Background | Conditions | Actions Taken | Funding | Policy Options | Specific ASCE recommendations | Sources

Protecting assets against security risks has always been a priority for the owners and operators of the nation's critical infrastructure. However, before the attacks of September 11, 2001, most efforts were focused on isolated, relatively minor infractions such as vandalism, and not on high-profile, high- consequence attacks by well-organized terrorist groups. Now, a different kind of protection is needed, involving counter-terrorism (e.g., intelligence gathering, analysis, strategies, and tactics) and anti-terrorism (e.g., hardening of infrastructure through the use of surveillance systems, barriers, and operating procedures). An "all hazards" approach is warranted, with the inclusion of these new malevolent threats added to the list of hazards that our critical infrastructure must be prepared to endure and survive.

There are numerous challenges to securing the nation's infrastructure. Beyond the enormous cost implications of security measures in all sectors, there is the fundamental difficulty of coordinating efforts across infrastructure sectors, jurisdictional boundaries, and geographic locations. Issues related to differences in equipment standards are solvable with sound engineering practices, but resolving differences in chains of command and cultural attitudes is much more complex and difficult. Information sharing is critical--but what information should be shared, and with whom? There is also the challenge of developing a thorough and comprehensive national response to terrorism against the backdrop of a deep-rooted desire of all Americans to preserve the basic constitutional freedoms that we hold dear, including the freedom of speech and assembly, and the right to be secure against unreasonable searches and seizures. Perhaps the most disturbing challenge is the difficulty in measuring progress. Is the absence of a large-scale attack the consequence of effective counter-measures, or simply the period of time between planned attacks? Regardless of the answer to this question, it is important to invest in protecting our infrastructure against these new threats, for without the additional layers of security, the occurrence and consequences of attacks would surely be more frequent and greater in scale.

The Homeland Security Act of 2002 established a new Department of Homeland Security (DHS). The Information Analysis and Infrastructure Protection (IAIP) Directorate within the DHS developed the requirements for a National Critical Infrastructure Protection (CIP) Program. The vision for the National CIP Program was initially communicated through the July 2002 "National Strategy for Homeland Security." In February 2003, the President issued more specific strategies for physical protection of critical infrastructure and key resources and for the protection of cyberspace. In December 2003, the President issued Homeland Security Presidential Directive 7 (HSPD-7) to further direct and strengthen the CIP effort.

More recently, in February 2004, DHS launched its Protected Critical Infrastructure Information (PCII) Program. The PCII Program enables the private sector to voluntarily submit infrastructure information to the federal government to assist the nation in reducing its vulnerability to terrorist attacks.

To help develop ways of better protecting our critical infrastructures and to help minimize vulnerabilities, DHS established Information Sharing and Analysis Centers (ISACs) to allow critical sectors to share information and work together.

DHS also has led the development of the National Response Plan (NRP), which consolidates and reconciles multiple national-level incident-response plans into a single, focused, universally understood strategy. This effort includes the development of a new catastrophic incident response protocol that will greatly accelerate the delivery of critical federal assistance to domestic venues suffering from a mass casualty/mass evacuation incident.

In addition, DHS initiated the National Incident Management System (NIMS) and established the NIMS Integration Center, which ensures that federal, state, and local governments, and private-sector organizations, are all using the same criteria to prepare for, prevent, respond to, and recover from a terrorist attack or other major disaster.

Several information-sharing vehicles exist today that did not exist before September 11, 2001. The Homeland Security Information Network, which is available in all 50 states, makes threat-related information available to law enforcement and emergency managers, as well as to private-sector stakeholders through a web-based system.

The Customs-Trade Partnership Against Terrorism (C-TPAT) is a joint government-business initiative to build cooperative relationships that strengthen overall supply chain and border security. C-TPAT recognizes that U.S. Customs and Border Protection (CBP) can provide the highest level of security only through close cooperation with the ultimate owners of the supply chain: importers, carriers, brokers, warehouse operators, manufacturers, border infrastructure crossing facilities, and operators, and it asks businesses to ensure the integrity of their security practices and communicate their security guidelines to business partners within the supply chain.

The Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (the Bioterrorism Act), which President Bush signed into law June 12, 2002, addresses the enhancement of controls on dangerous biological agents and toxins, protecting the safety and security of food and drug supply, and drinking water security and safety.

