THE FACE OF HOMELAND SECURITY
No sooner had Pennsylvania Governor Tom Ridge returned to his office following his appointment as the first head of the newly established Homeland Security Office than the phone started ringing.
An outpouring of offers of help and support to a designated hero was a natural response from public and private sector leaders still haunted by images of hijacked American jetliners searing a blue September sky with smoke and flame and ultimately causing the deaths of more than 3,000 innocent people.
In the months following, the country’s red-hot righteousness — inspired by the Bush administration’s declaration of a war on terrorism — began to cool, but support for Ridge is still the rule, not the exception. The stalwart, decorated Vietnam veteran and family man who had popularly governed the Liberty Bell’s home state for nearly two terms gives a face to America’s Homeland Security effort. On the other hand, Ridge accepted an amorphous task with unclear command-and-control and budgetary powers. And as anyone who has ever entered into a “newly created position” knows, expectations will vary, toes will be stepped on and the going will get tough — nevermind when it’s in Washington. And double nevermind that Governor Ridge has taken on what is widely regarded as the most complex, critical task ever to face America. Public and private sector leaders alike say, with all true and due respect to the governor, that his office is little more than a good start in the face of unprecedented threats facing our American homeland.
Too many cooks
The national security structure has remained essentially unchanged since Harry S. Truman signed the National Security Act of 1947 into law, which created the National Security Council, the CIA, the Department of Defense and the Air Force, among other Washington institutions.
Governor Ridge is charged with “developing and coordinating the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks” and “coordinating the executive branch’s efforts to detect, prepare for, prevent, protect against, respond to, and recover from terrorist attacks within the United States.”
The operative word in the governor’s charge is coordinating — arguably a good euphemism for streamlining — the efforts and budgets of an entrenched Washington bureaucracy. Given that those responsible for U.S. security hail from more than 40 government agencies, departments and offices with diverse responsibilities and agendas, Governor Ridge faces no simple task.
To achieve his mission, Governor Ridge pledged initially at his swearing-in — and repeatedly since — to foster cooperation among federal, state and local governments, and among the private and public sectors. “We must open lines of communication and support like never before, between agencies and departments, between federal and state and local entities, and between the public and private sectors. We must be task-oriented. The only turf we should be worried about protecting is the turf we stand on,” he said.
The governor’s background certainly seems task-oriented enough: With a Harvard degree earned on scholarship, a law degree, distinguished military service and seven elections to the U.S. House of Representatives prior to his governorship to his credit, Ridge has seen much of what makes America go round.
Congressman Christopher Shays, (R-Conn.), who served with Ridge in the House and currently chairs the Government Reform Subcommittee on National Security, describes the governor as dedicated, hard-working, sensible and characterized by conviction. “He made a good name for himself as governor and he obviously had the respect of the president, who had given serious consideration to making him the vice presidential candidate and respects him enough to give him this incredibly difficult assignment,” Shays says. “He has a lot on his plate, and I have every expectation he’ll do a good job.”
The question is, how able will he be to do that job?
Ridge serves as a Cabinet-rank adviser, not as a Cabinet head per se. According to Shays, Ridge nonetheless is tasked with carrying out the recommendations of several commissions that have executed national security reviews. For one, the Hart-Rudman Commission, led by Gary Hart (D-Colo.) and Warren Rudman (R-N.H.), was instructed in 1998 by the Clinton administration to “design a national security strategy” appropriate for the 21st century. It ultimately called for a critical restructuring of Homeland defense functions at the Cabinet level, predicting in its first report that “America will become increasingly vulnerable to hostile attack on our Homeland” and “Americans will likely die on American soil, possibly in large numbers.” Yet the commission’s final recommendations, delivered in February 2001, were reportedly shelved by the Bush administration.
“We need to know what the threat is, we need to have a strategy to deal with the threat and we need to reorganize to implement the strategy,” says Shays. “The bottom line is, an adviser is in a position that insulates him from oversight by Congress — [National Security Advisor] Condoleeza Rice has no obligation to come before Congress. I think we’re getting to the point where we need both — in other words, just as we have Condoleeza Rice and [Secretary of Defense] Donald Rumsfeld, we may need Tom Ridge and a Secretary of Homeland Security.”
Shays adds that since the administration has chosen this Homeland Security model, it has to provide the communication to Congress. “[Governor Ridge] is working within the administration, but ultimately Congress can play a role in helping this consolidation take place. I think some resistance always accompanies change, but the best way to make change happen is to marshal a lot of support, and given that he’s not interacting with Congress directly, it makes his task more difficult.”
Matters before Congress include the $38 million proposed for Homeland defense in President Bush’s budget. Early March marked Governor Ridge’s most recent decline of a congressional invitation to explain the proposed $38 million, reportedly per executive branch privilege.
That disconnect reinforces many Congressional members’ support of the creation of a Cabinet-level Homeland Security agency. The Hart-Rudman Commission, now known as The Commission on National Security/21st Century, called for, among other restructuring measures, the merger of several border control agencies into a National Homeland Security Agency.
