to keep that in mind.
But take port security, it is remarkable what the Virginia Port Authority has done and accomplished in the last 18 months. It did risk assessments, addressed priority of needs, and carried out the resources by getting them to meet those needs. If you go down there today, it's a totally different place than it was 18 months ago. So is it perfect? No. Is it totally secure? No. But it's a heck of a lot better off than it was and I think it's just a good example. Some of the things on his list are federal level activities. We need to recognize that this is a major challenge and that good people, particularly our first responder community at the local level have really put their heart and soul in working together in dealing with some of the challenges that we have. And this is a big change from the way it used to be.
SESNO: Congressman?
TURNER: Well, I read the same article that you quoted from. You know, in my estimation, what I think I see is that we have yet to see the kind of refinements, that I was referring to earlier with developing the systematic way to assess the threads compared to the vulnerabilities, and perhaps even in the larger sense, to establish a plan where we can win the war on terrorism. We are struggling along thinking we're going to protect this, protect that, do this, do that. The folks down at the local level, they are doing a great job with the limited resources they have. It's amazing to look at the country in a spirit that's outpouring since September 11th. You know, most firefighters and police officers never felt they'd be soldiers in the war against terrorism, but they are and they've accepted it without question. There are some good signs.
But we do need, in terms of policy, a comprehensive commitment and plan to win the war on Terrorism. It involves a lot of things, like being sure that in terms of our international policy and our relationships, we create a safer world so that the world doesn't keep producing folks who are ready to join Al Qaeda and other terrorist organizations.
Those are the kind of fundamental issues that have got to be addressed to be sure this country does ultimately get to the point where we can declare that we have won this war and we're no longer living in fear. It's wonderful to see the outpouring of interest on the part of the private sector, the local responders, and everybody trying their best. But this has got to have some direction some clarity to it. I don't mean to be overly critical of a new department, but we've got to get there, and we've got to all understand that we're just in the beginning stages of knowing how to protect the security and safety of the American people.
SESNO: I'll let you take a shot at that, and then we'll start opening up to questions.
HUTCHINSON: Well, the national strategy is important, and we have a national strategy that's been adopted that is very comprehensive. It outlines the strategy for cyber security, infrastructure protection, and border security. That strategy is what we go by every day to win the war on terrorism.
In reference to the comments about the slowness of policy, I would emphasize and underscore one particular point. We, DHS, were given the marching orders that you're not going to be criticized for being too bold. You will be criticized for moving to slowly and not aggressively enough. Whenever Congress set us up, they gave us certain timelines. Whenever we brought the organization's 22 agencies on March one, we did it on the first available day that we could do that. We could've waited months, and months, and months to do any of that. We have moved very aggressively both policy wise, organizationally wise, and I think strategy wise in the most comprehensive manner possible.
SESNO: Rand Beersr said, "Authorities don't know where the sleepers cells are and vulnerable segments of the economy such as the chemical industry cry out for protection". Now when Americans read that, that has to have a very worrying effect.
HUTCHINSON: Well, it does. And I think they have to remind themselves that we’re entering a presidential campaign.
SESNO: Is that what you’re saying, though? Is he merely politicizing this?
HUTCHINSON: In a free society, there will always be vulnerabilities that you can point to. That is the absolute rule of American freedom. But I think that we have to be realistic. we have to be fair in our analysis, and thoughtful in our comments because it does alarm people. I will say that the FBI ’s done an outstanding job in going after sleeper cells and building the capability to prevent terrorism in the United States. I brag on them because I think that they’ve done a good job, in combination with our intelligence operations overseas. I have great respect for Ranveer. He was on the inside; he decided to leave.
SESNO: One more, before we go to the floor, on the subject. Unfortunately, I’m told that Congressman Cox is not going to be able to join us, because his legislation is on the floor. Details, details, right?
But Tim Rockwood and I did talk to him the other day and one of the things that concerned him was, that DHS have a more robust and real information and intelligence assessment function within it and to connect these industries and the states and everything. Now, that’s not built in right now. In fact, GAO report from last month noted that in some specificity. What’s your response? Is it a missed opportunity? Do we need to do that? Or do you think that DHS and protecting critical infrastructure, and doing these things, can be done without that critical component built in?