The Federal Transit Administration spearheaded efforts after September 11 to prepare for future attacks by focusing on three areas: (1) training all transit employees and supervisors, (2) improving emergency preparedness, and (3) increasing public awareness of security issues.

Recognizing the critical importance of the security of our nation's water infrastructure -- particularly in the post-September 11 environment,--ASCE, the American Water Works Association (AWWA) and the Water Environment Federation (WEF), with a grant from the U.S. Environmental Protection Agency (EPA), developed a set of three security guidance documents addressing the design of online contaminant monitoring systems, and the physical security enhancements of drinking water, wastewater and stormwater infrastructure systems. The voluntary guidelines aim to assist drinking water and wastewater utilities in mitigating system vulnerabilities to man-made threats through the design, construction, operation, and maintenance of both new and existing systems of all sizes.

Professional organizations and public agencies formed The Infrastructure Security Partnership (TISP) as a forum for U.S.-based public and private sector non-profit organizations to collaborate on issues related to the security of the nation's built environment, including protection from both natural and man-made disasters. TISP acts as a national asset, facilitating dialogue on physical infrastructure security, by leveraging members' technical expertise and research and development capabilities in the design and construction industries. TISP offers extensive opportunities to its members and sponsors through its forums, education and training opportunities, communication and outreach mechanisms, and networking opportunities. TISP membership currently includes more than 180 organizations and agencies, reaching more than two million individuals and firms involved in the planning, design, construction, and operation of the nation's built infrastructure.

The National Commission on Terrorist Attacks Upon the United States (also known as the 9/11 Commission), an independent, bipartisan commission created by congressional legislation and the signature of President. Bush in late 2002, was chartered to prepare a full and complete account of the circumstances surrounding the September 11, 2001, terrorist attacks, including preparedness for and the immediate response to the attacks. The Commission was also mandated to provide recommendations designed to guard against future attacks. On July 22, 2004, the Commission released its public report.

The 2005 budget request of $40.2 billion for homeland security is $9 billion (29%) more than the 2003 level, and $20.4 billion more than the 2001 levelþuan increase of 103% over the 2001 level of homeland security funding. The vast majority of this funding is slated for airport screening and deployment of existing technologies. The Government Accountability Office (GAO) has published numerous reports recommending more attention to vulnerabilities other than air travel, and a broader, more coordinated, and better-managed program of research and development of new technologies.

Since September 11, 2001, most critical infrastructure owners and operators have conducted preliminary vulnerability assessments of their facilities, and have updated and modified their security procedures to enhance deterrence, protection, response, and recovery. In addition, training exercises and drills have been conducted with employees and contractors, and public outreach programs have been implemented at health, medical and research facilities; energy plants; water facilities; employment centers; public and private schools; and on public transportation systems, including bridges, tunnels, highways, and public transit. Industry has also invested heavily in protecting supply chains and the transport of hazardous materials.

Collectively, these steps have certainly improved the security of our nation's critical infrastructure systems since September 11, 2001; however, enormous challenges remain. Overcoming them will require a steadfast willingness to acknowledge the threats, think "outside the box," and to work with other sectors of the economy and professional disciplines. Sacrifices must be made in deference to a coordinated, integrated, and comprehensive public/private effort to prevent, protect, respond to, and recover from terrorist attacks. The security of our critical infrastructures, key resources, and our people depend on it.

America must design, build, and operate critical infrastructure by incorporating security as part of an "all hazards" approach. We must increase investment at all levels of government, and then spend that money wisely, leveraging the use of standards and protocols to enable interoperability between and among systems.

Congress must provide adequate funding to meet current infrastructure needs, and must include enough funding for research and development. Public and private partnerships must be forged, and professional and competitive differences must be managed, to ensure collective improvement in the security of the nation's infrastructures.