Congressman Mac Thornberry, (R-Texas), introduced a bill in March 2001, HR 1158 modeled after that main recommendation of the Commission, and Sens. Joseph Lieberman, (D-Conn.), and Arlen Specter, (R-Pa.), introduced a similar bill on Oct. 11, 2001, S 1534, that would create a Department of Homeland Security.
There has been no action on any of the proposals, but their collaborative nature seems right up Tom Ridge’s alley — if not Washington’s.
Assessing America’s risk
Ridge has to be a bridge builder, according to Dr. Phil Anderson, senior fellow for the Homeland Security Program at the Washington-based Center for Strategic and International Studies. In one important regard, he says, “he’s going to have to find a way to bring in the private sector, because it controls and is responsible for securing the majority of the critical infrastructure in this country.”
Beyond bricks and mortar infrastructure comprising buildings that house essential functions of government, commerce, education and health services, Anderson points out that a number of more intangible infrastructures such as information, communication and energy “are all critically important to the prosperity and continued survival of the nation. How in this new post-9/11 environment do you protect them?”
Dr. Pietro Nivola, a senior fellow of the Government Studies program at the Washington-based Brookings Institution, believes that in terms of risk assessment, America is “still groping a bit blindly. One of the grave difficulties with Homeland Security is the number of imaginable targets — we’re a country of 3 million square miles, 75 huge population centers and thousands of miles of coastline.”
Nivola indicates that recent emphasis on airline security is disproportionate given the frequent use of other modes of travel. “Every time I travel, I’m amazed at the emphasis on airport security. But if you take Amtrak, they barely check your tickets, much less your ID or baggage. The targets of opportunity are so extensive, we have the natural tendency to fight the last war,” he says.
Anderson, Lieberman and Ridge are quite concerned with the security of modes of transport. But they are also concerned with the cargo.
Lieberman has said that because there are no federal standards for port security and no single federal agency overseeing the enormous movement there, “The ease with which a terrorist might smuggle chemical, biological or, at some point, even nuclear weapons in a container, without detection, is literally terrifying.”
Anderson believes that the port and border pictures are equally critical: “I believe ports and borders are where we’re most vulnerable,” he says. “It’s a numbers game — 6 million containers enter this country every year, but only 2 percent of those are inspected. The Customs Service would say it’s an informed 2 percent, and I want to believe that, but I’m not convinced it would be that difficult to get a nuclear device into this country, because the borders are porous.”
Border protection has been Governor Ridge’s most visible and tangible foray to date. Addressing the U.S. embassy in Mexico in early March, he called for a “smart, user-friendly 21st century border” and called upon the U.S. and Mexico to embrace technology toward that end. Ridge has also been engaged with Canadian officials in talks of a Smart Border Plan that expedites the passage of low-risk travelers while heightening security. In February, Ridge addressed the National Governor’s Association and spoke to the potential for biometrics in airport environments to expedite low-risk fliers. But he is reportedly meeting with resistance from Cabinet-level agencies that control border functions.
Anderson, in any event, believes that such measures are only stop-gap: “The Homeland Security Office is pushing hard for consolidation at the border, and that would solve the command and control problem, but most of these agencies have other responsibilities — Customs, for instance, must collect tariffs and fight the war on drugs, and the Coast Guard has a deep water mission related to law, drug, fisheries and immigration enforcement. If you consolidate functions,” Anderson asserts, “you solve one problem, but potentially create another.”
The public sector can learn a lesson from the private sector, Anderson believes: “The private sector has been doing risk assessment forever, and in this [current national security] environment, it’s really what it’s all about. There are lots of process and technological innovations out there that, in my view, the government is unaware of,” he says.
Securing a bravenew frontier
Working quickly and efficiently has been an accomplishment of Governor Ridge’s office: In six months, he has established a functional staff and committee structure with delineated responsibilities. But the merit of the long view is indisputable — particularly in the arena of cyber-security. Every security director, Ridge included, knows IT security is integral to any effective security plan.
Michael Vatis is director of the Institute for Security Technology Studies (ISTS) at Dartmouth College. Prior to joining ISTS, Vatis founded and served as the first director of the National Infrastructure Protection Center located within the FBI and has also served as legal counsel in the U.S. Departments of Justice and Defense.
In the weeks after September 11, Vatis and the Dartmouth institute issued a report on the possibilities of cyber-attacks during the war on terrorism. “The bottom line was, yes, there probably was an increased risk,” Vatis explains, “probably not in the near-term from terrorists per se, but from sympathizers of terrorists or terrorist causes that might be targeted by the U.S.”
Vatis asserts that Ridge ought to be attuned to the threat of cyber-attack and that, in fact, he is. “The White House did a smart thing in designating one person within the White House to focus solely on cyber-security, and that’s [cyber-security czar] Richard Clark. It’s a very difficult job and it requires full-time attention. That will help keep Tom Ridge’s whole outfit really sharply focused on this issue, because Lord knows they have a million things to worry about.”
Vatis notes that though there have been only a few “small, relatively primitive examples” of terrorists using IT as a weapon, terrorists have used IT in sophisticated ways as a communications tool. “The handwriting is on the wall,” he says.
Knowledge is power
Since September 11, the White House and Ridge have called for people to consider education and careers that would prepare them to help defend America against 21st century threats.
