In the nearly three years since 9/11, Americans have become better protected against terrorist attack. Some of the changes are due to government action, such as new precautions to protect aircraft. A portion can be attributed to the sheer scale of spending and effort. Publicity and the vigilance of ordinary Americans also make a difference.
But the President and other officials acknowledge that although Americans may be safer, they are not safe. Our report shows that the terrorists analyze defenses. They plan accordingly.
Defenses cannot achieve perfect safety. They make targets harder to attack successfully, and they deter attacks by making capture more likely. Just increasing the attacker's odds of failure may make the difference between a plan attempted, or a plan discarded. The enemy also may have to develop more elaborate plans, thereby increasing the danger of exposure or defeat.
Protective measures also prepare for the attacks that may get through, containing the damage and saving lives.
More than 500 million people annually cross U.S. borders at legal entry points, about 330 million of them noncitizens. Another 500, 000 or more enter illegally without inspection across America's thousands of miles of land borders or remain in the country past the expiration of their permitted stay. The challenge for national security in an age of terrorism is to prevent the very few people who may pose overwhelming risks from entering or remaining in the United States undetected.31
In the decade before September 11, 2001, border security--encompassing travel, entry, and immigration--was not seen as a national security matter. Public figures voiced concern about the "war on drugs," the right level and kind of immigration, problems along the southwest border, migration crises originating in the Caribbean and elsewhere, or the growing criminal traffic in humans. The immigration system as a whole was widely viewed as increasingly dysfunctional and badly in need of reform. In national security circles, however, only smuggling of weapons of mass destruction carried weight, not the entry of terrorists who might use such weapons or the presence of associated foreign-born terrorists.
For terrorists, travel documents are as important as weapons. Terrorists must travel clandestinely to meet, train, plan, case targets, and gain access to attack. To them, international travel presents great danger, because they must surface to pass through regulated channels, present themselves to border security officials, or attempt to circumvent inspection points.
In their travels, terrorists use evasive methods, such as altered and counterfeit passports and visas, specific travel methods and routes, liaisons with corrupt government officials, human smuggling networks, supportive travel agencies, and immigration and identity fraud. These can sometimes be detected.
Before 9/11, no agency of the U.S. government systematically analyzed terrorists' travel strategies. Had they done so, they could have discovered the ways in which the terrorist predecessors to al Qaeda had been systematically but detectably exploiting weaknesses in our border security since the early 1990s.
We found that as many as 15 of the 19 hijackers were potentially vulnerable to interception by border authorities. Analyzing their characteristic travel documents and travel patterns could have allowed authorities to intercept 4 to 15 hijackers and more effective use of information available in U.S. government databases could have identified up to 3 hijackers.32
Looking back, we can also see that the routine operations of our immigration laws--that is, aspects of those laws not specifically aimed at protecting against terrorism--inevitably shaped al Qaeda's planning and opportunities. Because they were deemed not to be bona fide tourists or students as they claimed, five conspirators that we know of tried to get visas and failed, and one was denied entry by an inspector. We also found that had the immigration system set a higher bar for determining whether individuals are who or what they claim to be--and ensuring routine consequences for violations--it could potentially have excluded, removed, or come into further contact with several hijackers who did not appear to meet the terms for admitting short-term visitors.33
Our investigation showed that two systemic weaknesses came together in our border system's inability to contribute to an effective defense against the 9/11 attacks: a lack of well-developed counterterrorism measures as a part of border security and an immigration system not able to deliver on its basic commitments, much less support counterterrorism. These weaknesses have been reduced but are far from being overcome.
Recommendation: Targeting travel is at least as powerful a weapon against terrorists as targeting their money. The United States should combine terrorist travel intelligence, operations, and law enforcement in a strategy to intercept terrorists, find terrorist travel facilitators, and constrain terrorist mobility.
Since 9/11, significant improvements have been made to create an integrated watchlist that makes terrorist name information available to border and law enforcement authorities. However, in the already difficult process of merging border agencies in the new Department of Homeland Security--"changing the engine while flying" as one official put it34--new insights into terrorist travel have not yet been integrated into the front lines of border security.
