Three years have passed since September 11th, and despite all the new security precautions that have been proposed, we are still dangerously unprepared to prevent or respond to another catastrophic attack on American soil. Faced with this threat, the United States should be operating on a wartime footing here at home. Instead, we are living on borrowed time and squandering it.
In his just-released book, Stephen Flynn offers a startling portrait of the radical shortcomings in America’s current plan for homeland security. He describes a frightening scenario of what the next major terrorist attack might look like, revealing the immense havoc and loss of life it would leave in its wake. He also explains exactly why so little progress has been made in protecting our nation and preparing for the worst.
Without taking political sides, Flynn draws on his military and government experience to carefully outline a bold, yet practical vision for how to achieve security in a way that is both safe and smart, effective and manageable.
EDITORS NOTE: Stephen Flynn is the Jeane J. Kirkpatrick Senior Fellow in National Security Studies at the Council on Foreign Relations.
He served as the lead author of the task force report, America: Still Unprepared, Still in Danger, co-chaired by former Senators Gary Hart (Dem. CO) and Warren Rudman (Rep. NH). He served in the White House Military Office during the George H. W. Bush administration, and as Director for Global Issues on the National Security Council staff during the Clinton administration. He also spent a career as a commissioned military officer, retiring at the rank of commander in the U.S. Coast Guard.
In June, Flynn spoke to a group of nearly two hundred loss prevention executives at a pre-opening dinner before the National Retail Federation loss prevention conference in Orlando. He sat down with Loss Prevention magazine just days before the release of his book as well as the release of the final report of the bi-partisan 9/11 commission.
EDITOR: As we approach the third anniversary of 9/11, you make it clear in your book that we are a country that has been lulled into believing that were okay?
FLYNN: I describe it like a low-grade fever. I think Americans intuitively know that they are deeply vulnerable and that little has been done to address that vulnerability. But they are hoping for the best. We are inherently optimistic people. So, were acting as though 9/11 was an aberrant event, while knowing in the back of our minds that it was not. I think the challenge, particularly for our national security establishment, is to come to grips with their own limits in terms of what they have been traditionally able to do to protect us,and be able to share a greater, more participatory process in terms of how we address security, as well as share the resources to get us to where we need to go sooner versus later.
EDITOR: You state that Americans need a crisis to act. Even though we’ve had the crisis of 9/11, its your opinion that not enough has changed in the past three years.
FLYNN: Absolutely. If we put rating of security on a scale of one to ten, where one is were a bulls eye, and ten is were secure, on 9/11 we were a one. We lived on the most peaceful corner of the world in which national security for the United States was something we did overseas on the territory of our allies. Today, were probably only at a three. Thats why I dont give Washington a passing grade. On a test, if you give three right answers and leave seven blank, you fail.
EDITOR: But haven’t we done a lot since 9/11?
FLYNN: Its not that what weve been doing since 9/11 is wrong or that people arent trying, its just that in my view the threats warrant a far greater commitment in terms of resources, ingenuity, and, most importantly, a mobilization of the American people and the private sector. The 9/11 commission report will say, as I understand, that 9/11 was a national failure. My book basically says that were still failing, and therefore were still vulnerable.
EDITOR: In fact, you point out that historically Americans have displayed an extraordinary degree of self-sacrifice in times of war, but that today were breaking with that tradition. How so?
FLYNN: I think this is basically one of the hangovers of the cold war. In the cold war, we had to rely on a military-based national security apparatus to deal with the very lethal threat that the Soviet Union posed to us since they possessed thousands of nuclear weapons that they could launch and strike the U.S. in minutes. That threat was such that we couldn’t wait until Congress declared war before mobilizing our society and figuring out how to respond. We had to be prepared to respond immediately. So, for the first time in our history, post-World War II America was willing to bankroll a peacetime military of real merit. Americans basically entered into a bargain with the federal government, You take care of our security, and well pursue happiness.
That paradigm, unfortunately, continues today. Were asking the federal government to take care of this new terrorism threat, while we just keep shopping and traveling.
EDITOR: Do you think Americans dont want to be bothered with preparing for terrorism?
