The State of Resilience: Critical Infrastructure and the 9/11 Commission Report
September 11, 2001 changed everything. I have the honor to work with homeland security professionals who have felt called to serve in the wake of this tragic day. Reflecting on the ‘State of the Union’ 20 years later with regard to physical security and cybersecurity, I see the 9/11 Commission report as the vision document for global homeland security. post September 11.
In response to the attacks, Congress instructed the National Biparty Commission on the Terrorist Attacks on the United States (September 11 Commission) in 2002 “to prepare a full and comprehensive account of the circumstances surrounding the terrorist attacks of September 11, 2001,” including preparedness for and immediate response to attacks. (https://www.9-11commission.gov/)
The founding principles of the United States are part of what makes America special and unique. At the same time, these principles have also created silos that play a role in homeland security efforts. As established in the Constitution, government has been intentionally structured with separation between federal, state and local governments, as well as between branches of government. The 9/11 report exposed these silos and challenged everyone within the homeland security enterprise, including elected officials, to find ways to work together to improve information sharing and collaboration. at all levels of government. The following sections are part of the text of the 9/11 report as it relates to infrastructure and cybersecurity, as well as collaboration between all levels of government and the private sector.
Extracts from the public statement of the 9/11 Commission report, July 22, 2004 (https://govinfo.library.unt.edu/911/report/911Report_Statement.pdf)
- At home, we must establish clear priorities for the protection of our infrastructure and the safety of our transport. Resources should be allocated according to these priorities and standards of readiness should be established. The private sector and local governments should play an important role in this process.
- If, God forbid, there is another attack, we must be prepared to respond. We need to educate the public, train and equip our first responders, and anticipate countless scenarios.
- The most important failure was that of the imagination.
Extracts from the summary of the 9/11 Commission report (https://govinfo.library.unt.edu/911/report/911Report_Exec.pdf)
- The missed opportunities to foil the 9/11 conspiracy were also symptoms of a broader inability to adapt the way government deals with problems to the new challenges of the 21st century.
- Unit of effort: information sharing. The US government has access to a great deal of information. But he has a weak system for processing and using what he has. The “need to know” system should be replaced by a “need to share” system
The above-mentioned report recommendations were based on the National Infrastructure Protection Plan. Two years after the Commission’s report on September 11, the first national infrastructure protection plan was published (https://www.dhs.gov/xlibrary/assets/NIPP_Plan_noApps.pdf). Since 2006, the National Infrastructure Protection Plan has been completed and updated and is currently being updated (https://www.cisa.gov/national-infrastructure-protection-plan). This plan defines the framework and priorities for cybersecurity and infrastructure security. In addition, the plan established various groups within the Federal Government (Government Coordinating Boards) and the public and private sectors (Sector Risk Management Agencies). These various stakeholder engagement groups are intended to help work across different sectors and levels of government to share information, improve coordination, and strengthen our country’s capacity to prepare for and respond to any dangers.
The vast majority of critical infrastructure is owned and operated by local governments and the private sector. As such, these professionals are on the front line for the protection and resilience of their critical infrastructures. This responsibility for investments in protection and resilience at the local level is similar to how disaster response is executed locally, coordinated by the state and supported by the federal government. While federal and state governments are essential partners in these security efforts, local and private sector agencies must be intentional and proactive in their roles for the security and response of physical and cyber infrastructure.
“A universal action for all professionals in the public service is to build trust between other groups and individuals involved in cybersecurity and infrastructure security”
Professionals in the public service, public or private, must be mindful of the responsibility for safety and not become complacent. Whether in the design, construction, operation or maintenance of physical or IT infrastructure, everyone in these positions has a role to play in homeland security. Some of the activities within a given sector may be considered “normal”, but on closer examination these activities also have elements of resilience and should be understood as such. Professionals in the cyber and physical infrastructure profession must continue to work together and be determined to improve the security and resilience of the nation’s critical infrastructure. The federal government has invested millions of dollars in the development of critical infrastructure security resources to help SLTT and the efforts of private sector professionals to improve security and resiliency. Being busy and having multiple roles is a reality that all organizations and professionals face, but it cannot be an excuse for inaction or non-engagement with available federal resources (usually at no cost). An element of universal action for all professionals in the public service is to build trust between other groups and individuals involved in cybersecurity and infrastructure security. Building and maintaining trust, and all that goes into that, is an essential part of homeland security efforts and is a basic need. Critical infrastructure professionals owe it to their communities, and the nation as a whole, to be intentional in the use of federal resources, the implementation of mitigation measures, the strengthening of critical assets, the improvement of response capacities, responsible information sharing and capacity building to manage problems and threats.
In their closing public statement on the 9/11 Commission Report, the Honorable Thomas H. Kean and the Honorable Lee H. Hamilton said, “We believe that by acting together we can make a difference. . We can make our nation safer and more secure. I think their comments are just as true today as they were on July 22, 2004. Let us all respond to the calls to action contained in the 9/11 Commission report by building on the framework and priorities of the National Infrastructure Protection Plan and being intentional on building partnerships, information sharing and collaboration to improve the readiness and resiliency of IT and infrastructure systems in the United States of America.