Special Report: America Under Threat: Transit Responds to Terrorism, American Public Transportation Association, 2002, http://www.apta.com/services/security/documents/911.pdf

Stephen E. Flynn, Gary Hart and Warren B. Rudman. America Still Unprepared--America Still in Danger. Report of an independent task force, Council on Foreign Relations, http://www.cfr.org/pdf/Homeland_TF.pdf

Recent publications from the National Academies about the science and policy issues surrounding terrorism and security, http://www.nap.edu/collections/terror/index.html

Transportation Research Board of the National Academies. Deterrence, Protection, and Preparation: The New Transportation Security Imperative, Special Report 270. 2002, http://gulliver.trb.org/publications/sr/sr270.pdf

U.S. Department of Transportation, United States Coast Guard Navigation and Vessel Inspection Circular No. 9 02, "Guidelines For Port Security Committees, And Port Security Plans Required For U.S. Ports," Federal Register . Vol. 68, No. 126 / Tuesday, July 1,

2003 / Rules and Regulations, 33 CFR Part 103 Interim Rule on Area Maritime Security, http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo.gov/2003/pdf/03-16187.pdf

U.S. Government Accountability Office, "Rail Security: Some Actions Taken to Enhance Passenger and Freight Rail Security, but Significant Challenges Remain" Testimony before the Committee on Commerce, Science, and Transportation, U.S. Senate, March 23, 2004, http://www.gao.gov/new.items/d04598t.pdf

U.S. Government Accountability Office, Department of Homeland Security: Formidable Information and Technology Management Challenge Requires Institutional Approach, GAO-04-702, August 27, 2004, http://www.gao.gov/new.items/d04702.pdf

U.S. Government Accountability Office, Transportation Security R&D: TSA and DHS Are Researching and Developing Technologies but Need to Improve R&D Managemen,September 2004, http://www.gao.gov/new.items/d04890.pdf

American Association of State and Highway and Transportation Officials Special Committee on Transportation Security, http://security.transportation.org/

The Clinton Administration's Policy on Critical Infrastructure Protection: Presidential Decision Directive 63: Critical Infrastructure Protection, May 22, 1998, http://www.fas.org/irp/offdocs/paper598.htm

President George W. Bush, Executive Order 13231: Critical Infrastructure Protection, October 16, 2001, http://www.whitehouse.gov/news/releases/2001/10/20011016-12.html

Homeland Security Presidential Directive/HSPD-7, http://www.whitehouse.gov/news/releases/2003/12/20031217-5.html

American Public Transportation Association. "America Under Threat: Transit Responds To Terrorism" September 11, 2001 Special
Report, http://www.apta.com/services/security/documents/911.pdf

U.S. Department of Homeland Security, July 2002, National Strategy for Homeland Security, http://www.whitehouse.gov/homeland/book/images/cvr_ico.jpg

U.S. Department of Homeland Security, http://www.dhs.gov

Protected Critical Infrastructure Information (PCII) Program, http://www.dhs.gov/dhspublic/display?content=3250

Information Sharing and Analysis Centers (ISACs), http://www.dhs.gov/dhspublic/display?theme=73&content=1375

Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (Bioterrorism Act), June 12, 2002, http://www.fda.gov/oc/bioterrorism/bioact.html

National Response Plan, U.S. Department of Homeland Security, January 2005, http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0566.xml

U.S. Department of Homeland Security, National Incident Management System,. http://www.fema.gov/nims/

Homeland Security Information Network, http://www.dhs.gov/dhspublic/display?content=3350

Customs-Trade Partnership Against Terrorism (C-TPAT), http://www.customs.gov/xp/cgov/import/commercial_enforcement/ctpat/

Federal Transit Administration, http://transit-safety.volpe.dot.gov/

The Infrastructure Security Partnership (TISP), http://www.tisp.org

9-11 Commission, National Commission on Terrorist Attacks Upon the United States Report, July 22, 2004, http://www.9-11commission.gov/

Government Accountability Office (GAO) Reports: http://www.gao.gov/new.items/d04890.pdf
http://www.gao.gov/new.items/d04482t.pdf
http://www.gao.gov/new.items/d041062.pdf

Transportation Security: Systematic Planning Needed to Optimize Resources, GAO-05-357T, February 15, 2005, http://www.gao.gov/cgi-bin/getrpt?GAO-05-357T

James Jay Carafano, Ph.D., and David Heyman. "DHS 2.0: Rethinking the Department of Homeland Security", Center for Strategic and International Studies and the Heritage Foundation Report, December 2004

ASCE. Policy Statement 499 "Emergency Preparedness and Response" 2003

ASCE. Policy Statement 389 "Mitigating the Impacts of Natural and Man-Made Disasters" 2003

ASCE. Policy Statement 500 "Physical Infrastructure Security" 2003

ASCE. Policy Statement 493 "Infrastructure Security and Survivability Research" 2004