Op-Ed Contributor – The Risk of Too Much Oversight – Op-Ed – NYTimes.com
To appreciate the challenge we face, it is important to remember that the Sept. 11 terrorist attack was a classic “low-probability, high-consequence” event. In the pre-9/11 era, if experts had generated a list of risks to our country — various terrorist attacks, hurricanes, contagious diseases and so on — they probably would have concluded that terrorists flying planes into skyscrapers and government buildings was unlikely, in light of the security and logistical obstacles the terrorists would have to overcome. While those experts would have acknowledged that such an attack would have grave results, before 9/11, relatively few people worried about such low-probability, high-consequence security events. After 9/11, however, many people began thinking about a broad range of such attacks.
Not surprisingly, when people started to focus on bad things that might happen to us, they identified a seemingly infinite catalogue of worrisome possibilities: nuclear, chemical and biological terrorist attacks delivered by planes, ships, cars or other mechanisms; conventional explosives on mass transit systems; gunmen in public places; cyber attacks on computer and communication networks; and natural hazards like earthquakes and hurricanes. This is just a sliver of the ever-evolving list of homeland security concerns.
But resources are limited and it’s not possible to do everything, so we need to think carefully about the risk: the likelihood of the event and the consequences if it were to occur. Ideally, we would be able to rationally rank homeland security risks, and resources would follow. Though some prioritizing efforts are under way, the process has been made unnecessarily difficult.
I’m glad that this person recognizes the danger in what Bruce Scheier calls “movie plot” security (that is, the monastic delineation of everything that might happen). Prioritization would be an improvement, but I’m not sure it would still be the best.
Perhaps the DHS could organize all possible threats into broad strokes–like hijackings, bombings of population centers, espionage, infrastructural attacks, etc–and ensure that the related agencies are doing their jobs. That is, it would be impossible for the DHS to pick one plot–say, Snidely Whiplash blowing up a dam–out of a hat in time to prevent one in progress. But, the agencies responsible for the dam could be responsible for ensuring the structure is resilient and the security is sound. In turn, Homeland Security could make sure that this work is taking place and proceeding well.
You cannot predict every terrorist attack, but every terrorist needs tools to carry them out, and those common threads–a train station, an airplane, a dam–can be secured to ensure such plots, known or yet to be invented, could be prevented. In the meantime, experts at the DHS could watch the terrorist chatter like hawks, and indeed prioritize the likely methods and trouble spots for the benefit of other agencies. The DHS could in turn check that these agencies are fulfilling their responsibilities, and send liason officers to offer support and expertise.
Turf wars are common in government, and my impression is that the DHS tries to be a jack of all trades, ensnaring them further in multi-front battles. A support organization at the nexus of government security matters could be more effective than one lording over government with a heavy hand. An agency with the CIA and FBI whispering in its ear may be more effective than one fumbling to interlocute or aspiring to the status of a third player. Then again, I may have misinterpreted how the DHS works. I simply doubt that their reputation as a staggering and understaffed bureaucracy is entirely unfounded, and we’re all stinging from the department’s first major test: Hurricane Katrina.