Storms Teach Important Lessons About Infrastructure Protection
Senior leaders in both industry and government have learned their lessons from major storms, such as Katrina and Sandy, and are working together to improve the nation’s ability to bounce back from natural disasters.
As a member of the Critical Infrastructure Protection panel at AFCEA’s Homeland Security conference in Washington, D.C., William Bryan, deputy assistant secretary for infrastructure security and energy restoration, reported that in the aftermath of Sandy, a major storm that wreaked havoc in the Northeast, industry and government senior leaders worked closely to solve problems.
He added, however, that after the 9/11 attacks, “A lot of time, a lot of money, a lot of energy was spent on physical protection—gates, guards and guns, bio-readers at facility entrances and crash barriers and on and on and on. None of that worked during Katrina. The money invested by industry to protect their facilities did nothing to protect against the storm. So, the nation started looking at the concept of resilience,” he said. He added that the recently signed presidential directive addresses resilience.
Other panel members also focused on the need for improved resilience. “My effort is to increase the ability to roll with punches rather than to prevent every bad thing from happening,” said Stephen Flynn, founding co-director, George J. Kostas Research Institute for Homeland Security. He added that threat-based approach to critical infrastructure protection is the wrong model. “We need to throw out a model that I’m afraid has almost been completely institutionalized in the homeland security space, which is built around a threat-based approach for dealing with what priorities we assign with regard to critical infrastructure,” Flynn said. “It works in a very linear fashion: risk equals threat times vulnerability times consequence. You first have to tell me there’s a threat and then I will look at the infrastructure to see if it’s vulnerable and then I’ll assess whether it’s consequential, and if that’s all bad—three lemons—then that’s a priority. And if I don’t have threat information, then I shouldn’t inconvenience anybody.”
The entire process, he added, is based on “lousy intelligence about the threat.” He concluded that the time to think about the threat was “when you built the damned thing,” and that, “We need to invert the whole paradigm.”
Fellow panelist Daniel Hurley, president and chief information officer, Resource Management Strategies International Inc., said that often identifying a problem is seen as the final step. “To identify a problem means we’ve solved it, and we don’t have to do anything,” Hurley stated.
The panel also discussed the country’s aging transmission transformers, most of which were built decades ago and are approaching the end of their life cycle. Unfortunately, manufacturing has moved overseas, and replacing aging systems is a time-consuming process—up to two years.
Panelists also focused on the aftermath of natural disasters, including major storms Katrina and Sandy, and the need to improve the resilience of critical functions, such as phone service and utilities.