FLYNN: No, on the contrary. In my experience in talking with people around the country from all sectors, when they understand the vulnerabilities and the limits of what our government can do alone, they want to help. However, it has been difficult for the national security establishment to adjust to the fact that they have to partner with new players, such as domestic law enforcement and other first responders. Or regulatory agencies like the food and drug administration who are trying to figure out how to deal with a potential biological threat.
And more importantly, the government needs to learn how to partner with the private sector. When you live in a society such as ours, where 85 percent of the critical infrastructure is owned by the private sector, these are the people who really understand the vital role that infrastructure plays in supporting our way of life and its vulnerabilities. Thats why they need to be engaged in a significant way. Unfortunately, we still have a top-down approach where the federal government works behind closed doors figuring out how to secure us while were told just to get on with our lives.
EDITOR: You make an intriguing and provocative analogy that compares our post-9/11 approach to the war on terrorism to the Phony War that existed at the outset of World War II.
Homeland security has entered our post-9/11 lexicon, but homeland insecurity remains the abiding reality. With the exception of airports, much of what is critical to our way of life remains unprotected. From water and food supplies; refineries, energy grids, and pipelines; bridges, tunnels, trucks,and cargo containers; to the cyber backbone that underpins the information age in which we live, the measures we have been cobbling together are hardly fit to deter amateur thieves, vandals, and hackers, never mind determined terrorists. Worse still, small improvements are oversold as giant steps forward, lowering the guard of average citizens as they carry on their daily routine with an unwarranted sense of confidence.
FLYNN: The period that became known as the Phony War started with the attack by the German army on Poland in September 1939 with a new form of warfare known as blitzkrieg. Blitzkrieg involves mustering overwhelming offensive capability and rushing it headlong at the enemy without taking the time to put in place supply lines. The goal is the to catch the enemy off guard and to destroy them before they can mount a counter attack. But, the British and French high commands didnt recognize blitzkrieg as a new form of warfare. They basically chalked up the fall of Poland to a weak Polish army. So rather than spending time adapting to the Germans war fighting innovation, their armies ended up preparing to refight an updated version of trench warfare that they waged in World War I. They called up the reserves and sent them out to defend a part of the Franco-German border known as the Maginot line, a series of cannons spread across 215 miles, and then waited for the next eight months.
Now, everybody thought they were at war. They had declared it. The ambassadors had been recalled. People had been mobilized. They were on war footing. The reality was, however, very little had changed for the civilian population. They paid a very terrible price for their complacency when in May of 1940, the Germans practiced blitzkrieg again by end-running the Maginot line, and attacked by rushing their army through the lowlands of Belgium. Paris fell very quickly. The British army barely escaped, leaving all their armaments behind. That resounding defeat represented a failure of two powerful countries to adapt to the new tactics of their enemy.
Today, we face a similar problem in that Washington is operating under the misguided assumption that the terrorist threat can be dealt with primarily by relying on our military and intelligence capabilities to fight terrorists in Iraq and Afghanistan. But there is no central front in the war on terrorism. Al-Qaida is in the United States. Its in Canada. Its in Europe. Its not just in southwest Asia. Its not just in the Middle East.
And the terrorists demonstrated on 9/11 that they dont have to import a weapon of mass destruction. They can convert what we depend upon in our daily liveson that day four domestic airliners and turn them into deadly weapons to use against us.
Finally, I argue that most of the actual costs that led to the slowdown in the economy were really outcomes of how we reacted to 9/11the sudden sense of vulnerability and a rush to secure ourselves in a spasmodic fashion after the fact instead of a pre-planned approach up front. Its always more costly to try to manufacture a safeguard after the fact than it is to build it in upfront.
I think this is something that the loss prevention community really models on a corporate scale that could and should inform the broader national security community. Loss prevention recognizes that at the end of the day, success is about getting everybody involved and integrating layers of controls throughout the process of retailing so that you can minimize the risk of people stealing things or causing other mischief that adds real cost to the bottom line. Its not about turning your store into a Fort Knox.
