This report discusses the vulnerability of the nation’s information infrastructure to external attacks and other kinds of disruptions. It assesses the extent of the data available for measuring this threat and concludes that energy supplies, telecommunications, and computer-based systems should be of first priority for attention and remedial action. Finally, it suggests steps to reduce national vulnerability. The information security posture in both government and the private sector needs immediate examination and attention. Analytic studies should be performed to establish such infrastructure features as sources of resilience and the characterization of normalcy, and to specify R&D requirements. In addition, the nation should establish a warning mechanism and a supporting coordination center.
The United States, our allies, and our partners face a spectrum of challenges, including violent transnational extremist networks, hostile states armed with weapons of mass destruction, rising regional powers, emerging space and cyber threats, natural and pandemic disasters, and a growing competition for resources. The Department of Defense must respond to these challenges while anticipating and preparing for those of tomorrow. We must balance strategic risk across our responses, making the best use of the tools at hand within the U.S. Government and among our international partners. To succeed, we must harness and integrate all aspects of national power and work closely with a wide range of allies, friends and partners. We cannot prevail if we act alone.
As noted in the 2006 QDR, state actors no longer have a monopoly over the catastrophic use of violence. Small groups or individuals can harness chemical, biological, or even crude radiological or nuclear devices to cause extensive damage and harm. Similarly, they can attack vulnerable points in cyberspace and disrupt commerce and daily life in the United States, causing economic damage, compromising sensitive information and materials, and interrupting critical services such as power and information networks. National security and domestic resources may be at risk, and the Department must help respond to protect lives and national assets. The Department will continue to be both bulwark and active protector in these areas. Yet, in the long run the Department of Defense is neither the best source of resources and capabilities nor the appropriate authority to shoulder these tasks. The comparative advantage, and applicable authorities, for action reside elsewhere in the U.S. Government, at other levels of government, in the private sector, and with partner nations. DoD should expect and plan to play a key supporting role in an interagency effort to combat these threats, and to help develop new capacities and capabilities, while protecting its own vulnerabilities.
In the contemporary strategic environment, the challenge is one of deterring or dissuading a range of potential adversaries from taking a variety of actions against the U.S. and our allies and interests. These adversaries could be states or non-state actors; they could use nuclear, conventional, or unconventional weapons; and they could exploit terrorism, electronic, cyber and other forms of warfare. Economic interdependence and the growth of global communications further complicate the situation. Not only do they blur the types of threats, they also exacerbate sensitivity to the effects of attacks and in some cases make it more difficult to attribute or trace them. Finally, the number of potential adversaries, the breadth of their capabilities, and the need to design approaches to deterrence for each, create new challenges.
An underlying assumption in our understanding of the strategic environment is that the predominant near-term challenges to the United States will come from state and non-state actors using irregular and catastrophic capabilities. Although our advanced space and cyber-space assets give us unparalleled advantages on the traditional battlefield, they also entail vulnerabilities.
China is developing technologies to disrupt our traditional advantages. Examples include development of anti-satellite capabilities and cyber warfare. Other actors, particularly non-state actors, are developing asymmetric tactics, techniques, and procedures that seek to avoid situations where our advantages come into play.
The challenge in combating terrorism is not that any of us could die tomorrow in an attack, but that we cannot seem to perform the basic functions of diagnosing and treating the problem so that it is manageable. Given this, and because public and private sector partnerships are critical to the success of this management, Homeland Security and Private Sector Business: Corporations’ Role in Critical Infrastructure Protection identifies the role the private sector plays in securing our homeland and offers strategies to aid in the fight against national and international threats.
Organized to take into consideration differing leadership and management styles, organizational cultural change barriers, and team dynamics, the information is structured to appeal to most adult learning styles, ensuring effective communication of critical messages. Using helpful case studies and exercises, the author presents invaluable instruction on how to establish, implement, and reinforce terrorism awareness and regulatory compliance with national critical infrastructure interests. Comprehensive in scope, the book reviews threat factors, risk mitigation, readiness plans, prevention approaches, human factors, and training methods. It concludes with insights into the limitations businesses must respect as they adjust to this new paradigm.
A recognized expert in terrorism deterrence and counterintelligence methods, Elsa Lee brings her 28 years of experience in counterterrorism, counterintelligence, and counterespionage investigations to inform the discussion. Organizations which integrate her recommendations into their internal corporate strategies will not only contribute to Homeland Security efforts, but will also ultimately improve business continuity, resiliency, and operational and financial security for the corporation.