The small terrorist travel intelligence collection and analysis program currently in place has produced disproportionately useful results. It should be expanded. Since officials at the borders encounter travelers and their documents first and investigate travel facilitators, they must work closely with intelligence officials.
Internationally and in the United States, constraining terrorist travel should become a vital part of counterterrorism strategy. Better technology and training to detect terrorist travel documents are the most important immediate steps to reduce America's vulnerability to clandestine entry. Every stage of our border and immigration system should have as a part of its operations the detection of terrorist indicators on travel documents. Information systems able to authenticate travel documents and detect potential terrorist indicators should be used at consulates, at primary border inspection lines, in immigration services offices, and in intelligence and enforcement units. All frontline personnel should receive some training. Dedicated specialists and ongoing linkages with the intelligence community are also required. The Homeland Security Department's Directorate of Information Analysis and Infrastructure Protection should receive more resources to accomplish its mission as the bridge between the frontline border agencies and the rest of the government counterterrorism community.
When people travel internationally, they usually move through defined channels, or portals. They may seek to acquire a passport. They may apply for a visa. They stop at ticket counters, gates, and exit controls at airports and seaports. Upon arrival, they pass through inspection points. They may transit to another gate to get on an airplane. Once inside the country, they may seek another form of identification and try to enter a government or private facility. They may seek to change immigration status in order to remain.
Each of these checkpoints or portals is a screening--a chance to establish that people are who they say they are and are seeking access for their stated purpose, to intercept identifiable suspects, and to take effective action.
The job of protection is shared among these many defined checkpoints. By taking advantage of them all, we need not depend on any one point in the system to do the whole job. The challenge is to see the common problem across agencies and functions and develop a conceptual framework--an architecture--for an effective screening system.35
Throughout government, and indeed in private enterprise, agencies and firms at these portals confront recurring judgments that balance security, efficiency, and civil liberties. These problems should be addressed systemically, not in an ad hoc, fragmented way. For example:
What information is an individual required to present and in what form? A fundamental problem, now beginning to be addressed, is the lack of standardized information in "feeder" documents used in identifying individuals. Biometric identifiers that measure unique physical characteristics, such as facial features, fingerprints, or iris scans, and reduce them to digitized, numerical statements called algorithms, are just beginning to be used. Travel history, however, is still recorded in passports with entry-exit stamps called cachets, which al Qaeda has trained its operatives to forge and use to conceal their terrorist activities.
How will the individual and the information be checked? There are many databases just in the United States--for terrorist, criminal, and immigration history, as well as financial information, for instance. Each is set up for different purposes and stores different kinds of data, under varying rules of access. Nor is access always guaranteed. Acquiring information held by foreign governments may require painstaking negotiations, and records that are not yet digitized are difficult to search or analyze. The development of terrorist indicators has hardly begun, and behavioral cues remain important.
Who will screen individuals, and what will they be trained to do? A wide range of border, immigration, and law enforcement officials encounter visitors and immigrants and they are given little training in terrorist travel intelligence.Fraudulent travel documents, for instance, are usually returned to travelers who are denied entry without further examination for terrorist trademarks, investigation as to their source, or legal process.
What are the consequences of finding a suspicious indicator, and who will take action? One risk is that responses may be ineffective or produce no further information. Four of the 9/11 attackers were pulled into secondary border inspection, but then admitted. More than half of the 19 hijackers were flagged by the Federal Aviation Administration's profiling system when they arrived for their flights, but the consequence was that bags, not people, were checked. Competing risks include "false positives," or the danger that rules may be applied with insufficient training or judgment. Overreactions can impose high costs too--on individuals, our economy, and our beliefs about justice.
• A special note on the importance of trusting subjective judgment: One potential hijacker was turned back by an immigration inspector as he tried to enter the United States. The inspector relied on intuitive experience to ask questions more than he relied on any objective factor that could be detected by "scores" or a machine. Good people who have worked in such jobs for a long time understand this phenomenon well. Other evidence we obtained confirmed the importance of letting experienced gate agents or security screeners ask questions and use their judgment. This is not an invitation to arbitrary exclusions. But any effective system has to grant some scope, perhaps in a little extra inspection or one more check, to the instincts and discretion of well trained human beings.
