AMERICA THE RESILIENT
In 2004, Steven Flynn (pictured) published America the Vulnerable, a book that critiques the nation’s current approach to Homeland security and presents an alternative view. According to Flynn, Homeland security must be sufficient, though not necessarily perfect. He recommends deploying people and technologies in strategic ways not only to protect American targets against terrorist attacks, but also to make government, commercial institutions and society resilient enough to resist disastrous cascading effects like those that flowed from the Sept. 11 attacks.
Flynn is the Jeanne J. Kirkpatrick senior fellow in National Security Studies at the Council on Foreign Relations. His areas of expertise include Homeland security, transportation security, border control, international crime and the drug trade. He was the lead author of the task force report “America: Still Unprepared, Still in Danger,” and his articles have appeared in Foreign Affairs. A retired U.S. Coast Guard officer, he served in the White House Military Office during the administration of George H.W. Bush. He was also director for global issues on the National Security Council staff during the Clinton administration.
Government Security asked Flynn to elaborate on his views about Homeland security.
GS: America the Vulnerable carries the subtitle: “How Our Government Is Failing to Protect Us from Terrorism.” Has anything changed in the 12 months since you wrote the book?
FLYNN: I’m afraid that little has changed, particularly in how we deal with protecting the critical infrastructure that underpins our way of life and quality of life. In the areas of protecting the food supply, chemical facilities, transportation and cargo, we are still learning to crawl. My overarching message is that a nation at war should be sprinting.
GS: Why aren’t we sprinting?
FLYNN: Because of inadequate federal funding and a misplaced faith by many in Washington in the ability of traditional national security tools to keep the terrorist threat away from our shores.
The private sector owns about 85 percent of the critical infrastructure. The remaining 15 percent is largely in the hands of state and local public authorities. So the tab has been passed along to localities, states and businesses that have not had the resources to put into the protection of infrastructure.
GS: Even if we’re only crawling, we’re crawling toward some goal. How would you define the goal?
FLYNN: Over the past year, The 9/11 Commission Report and other internal blue ribbon reports have documented the fact that our intelligence apparatus for this particular adversary — radical Jihadists — is broken. And it will take a decade or more to fix it.
In this context, we are not going to get the warning we need. So we must figure out what is most valuable and vulnerable and bolster security there, while developing systems that will make our institutions more resilient.
The goal is not perfect security, but sufficient security. From now on, terrorism is going to be a bit like the flu. We’re going to get different strains each season, because there are people out there with malicious intent that are going to do highly destructive things. Just like we don’t have the means to prevent every capital crime, we don’t have the means to prevent all terrorist acts from happening. So security is not about gates, guards and guns around everything critical in our society.
Instead, security is about making valuable and vulnerable systems harder to attack and more resilient after an attack.
GS: How is that possible?
FLYNN: Look at what the Port of Hong Kong is doing. The Container Terminal Operators Association, a consortium of companies that operates the Port, has set up a pilot program using equipment to scan every container delivered by a truck arriving at two of the world’s busiest marine terminals.
The trucks drive their containers through a gamma-ray imager, a radiation portal and an optical character recognition (OCR) device. The OCR reader captures the container numbers and creates a database file for each container. The radiation reading goes into the file, as does the image from the gamma-ray imager. The gamma-ray image provides the means to validate the contents of what is declared to be in the container. It doesn’t provide a perfect image, but it’s good enough.
If the paperwork says the container carries one kind of widget, and you see many different shapes, you would inspect more closely. If the paperwork says this is a shipment of textiles, but the image shows a dense object in the middle, you would inspect — dense objects raise concerns about a weapon of mass destruction.
The breakthrough is that there is no delay to the inbound flow of trucks in this system. Before entering the terminal, the trucks stop at a dispatching facility and the drivers are told where their deliveries are to go. There is always a queue at this point. The port has set up the imaging system just before the trucks get to this point, so they move through the imaging system while they would be waiting in line. During the two days I was there in late March, the system scanned and stored the data for 7,000 containers, which is more than all the marine containers inspected on the west coast of the U.S. in two months.
GS: Doesn’t such an expensive system raise the cost for shippers?
FLYNN: To deploy and sustain this system at every terminal in Hong Kong, the port would need to levy a fee of $6.50 per container. This modest expense represents a relatively low-cost insurance against the much higher and disruptive cost associated with a shipment being targeted for an inspection.
Let me explain that. If Customs and Border Protection (CPB) in the United States develops a concern about a container, then CBP contacts its counterpart in Hong Kong, the Customs and Excise Service. Hong Kong inspectors contact the marine terminal and require that the container be put on a truck and driven to their inspection facility for examination. If the container has to be opened and unloaded to carry out this examination, the owner of the cargo will have to pay upwards of $1,000 in fees for this inspection and experience several days of delay in the shipment. But the imaging system would allow customs agents to conduct a virtual inspection whenever they had a concern without the container ever leaving the terminal. About 99 percent of the time, they will find that they will be able to determine that the shipment appears legitimate without the cargo being held up or the owner bearing any additional expense.
GS: How does this kind of system support your security goals of creating a deterrent and making society more resilient?
FLYNN: That’s why the port has done this. The biggest concern for terminal operators in Hong Kong isn’t necessarily that a weapon comes through the port into the U.S. and blows something up. That’s not their neighborhood and they are private players. Their concern is that the U.S. would respond by refusing to accept containers from Hong Kong. That would shut the port down.
So first they want to catch problems before they come into the port.
