AnalysisU.S. infrastructure security depends on private sector

Published 2 February 2006

A paradox: The government is in charge of public safety, but more than 80 percent of U.S. critical infrastructure is in private hands; there is thus a need for government-private industry cooperation

This may be a paradox, but DHS critical infrastructure programs are more dependent on the private sectors to make security work than most other government programs. DHS can make recommendation and disseminate information about risks, the ultimate decision on augmenting security is in the hands of infrastructure owners and operators. As the U.S. chemical industry shows, if an industry has enough money to hire an army of well-heeled lobbyists and make hefty campaign contributions, then it can arrange to exempt itself from implementing any meaningful security measures, regardless of the risk it poses to public welfare (the chemical industry’s luck has run out, though, as Congress, impatient with the industry’s irresponsibility, is moving to impose security standards on it).

In December the Government Accountability Office (GAO) finished an audit of DHS infrastructure protection efforts, and partly in response the department has brought all its infrastructure protection functions into a new outfit called Preparedness Directorate. It is not exactly like rearranging the chairs on the deck of the Titanic, but the reorganizations has not altered the basic fact that DHS infrastructure security plans still rely on the private sector and other federal agencies. Can a system of government-private industry work to secure the nation’s infrastructure? “We think that is absolutely the right approach,” Andrew Howell, vice president of homeland security policy at the U.S. Chamber of Commerce, told CQ. “I think one of the biggest challenges is that this hasn’t been done in the past — this is a non-traditional business-government relationship in a lot of ways.”

Companies doing something which is good for the public but which would not contribute to their bottom lines want something back from the government. Pharmaceutical companies called upon to produce bioterror vaccines and antidotes want the government to extend their patent rights on non-national-security-related medications, thus delaying arrival to market of generics and allowing the pharmas to mae more money on their money-making products. The pharmas also want protection from liability in the event their bioterror medications have bad side effects. It is the same with infrastructure companies: They tell the government that it needs to address liability and information protection issues.

Some such protections are already in place. The Critical Infrastructure Act (PL 107-296) protects security-related data submitted to DHS from public exposure, but this is an interim and very clear rule. Businesses want the rule to be made permanent, and to have it clarify what uses the government can make with the security information businesses provide it with. A key issue: Is the information companies provide the government protected, once in government hands, from the Freedom of Information Act (FOIA)? Infrastructure companies also want more protection from liability when they implement government-mandated anti-terror measures, and from the Federal Advisory Committee Act, which stipulates that advise given to the government by private companies be made public (although, we note, Vice President Dick Cheney — with support from the courts in this case — may teach the industry a thing or two about how to avoid compliance with this particular rule).

The recently released National Infrastructure Protection Plan (NIPP) offers a vision of government-private sector cooperation in securing the country’s critical infrastructure, but more work needs to be done.

read more in Benton Ives-Halperin’s CQ report