Recommendation: The U.S. border security system should be integrated into a larger network of screening points that includes our transportation system and access to vital facilities, such as nuclear reactors. The President should direct the Department of Homeland Security to lead the effort to design a comprehensive screening system, addressing common problems and setting common standards with systemwide goals in mind. Extending those standards among other governments could dramatically strengthen America and the world's collective ability to intercept individuals who pose catastrophic threats.
We advocate a system for screening, not categorical profiling. A screening system looks for particular, identifiable suspects or indicators of risk. It does not involve guesswork about who might be dangerous. It requires frontline border officials who have the tools and resources to establish that people are who they say they are, intercept identifiable suspects, and disrupt terrorist operations.
The border and immigration system of the United States must remain a visible manifestation of our belief in freedom, democracy, global economic growth, and the rule of law, yet serve equally well as a vital element of counterterrorism. Integrating terrorist travel information in the ways we have described is the most immediate need. But the underlying system must also be sound.
Since September 11, the United States has built the first phase of a biometric screening program, called US VISIT (the United States Visitor and Immigrant Status Indicator Technology program). It takes two biometric identifiers--digital photographs and prints of two index fingers--from travelers. False identities are used by terrorists to avoid being detected on a watch-list. These biometric identifiers make such evasions far more difficult.
So far, however, only visitors who acquire visas to travel to the United States are covered. While visitors from "visa waiver" countries will be added to the program, beginning this year, covered travelers will still constitute only about 12 percent of all noncitizens crossing U.S. borders. Moreover, exit data are not uniformly collected and entry data are not fully automated. It is not clear the system can be installed before 2010, but even this timetable may be too slow, given the possible security dangers.36
Inspectors adjudicating entries of the 9/11 hijackers lacked adequate information and knowledge of the rules. All points in the border system--from consular offices to immigration services offices--will need appropriate electronic access to an individual's file. Scattered units at Homeland Security and the State Department perform screening and data mining: instead, a government-wide team of border and transportation officials should be working together. A modern border and immigration system should combine a biometric entry-exit system with accessible files on visitors and immigrants, along with intelligence on indicators of terrorist travel.
Our border screening system should check people efficiently and welcome friends. Admitting large numbers of students, scholars, businesspeople, and tourists fuels our economy, cultural vitality, and political reach. There is evidence that the present system is disrupting travel to the United States. Overall, visa applications in 2003 were down over 32 percent since 2001. In the Middle East, they declined about 46 percent. Training and the design of security measures should be continuously adjusted.38
Recommendation: The Department of Homeland Security, properly supported by the Congress, should complete, as quickly as possible, a biometric entry-exit screening system, including a single system for speeding qualified travelers. It should be integrated with the system that provides benefits to foreigners seeking to stay in the United States. Linking biometric passports to good data systems and decisionmaking is a fundamental goal. No one can hide his or her debt by acquiring a credit card with a slightly different name. Yet today, a terrorist can defeat the link to electronic records by tossing away an old passport and slightly altering the name in the new one.
Completion of the entry-exit system is a major and expensive challenge. Biometrics have been introduced into an antiquated computer environment. Replacement of these systems and improved biometric systems will be required. Nonetheless, funding and completing a biometrics-based entry-exit system is an essential investment in our national security.
Exchanging terrorist information with other countries, consistent with privacy requirements, along with listings of lost and stolen passports, will have immediate security benefits. We should move toward real-time verification of passports with issuing authorities. The further away from our borders that screening occurs, the more security benefits we gain. At least some screening should occur before a passenger departs on a flight destined for the United States. We should also work with other countries to ensure effective inspection regimes at all airports.39
The international community arrives at international standards for the design of passports through the International Civil Aviation Organization (ICAO). The global standard for identification is a digital photograph; fingerprints are optional. We must work with others to improve passport standards and provide foreign assistance to countries that need help in making the transition.40
Recommendation: The U.S. government cannot meet its own obligations to the American people to prevent the entry of terrorists without a major effort to collaborate with other governments. We should do more to exchange terrorist information with trusted allies, and raise U.S. and global border security standards for travel and border crossing over the medium and long term through extensive international cooperation.