EDITOR: Loss prevention executives annually propose budgets for new measures, some of which are approved while others may not be due to cost. Is there a similar situation with homeland security in that we are faced with who bears the cost of taking more action?
FLYNN: Theres no question one of the biggest barriers right now to beginning the process of addressing Americas myriad vulnerabilities is, Who picks up the tab? The position of Washington right now is that the federal governments responsibility is limited to bankrolling border security and national defense, which it defines as projecting military power overseas. When it comes to protecting our most valued assets within U.S. borders and responding to attacks should our preventative measures fail, the bill has been passed to the private sector and local and state authorities.
Now the problem with this is two-fold. One is that most of our local and state governments are facing serious budget crises. Even those governments that are not drowning in red ink right now face the same problem that confronts everyday citizens and private companies they have to balance their budgets, so they dont have a lot of new resources to bring to the table.
The problem in the private sector is even more complicated. Since security has costs, a company has to ask, How much of our potential short-term profitability can we afford to place at risk in order to invest in these measures? Because the federal government has yet to provide the private sector with common standards and because there is a general sense that those standards wont be uniformly enforced, companies legitimately worry that if they do the right things, they will put themselves at a competitive disadvantage vis–vis other companies who elect to be less vigilant.
So it turns out that the rational thing for CEOs to do in the absence of enforced standards is to toss-and-turn at night about their vulnerability, but stay focused on the bottom line during the day, which includes not spending much money on security measures. And so we aren’t seeing much investment at all from the private sector for protecting the things that are the most likely targets.
EDITOR: Is there a lesson to be learned by looking back at the private sector and federal governments approach to workplace safety initiatives?
FLYNN: Absolutely. If you look back to the turn of the last century, when the industrial revolution was just gathering steam, the private sector didn’t pay much attention to safety. As a result, we had lots of employees who were maimed or worse on the job. Also, there werent many consumer protections for defective products and the liabilities that go with that. The government ended up weighing in and mandating minimum safety requirements. Over time, safety became something that the marketplace embraced as second nature. Anyone who designs a product or a new system automatically considers the potential harm that might stem from an act of god, human error, or mechanical error. For example, architects of buildings in Florida always weigh the potential consequences of a hurricane on their design and incorporate safeguards. That same kind of thinking should be applied to security, where the new variable today must be, What if someone with malicious intent decides to targets the thing I am designing? Based on an evaluation of that risk and the consequences, security safeguards should be built in.
EDITOR: But as you say, safety standards evolved over a hundred years. Doesn’t the enormous task of homeland security make this task seem daunting?
FLYNN: One of the things that makes it difficult to advance the security agenda in this country is that so many Americans tend to think of it as an either-or proposition if they cant be guaranteed perfect security, then you get this since of resignation that there is no sense in trying. This is a bit like saying since there is always a risk that a NASCAR driver will get killed in an automobile accident, we shouldn’t bother doing anything to make the car safer. I think everybody would agree that that would be a ludicrous position to take.
The reality is that our old national security dogs are having a difficult time learning new tricks. The Department of Defense is not busy dusting off contingency plans to protect the homeland, because there are none on the shelf. For decades, the national security establishment has not been in the business of protecting the territory of the United States at or within our borders. The U.S. Air Force has kept an eye on our air space for incoming missiles and bombers. Beyond that, the Department of Defense has embraced a forward defense approach in which our troops are primarily based, and trained to fight, overseas.
In the new world were in, we have enemies who are committed to confronting U.S. power by coming after the American people and our critical infrastructure. Faced with that reality, we have to figure out how we can secure ourselves in ways that will allow us to continue our way of life. Most retailers have figured out how to create an inviting atmosphere to attract and keep customers in their stores while still putting in place measures to reduce the risk posed by shoplifters or dishonest employees. They strike a balance. Thats the kind of thinking we need to bring to the new security environment we now live in.
EDITOR: Why do you think the private sector has not yet come to the table?
FLYNN: There are a couple of reasons. One is that I think post-9/11, most of the private sector went into a state of what I have called patriotic silence. They recognized that this terrorist threat was a true national security problem and concluded that their patriotic duty was to wait for the government to tell them what to do. It wasnt a case of not wanting to do something, but a question of waiting for guidance. Unfortunately, very little came.
