Previous IFPA-Fletcher Conferences
National Security
Strategy and Policy:
Planning for and Responding to Threats to the U.S. Homeland
October 28-29, 2004
Ronald Reagan Building
and International Trade Center
Washington, D.C.
Dr. Stephen E. Flynn, Jeane J. Kirkpatrick Senior Fellow in National Security Studies, Council on Foreign Relations
Introduction By: Dr. Robert L. Pfaltzgraff, Jr.
Dr. Stephen E. Flynn: It’s a real honor to be here, and to be a part of this illustrious panel. I want to thank Bob Pfaltzgraff for the invitation to do so. It’s also great to see a scattering of Coast Guard blue uniforms around here as well. I've been on the circuit lately and it’s good to see some old friends in the audience.
As necessary with every truncated forum, as we are today, of making a 10- or 15-minute point, I need to cut to the chase, be a little less polite than I otherwise might be. I suggest that if you want it fleshed out, you need to look to the book and sort of collective audience here today, representatives of the national security establishment, because quite frankly it’s to this audience that I have sort of most concern about what I would suggest is a lack of willingness to really embrace the new realities that are confronting us because it really fits in the too-hard column. So I'm going to put my cards right on the table and say that I'm going to put you on the defensive and I hope in the questions you can put me on the defensive, but I think I need to state this position quite starkly.
My view is that we saw on September 11, quite simply, is how warfare will be conducted against the United States in the 21st century; that is, the use of catastrophic terrorism directed at the non-military elements of our power. Our civil society and the critical infrastructure that underpins that power is the future of warfare.
I make that case on the two straightforward points of lack of opportunity on one side and ample opportunity on the other. Lack of opportunity in conventional war, a pretty straightforward proposition there. When you spend, as we do this year, on conventional military assets more than the next 30 nations combined, and by 2008, because there’s not going to be a whole lot left over, more than the entire world combined, it suggests to me, as a student of military history, there are only two prospects for the future of warfare: The first is you’ll have very dumb adversaries who’ll take this stuff on, or, the second, your adversary will adapt, all of them, not just al-Qaeda, but all future ones, on opportunity.
It turns out our power is underpinned by reliance on global networks of transportation logistics, of energy, of information, of finance and intellectual capital. And these networks were driven over the last 20 years acceleratively with four imperatives in mind -- how do I make them as open as possible; how do I make their operation as efficient as possible; how do I make their operation as reliable as possible; and how do I make their use as low cost as possible. And these were cascading; the lower the cost, the more users, the greater the need for efficiency and reliability. There has never been a time where as much wealth has been generated as what we have seen with the explosion of these networks on a global scale.
But as any of us in the security business should be hearing alarms going off, the traditional view we’ve had of security is to view it, when it came to these networks, as undermining efficiency, undermining reliability, putting pressures to close the system and raising the cost. For 20 years, we’ve been constructing the critical infrastructure that underpins our power with security, on its best day, marginalized.
Opportunity. Why am I going to confront US military power in traditional terms when I can get into these networks? And these networks are susceptible of mass market failures, both by potentially hitting the right place at the right time, but most importantly because they require public trust and confidence to work, like every market mechanism. And when you show their vulnerability, their potential to be not just providing good, but a harm, and you show your dependency upon it, it generates cost that could significantly disrupt these networks.
So here we have a problem. Right after 9/11, which I would argue was a demonstration of the potency of targeting these networks, what we did was not rethink national security, we described the problems that I just outlined, these networks and how you safeguard them, as homeland security. That let virtually everybody in this room off the hook. You could do national security; national security was doing what you’d been trained to do and equipped to do for the last few decades -- go after states who would harbor terrorists or potentially provide weapons to support them. This other stuff, homeland security, had the core limiting problem of that they were global networks, but we dumbed it down to within the water’s edge, literally to the territorial sea, as a domestic enterprise.
And then, in a further act of dysfunctional nuance, we divided homeland security from homeland defense. And let me be clear. I go out and talk to a lot of general audiences, Rotary Club style. They don’t get that there’s a difference between homeland defense and homeland security. They thought you guys were all about protecting the United States, and they realize a lot of them are here, and it's kind of a murky world.
But we have, I would argue, a very comfortable definition in saying, all right, homeland defense is when the adversary comes from outside the United States and attacks the territory of the United States, and then DoD is the lead. When it happens inside the United States, well, that’s a homeland security domestic problem.
I'm just trying to operationalize this. As somebody who was on the front lines of the drug war and dealing with other murky issues in the transnational realm, what I know about this adversary is that they blend into the real estate. They don’t go, “Hello, I'm coming from the outside, here’s my plane.” They don’t come in on the ship and say, “Hello, I'm here on this ship, just want to let you guys know, DoD, you're in charge now.” What they do is they just get in here, a la drugs, and stuff happens.
