Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability

Cover......Page 1
Half-title......Page 3
Title......Page 5
Copyright......Page 6
Contents......Page 7
List of Contributors......Page 11
Foreword......Page 13
Preface......Page 19
Acknowledgments......Page 23
Part i: Seeds of Disaster......Page 25
1 Where Private Efficiency Meets Public Vulnerability: The Critical Infrastructure Challenge......Page 27
FACING A NEW ERA OF ENDOGENOUS VULNERABILITIES......Page 29
NO CORPORATION IS AN ISLAND: BUSINESS STRATEGY AND THE ECONOMICS OF SECURITY EXTERNALITIES......Page 32
ENSURING THE DELIVERY OF CRITICAL INFRASTRUCTURE SERVICES: EMPHASIS AND ORGANIZATION OF THE VOLUME......Page 33
Securing networks......Page 37
Building trust......Page 38
Notes......Page 39
Part ii: A Critical Challenge......Page 41
Are Critical Infrastructure Services Protected by the Government's "War on Terror"?......Page 43
Development of Tools for Vulnerability and Risk Analysis......Page 45
Sustaining Public Support for the Costs of Safety and Services......Page 46
Notes......Page 49
3 The Brittle Superpower......Page 50
Notes......Page 59
A New Threat Emerges: 1993-1995......Page 61
The Emerging Field of Critical Infrastructure Protection: 1996-1998......Page 63
Assessment and Self-Regulation: 1999-2000......Page 66
Responding to 9/11: 2001-2002......Page 67
The DHS Era: 2003-2005......Page 70
Notes......Page 73
5 Evolution of Vulnerability Assessment Methods......Page 75
Initial Evolution of the Assessment Methodology......Page 76
Critical Infrastructure Protection in the Greater Context......Page 80
New Approaches......Page 81
Key assets and operations......Page 82
Threat, vulnerability, consequence......Page 83
Covering......Page 84
Cutdown Strategies......Page 85
From Consequences to Preparedness......Page 86
A Variety of "Centrics"......Page 87
Hyper-Interdependence to Inter-Support......Page 88
Conclusions......Page 89
Notes......Page 92
Part iii: Managing Organizations......Page 93
6 Managing for the Unexpected: Reliability and Organizational Resilience......Page 95
Introduction......Page 101
Comparative Risk......Page 102
Countervailing Risk......Page 105
A More Formal Theory of Accidents (and of Accidents Caused by Terrorists)......Page 107
The Fractal Nature of Machines and Organizations......Page 108
Organized Criticality......Page 109
Percolation Theory......Page 110
Countermeasures to Vulnerability......Page 113
Summary Remarks......Page 117
The ceo’s questions......Page 120
Notes......Page 121
8 Challenges of Assuring High Reliability when Facing Suicidal Terrorism......Page 123
Pursuing Highly Reliable Operations......Page 125
Organizationally Defined Intention......Page 126
Reliability-Enhancing Operations......Page 127
External relationships......Page 132
Assuring Institutional Constancy and Faithfulness in the Future......Page 134
Conditions encouraging institutional constancy......Page 136
The infrastructure of constancy......Page 138
Earnest Responses from Obsolete Institutions?......Page 140
Notes......Page 142
9 Managing for Reliability in an Age of Terrorism......Page 145
Four Propositions for Reliability Management......Page 146
The Managerial Challenge of Modern Design......Page 147
The World of Reliability Professionals......Page 149
Bandwidth Management for Organizational Reliability......Page 152
Pricing and valuation errors in infrastructure design......Page 154
Designing for Resilience......Page 155
Notes......Page 157
The Nature of Critical Infrastructures......Page 159
Threats to critical infrastructure protection......Page 161
Response strategies......Page 163
Anticipation and resilience......Page 165
High reliability organizations......Page 166
Reliability professionals......Page 168
Systems of systems......Page 169
Multi-organizational coordination......Page 170
Complex adaptive systems......Page 172
Policy Approaches for Critical Infrastructure Protection......Page 173
Notes......Page 176
Part iv: Securing Networks......Page 179