The second reason was that many companies ended up concluding that, If I invest in security myself, I really wont make much of a difference since I cant solve the vulnerability of a whole open network.
The third reason was that many trade associations operating in Washington were actively lobbying against the federal government setting new security requirements that might impact adversely on the bottom line. In so doing, I think they have done themselves and the nation a real disservice. What they should be saying is, We need a partnership. We need to have a real voice at the table in identifying whats vulnerable, how were going to address those vulnerabilities, and how it will be enforced. Thats the new relationship we need to address the post-9/11 security imperative. Neither the private nor the public sector can confront the threat of catastrophic terrorism on their own.
EDITOR: Is the C-TPAT [Customs-TradePartnership Against Terrorism] initiative an example of what you are suggesting?
FLYNN: The C-TPAT is a start in the right direction. I applaud the fact that [Customs and Border Protection] Commissioner [Robert] Bonner very quickly realized that a cat-and-mouse approach to dealing with the trade on security was self-defeating. The trade must be very much a part of the solution. He acknowledged that terrorists could exploit the supply chain to get to the U.S. and that private companies had the ability to act as a sentinel. He basically reached out to the trade and said, You need to do this. At the same time he held a stick over their heads that said, If you dont do it, I can make your life uncomfortable.
The problem is that stick is a very weak one. The Bureau of Customs and Border Protection (CBP) has very few inspectors who can actually go and assess C-TPAT plans. Theyre still way behind in reviewing these plans to make sure theyre acceptable and lack the staffing to audit them on a routine basis. And so it creates a problem where you have everybody signed onto the system with very little controls.
While this private/public partnership is precisely the right kind of approach to take, my worry is what happens if, in fact, the next terrorist attack comes via aC-TPAT participant and CBP is seen as not having provided adequate oversight of the program? Then the whole program gets discredited, and we fall back to Americans insisting that we stop and inspect everything.
EDITOR: Is that the scenario you discuss in your chapter The Next Attack?
FLYNN: Yes. What I try to do is outline what would happen if terrorists were to exploit the container system before we have done the work that must be done to bolster container security. The outcome is that we would likely end up closing our seaports and land borders while Washington struggles to find ways to reassure a traumatized American public that the system is secure enough to preclude the risk of follow-on attacks. Since the baseline security is currently so low, this shutdown is likely to last for weeks. But within three weeks the global trade system would grind to a halt, which obviously would have enormous economic consequences.
With my Whats in the Box chapter I offer some hope that we can rein in the risk that the federal government would resort to a kill-switch every time we had a terrorist event involving the intermodal transportation system. On its face, the challenge appears overwhelming. There are over eighteen million containers worldwide that are loaded and shipped at least five times a year on trains, trucks, and ships. Many of the containers coming to the United States from Asia can have up to seventeen waypoints between the original manufacturer and the final retailer here in the U.S.. I suggest that we could move from a system that I call the dumb box something that moves through the system where we have no idea of where it came from or how its being handled to one where we have a real sense of accountability in the system and visibility about where things are.
EDITOR: How would that system work?
FLYNN: The system that I advocate is one that starts with what I call a birth certificate. That would require a process where when goods are loaded into the international transportation logistics system, somebody with integrity can verify that the goods are legitimate and are authorized for shipment to another country.
Second, the box thats used would include technology, such as GPS and RFID technologies that are increasingly being used for loss prevention and supply-chain management purposes. If you move certified goods in a box that has a sensor or tracking device so it can be scanned throughout the transportation chain, youre going to be treated differently from shippers who dont do that. Youll get a green lane. And if you are selected for periodic inspections, youll go to the head of the line. And ifin the worse case, we have to shut the system down, the very first people were going to start back up are those who have embraced security up front.
The idea here is that there are market incentives for moving to a just-in-time system that is reliable and efficient. You can use it to encourage people to adopt more secure practices, provide rewards, and reverse the trade-off between security and profitability by making them mutually reinforcing, thereby offering a market rationale for people to do the right thing instead of cutting corners.
