The Neglected Home Front

Stephen E. Flynn

From Foreign Affairs, September/October 2004

Summary:  The Bush administration has waged an aggressive war against terrorists abroad, but it has neglected to protect the homeland, even though Americans in the United States are the ones most vulnerable to future attacks. The government must do more to safeguard critical U.S. infrastructure and mobilize the American public to help. For starters, it should create a semi-independent federal agency tapping into private resources that would develop and enforce security standards.

Stephen E. Flynn is Senior Fellow in National Security Studies at the Council on Foreign Relations. This article draws from "America the Vulnerable: How Our Government Is Failing to Protect Us From Terrorism" (HarperCollins, 2004).

Security is not free. A company incurs costs when it invests in measures to protect the portion of infrastructure it controls. If a company does not believe other companies are willing or able to make a similar investment, then it faces the likelihood of losing market share while simply shifting the infrastructure's vulnerability elsewhere. If terrorists strike, the company will still suffer the disruptive consequences of an attack right alongside those who did nothing to prevent it. Those consequences are likely to include the cost of implementing new government requirements. Therefore, infrastructure security suffers from a dilemma commonly referred to as the "tragedy of the commons."

Take the case of the chemical industry. By and large, chemical manufacturers have a good safety record. But security is another matter. Operating on thin profit margins and faced with growing overseas competition, most companies have been reluctant to incur the additional costs associated with improving their security. Now let us imagine that the manager of a chemical plant looks around his facility and gets squeamish about the many security lapses he finds. After a fitful night of sleep, he wakes up and decides to invest in protective measures that raise the cost to his customers by $50 per shipment. A competitor who does not make that investment will be able to attract business away from the security-conscious plant because his handling costs will be lower. Capable terrorists and criminals will target this lower-cost operation since it is an easier target.

In the event of an incident, particularly one that is catastrophic, two consequences are likely. First, government officials will not discriminate between the more security-conscious and the less security-conscious companies. All chemical plants are likely to be shut down while the authorities try to sort things out. Second, once the dust clears, elected and regulatory officials will scramble to impose new security requirements that could nullify the proactive plant owner's earlier investments. Given this scenario, the most rational behavior of the nervous manager would appear to be to keep tossing and turning at night while focusing on short-term profitability during the day.

The only way to prevent the tragedy of the commons is to convince all the private participants to abide by the same security requirements. When standards are universal, their cost is borne equally across a sector. As taxpayers or as consumers, Americans will end up bankrolling these measures, but what they will be paying for is insurance against the loss of innocent lives and a profound disruption to their society and the economy.

MOBILIZING THE HOME FRONT

When it comes to critical infrastructure protection, the issue, then, is to engage the private sector to develop standards and create effective mechanisms for their uniform enforcement. This is a task that necessitates a much different kind of institutional framework than setting up a new federal department of homeland security. What it requires is the creation of a structure that allows the private sector and civil society to participate as equal partners in the process of designing and implementing security for the U.S. homeland. Randolph Lerner, who chairs the bank holding company MBNA Corporation, has suggested that the United States needs a homeland security framework that resembles the organizational protocols and functions of the Federal Reserve System.

The Federal Reserve was created in 1913 to lessen the risks of serious disruptions to financial markets. It was organized around the notion that effective oversight of the financial sector requires drawing on the expertise of private representatives within that sector. Additionally, the Federal Reserve's charter recognized the value of taking into account the country's diversity by creating 12 regional banking districts and establishing 25 branches. This structure is not purely hierarchical. The regional banks are essential to the process of collecting information on conditions at the local level, and they provide a pool of advisers to inform national policymaking functions. Importantly, the Federal Reserve also retains a degree of independence from the executive branch. Although it regularly meets and supports the work of federal agencies with specific statutory responsibilities, the Federal Reserve Board reports directly to Congress, and its work is audited by the General Accounting Office.

The United States should roughly replicate the Federal Reserve model by creating a Federal Security Reserve System (FSRS) with a national board of governors, 10 regional Homeland Security Districts, and 92 local branches called Metropolitan Anti-Terrorism Committees. The objective of this system would be to develop self-funding mechanisms to more fully engage a broad cross-section of American society to protect the country's critical foundations from the widespread disruption that would arise from a terrorist attack.

To create the appropriate incentives for the market to invest in security, the FSRS would establish and oversee a mandatory program requiring owners and operators of critical infrastructure to carry adequate levels of insurance. The purpose of this insurance would be not just to reduce the call on public resources when acts of terrorism occur. It would also create incentives for the insurance industry to become a partner in ensuring that the owners and operators of essential systems do not neglect their security responsibilities.