11 Complexity and Interdependence: The Unmanaged Challenge......Page 181
The Failure To Communicate......Page 182
The Boundaries of Private Action......Page 183
Where Models Fear To Tread: The Limits of Design......Page 184
Accounting for Costs, Consequences, and Assignments of Responsibility......Page 185
Notes......Page 187
12 Managing Reliability in Electric Power Companies......Page 188
Anatomy of Failure......Page 191
Preventing Blackouts......Page 194
Power System Attributes Can Reduce Terrorist Targeting......Page 196
Redundancy as a deterrent......Page 198
Rapid restoration as a deterrent......Page 199
Interrelationship between Utility Executives and Regulators......Page 201
Attention to details......Page 203
Pragmatic operational procedures and compliance audits......Page 204
Examination of incidents to measure system and personnel performance......Page 205
Memorialized experience and shared findings......Page 208
Complementary routine and emergency procedures......Page 209
Training and drilling of personnel on emergency procedures......Page 210
Destabilizing the Electric Power Grid-A Worst-Case Scenario......Page 211
Improving Power System Infrastructure Protection......Page 214
Notes......Page 216
13 Coordinated and Uncoordinated Crisis Responses by the Electric Industry......Page 218
How the National Electric Power Grid Works......Page 219
Strength in interdependence......Page 220
Grid vulnerabilities......Page 221
Grid Interdependence with Other Critical Infrastructures......Page 222
Telecommunication interdependence......Page 223
Information service interdependence......Page 224
A Coordinated Response: PJM Interconnection, September 11, 2001......Page 225
Lessons learned from 9/11......Page 228
An Uncoordinated Response: The Northeast Blackout, August 14, 2003......Page 229
Operational Coordination Initiatives......Page 230
Wide-Area Planning Initiatives......Page 231
Industry Security Coordination Initiative......Page 233
Notes......Page 234
14 Electricity: Protecting Essential Services......Page 235
Critical Services: A Case Study......Page 237
Re-Framing the Problem: What Services Must Be Continued?......Page 238
Seven steps to assessing readiness......Page 239
Private and Public Investments in Socially Critical Missions......Page 241
Suggested policy changes to assist investment......Page 242
Tempting Targets......Page 244
Monitoring and data collection......Page 247
Equipment......Page 248
National coordination......Page 249
Information Sharing......Page 250
How Much Protection?......Page 253
Acknowledgments......Page 255
Notes......Page 262
15 A Cyber Threat to National Security?......Page 263
Attack of the backhoes and massive physical telecommunication failures......Page 265
Telecommunication failure during 9/11......Page 266
EFFICIENCY AND VULNERABILITY IN THE TELECOMMUNICATIONS SECTOR......Page 267
CYBER ATTACKS COME OF AGE......Page 269
The russian connection......Page 272
A week in the life of internet predators......Page 273
AL QAEDA AS A CYBER THREAT......Page 275
CYBER WARFARE AND NATION-STATES......Page 276
China’s cyber soldiers......Page 277
jurisdiction over critical information infrastructure......Page 278
Policy solutions......Page 279
Notes......Page 280
16 Interdependent Security in Interconnected Networks......Page 282
IMPACT OF CONTAMINATION FOR INTERDEPENDENT NETWORKS......Page 283
Tipping and cascading behavior......Page 284
APPLICATIONS TO SUPPLY CHAIN MANAGEMENT......Page 285
The customs–trade partnership against terrorism approach......Page 287
APPLICATIONS TO COMPUTER SECURITY......Page 291
Shared resources and partial catastrophes......Page 292
Future experiments in computer network security......Page 293
Trade associations and key firms......Page 294
Third-party inspections, insurance, and regulations......Page 295
Open issues......Page 296
CONCLUSIONS......Page 297
The Two-Firm Case......Page 298
Notes......Page 299
Part v: Creating Markets......Page 301
17 Insurance, the 14th Critical Sector......Page 303
THE CHALLENGES OF LINKING INSURANCE TO MITIGATION......Page 306