Our borders and immigration system, including law enforcement, ought to send a message of welcome, tolerance, and justice to members of immigrant communities in the United States and in their countries of origin. We should reach out to immigrant communities. Good immigration services are one way of doing so that is valuable in every way--including intelligence.
It is elemental to border security to know who is coming into the country. Today more than 9 million people are in the United States outside the legal immigration system. We must also be able to monitor and respond to entrances between our ports of entry, working with Canada and Mexico as much as possible.
There is a growing role for state and local law enforcement agencies. They need more training and work with federal agencies so that they can cooperate more effectively with those federal authorities in identifying terrorist suspects.
All but one of the 9/11 hijackers acquired some form of U.S. identification document, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other necessary activities.
Recommendation: Secure identification should begin in the United States. The federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers licenses. Fraud in identification documents is no longer just a problem of theft. At many entry points to vulnerable facilities, including gates for boarding aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists.41
The U.S. transportation system is vast and, in an open society, impossible to secure completely against terrorist attacks. There are hundreds of commercial airports, thousands of planes, and tens of thousands of daily flights carrying more than half a billion passengers a year. Millions of containers are imported annually through more than 300 sea and river ports served by more than 3, 700 cargo and passenger terminals. About 6, 000 agencies provide transit services through buses, subways, ferries, and light-rail service to about 14 million Americans each weekday.42
In November 2001, Congress passed and the President signed the Aviation and Transportation Security Act. This act created the Transportation Security Administration (TSA), which is now part of the Homeland Security Department. In November 2002, both the Homeland Security Act and the Maritime Transportation Security Act followed. These laws required the development of strategic plans to describe how the new department and TSA would provide security for critical parts of the U.S. transportation sector.
Over 90 percent of the nation's $5.3 billion annual investment in the TSA goes to aviation--to fight the last war. The money has been spent mainly to meet congressional mandates to federalize the security checkpoint screeners and to deploy existing security methods and technologies at airports. The current efforts do not yet reflect a forward-looking strategic plan systematically analyzing assets, risks, costs, and benefits. Lacking such a plan, we are not convinced that our transportation security resources are being allocated to the greatest risks in a cost-effective way.
Despite congressional deadlines, the TSA has developed neither an integrated strategic plan for the transportation sector nor specific plans for the various modes--air, sea, and ground.
Recommendation: Hard choices must be made in allocating limited resources. The U.S. government should identify and evaluate the transportation assets that need to be protected, set risk-based priorities for defending them, select the most practical and cost-effective ways of doing so, and then develop a plan, budget, and funding to implement the effort. The plan should assign roles and missions to the relevant authorities (federal, state, regional, and local) and to private stakeholders. In measuring effectiveness, perfection is unattainable. But terrorists should perceive that potential targets are defended. They may be deterred by a significant chance of failure.
Congress should set a specific date for the completion of these plans and hold the Department of Homeland Security and TSA accountable for achieving them.
The most powerful investments may be for improvements in technologies with applications across the transportation modes, such as scanning technologies designed to screen containers that can be transported by plane, ship, truck, or rail. Though such technologies are becoming available now, widespread deployment is still years away.
In the meantime, the best protective measures may be to combine improved methods of identifying and tracking the high-risk containers, operators, and facilities that require added scrutiny with further efforts to integrate intelligence analysis, effective procedures for transmitting threat information to transportation authorities, and vigilance by transportation authorities and the public.
No single security measure is foolproof. Accordingly, the TSA must have multiple layers of security in place to defeat the more plausible and dangerous forms of attack against public transportation.
On 9/11, the 19 hijackers were screened by a computer-assisted screening system called CAPPS. More than half were identified for further inspection, which applied only to their checked luggage.
