Enlist the States in
Protecting the Nation

By K. Jack Riley

Jack Riley is director of RAND Public Safety and Justice.

Even if every federal agency were integrated into a seamless and effective network to secure the homeland from terrorism, the federal government could not address the totality of the problem. The 50 states have much work to do on their own.

RileyAqueduct.hi
AP/WIDE WORLD PHOTOS/METROPOLITAN WATER DISTRICT OF SOUTHERN CALIFORNIA

Water flows through the Southern California desert in the Colorado River Aqueduct from the Colorado River to the Los Angeles area. Three Southern California water districts control the state's allotment from the river.

California is a good example of what a state can and cannot do to prepare for terrorist attacks. California leads the nation in its counterterrorism efforts, in part because of its long experience with major natural disasters, the effects of which are in some ways similar to terrorism. However, California faces financial limitations, as does every other state. And, like all states, California must cope with the fact that significant portions of its vulnerable assets are in the hands of the private sector. How the state manages these limitations could be instructive for other states as well.

Most of all, California must establish priorities for its security expenditures. The state could easily exhaust its resources in an attempt to protect just its physical infrastructure, or just its high-tech sector, or just its agricultural sector. The smart strategy, therefore, would be to place the highest priority for state security expenditures on those efforts that can simultaneously protect multiple sectors.

Scan a Larger Horizon

California has vast physical infrastructure, cyberinfrastructure, and agricultural assets. The physical infrastructure includes power plants, power grids, oil and natural gas refineries, water treatment facilities, aqueducts, highways, railroads, ports, and hospitals. The cyberinfrastructure includes the computer networks and operating systems that allow the physical infrastructure to function. The agricultural infrastructure includes crop and animal production that provides billions in revenue and tax receipts.

Many of these entities, both publicly and privately operated, have significantly improved their security since Sept. 11 at specific plants and facilities. However, these efforts have not addressed the larger question of how state authorities, with limited regulatory and security resources, can ensure the protection of a statewide infrastructure that is stretched out over vast territory and across complex and shifting boundaries between public and private responsibility.

From a statewide perspective, the three major sectors—physical infrastructure, cyberinfrastructure, and agriculture—share one major vulnerability. It is the absence of coordination—and even of trust—between the public agencies and private parties that must now cooperate to combat terrorism. Prior to Sept. 11, California, like most states, lacked an intelligence system to disseminate information about threats and vulnerabilities to all relevant parties. The state's new terrorism intelligence center—created immediately after the attacks—is a promising step that bears watching for its effectiveness and utility.

Despite the development of such a system, many leaders of private industry remain reluctant to share their proprietary information with the state, for several reasons. For starters, many industry leaders fear that information shared in confidence could become available to competitors through public records acts and other sunshine provisions. Industry leaders also fear that the public reporting of dangers could reduce profits. Or that police investigations on private property could further hinder business as usual. Or that the state might not reciprocate the proprietary information with security tips.

Combine Public and Private Forces

To allay these fears, the California Office of Emergency Services (OES), which already serves as a clearinghouse for crisis management in the state, should form a working group of industry representatives to identify what inducements are needed to persuade private companies to share information relevant to terrorism. For example, state lawmakers might need to pass legislation to exempt security-related proprietary information from state freedom-of-information requirements.

The important thing is to create trusting relationships between public and private entities so that they can coordinate and communicate effectively. When such coordination exists, the state can focus better on specific security measures tailored to specific sectors, as outlined below.

To secure the physical infrastructure, OES and other state agencies should

  • reduce public access to web sites and other currently available sources of highly sensitive information about the physical infrastructure

  • define and enforce minimum-security standards at refineries, chemical plants, power plants, water facilities, and other utilities. These standards could range from the installation of cameras and chainlink fences to background security checks for key personnel. Once the standards are established, the state can encourage compliance with them through a variety of measures, such as tax incentives.

  • promote a public-private dialogue specifically related to physical security, and consider which kinds of incentives could encourage private entities to participate in the nascent intelligence-sharing community.

To secure the cyberinfrastructure, state officials should

  • routinely collect information about computer-related vulnerabilities and terrorist activities

  • experiment with a range of nontraditional denial and deception measures to thwart computer-based terrorist reconnaissance activities

  • form an alliance with industry to generate up-to-date threat assessments and to develop cost-benefit analyses of countermeasures and security upgrades.

To secure the agricultural sector, state priorities should be to

  • increase training of veterinary professionals and students to rapidly diagnose and treat foreign and exotic animal diseases

  • conduct regular exercises and simulations—as is done in the realm of human public health—to hone the ability of public and private professionals to diagnose animal diseases, coordinate resources, recall food products from processing and packing plants, dispose of animal carcasses, and manage public reactions to agricultural terrorism

  • explore the feasibility and desirability of a statewide agricultural insurance plan. Such a plan would protect against both naturally occurring and deliberately introduced diseases. A key objective would be to design an insurance and compensation system that offers strong incentives to food producers to practice adequate biosecurity, surveillance, and emergency response at food processing and packing plants, particularly at smaller facilities.

Finally, it would be sound policy for the state to periodically reassess its vulnerabilities to terrorist attacks. Terrorist opportunities, tactics, and motivations have changed dramatically over the past several decades. Periodic reassessments of vulnerabilities are justified in the face of the changing threat.

Related Reading

The Implications of the September 11 Terrorist Attacks for California: A Collection of Issue Papers, K. Jack Riley, Mark Hanson (eds.), RAND/IP-223-SCA, 2002, 98 pp., no charge.

Contents