Impact of uncertainty......Page 308
Highly correlated risk: a new loss dimension......Page 309
THE TERRORISM RISK INSURANCE ACT OF 2002 AND ITS EXTENSION......Page 311
Insurance as a critical sector......Page 312
Notes......Page 314
18 National Security and Private-Sector Risk Management for Terrorism......Page 316
The Risk Sharing and Compensation System......Page 317
Promoting solidarity......Page 318
Enhancing economic resilience......Page 319
The Response of the Compensation System to the 9/11 Attacks......Page 320
Future Attacks and the Evolving Risk......Page 321
Coverage requirements......Page 323
Pre-versus post-funding......Page 324
Conclusions......Page 325
Notes......Page 326
19 Terrorism, Insurance, and Preparedness: Connecting the Dots......Page 329
The Terrorism Risk Insurance Act of 2002 and the Terrorism Risk Insurance Extension Act of 2005......Page 331
Important Developments Refining the TRIA Debate......Page 336
America's Emerging Terrorism Insurance Solution......Page 337
Wmd threat mandates a long-term program......Page 338
Workers’ compensation presents unique challenges......Page 339
Workers’ compensation and property losses could exhaust the capital base......Page 341
Policyholders’ surplus does not measure insurer ability to insure terrorism......Page 343
America Needs a New Long-Term Approach......Page 344
Definition of “terrorism”......Page 345
Insurance lines subject to tria......Page 346
State insurance regulation......Page 347
Connecting the Dots-Preparedness, Perception of Risk, and Pricing......Page 348
Recommendations for a Long-Term Solution......Page 353
Notes......Page 359
20 Looking beyond TRIA: AClinical Examination of Potential Terrorism Loss Sharing......Page 362
Eligibility for coverage......Page 364
Structure of the partnership......Page 365
Empirical Analysis of Insurer Deductible/Surplus Ratios......Page 368
The notion of policyholders'  surplus......Page 369
Focus on the top 30 insurers-tria and triea, 2003-2007......Page 370
Constructing Terrorist Attack and Loss-Sharing Scenarios......Page 372
Scenario methodology......Page 373
Effect of Location and Attack Size on Loss Sharing under TRIA......Page 375
Assumptions......Page 376
Effect of attack location......Page 377
Increased Burden on Insurers and Commercial Enterprises (Covered or Not against Terrorism) in 2006 and 2007......Page 378
Effect of the increased deductible and market conditions......Page 380
Private Efficiency, Public Vulnerability: Will Insurers Strategize if the Current Program is Made Permanent?......Page 382
Determining terrorism coverage using an “e gaming strategy”......Page 383
Allocation of losses across affected stakeholders......Page 386
THE WAY FORWARD: A PERSPECTIVE ON LONG-TERM OPTIONS FOR TERRORISM RISK FINANCING......Page 389
Deploy capital of reinsurers......Page 390
Reduce tax costs for insurers and reinsurers to hold capital......Page 391
Facilitate the use of terrorism catastrophe bonds......Page 392
Publicly administered mutual insurance......Page 393
Considering covering both domestic and foreign terrorism......Page 394
Developing incentive programs for encouraging mitigation......Page 395
CONCLUSIONS......Page 396
APPENDIX 20.1. DEDUCTIBLE OVER SURPLUS RATIOS: 2003 TO 2005 AND PROSPECTIVE ANALYSES 2006–2007......Page 397
Notes......Page 399
21 Financing Catastrophe Risk with Public and Private (RE) Insurance Resources......Page 403
Reinsurance and Catastrophes......Page 404
Effects of a Mega-Catastrophe......Page 405
Preparing for a mega-catastrophe......Page 406
The role of state governments......Page 407
Protecting the Insurance Infrastructure: Examples of U.S. Public-Private Partnerships......Page 408
Insurance for catastrophic nuclear accidents......Page 409
Recent initiatives involving public–private risk sharing......Page 410
The 9/11 Terrorist Attacks......Page 412
Lessons Learned and Final Thoughts......Page 413
Notes......Page 415
Part vi: Building Trust......Page 417
22 Public-Private Collaboration on a National and International Scale......Page 419