Under current practices, air carriers enforce government orders to stop certain known and suspected terrorists from boarding commercial flights and to apply secondary screening procedures to others. The "no-fly" and "automatic selectee" lists include only those individuals who the U.S. government believes pose a direct threat of attacking aviation.
Because air carriers implement the program, concerns about sharing intelligence information with private firms and foreign countries keep the U.S. government from listing all terrorist and terrorist suspects who should be included. The TSA has planned to take over this function when it deploys a new screening system to take the place of CAPPS. The deployment of this system has been delayed because of claims it may violate civil liberties.
Recommendation: Improved use of "no-fly" and "automatic selectee" lists should not be delayed while the argument about a successor to CAPPS continues. This screening function should be performed by the TSA, and it should utilize the larger set of watchlists maintained by the federal government. Air carriers should be required to supply the information needed to test and implement this new system.
CAPPS is still part of the screening process, still profiling passengers, with the consequences of selection now including personal searches of the individual and carry-on bags. The TSA is dealing with the kind of screening issues that are being encountered by other agencies. As we mentioned earlier, these screening issues need to be elevated for high-level attention and addressed promptly by the government. Working through these problems can help clear the way for the TSA's screening improvements and would help many other agencies too.
The next layer is the screening checkpoint itself. As the screening system tries to stop dangerous people, the checkpoint needs to be able to find dangerous items. Two reforms are needed soon: (1) screening people for explosives, not just their carry-on bags, and (2) improving screener performance.
Recommendation: The TSA and the Congress must give priority attention to improving the ability of screening checkpoints to detect explosives on passengers. As a start, each individual selected for special screening should be screened for explosives. Further, the TSA should conduct a human factors study, a method often used in the private sector, to understand problems in screener performance and set attainable objectives for individual screeners and for the checkpoints where screening takes place.
Concerns also remain regarding the screening and transport of checked bags and cargo. More attention and resources should be directed to reducing or mitigating the threat posed by explosives in vessels' cargo holds. The TSA should expedite the installation of advanced (in-line) baggage-screening equipment. Because the aviation industry will derive substantial benefits from this deployment, it should pay a fair share of the costs. The TSA should require that every passenger aircraft carrying cargo must deploy at least one hardened container to carry any suspect cargo. TSA also needs to intensify its efforts to identify, track, and appropriately screen potentially dangerous cargo in both the aviation and maritime sectors.
Many of our recommendations call for the government to increase its presence in our lives--for example, by creating standards for the issuance of forms of identification, by better securing our borders, by sharing information gathered by many different agencies. We also recommend the consolidation of authority over the now far-flung entities constituting the intelligence community. The Patriot Act vests substantial powers in our federal government. We have seen the government use the immigration laws as a tool in its counterterrorism effort. Even without the changes we recommend, the American public has vested enormous authority in the U.S. government.
At our first public hearing on March 31, 2003, we noted the need for balance as our government responds to the real and ongoing threat of terrorist attacks. The terrorists have used our open society against us. In wartime, government calls for greater powers, and then the need for those powers recedes after the war ends. This struggle will go on. Therefore, while protecting our homeland, Americans should be mindful of threats to vital personal and civil liberties. This balancing is no easy task, but we must constantly strive to keep it right.
This shift of power and authority to the government calls for an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life. We therefore make three recommendations.
First, as we will discuss in chapter 13, to open up the sharing of information across so many agencies and with the private sector, the President should take responsibility for determining what information can be shared by which agencies and under what conditions. Protection of privacy rights should be one key element of this determination.
Recommendation: As the President determines the guidelines for information sharing among government agencies and by those agencies with the private sector, he should safeguard the privacy of individuals about whom information is shared.