HUTCHINSON: Well, I mean, the President directed the Terrorist Threat Information Center (TTIC) to be set up, which is what brings in together the CIA, FBI intelligence all together. Now we do have an analysis function, which we’re going to be very robust and aggressive in. It’s not perfect today. We are developing that. It is a strong capability, and so, yes, we have progress to make. We have a ways to go and in the analysis side of it, we’re getting better. We do hope to be able to improve the alert system. I agree with Congressman Turner that it is important, when we have specific intelligence, that we’re able to pass that on specifically, so that we don’t have to have a national reaction, if it’s a specific threat to a specific locality.
I think if you have information that the threat has increased nationally to the United States, one should question if that information should be shared with law enforcement, whenever it’s general threat to the nation? I think we ought to share that with law enforcement.
Now, the second part of the question is: If you share it with law enforcement, should the general public know about it? They’re going to see the increased patrols and increased enforcement. So we’re faced every day with the real decisions about what kind of information to share. I think that when we have general information, we have to share it in that way. But hopefully, we can develop the capability to have specific information that will not cause the reaction in all segments of our society, when it’s only a threat to one particular element..
HAGER: All I was going to say is that the policy will come. But to me, Homeland Security’s about leadership. You know, when we define our office, we say we’re a leadership office, we’re a coordination office, to work with and through others. We’re a policy office, because policy’s important. I think taking the lead with threat alert system is a great example. We’ve got a state-specific threat alert system that supplements the national system. But we use it in a way that would be selective to areas of our state or cities or industries, depending on circumstances, depending on the flow of intelligence. The flow of intelligence is a whole lot better than it was a year ago. So this is an evolutionary process and policy has to catch up; that’s fine. But it is about leadership.
SESNO: Let me open to questions from the floor, please.
AUDIENCE MEMBER: Yes, thank you very much. Secretary Hutchinson – long ago and far away, I was U.S. Marine and subsequently I was a young police officer. And in both cases, I dealt with security by focusing on threats to symptoms of security: protecting myself, others, facilities, property. Quite simply, I dealt with potential threats at the level of symptom as well, by preventing would-be attackers, terrorists – from attacking the self others, property, facilities ,which is kind of superficial, and was very, very effective at that level. What I hear here is an improvement on what I experienced 20 years ago, which is calling for a monitoring, early-warning system at multiple levels of sectors, competencies, and jurisdictions to identify vulnerabilities. Then identifying, in terms of Division of Labor specialization, persons, agencies relevant to dealing with those vulnerabilities, and then the big problem: coordinating all those efforts to reduce the vulnerabilities. What I don’t hear would appreciate if the Secretary and others could comment on is this. Where is the bigger picture that Mr. Dirk talked about – the bigger picture for reducing the motivation of people to becoming terrorists, to attack those horrible targets. Are any of those 22 agencies or as anything at the state level, or at the private sector level dealing with those longer-term, deep-rooted problems or motivation for people to become Mohammed Atas?
HUTCHINSON: I think, obviously, that’s important and there’s a lot of other agencies involved.
From our standpoint, one would try to communicate with the sections of the population that could be resentful of security measures. We have a civil rights division that looks at that and we try to communicate well and make sure that our policies are fair that are out there. But beyond that, I think there’s probably some State Department initiatives that address that overseas.
UNIDENTIFIED PARTICIPANT: ... I was an attorney with David Housetter but I was Chairman of the NLRP and I found out that instead of asking the senior executive service and the presidentials (ph), I got my best information about security, costs, moving cases and so forth, from the mail room, the delivery services. Everything for security does not cost money. I would suggest that you contact the people below that are actually doing the jobs. I bet you they have plenty of good ideas. The one example that affects you, Mr. Congressman from Texas – the porous borders – there’s a regulation by a previous administration that the border guards to wave through anybody that needed hospitalization. That resulted in billions of dollars of unpaid hospital bills. That’s beside the point. But terrorists could come by claiming physical disability, and blow up a little bit of inner structures along the way. There’s nothing to protect us from that regulation.
HUTCHINSON: You’re absolutely correct that the greatest ideas in security comes from people at the grass roots level. We do have means of listening to them, doing a lot of things to get their ideas. Secondly, the success of our counterterrorism efforts should not be judged just by how much money we’re spending. A lot of things come from good strategies, things we can’t measure from terms of money.