The Problem of Trust......Page 420
Building Trust through Information Sharing......Page 421
The Protection of Privacy......Page 423
Who Should Do What? The Rational Assignment of Roles to Government and the Private Sector......Page 424
Building Trust through Collective Preparedness and Global Reaction Capacity......Page 425
Notes......Page 427
The New National Security Role of the Private Sector......Page 428
Policy and Initiatives before 9/11......Page 429
Information analysis and infrastructure protection directorate......Page 431
Dhs operations centers......Page 432
Fbi joint terrorism task forces......Page 433
Unsettled organizational landscape......Page 434
Trust and risk......Page 436
Value proposition: the quid pro quo problem......Page 438
Aviation security......Page 439
Telecommunications......Page 440
Cybersecurity......Page 441
Sea freight: cargo shipping......Page 442
Federal Innovation......Page 443
Regional Innovation......Page 444
Cross-Sector Innovation in the Private Sector......Page 445
Conclusions and Recommendations......Page 446
Notes......Page 449
24 Sharing the Watch: Public–Private Collaboration for Infrastructure Security......Page 453
Rationales and Risks of Indirect Government Action......Page 456
Productivity......Page 457
Legitimacy......Page 458
Generic Rationales Applied to Infrastructure Security......Page 459
Costs and Risks of Private Roles in Public Missions......Page 461
Production discretion......Page 463
Payoff discretion......Page 464
Preference discretion......Page 465
Risks of Collaborative Approaches to Infrastructure Security......Page 469
Security Externalities......Page 471
Allocating the costs of security......Page 472
Government's Imperatives in Collaborative Infrastructure Protection......Page 476
Notes......Page 479
25 The Paris Initiative, "Anthrax and Beyond'': Transnational Collaboration Among Interdependent Critical Networks......Page 481
THE NEW ERA OF LARGE-SCALE RISKS AND CRISES......Page 483
High level of surprise and scientific ignorance......Page 485
An increasingly interdependent world: the network factor......Page 486
Large-scale risks: reversing network capacity against populations......Page 487
An intellectual challenge: from linearity to discontinuity......Page 488
A training and behavioral challenge......Page 489
A financial challenge......Page 490
Launching an international debriefing......Page 492
Leadership: putting together the right team......Page 494
Immediate measurable output: strategic partnership......Page 496
MOVING FORWARD......Page 499
Notes......Page 503
Part vii: Roots of Response......Page 505
26 Leadership: Who Will Act?: Integrating Public and Private Interests to Make a Safer World......Page 507
HOW WELL IS U.S. CRITICAL INFRASTRUCTURE PROTECTED?......Page 510
ROOTS OF RESPONSE: SEVEN FINDINGS TO INFORM ACTION......Page 514
1. The scale of disasters is growing: a new era calls for a new model......Page 515
2. An integrated strategy for addressing deliberate, natural, and technogenic disasters is needed......Page 516
3. Increasingly interdependent services requires restructured management practices and technologies to make them more reliable and resilient......Page 517
4. Knowledge, experience, and tools to address security externalities are required to allow risks to be assessed and responses created......Page 519
5. Large-scale risk management must reflect perceptions and realities of risk......Page 520
6. The roles of insurance and reinsurance in disaster recovery and in investment incentives in protection must be defined and facilitated in policy......Page 521
7. Interdependence is multinational: collective international actions must form an integral part of prevention and response strategies......Page 523
HOW CAN A NEW CONSENSUS OF PRIVATE AND PUBLIC INTERESTS COME ABOUT?–A CALL FOR COLLABORATIVE LEADERSHIP......Page 526
Notes......Page 527
References......Page 531
Contributors......Page 555
Author Index......Page 571
Subject Index......Page 572