Second, Congress responded, in the immediate aftermath of 9/11, with the Patriot Act, which vested substantial new powers in the investigative agencies of the government. Some of the most controversial provisions of the Patriot Act are to "sunset" at the end of 2005. Many of the act's provisions are relatively noncontroversial, updating America's surveillance laws to reflect technological developments in a digital age. Some executive actions that have been criticized are unrelated to the Patriot Act. The provisions in the act that facilitate the sharing of information among intelligence agencies and between law enforcement and intelligence appear, on balance, to be beneficial. Because of concerns regarding the shifting balance of power to the government, we think that a full and informed debate on the Patriot Act would be healthy.
Recommendation:The burden of proof for retaining a particular governmental power should be on the executive, to explain (a) that the power actually materially enhances security and (b) that there is adequate supervision of the executive's use of the powers to ensure protection of civil liberties. If the power is granted, there must be adequate guidelines and oversight to properly confine its use.
Third, during the course of our inquiry, we were told that there is no office within the government whose job it is to look across the government at the actions we are taking to protect ourselves to ensure that liberty concerns are appropriately considered. If, as we recommend, there is substantial change in the way we collect and share intelligence, there should be a voice within the executive branch for those concerns. Many agencies have privacy offices, albeit of limited scope. The Intelligence Oversight Board of the President's Foreign Intelligence Advisory Board has, in the past, had the job of overseeing certain activities of the intelligence community.
Recommendation: At this time of increased and consolidated government authority, there should be a board within the executive branch to oversee adherence to the guidelines we recommend and the commitment the government makes to defend our civil liberties.
We must find ways of reconciling security with liberty, since the success of one helps protect the other. The choice between security and liberty is a false choice, as nothing is more likely to endanger America's liberties than the success of a terrorist attack at home. Our history has shown us that insecurity threatens liberty. Yet, if our liberties are curtailed, we lose the values that we are struggling to defend.
Before 9/11, no executive department had, as its first priority, the job of defending America from domestic attack. That changed with the 2002 creation of the Department of Homeland Security. This department now has the lead responsibility for problems that feature so prominently in the 9/11 story, such as protecting borders, securing transportation and other parts of our critical infrastructure, organizing emergency assistance, and working with the private sector to assess vulnerabilities.
Throughout the government, nothing has been harder for officials--executive or legislative--than to set priorities, making hard choices in allocating limited resources. These difficulties have certainly afflicted the Department of Homeland Security, hamstrung by its many congressional overseers. In delivering assistance to state and local governments, we heard--especially in New York--about imbalances in the allocation of money. The argument concentrates on two questions.
First, how much money should be set aside for criteria not directly related to risk? Currently a major portion of the billions of dollars appropriated for state and local assistance is allocated so that each state gets a certain amount, or an allocation based on its population--wherever they live.
Recommendation: Homeland security assistance should be based strictly on an assessment of risks and vulnerabilities. Now, in 2004, Washington, D. C., and New York City are certainly at the top of any such list. We understand the contention that every state and city needs to have some minimum infrastructure for emergency response. But federal homeland security assistance should not remain a program for general revenue sharing. It should supplement state and local resources based on the risks or vulnerabilities that merit additional support. Congress should not use this money as a pork barrel.
The second question is, Can useful criteria to measure risk and vulnerability be developed that assess all the many variables? The allocation of funds should be based on an assessment of threats and vulnerabilities. That assessment should consider such factors as population, population density, vulnerability, and the presence of critical infrastructure within each state. In addition, the federal government should require each state receiving federal emergency preparedness funds to provide an analysis based on the same criteria to justify the distribution of funds in that state.
In a free-for-all over money, it is understandable that representatives will work to protect the interests of their home states or districts. But this issue is too important for politics as usual to prevail. Resources must be allocated according to vulnerabilities. We recommend that a panel of security experts be convened to develop written benchmarks for evaluating community needs. We further recommend that federal homeland security funds be allocated in accordance with those benchmarks, and that states be required to abide by those benchmarks in disbursing the federal funds. The benchmarks will be imperfect and subjective; they will continually evolve. But hard choices must be made. Those who would allocate money on a different basis should then defend their view of the national interest.