The last part of your point is the policy of bringing people in the country who have acute emergency needs. If we had somebody – for example, a burn victim; yes, we bring them into the United States to get the best care provided here in the United States. Obviously, when we do that, we still have security precautions. And not just everybody should be able to come in that way.
AUDIENCE MEMBER: But they do.
HUTCHINSON: Certainly, there very well will be some things we need to look at. So, thank you very much
AUDIENCE MEMBER: Unfortunately, it’s a primary for the Secretary. So you can listen as you leave. I won’t expect an answer. The question has to do with the need to coordinate between security and regulatory environment. We all lean on each other in various industries. But federal agencies lean on each other as well. so, it would be nice to hear about a plan to insure that regulations coming out of one department do not impede the ability to increase homeland security ...
SESNO: Congressman, you have some oversight here. You want to take a whack at that? And then let’s listen to the private sector’s take on that. Because you have to deal with the – with the rules and regs that come out.
DERRICK: It’s clearly a serious problem. The group that I met with, that I referred to, just before I came today, talked about the fact that they’re now receiving these regulations from the Food and Drug Administration. But they’re also regulated by customs. Some of the same information they’ve already providing customs is now being asked to be provided to the FDA. So why can’t the two agencies get together and just share the information?
A lot of examples of that and I would say that the Department of Homeland Security has the responsibility to be the point that sorts this kind of thing out. You know, not every agency that deals with homeland security is under the umbrella of the new department. But a whole lot of the agencies are and I think those that aren’t need to be working with them. But it’s a serious problem and I think it’s something that government’s got to address. Otherwise, you know, the cooperative spirit that needs to be developed between government and the private sector depends, in large part, on whether government appears to be reasonable in the eyes of the private sector. When you start asking for duplicitous information, when you start putting unreasonable requirements and when you’re not sensitive to the confidentiality needs of the business community, then you’re tearing down walls or you’re tearing down the relationship and building walls.
SESNO: John Derrick, does that sound familiar?
DERRICK: I think the only thing I’d add is one of the opportunities we have with this National Capital Regional Office , the Department handling the security, is to talk about this kind of stuff, on an operational basis. One of the things that we’ve done through the council of governments is put together it’s a virtual command center circumstance. So sometimes, in Montgomery County, the Montgomery County first responders are the incident command. Then there’s this network that can be put together very quickly: wireless communications that allows other people to weight in and be more coordinated.
There was nothing like that at 9/11 and a lot of confusion took place. Now it’s not perfect yet and we’re going to work hard at it. A lot of practice in trying to make it perfect. But we’ve put some steps in place.
I think at the local level, you do the best you can do with the resources that you’ve got and you get people to work together. Then where you have the problems in a larger way, the government’s not coordinating itself between departments. To me, that is what the Department of Homeland Security is about, in terms of this subject area. You would go to that place now where there’s one secretary who theoretically can raise more hell than when all these agencies were spread all over the place.
ALLEN: I would say in the financial sector, we actually had been fortunate that the regulators in the financial sector, everyone from the SEC to the OCC to the fed, actually worked together. They recently issued both a white paper on business continuity, and now handbooks on security and business continuity. So at least from our perspective, we’re getting a cross-regulatory perspective on this.
TODD LA PORTE (GMU): A couple of words that jumped out at me, when I was listening to all of this. “Anticipation versus resilience” is a phrase that an eminent political scientist coined. Anticipation is something we can do with a policy matter, when the threat is pretty constant. But when threats are not constant, when the environment is changing rapidly – or is unpredictable or uncertain – anticipation can end up costing a lot in resources that you’ve committed, that don’t work out. You plan for something that never occurs. Resilience is the strategy he (Aaron Donoski’s the fellow who wrote the book) suggested that is the alternative strategy. Mr. Derrick, when you commented on the design issue, you said that we had planned and built an electrical distribution capability that was based on an open society that was essentially threat free. So my question is: Is the threat of terrorism substantially permanent now, compared to what it was in the past? In other words, is the environment permanently uncertain? Also, following from that, if it is, then, from the private sector folks and the public sector folks, what incentives do you see being necessary for the infrastructures that we continue to rely on to be designed and migrated as quickly as possible toward a resilient profile, rather than one that has got to be protected at great cost, and potentially cost us more than we really need?
