« August 2004 | Main | November 2004 »
October 31, 2004
Book Review: America The Vulnerable
Just finished reading Stephen Flynn's excellent 'America the Vulnerable - How our government is failing to protect us from terrorism'. The thrust of the book stems from this diagnosis:
It is a sense of futility, fueled by the lack of vision about what sensible measures are worth pursuing, that lies at the heart of our national inertia on the homeland security issue.
Flynn notes that counter-terrorism measures tend to enacted be reactively rather than proactively. There is a tendency to put countermeasures in place only after a threat has materialized and created extensive damage, rather than anticipating a class of attacks and aiming efforts at preventing them. Linked to this tendency is another:
There is a political price to be paid if politicians are perceived as being negligent or ineffectual in providing security. So when an act of terror takes place, it triggers a powerful political dynamic to leap to decisive protective actions before evaluating the likely costs or consequences. The greater the exploited vulnerability, the more likely the government is to overreach in response.
He goes on to argue that given that our intelligence capabilities are likely to be spotty for some time to come, we cannot expect to uncover specific threats with enough advance warning to protect against them. A better approach is to invest resources in identifying and prioritizing likely terrorist targets and proactively taking measures to protect them and, in addition, create contingency plans to mitigate those risks in the event of a successful attack. Along these lines he lists several critical infrastructure elements and networks that should be targeted for protection including the transportation networks, the food and water supplies, the power grid, etc.
The deterrence strategy he proposes is two-pronged: security measures to decrease the success probability of an attack and contingencies for coping when somethin goes wrong. He makes the useful point that the terrorist will be deterred if either the risk of detection is sufficiently high or if the damage from a successful attack can be well-contained.
He argues for federally mandated security standards in the area of domestic security and critical infrastructure protection since the market will not move to implement the security requirements left to its own devices, especially if the measures require substantial investments. He draws an interesting analogy to safety standards:
Over time Americans have come to view safety not as a government-imposed burden but as a valued necessity. As our society became more urbanized and technically complex, people began to appreciate the benefits of devising and enforcing rules that reduced risk or harm through human error or mechanical failures. Along with the changes in public attitudes, businesses came to realize that there was a market case for making safety investments. Safer factories have higher worker productivity rates and lower insurance costs. Safer products make for happier customers and fewer lawsuits. So while automotive manufacturers, for example, were once bitter opponents of safety mandates, today many try to outdo each other, advertising how their cars beat the safety standards established by the government and exceed the safety record of their competitors.
There is another aspect to this analogy to safety systems, which is a reminder that the focus of security should be managing risk down to acceptable levels, not necessarily eliminating it. His premise is that it is naive to suppose that terrorism can be eliminated but that, on the other hand, the associated risks can certainly be managed and contained. "Automotive safety is about taking steps that allow people to drive while managing the risks that might cause injury or death. If eliminating the risk of automobile fatalities were the goal, we would simply ban people from driving cars."
One of the themes of this book is that many of the most effective tools for combating the terrorist threat often can often provide other useful societal benefits. The challenge is to device security measures that integrate into ways of doing business. For instance, deploying RFID-like tags on shipping containers to track contents can have the added benefit of increased supply chain visibility in addition to the added security and traceability of the contents.
Posted by Narasimha Chari at 07:43 PM in Books, Current Affairs, security, standards, technology | Permalink | Comments (7) | TrackBack