Dr. Stephen Bowers, director of the Nelson Institute for Public Affairs at James Madison University, which studies global terrorism, says the university has developed a domestic risk assessment program that would focus on, among other things, transportation and infrastructure security and security for public buildings. The program would tie in with the school’s information security program. It would also support the work of “first responders” — the people on the ground who Bowers — and Governor Ridge — identify as critical to incident response.
Policy, budgets and technology are critical, but as in any effective security plan, educating the responders about the people and situations that pose a threat is key.
According to the center’s associate director, Paula Melcher, “You have to know who is working inside different buildings. I know it sounds like profiling, but sometimes you have to go there. You have to understand who your employees are, and there are private companies who are very good at doing this and happy to do so.”
As America’s risk assessor in chief, Ridge needs information in order to educate. And securing the collaboration he seeks — in the Washington ranks and among the public and private sectors — will certainly require education, according to Dr. Paula Gordon, director of special projects for the research program in Social and Organizational Learning at George Washington University. She says a unique feature of Homeland Security efforts within both the public and private sectors is that they’re being “evolved in a grassroots way, with everyone looking out for their own areas of responsibility. You can’t mandate understanding and vision,” she says. “If it’s not there, it has to be cultivated.”
Fair to say that more than 50 years ago, Harry Truman couldn’t have conceived of the American Homeland Ridge is charged with securing. And fair to say, too, America had better hope that when Ridge talks, people listen.
Tom Ridge: In His Own Words
ON CONTINUING VIGILANCE: “Now, obviously, the further removed we get from September 11, I think the natural tendency is to let down our guard. Unfortunately, we cannot do that. The government will continue to do everything we can to find and stop those who seek to harm us. And I believe we owe it to the American people to remind them that they must be vigilant, as well.”
ON GOVERNMENT’S ROLE: “The federal government has a role to play, From this day forward in the 21st century, if airline and airport security is critical to us, and it obviously is, then the federal government should set minimum guidelines and minimum standards.”
ON THE STATE/LOCAL ROLE: “We are working closer than ever with our state and local governments. The President’s assignment to me was to coordinate a national strategy, not a federal one.”
ON PUBLIC PROFESSIONALS: “Americans should find comfort in knowing that millions of their fellow citizens are working every day to ensure our security at every level — federal, state, county, municipal. These are dedicated professionals who are good at what they do. I’ve seen it up close, as Governor of Pennsylvania…But there may be gaps in the system. The job of the Office of Homeland Security will be to identify those gaps and work to close them.”
ON HIS JOB DESCRIPTION: “If there is a [bioterrorist attack] — well, I guess a coordinator is like a conductor with an orchestra. The music doesn’t start playing until he taps the baton. Coordinate — if you’ve got a response to a bioterrorism activity, you’ve got several agencies that spring into action immediately, simultaneously. And my role would be to participate in that effort to make sure that the response — agency-wide, cross-government-wide — is coordinated so that it is quick and is aggressive and is complete as possible. That’s my job.”
“I do not have, nor does the President want me to have, operational authority over anything, nor do I seek it. If this office stays under the radar and makes everyone else look good, that’s the optimal situation.” (Newsweek, March 18, 2002 issue)
ON ACCESS TO THE PRESIDENT: “What President Bush asked me to do was come to Washington to work to create a comprehensive national plan, to deal with Homeland Security; to deal with a 21st century environment that says the challenges to American’s sovereignty and our security, which historically have been offshore, but because of the 20th century environment we find that the challenges are here; and to do whatever I could in conjunction, in consultation — and yes, I have the authority — I certainly have access. I have the President’s ear. But my job is really long-term.”
ON THE FUTURE: “You may say Homeland Security is a Y2K problem that doesn’t end Jan. 1 of any given year.” (quoted in National Journal’s Technology Daily)
SOURCE: White House Press Office, except as noted.
Dealing with cyber-threats
There is a direct correlation between physical world political conflicts and an upsurge in cyber-attacks, according to Michael Vatis, director of the Institute for Security Technology Studies (ISTS) at Dartmouth College. “For instance, when the U.S. surveillance plane and the Chinese fighter plane collided, there was a rise in attacks by what seemed to be sources in China against U.S. targets,” he says. In Congressional testimony following September 11, Vatis called for an IT security “Manhattan Project” of sorts. “One of America’s fundamental strengths as a nation,” he explains, “is our technological capability, and to date, we have not yet tapped into that sufficiently to protect our security.” He says Dartmouth is leading a new “virtual consortium” — the Institute for Information Infrastructure Protection — that will invite cyber-security researchers from academia, industry and government to collaborate on R&D. He sees the Institute as an implementation of the “Manhattan Project” and says “it could be a model for similar collaborations across other sectors of the security field.”
“No one has a monopoly of lessons learned,” he says. “It’s only through partnership, with one side learning from the other, that we can make real progress.” He points out that while the government has good information about foreign and domestic capabilities and threats, the private sector has the most technology expertise. “And it has a lot of ‘intelligence’ about what attackers are doing in that it is the main victim of attacks.”
— Kate Henry