DERRICK: That’s a very insightful way to look at this, much more coherent than I probably was in my remarks. From a practical point of view, assuming money was no issue that would mean you would only spend so much money, girding up the grid. You’d want to spend a lot of money behind the meter, because if you want to keep the lights on in this building, you really want to optimize your opportunity to keep the lights on in this building, under a broad range of terrorism, or any other kind of contingencies. You’d put generation in this building, because grids, by definition, cannot be made 100 percent continuous. It’s that sort of interface that I was alluding to that we need to talk a lot more about, because no one has – no one’s going to write a check big enough to cover all this stuff. The discussion ends up being about limited resources and how to best use those limited resources. It’s a very, very important thing, and the way you’ve described it is the way I think you need to look at it in order to get to where we need to get.
SESNO: Anyone have some thoughts on this?
ALLEN: Our focus is on the vulnerability. There are always going to be threats and they’re going to come from many different places but we know our vulnerabilities, and those are the ones that we are working on, not only within our industry but cross-sector. We need to understand the joint vulnerabilities we might have and resilience is a good way to put it.
HAGER: I think we must remember that we’re in a free enterprise society. I like your description because a lot of what we do is to try to inspire people to use a common sense approach, and to think about prevention, and to think about vulnerability reduction. In that society, it’s our function in government to build a no-fault, collaborative environment, so that we can exchange information, so that we can inspire, if you will, people to take actions on their own because we know that we cannot lock it down and get more flexible, just like you’re talking about, and emphasize the up-front part, as opposed to the response and recovery point.
SESNO: Anything you want to throw in here?
TURNER: Well, I thought the way you raised the issue is very insightful as well, because the effort that’s going on now, of having a continuous flow of ideas, many of which cost money, and most that I’m seeing come across my desk have big price tags, requires you to make some more sophisticated assessment of the threat and the vulnerability. As we were saying earlier, and as Chris Cox, in his conversation related, that process is not taking place yet. Until it does take place, then you don’t have the answer that you need.
The truth of the matter is that the threats change and will continue to change. How we address the vulnerabilities are not very sophisticated today, because everybody’s saying, “Oh ,we got to do it all.”
The truth is we know we can’t afford to do it all, and if we did, we might actually be wasting some money.
That’s why I say we’re not near the level that we need to be yet in terms of analyzing the threats and comparing them to the vulnerabilities that we have.
SESNO: Time for one more question from the floor.
AUDIENCE MEMBER: For the private sector and the state, where the rubber really hits the road , information is key, and homeland security is different. What new kinds of information do you see that you need, what are the major problems in getting it, and what are you doing about getting it?
HAGER: Well, certainly, multimedia communication systems are important, so that certain information can be broadcast to the private sector, and to many pieces of the private sector at the same time. Incidentally, on vulnerability and assessments, there is a massive vulnerability assessment going on, right this minute, across the national capital region, which will result in a strategic plan that is due by July the 15th. So this region is a model for the rest of the country which is supposed to be completed before the end of this year. Each state must have a state-wide strategic plan, just like the Congressman says, which is very necessary to help guide ‘04 funding. In fact, if you don’t have the plan, you don’t get the funding.
I think communications is my answer to your question, sir.
SESNO: Private sector?
ALLEN: I would say, first of all, I agree within multiple channels. We were lucky in 9/11 that the blackberries worked and the Internet worked. What if we had had a cyber-security event at the same time as a physical event? Also we need to have alerts early and targeted. Secondly, there are some tremendous analytical capabilities. New technology’s going to allow us to predict or to take pieces , disparate pieces of data, and really leveraging some of those technologies, especially out of the lab.
DERRICK: First of all, I’d say the information flow that we’ve got, that was important for our security, that we’ve been getting for a long, long time, we’ve had relationships with the FBI and other entities of government for a long time that have queued us into things that were important. From a local point of view, the communications have been pretty good. We put in place receptors for better information flow from the Department of Homeland Security, because that’s where it’s all centered now. We continue to work on our side to be more intelligent receivers of information as it pertains to the region. The National Capital Region Office helps the Department get its job done better in terms of how it reaches out to a – to a region like this. Then, we practice and drill, and come up with specific answers of deficiencies, and what we need to work on in order to get better and better and better. That’s our objective.