EDITOR: When you look at retailers and the various associations that support them, such as RILA, NRF, FMI, and ASIS, are there things that those groups can do together with corporate America to better the situation?
FLYNN: There are a variety of ways that corporate America and retailing can play an important role. One issue is in being a part of the response to terrorist attacks. For instance, if we have a biological attack, lets say through the kind of anthrax that was used after 9/11, theres both good news and bad news. The good news is that if somebody comes in contact with anthrax, if you get to them early enough, its perfectly curable. The bad news is we dont have much of a system in place to distribute medicines quickly. Retailers are in the business of coming in contact with the public in accessible areas and being able to do that well and efficiently. It would be great if retail organizations could reach out to the public health communities who are responsible for dealing with this very scary scenario and ask How can we help?
Companies can play an important role just by getting medications to their employees and their families. Another way may be in distributing food or other provisions to victims of an incident. Its a real challenge dealing with large casualties through traditional public health services because they cant handle a large number of people quickly enough.
Another area can be to just simply making space available. For example, if a nearby hospital is overwhelmed with casualties, it would be very helpful if arrangements had been worked out in advance with neighboring companies to provide space for the victims. This would require working through some liability issues, which is where government comes in.
In short, people are in constant contact with retailers, most of whom they grow to trust, and so they can be very much part of the solution. I would suggest that retailers also have a lot to teach the federal government about how you balance the need for security and protection while focusing on your core mission. We have found in many cases, the loss prevention community has been very creative and dynamic, particularly in recent years. Its a community thats willing to share its best practices with one another because of the sense that the sectors collectively benefit when everybody works together to prevent crime.
EDITOR: For the loss prevention professional who reads your book, what would you say is the one thing that you would want them to come away with?
FLYNN: First, I would want them to walk away with a sobering message that we remain vulnerable and that there are limits to what their government is capable of doing to protect them. Secondly, I would want them to have a sense of hope that there is, in fact, a lot that they can do to make this threat a manageable problem, without eroding the core values of our society, both in terms of our cherished civil liberties as well as our robust economy. But its going to require a far greater private and public partnership on issues that weve traditionally been uncomfortable with.
There is a dangerous proclivity among U.S. officials to believe their own rhetoric about how much progress they have been making on issues that require reversing decades of neglect. Yet I remain optimistic about the future. Leadership begins with acquiring an unvarnished view of the realities that define current circumstances. Thenit requires acting on the conviction that those realities can be transformed. Americas security and prosperity have never rested so much ongeography as they have onour historic willingness to embrace and make sacrifices for our ideals. For many Americans, those ideals became more precious after the horror of September 11. We now need to reclaim them, not just for ourselves but as the ultimate weapon in fighting the global war on terror.
Lets face it, Americans are uncomfortable with security. Its been a wonderful experience for us to be able to prosper as long as we have treating security as a marginal issue. But the days when our enemies could be isolated overseas are over. We cant become a nation of moats and castles. We cant close our borders off to the world. That would be a formula for disaster. It would make the rest of the world a far more dangerous and unstable place as they suffer the effects of Americas withdrawal and create more enemies who could confront us. Moreover, it would be self-defeating for a society that is so dependent on being an open society. Were the greatest beneficiary of a world thats open, driven by the liberal values of a free, private market with democratic institutions. We dont want this threat to make us draw away from that.
EDITOR: What would you say to those people who look at the title of your book and, sensing a criticism of the government, assume that you have a political agenda?
FLYNN: My response is that this isnt a Democratic issue or a Republican issue. Its an American issue. I took an oath of office when I was seventeen years old to protect and defend this country. Part of what I found over the course of a twenty-year career in the Coast Guard is that our ability to protect and defend ourselves is not adapting to the threat. So, when I retired, I had the opportunity to speak my mind. It so happens my book has come out in election season. I dont see either candidate for president talking about the kinds of issues I highlight in this book. My hope for the book is that America will pressure the candidates to say what they are going to do. And, then based on what they say, elect the person who they believe will do what is necessary to address these threats.