Second, should a weapon get through the imaging system and cause damage at a destination, the port has a visual record to review. The record will likely make it possible to trace the problem back through the supply chain to the source in Hong Kong or another country. By capturing this information, they can indemnify the port marine terminals by proving that the security breach must have taken place before it entered the terminal. They can also provide law enforcement with information about where the problem came from.
This system is important to us in the United States as well. Suppose a cargo container from Hong Kong blows up in Chicago. With no information about the container, we would likely close our seaports, ground our airplanes and park our trains and trucks.
On the other hand, if we can use Hong Kong’s system to look back into the supply chain and find the real source of the problem, there would be no need to shut everything down. Instead, we could provide law enforcement with information about where the problem came from and recover from the attack without causing ourselves additional problems. That’s resiliency.
GS: By resiliency, then, you mean being able to take a punch. You get hurt, but you don’t get knocked out.
FLYNN: Yes. And there’s more. Supply chain visibility creates a deterrent. Terrorists don’t have unlimited resources. If they think it likely that you will identify and intercept something they want to transport, they will probably look elsewhere.
That’s important when you remember that Jihadists have made clear that they want to outdo the World Trade Center and Pentagon attacks. By organizing security in ways that make institutions more resilient, it becomes more difficult to find a target that will have the desired effects.
As it grows more difficult for terrorists to hit targets that will produce the cascading effects they hope for, they must find more expertise, more human resources and more funding. They have to carry out more surveillance and practice with more dry runs. All of this gives off smoke signals that improve the odds that law enforcement might detect the terrorist operation prior to an attack.
GS: Would this kind of container inspection system eliminate the need for smart container technology?
FLYNN: No, and that’s an important point. Single point solutions always travel a curve of diminishing returns. Locking the door to your house might provide a 60 percent security solution to burglaries. Adding a steel-reinforced frame and five extra deadbolts will increase your security but it won’t get you to 100 percent. Sooner or later, burglars will decide to come in through the window.
Mathematical laws of probability say that a combination of five security technologies that are 60 percent effective will create a system that is 99 percent effective. So, instead of spending all your resources on a heavy door, just lock the door you have; set a motion detector to turn on the lights at night when someone comes near the house, buy a mean dog, put a sign on the lawn that says a security company protects your house and join the neighborhood watch. If I’m a burglar casing your house, I’ll probably decide to go elsewhere.
The same is true with cargo systems. You need a system that certifies that what is put into the box is legitimate; you need port technology like Hong Kong has; you need to track the ship; you need to spot check at trans-shipment or arrival; and you need a smart container that tracks its position, knows its integrity and can potentially sniff its interior for radiological, biological and chemical weapons.
That’s five layers of security. If a terrorist has spent three years acquiring a weapon of mass destruction, will he or she put it into this system? I think the answer is that it isn’t worth the risk.
GS: How would you gauge the overall approach to applying technology to Homeland security solutions in the U.S.?
FLYNN: There has been a rush in Washington to find technology solutions for some of our more complicated challenges. It is almost a shoot-from-the-hip hope that if we could just find a cheap affordable technology, everyone will buy it, and it will solve the problem.
In other words, we have started with a prejudice in favor of technology as an enabler and multiplier. But we’re doing this without a clear assessment of the limits that exist among users.
GS: For example?
FLYNN: Part of the new job for first responders is to be prepared to detect a weapon of mass destruction. Many city police and fire departments are receiving sophisticated detection equipment that requires technical training and lots of maintenance to keep the equipment properly calibrated and operational. But most of these new technologies come without any funding for ongoing training and maintenance. Nearly every fire and police chief is facing increasingly lean budgets at the local and state levels. They want to have these state-of-the-art tools on hand should a nuclear, biological, or chemical weapon be discovered or set off in their midst. But if they can’t afford the upkeep, these tools are of no value to them. This concern about the lack of consideration for the human capital requirements associated with adopting new technologies is a major source of frustration among state and local officials.
GS: How would you prioritize technology? What technologies should we be spending on now?
FLYNN: At the top of my list is interoperable first responder communications. Every serious Homeland security issue requires players from multiple jurisdictions to interact with each other under time constraints.
While there are long-standing organizational culture issues that keep police and fire departments from talking with each other, there are technical solutions to having a variety of legacy communications hardware being able to talk to one another. What is missing is the funding and the political will to quickly deploy these systems. Interoperable communications for first responders helps them do every job that requires more than one kind of emergency responder. So it isn’t just a catastrophic terrorist attack that warrants interoperable communications.
Some current investments have the potential to dramatically improve information sharing to help prevent acts of terror by making it possible to “connect-the-dots” from data being collected by a variety of agencies with differing data management systems. For example, the Departments of Justice and Homeland Security are funding the Global Justice XML Data Model. This establishes a technical standard designed around eXtensible Markup Language (XML) to enable local and state government databases to share law enforcement, criminal justice and intelligence information while avoiding the costly and time-consuming need to re-engineer existing systems.
We also have to invest in protective equipment for first responders. One of my themes is that with each passing day, it grows more likely that we will have another major incident on U.S. soil. We have to make sure that the people that will have to risk their lives responding aren’t taking unnecessary risks because we haven’t made the most basic investments in equipment.
As you might guess, I think the supply chain is a top priority as well.
I could go on, but maybe it is better to say that we are at a very early phase in building Homeland security. By implication, we’re also in the early phase of finding ways to integrate technology in support of that mission.