SESNO: I’d like to conclude, if I could, by asking each of the recommendations that you would either like to see the from private, public, or the academic sector, in terms of its research.
ALLEN: OK, three things. One, a robust and effective alert system; with intelligent analytics around it which is coming, but not here yet. Secondly, to think and very carefully balance the need for safety and soundness and security against proscriptive legislation. I think many of the industries are doing a great job in terms of self assessment and self regulation. Lastly, what’s not clear yet out of the Department, and is needed, is a command and control center. So when and if an event occurred, it’s very clear who’s in charge, and who will take over, and who our key contact points will be, because right now there’s multiple contacts.
DERRICK: Number one would be to create in law a role for the North American Reliability Council, which is the integrating entity for the Ball Power Systems (ph) in North America. It needs to have that in order to continue moving forward. Secondly, and as a follow on to that, is a connectivity to the Department of Homeland Security that allows us through NRC, as an industry, to really come to practical places in terms of this difference between getting ready for and responding to, “How much more of this, that and the other thing do you need, and what is enough, and what’s not enough?” Then, as a follow on to that, there probably should be in America some places where we could stockpile some critical equipment. That would be the government’s responsibility and role .
HAGER: Certainly, I think high on the list is citizen awareness. Gaining appreciation on behalf of our citizens of the threat alert system, of the danger to this country, of what prevention is all about. I think citizen awareness is important. Secondly, the role definition of the various functions of the federal, state and local government and private sector. I think the GMU project is right on target, with a great opportunity to generate a real contribution in that area. Third and final is assessment-based funding – that we don’t just throw dollars because it sounds like a good idea, but that do it based on thorough assessments, and that through those assessments, we define risk and need, and then begin to meet those higher-priority needs.
SESNO: Congressman, we’ll give you the last words here.
TURNER: I guess if I had my wish list, the top priority would be to be sure that we have a clear, articulated and publicly supported strategy for winning the war on terrorism. It involves a whole range of issues, in terms of our foreign policy, in terms of the issue of being sure we don’t produce more Mohammed Atas. Then, a second level is I would like to think that in the short term, we could cause this new Department, Office of Information Analysis ,to function in the way that I believe the Congress envisioned it.
Reference was made earlier to this newly created Threat Integration Center – TTIC, they call it. TTIC is merely an entity to allow the intelligence agencies to bring together their information, so that we don’t end up failing to know what all the various intelligence agencies know at one time in a timely way. TTIC has nothing to do with matching the vulnerabilities up against or matching the threat information against the vulnerabilities. It’s the new Department, and the Office of Information Analysis, that has the responsibility to match up the threats against the vulnerabilities, so that we’ll be able to know what we need to do, what we need to ask the locals to do, what we need to ask the state to do, what we need to ask the congress to fund. Right now, that office has 25 analysts, and lack office space, so I hope that in the shorter term, we can at least be sure that that critical function, that nerve center of that new Department, is functioning in the way that Congress intended it.
SESNO: As we wrap up this first of what we hope will be a series of what we're calling critical conversations, I'd very much like to thank the distinguished panel and knowledgeable audience for taking as much time out of the day as you have to contribute to this dialogue. So thanks to all of you very much.
I want to make you aware that the Critical Infrastructure Protection Project is, of course, conducting ongoing research. You'll see some of that in your packets that were left out for you, even such things as looking into cyber security, that one led by Nobel laureate and GMU professor Vernon Smith. We are all very proud of that. We'll post today's entire transcript for those of you who are interested on the wire services later this afternoon. It will also reside at techcenter.gmu.edu -- techcenter.gmu.edu, if you want to pull that up. If you're here from the media and you want any additional information or if your news organization requires any footage ad service, you can talk with Leslie on your way out. I'd like to thank you all. I hope you enjoyed the lunch and the discussion and thanks very much for taking part in it and we hope to see you again. Thank you.
The Critical Infrastructure Protection Program | George Mason University School of Law 3301 N. Fairfax Drive | MS 1G7 | Arlington, VA 22201 Phone: (703) 993- 4840 | Fax: (703) 993- 4847
=
Event(s) Scheduled
=
Today's Date