We’ll have an event, it’ll happen here, because that’s what they're targeting, and then the Department of Defense, they say homeland security problem, by definition. So what’s the scenario, outside of a conventional one, that makes the homeland defense definition operationally useful? I would argue very, very few. This blending in means that we need a different set of eyes and ears than a lot of space/space stuff tracking stuff. What we need is a level of granularity in the legitimate commercial flows in the operations of day-to-day civil life that gives us the tools. But when you have the national security/homeland security divide, that’s not happening, and when you have the homeland defense/homeland security divide, that’s also not happening. That’s a problem, because these systems, again, are very vulnerable.
I spent more than half of my time since September 1, as a guy who just penned a book on homeland security, abroad. I've been to Singapore, I've been to Hong Kong, I've been to Panama, I've been in Canada, been to the Dominican Republic, because it turns out this problem is a global problem in terms of how we develop networks.
Just to give an example of the complexity of it, I was invited to Singapore by the Port of Singapore Authority to address their international board of advisors, a once-a-year, one-day meeting for basically the customers. These are the 12 CEOs of the largest ocean carriers in the world, carrying 90% of the container capacity in the world. When they closed the door, one thing that struck me was I was the only American in the room.
This critical infrastructure, which could be the conduit for the kind of threat that Dr. Allison laid out for us, is all offshore owned and privately owned. So what’s the mechanism in the US defense, national security establishment for dealing with those actors, for identifying the incentives you need to get them on board? I would argue very few. And it’s barely on the radar screen.
The problem here is not just simply that these networks are open for exploitation, that you can put a weapon of mass destruction into the system with very little risk of it getting into the United States. I want to be crystal clear about this one issue here now. We have a fact sheet out by the Department of Homeland Security’s Customs and Border Protection that’s called “The 5% Myth and the 95% Customs and Border Protection Reality.” This deals with the issue that about 5% of all containers that come into the United States are inspected. And the line is, “We’re doing 100% of the right 5%.”
That may work to a point for regulatory compliance and counterdrug, but I'm telling you the 95% that we deem as low risk is the highest risk for the kind of scenario that Professor Allison talked about, because these folks are going to game out who you define as low risk, precisely because the odds of being checked are low.
So this whole notion that we can somehow spook out what is high risk and we have the intelligence that underpins that, and then we limit our few resources that we’re willing to give, the scraps that we give those who do the homeland security mission, and let’s be clear about the scraps -- we’re spending a nickel on every dollar on homeland security issues vis-à-vis national security. The 20 billion new dollars, compared to about $500 billion, is a nickel on a dollar.
Now, we premise this on the notion that the best defense is a good offense -- we need to take the battle over there so we don’t have to fight them here. However, everybody acknowledges that they're here, they're in 60 countries, many in the First World, and they're going to strike in the next few months. But we’ve got all those eggs in that basket. Offense requires two things to work well -- the first, we have a military being an effective counterterrorism force; secondly, we have the intelligence to prevent these events, to allow us to go about our lives, to shop and travel, and oops, we’re going to raise the alert level with specificity, the when, where, how and what.
The reality is you folks talk about a need for a revolution in military affairs to make your effective counterterrorism force. That’s not going to happen probably in this next President’s term, to make it an effective counterterrorism force. Secondly, intelligence, I would argue, is a 10- to 15-year problem before we have the kind of specific intelligence that will tell us what these guys are up to and when they're going to strike.
So if your military needs a revolution and your intelligence is just plain broken, you’d better have a fallback position. Which turns out to be about defense, protecting what’s valuable and vulnerable. And for there, we’re putting a nickel on the dollar.
And it gets even worse in port security. You’ll be pleased to know LA/Long Beach, which brings in 43% of all the containers into this country, and it’s not just transportation, this is our manufacturing and retailing sector, that they received this year $288,000 in security grants. I've told them not to spend it all in one place. We’re spending more protecting the harbor of San Diego than all the West Coast ports combined, because force protection is a mission that we’re familiar with.
I'm a bad guy, there are two options -- go after the American Armed Forces on US soil or steam into LA/Long Beach and throw a wrench into our economy. Which one of these am I going to do? Our Coast Guard maritime security teams, our sort of float-and-SWAT teams, spend more time in San Diego doing vessel escort than patrolling the harbor of Los Angeles and Long Beach.
We have a $14.1 billion critical infrastructure protection budget this year; 7.4 billion is to protect US bases; Tom Ridge gets 2.9 billion for everything else. Ladies and gentlemen, we’re not thinking about the new realities that are confronting us. We have critical infrastructure that underpins our way of life, that supports the power that pays for the military power, and we’re being negligent in protecting it.
And those of us who know what the threat is, and who know what the vulnerability is, and know there are practical measure we could be taking right now, harnessing the ingenuity and the capabilities of this society should be focused like a laser beam on fixing that problem.
