Global Security Challenge: Remarks
Notes for “The Role of Technology in Counterterrorism Strategy: How Far Can We Go?”
Yesterday when I arrived in London I realized that this is a very appropriate setting for a discussion of this nature. When I was walking from the Tube to the hotel and looking at the Tower of London, I couldnâ€™t help but think about the investments that the British monarchy made over hundreds of centuries to improve the technologies used to defend castles â€“ higher walls, deeper moats, better bulwarks, turrets, and towers to improve defenses against evolving threats, and to keep prisoners secure inside its walls. Itâ€™s a fitting analogy for our topic today on the role of technology in counterterrorism and homeland security strategy.
Iâ€™ll talk first about trends and patterns in technology innovation over the past five years, and where I think we are right now in the innovation cycle; second, Iâ€™ll take a few minutes to discuss the critical importance of integration in this sector; and Iâ€™ll wrap up with a few key lessons that I think are relevant for companies that are trying to play in this sector.
The development of new generations of technologies is a critical element of the fight against terrorism and a broader effort to make our societies more resilient against disruptive threats. Itâ€™s something that Iâ€™ve looked closely at over the past few years, writing a number of reports on the homeland security market, and I think weâ€™ve seen some tremendous strides in the last five years in the state of technology in a number of areas. Iâ€™d single out seven areas where I think a lot of positive progress has been made: Biometrics. CBRN sensor technology. Screening and imaging devices. Cargo and asset tracking technologies. Video surveillance. Data analysis. Biological countermeasures.
There have been significant improvements in the technology baseline in each of these areas in the last five years, as a â€œsecond-generationâ€ of technology that was developed quickly after 9/11 has come online, in a way that has delivered incremental improvements to counterterrorism and homeland security capabilities.
But none of these sectors are really yet mature. There are many examples of flawed second-generation technology, where the business case for implementation remains weak. For example, the Government Accountability Office in the U.S. reported last week that a new generation of radiation portal monitors for cargo which are currently in the final stages of development perform only moderately better than the ones based on 1960â€™s technology, and are projected to cost seven times as much: $377 thousand dollars versus $55 thousand dollars. And many of the screening and imaging technologies that have been developed over the last few years have throughput issues, unable to handle the workloads that would be required for a high degree of use.
Given this reality, I think we will start to see a third-generation of technology come to maturity between now and the end of the decade, much of it based on the more thorough research initiatives that have been launched by government agencies and financed by the long-term VC bets that have been placed in the sector. Itâ€™s the stage in the technology adoption cycle where the presentations and business plans presented earlier today have a chance to make their mark. This third-generation has the opportunity to overcome the limitations of current technology and change the game in a number of sectors that have proven to be challenging, most notably, I would argue in biosensors, radiological-nuclear detection devices, and data analysis.
The other key technology trend that I think that weâ€™ll see more attention on in the next four years is system integration, essentially taking the fragmented global security system that we have today and linking the pieces together. This is an issue that Iâ€™ve worked on a lot in my job at IBM, through our white paper published last year on Global Movement Management. Itâ€™s important to still develop and refine the specific â€œpinpointâ€ technologies that Iâ€™ve just mentioned, but efforts to integrate existing technologies and systems will be equally critical.
The foiled plot against airlines that was broken up by UK authorities is a perfect example of why this is important.
Weâ€™ve seen a lot of attention paid in the two months since this was foiled to the liquid explosive threat, and what can be done to detect the precursor ingredients to TATP in an aviation screening environment. It makes sense to make these investments, but this wasnâ€™t why this plot was foiled.
It was foiled because of effective intelligence and investigation work by British, U.S., and Pakistani authorities, working across national and institutional boundaries to gather evidence, share information, and ultimately move to wrap up the plot.
This was an example of an integrated system response to a threat. In some cases this integration was automated, for example where US and British authorities share intelligence data in real-time. In other cases this integration was manual, based upon trust and personal relationships upon the multiple entities involved. But whether automated or manual, it was the integration of information â€“ the â€œconnecting of the dotsâ€ that enabled authorities to detect, monitor and ultimately disrupt the plot.
Efforts to improve this type of integration within countries and across borders are underway, and are important to anyone who is trying to understand the current technology paradigm for homeland security and counterterrorism. I think weâ€™ll see increased consolidation and convergence of homeland security systems in the coming years, moving away from the fragmented reality of today.
