Congressman Bennie Thompson, chairman of the House Homeland Security Committee, set the tone for yesterday’s first Congressional hearing on resilience by asserting that America’s strategy for protecting the homeland must balance prevention with resilience since 100% security is unobtainable. Moreover, “we all have a role to play,” he said, implying that resilience is the responsibility of the federal government, states and localities, academia, and the private sector, which explains the presence of DHS, MIT, ATT&T, SAP, and the Homeland Security Center for Risk & Economic Analysis of Terrorism Events at USC as witnesses. Chairman Thompson concluded his opening remarks with his refrain that success in this mission demands “honesty with the American people” and a worthy goal of securing the homeland is that we do so based on a “freedom from fear.”
DHS Assistant Secretary for Policy, Stewart Baker, represented the federal government and its views on resilience, as well as current efforts to invest in this capability. Much of A/S Baker’s prepared remarks focused on the ability to “bounce back” as the goal of resilience. This is important, but it leaves out other dimensions that make the concept of resilience valuable (i.e. deterrence, measured response, dual use, etc.).
However, he did emphasize certain efforts to use information more effectively as a resource for alerting populations at risk as soon as an attack or disaster is known to be imminent. Baker cited such measures as “reverse 9/11,” instant messaging, blogs, Google Maps, and twitter as means for fostering an organized response. (Blogs?)
Mr. Baker did identify at least one area that would generate substantial improvement. He described DHS’s work with the Treasury Department, the Financial Services Sector Coordinating Council Subcommittee for Research and Development, and ChicagoFIRST to develop a risk management tool for the finance sector. This includes a computer simulation of the value chains of a generic financial enterprise to allow organizations to create and run “disruption scenarios tailored to their individual business models, using their own proprietary data as well as generic data for the rest of the financial sector,” according to Baker.
Professor Yossi Sheffi of MIT broadened the scope of the discussion to include the important ability of obtaining information early in order to act earlier and with more precision. He cited specifically the prerequisite of devolving decision making to the levels closest to the “front lines” in order to be not only quicker in responding, but also more surgical in that response so as to minimize overreactions that risk amplifying the circumstances.
AT&T’s Susan Bailey echoed this with an explanation that her firm not only prepares for disruptions, but they monitor, pattern, and then profile internet traffic that they support to establish a baseline. Aberrations and abnormalities — often antecedents to cyber attacks — can then be identified and zeroed in on. Indeed, Erroll Southers of the Homeland Security Center for Risk & Economic Analysis of Terrorism Events described how the British implicitly join detection and resilience.
Several members cited the media coverage yesterday of a study that found a nationwide inability on the part of emergency rooms to manage large and unexpected influxes of patients that would likely follow a terrorist strike or natural disaster. Naturally, A/S Baker had little to say about this. That may be the job of the DHS Medical Advisor or HHS, but it isn’t even resilience in the first place. This scenario describes the need for “surge capacity” in hospitals in order to facilitate an emergency response. Turning victims into patients is important for response, but resilience is different.
Interestingly, Rep. Lungren invoked a missing aspect of resilience. If “we all play a part,” as the Chairman appropriately notes, then we must find a way for resilience to become a part of the bottom line for the private sector. He raises a good point. While regulations will surely get industry’s attention, the best form of resilience — indeed the best form of homeland security — reduces the risk of terrorist attack or disruption while also improving the facilitation of trade and travel.
Resilience in the form of redundancy (costly back up facilities or other investments that go unused until disaster strikes) is a blunt measure. Today the Subcommittee on Border, Maritime, and Global Counterterrorism convenes their hearing on “Assessing the Resiliency of the Nation’s Supply Chain.” This is a perfect opportunity to explore smart resilience, as opposed to simply the ability to bounce back.