Thank you very much. [Applause]
Questions and Answers
__: This question is for Dr. Flynn. On the issue of port security grant funding that’s come up a couple times, you talk about LA/LB, I think to be fair to the case that they have received over $50 million since the grant program began, the $200 million this time around is correct, but I think it points to a larger issue about the need to share cost with private sector, state/local; I'm curious of your opinion on that, sir, and how you think that should play out, since the private sector does get some benefit from the security enhancements provided. Thank you.
DR. PFALTZGRAFF: Thank you. We have one or two more if you want to take the opportunity before I turn back to the panel. Is there another hand up somewhere? All the way back there? All the way up on the top there.
__: Thanks again, gentlemen, for your time and your insights. One of the things you brought up was this problem, Dr. Zelikow, of horizontal planning. A lot of the focus and emphasis has been on federal agencies, government responses and what the government is and is not doing. But a lot of the problems you mention cut across from the government sector to the private sector, and the solutions will have to involve that private sector in what we do. What are your suggestions for getting them into some of this horizontal planning interoperability and finding a cohesive solution as opposed to a federal idea that gets promulgated?
DR. FLYNN: We’ve really gotten to the heart of very much one
of the challenges that confront us is not just the government getting
its act together, but really drawing in the strength of our civil society
and the people who really run the place, and bring them into the national
security equation. I would argue we got away from that tradition in
the Cold War. We had it in the Second World War, where we drew everybody
in, but we developed over the last 40 years, 50 years an increasingly
paternalistic national security establishment that keeps its cards
close to its chest, works in an insular world, and has virtually no
connections with the rest of the real world that’s out there;
that’s where the most likely targets are. A big structural problem
that wasn’t fixed when you divided national security from homeland
security. There’s no place in this town where you can have a
debate whether another dollar going to LA/Long Beach or another dollar
going to a public health service to distribute medications on a large
scale should stand up the new DEX or F-22 fighter. It’s all within
a national security stovepipe and is debated within that realm, and
this other stuff is debated.
So when we talk about lack of horizontal integration, we’re talking about this in this conference as if these are real threats, require all new capabilities, but we’ve got it stovepiped. It’s further; if you look at the President’s homeland security strategy, which of course is different from the national security strategy, we have a homeland security strategy that says the job of the federal government is national defense and border security and “there is sufficient market incentive for the private sector to protect itself and states and locals must share the burden.”
The reality of that is states and locals bear the burden and the private sector, of course, does not have sufficient incentive to do it itself. I make the case in this foreign affairs piece I have out, as well as in the book, it’s a “tragedy of the commons” problem. No single private sector owns all the critical infrastructure. Security has baseline cost. If they raise their cost to basically address a vulnerability within the span of where they control, and there are free riders in the system, which there will be, the bad guys will stake out the free riders; because it’s all interconnected, the whole system gets brought down. Congress then weighs in with nifty ways to fix it that will look nothing like the initial investment.
There is only one rational thing for the marketplace to do, and the data is hard on this over the last three years. It is to toss and turn at night and to focus on the bottom line during the day. The hard facts on the ground are virtually no investment in critical infrastructure protection since 9/11 outside of some planning and a lot of committees and a lot of trade associations holding conferences. Real investments are not being made. We have to confront that reality
What I have proposed is to get at this partnership, get the horizontal integration to work as a bottom-up instead of a top-down, what I call a federal security reserve system, modeled off of the Federal Reserve system. It’s a very much analogous problem that the robber barons faced 100 years ago. They needed some sort of governmental capacity to deal with basically exchanging currencies in a way that could support the increased tempo of the economy. They didn’t trust the federal government to run it, because there nobody competent to do it, and they also didn’t want it to be politicized. So they created an independent body that reports to Congress, and they made it as incestuous as hell. They put bankers all in the process and drew on that expertise.
We have to think of similar kinds of mechanism that has linkages to Northern Command, linkages to DHS, that is bottom-up, that creates a format where people can come in across sectors. The other problem when we talk about horizontal integration, as was really made so well by Dr. Wood, is this whole coupling issue. The real challenge for these communities is recognizing that they build safeguards within their sector, they're connected to other places, and the mechanisms aren't there.
Very starkly put to me by the chief security officer of a major bank in New York who basically said, “Look, I've just invested in this huge technology in trying to make myself more in control of this facility where a lot of my human resources are, but right out on the street there’s an 18-wheeler that stopped making deliveries in the store next door, within 35 yards of my building, and I have no idea what’s in that truck.” So you do things within your own sector, and there’s connections across the board, and we don’t have the mechanisms to have those conversations.
A very core issue is we've got to cut through the BS here, which is this isn't solved by laissez-faire. There is a huge private sector role that has to inform how we deal with this, and they play a big role here, but government is relevant, and we have to acknowledge that and get on with it.