The attacks on 9/11 demonstrated that even the most robust emergency response capabilities can be overwhelmed if an attack is large enough. Teamwork, collaboration, and cooperation at an incident site are critical to a successful response. Key decisionmakers who are represented at the incident command level help to ensure an effective response, the efficient use of resources, and responder safety. Regular joint training at all levels is, moreover, essential to ensuring close coordination during an actual incident.
Recommendation: Emergency response agencies nationwide should adopt the Incident Command System (ICS). When multiple agencies or multiple jurisdictions are involved, they should adopt a unified command. Both are proven frameworks for emergency response. We strongly support the decision that federal homeland security funding will be contingent, as of October 1, 2004, upon the adoption and regular use of ICS and unified command procedures. In the future, the Department of Homeland Security should consider making funding contingent on aggressive and realistic training in accordance with ICS and unified command procedures.
The attacks of September 11, 2001 overwhelmed the response capacity of most of the local jurisdictions where the hijacked airliners crashed. While many jurisdictions have established mutual aid compacts, a serious obstacle to multi-jurisdictional response has been the lack of indemnification for mutual-aid responders in areas such as the National Capital Region.
Public safety organizations, chief administrative officers, state emergency management agencies, and the Department of Homeland Security should develop a regional focus within the emergency responder community and promote multi-jurisdictional mutual assistance compacts. Where such compacts already exist, training in accordance with their terms should be required. Congress should pass legislation to remedy the long-standing indemnification and liability impediments to the provision of public safety mutual aid in the National Capital Region and where applicable throughout the nation.
The inability to communicate was a critical element at the World Trade Center, Pentagon, and Somerset County, Pennsylvania, crash sites, where multiple agencies and multiple jurisdictions responded. The occurrence of this problem at three very different sites is strong evidence that compatible and adequate communications among public safety organizations at the local, state, and federal levels remains an important problem.
Recommendation: Congress should support pending legislation which provides for the expedited and increased assignment of radio spectrum for public safety purposes. Furthermore, high-risk urban areas such as New York City and Washington, D. C., should establish signal corps units to ensure communications connectivity between and among civilian authorities, local first responders, and the National Guard. Federal funding of such units should be given high priority by Congress.
The mandate of the Department of Homeland Security does not end with government; the department is also responsible for working with the private sector to ensure preparedness. This is entirely appropriate, for the private sector controls 85 percent of the critical infrastructure in the nation. Indeed, unless a terrorist's target is a military or other secure government facility, the "first" first responders will almost certainly be civilians. Homeland security and national preparedness therefore often begins with the private sector.
Preparedness in the private sector and public sector for rescue, restart, and recovery of operations should include (1) a plan for evacuation, (2) adequate communications capabilities, and (3) a plan for continuity of operations. As we examined the emergency response to 9/11, witness after witness told us that despite 9/11, the private sector remains largely unprepared for a terrorist attack. We were also advised that the lack of a widely embraced private-sector preparedness standard was a principal contributing factor to this lack of preparedness.
We responded by asking the American National Standards Institute (ANSI) to develop a consensus on a "National Standard for Preparedness" for the private sector. ANSI convened safety, security, and business continuity experts from a wide range of industries and associations, as well as from federal, state, and local government stakeholders, to consider the need for standards for private sector emergency preparedness and business continuity.
The result of these sessions was ANSI's recommendation that the Commission endorse a voluntary National Preparedness Standard. Based on the existing American National Standard on Disaster/Emergency Management and Business Continuity Programs (NFPA 1600), the proposed National Preparedness Standard establishes a common set of criteria and terminology for preparedness, disaster management, emergency management, and business continuity programs. The experience of the private sector in the World Trade Center emergency demonstrated the need for these standards.
Recommendation: We endorse the American National Standards Institute's recommended standard for private preparedness. We were encouraged by Secretary Tom Ridge's praise of the standard, and urge the Department of Homeland Security to promote its adoption. We also encourage the insurance and credit-rating industries to look closely at a company's compliance with the ANSI standard in assessing its insurability and creditworthiness. We believe that compliance with the standard should define the standard of care owed by a company to its employees and the public for legal purposes. Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. It is ignored at a tremendous potential cost in lives, money, and national security.