Why is fragmentation a problem that needs to be addressed? Let me briefly give another example, and describe the current reality in the United States in terms of risk assessment systems and engines related to terrorism. We have one risk assessment system for domestic air travelers. We have another for international travelers. We have one risk management system for maritime cargo, and a separate and distinct one for air cargo. We have risk management systems for spotting suspicious financial transactions, and systems within our intelligence community for targeting suspicious communications.
The connections between these various systems are limited today. And thatâ€™s just the United States. Countries like the UK, Canada, Australia and others have similar types of systems in place. And there are private sector systems for risk assessment â€“ credit agencies, financial firmsâ€™ tools for fraud detection and anti-money laundering.
Now contrast that reality with everything that we know about how terrorist groups operate. They donâ€™t recognize these artificial distinctions and boundaries. They move across borders and often blend seamlessly into societies. They ship or acquire goods to carry out their attacks: to put it in b-school speak, they have a highly agile and integrated supply chain. They wire and transfer money across borders. And they communicate with each other via multiple means. In all of these cases, they harness the advanced tools of the multi-trillion dollar global economy: our banking, travel, trade and telecommunications systems.
We need a globally integrated approach that responds to this reality, in a way that is aligned with the underlying operational imperatives of highly networked terrorist groups operating within a globalized society and economy. And we need to figure how to do this in a way that doesnâ€™t harm or degrade our own core values and strengths.
This is a multi-level challenge, within which technology plays a critical role. As part of it, we should drive toward global systems-of-systems for key functional areas in homeland security and counterterrorism, such as risk management, screening, and credentialing. I think these imperatives for integration will be a major factor in the technology investment strategy of governments and private entities in the next few years, as a means to better leverage existing investments and improve performance.
That brings me to a four key lessons in terms of understanding the role of technology and the private sector for homeland security and counterterrorism.
First, no single technology is â€œthe solutionâ€ for homeland security and counterterrorism. Technology can be an enabler and a force-multiplier, but it is not the silver-bullet â€œsolution.â€ Iâ€™ve participated in many meetings with senior government officials over the last few years, and they will all tell you that they are fatigued by companies coming in to talk to them about how their product or technology will solve all of their needs. But there are no magic elixirs in homeland security and counterterrorism. Weâ€™ve been trying to have much more of a strategic-level conversation with senior government officials in my work at IBM, focused on ideas rather than specific technologies, as a way to build trust and become a partner to these officials. That approach might be difficult for small companies to emulate, but I think itâ€™s worth bearing in mind.
Second, the importance of standards in homeland security is growing and is a critical factor for companiesâ€™ abilities to succeed in this market. The normal standards-setting processes at the ISO and at national-level organizations are finally catching up to the technology adoption cycle over the last few years, and weâ€™ve begun to see broad standards emerge in areas like nuclear detection and supply chain security. These standards matter for the reasons that I talked about earlier: you can develop the greatest technology in the world, but if it isnâ€™t interoperable and compatible with other companiesâ€™ technologies and systems deployed in other countries, then its benefits are constrained, in a way that diminishes its value in the market.
And standards-setting doesnâ€™t necessarily need to be a government-led effort. Companies can form groups and coalitions to drive standards forward, something that weâ€™re currently working on at IBM in terms of a coalition that weâ€™ve formed to drive forward standards for global trade and travel security.
Third, I would highlight the importance of building privacy issues into your business model from day one, and not as an afterthought thatâ€™s tacked on at the last moment, noting of course that privacy means different things in different parts of the world. Weâ€™ve seen a number of promising systems and technologies derailed because of privacy issues over the past few years, and I would argue that in most of these cases these derailments could have been prevented if attention had been paid to privacy concerns up front. Privacy should be thought of as a potential competitive advantage for new technologies, and also as its own distinct subsector, in terms of technologies like data anonymization that can facilitate privacy protections.
Fourth, and probably most importantly, I would argue that working in this market requires a deep conviction about the importance of the underlying mission of defeating terrorism and making our societies more resilient. There is an important role for the private sector to play in this market, and the profit motive has a legitimate role in harnessing and spurring innovation in homeland security and counterterrorism. But this is also a market with a social and public value, one where excess is unseemly, given what is at stake. I think that itâ€™s important to always bear that in mind as we talk about these issues.
Thank you, and I look forward to your questions later in the session.