While necessary, cycling between alert levels
is costly. In addition to the prohibitive costs borne by state and
local governments for increased law enforcement and related services,
shifting to a higher level of alert also imposes costs on the private
sector—specifically, the companies that own and protect much of our
nation’s critical infrastructure. Many of these companies have security
plans that take effect automatically when DHS announces an alert level
Related costs for companies rise in several
ways, including requirements for additional security personnel around
key facilities (and with alerts often occurring during holidays, costs
for overtime increase), a loss of productivity due to more onerous
security, and supply chain slowdowns caused by increased transportation
Business leaders want to provide responsible
security, but want to do so within a more efficient system that will
smooth costs and reduce disruptions. Numerous threat alerts, and the
false impression of needlessness created by the absence of attacks,
have created momentum to change the system.
This dynamic should not be dismissed lightly,
because it is creating a momentum against alerts—which, ominously, can
potentially affect policymakers’ decisions. Our security officials base
their decisions on threat information and intelligence. The onerous
burdens these alerts place on local officials and the private sector
cannot and should not be a factor—their job is to protect us, not to
worry about the efficiency of business operations.
If we accept that the alert system is costly,
how can we ease its burden? Much of the responsibility for ameliorating
the costs lies in the structure of the corporations themselves, and
corporate responsibility is a key factor.
First, businesses can comprehensively
increase the normal level of their security. Put bluntly, too many
corporations have resisted investing in proper security measures for
their personnel, facilities and systems. Usually, this is because of
the financial cost.
However, thoughtful improvements across the
board will help companies to improve the quality of their security and
operationalize the related expenses. This will prevent the
unpredictable spikes in security costs that occur when alert levels
But government should meet businesses
halfway. In the past, threat information focusing on a specific area
resulted in heightened threat levels across the nation. Recently, the
Department of Homeland Security (DHS) showed a commendable willingness
to limit these alerts to specific locations.
Another major factor has been the Federal
government’s failure to share sensitive information with the chief
executive officers (CEOs) and chief security officers (CSOs) who
protect upwards of 70 percent of this nation’s critical infrastructure.
This can and should change.
The new DHS practice of using more specific
terror warnings, when possible, is a marked improvement over the old
system. Everyone recognizes that this is an imperfect system and there
will be times when it will be necessary to raise the alert level more
broadly. However, it’s a welcome improvement that should, to the extent
possible, be continued.
Second, the federal government must work more
effectively with key elements of the private sector to convey necessary
information and recommendations in times of heightened alert. One way
to do this is to find mechanisms to share sensitive information with
CEOs and CSOs.
Much of the national security apparatus has
resisted sharing useful classified information with state and local law
enforcement, as well as business leaders, under the assumption that it
will be leaked or improperly handled. DHS should design a program to
grant security clearances to the CEOs and CSOs of a wide range of
American corporations. These clearances can be limited, as necessary,
to cover only threat information. Nothing will do more to assist the
private sector in reacting responsibly to potential security hazards
than a more effective method of sharing sensitive threat information.
Finally, the federal government can provide
better guidance on standards for critical infrastructure protection
without expensive mandates. Too many corporations are delaying
implementation of improved security systems because they fear that
future government standards or mandates will make obsolete or
non-compliant technology investments they might make today. Government
guidance now will help alleviate some of these fears.
DHS has a formidable task ahead of itself in
adopting such measures. However, effective sharing of useful, timely
threat information can create a true and valuable partnership between
government and the private sector that will not only lower the costs
and the burden of security, but it will also make our critical
infrastructure safer and more secure. HST
a 25-year veteran of the security industry, is President and CEO of
Civitas Group, LLC, a Washington, DC-based strategic advisory firm
concentrating on homeland security issues for corporate clients.