fo b3 public hearing 11-19-03 2 of 2 fdr- june 2003 business roundtable- terrorism- real threats-...

8/14/2019 FO B3 Public Hearing 11-19-03 2 of 2 Fdr- June 2003 Business Roundtable- Terrorism- Real Threats- Real Costs- Joint Solutions- Table of Contents and Exe

1/8

Terrorism:

Real threats.

Real costs.

Joint solutions

THEBUSINESSROUNDTABLE

June 2OO3

TH E B U S I N E S S R O U N D T A B L EAN A S S O C I A T I O N OF CH I E F E X E C U T I V E O F F I C E R S COMMITTED TO I M P R O V I N G P U B L I C P O L I C Y


2/8

Terrorism: Real Threats.Real Costs. Joint Solutions

The Business RoundtableJune 2003


3/8

AcknowledgmentThe Business Roundtable would like to thank Thomas Susman, partnerat the law firm of Ropes & Gray, for his hard work as chief author ofthis report. His perseverance and vision made the report possible.


4/8

Table of ContentsExecutive Summary iI. Introduction 1II. UnderstandingTerrorism 5III Selecting Security Programs through Risk Assessment and

Risk Management 9Risk Assessment 9Risk Management 1O

IV. AllowingBusinesses ToAssume the Key Role 13The Business Role in Security 13Business Incentives for Investment in Security 15

Responsibility to shareholders 15Community 15Legal responsibilities 15Competitive benefits 15Responsibility to country 15

V. Recognizing the Limits of Businesses 19Limited liability 19Limited resources 19Interdependency of independent firms 19Limited knowledge of specific threat information 20Uncertainty as an inhibitor 2OLimited loss potential 2O

VI. Understanding the Strengths andWeaknessesof Government 23

Government Strengths 23Traditional government role 23Economies of scale 23Resources 23Priority-setting 24Education 24

Government Weaknesses 24The "one-size-fits-all" approach 24Stifling innovation 24Tunnel vision 25Political pressure 25Government's own security weaknesses 25Conflicting bodies of law 25


5/8

VII. Achieving Trust andSharing Information between Businessand Government 27

Overcoming Adversarial Histories 27Improving the Flow of Information 27

VIII. MaintainingProcedural Fairness and Transparency 31The Procedural Standard 32Transparency and National Security 33

IX. Promoting Rational Decisionmaking 35Increasing Security and Reducing Fear 35Regulation Despite Uncertainty 36The Tools of Rational Security Regulation 36

Risk assessment 36Cost-benefit and cost-effectiveness analysis 37Sound science 38Market incentives and performance standards 39

The Environmental Example 39X. Encouraging Collaboration 41

Public-private partnerships 41Insurance 42Government monitoring 42Tax incentives 43Research and development 43

XI. Determining Who Pays for Added Security 45The Cost-of-SecuritySpectrum 45The Dangers of Unfunded Mandates 47Creative Solutions 48

XII. Conclusion 51


6/8

Executive SummaryGovernments and businesses both have critical roles to play in improving security afterSeptember 11, 2001. However, determining which security measures to implement,how they should be implemented, and what the roles of business and governmentshould be presents significant challenges.

The Business Roundtable's goal in this white paperis to explore those challenges, expose the difficult ana-lytical problems that vex the security arena and inspiresmarter regulatorydecisionmaking. To do so, theRoundtable examines the unique nature of the terroristthreat, as well as the strengths and weaknesses of bothgovernment and business in addressing that threat.We then recommend various tools and procedures forgovernment to use when regulating and oudine thedifficulty of allocating the costs of security. Our keyconclusions:

We can never protect American livesandproperty against every possible threat. Thiswill be the case even with optimal public andprivate investment and ideal coEaborationbetween business and government and amonggovernmental entities.

Acting alone, neither business nor govern-ment can adequately assess and managesecur i ty risk. Both have roles to play in securingour nation, although both are subject to limitedresources and other constraints. Collaboration,no t regulation, presents th e most effectiveapproach to addressing security risk, andinformation-sharing is integral to effectivecollaboration.

Where government intervention is neces-sary, policymakers should minimizecommand-and-control regulation and

instead favor deference to private in i t i a t ive ,incentives, flexibility a nd careful priority-setting. Despite inherent uncertainties underlyingterrorist threats, analytical tools such as risk-assessment, cost-benefit analysis and cost-effectiveness analysis should be used and refinedto maximize security enhancement per dollarinvested. Public participation and transparencyshould be retained for security rulemaking.

Protection against terrorist acts is uniquelya governmental fu n c t i o n . Extraordinary addi-tional costs imposed on the private sector toenhance homeland security should ordinarily beborne by the government.

In reaching these conclusions, we focus on the fol-lowing substantive areas.RefiningOur Understandingof the Terrorism Risk andSelecting Security ProgramsAlthough the threat of terrorist attacks on die Americanhomeland is very real, the risk of occurrence of a partic-ular kind of attack in a specific place is far less certain,primarily due to the dearth of precise direat informa-tion. Additionally, the likelihood of an attack on anyparticular place is generally quite low, due to the vastnumber of potential targets. Despite this uncertainty,government tends to respond to public fears of terroristattack. Regulating in response to fear will imposecostly security regimes that may mitigate fear without

Executive Summary


7/8

increasing security. A rational approach to security reg-ulation will achieve greater increases in security per dol-lar spent by both government and businesses. Thisrequires drawing on the strengths of both governmentand business.

Achieving Trust betweenGovernment and BusinessBecause neither government nor businesses can managesecurity risks alone, effective security risk managementrequires cooperation between the two. Each will needto set aside suspicions that characterize their roles inodier, usually adversarial, regulatory contexts. A keyresponsibility for the new Department of HomelandSecurity will be to instill trust and facilitate informationflow, particularly the flow of threat information to theprivate sector.The business roleBusinesses have multiple incentives for investing insecurity: ensuring the continued existence of the busi-ness; protecting assets, employees and profitability; legalobligations; competitive benefits; and patriotism. Inaddition, businesses are usually in die best position toassess vulnerabilities, devise cost-effective protectionand respond flexibly to adverse events. Before mandat-ing security schemes, government should defer to busi-ness security initiatives. However, businesses also havelimitations in making an investment in security, suchas limited loss potential, limited resources, limitedcapacity to protect due to significant interdependenciesand uncertainty surrounding the terrorism risk. Hence,the public will look to government to play a role inensuring enhanced security for die private sector.The government roleAlthough government brings resources and otherstrengths to the security arena, it also brings significantlimitations. The traditional governmental "one-size-fits-all" approach is unwieldy for the fast-evolving securityarena. Government is less likely to perceive substitution

risks. Government is likely to be more willing to directresources in response to public fear, even where thesecurity risk is smaller than the public perceives. Finally,government often fails to develop the most effectiveand efficient solutions. Thus the responsibility for pro-tecting the homeland should not lie solely in die handsof government.Ensuring Procedural Fairness,Transparency and RationalDecisionmakingWhere government does step in to regulate to reducesecurity risks, it should strive fo r collaborative processesand guarantee the greatest participation of the privatesector dirough open and deliberative procedures.Transparency and public participation not only ensurethat public debate refines and improves policy, but alsoreinforce the public-private cooperation necessary toimplement homeland security initiatives.

Despite inherent uncertainties, risk assessmentsshouldbe the first step in developing any securityregime. Any allocation of resources should then bemade pursuant to a coherent and cost-effective risk-management strategy diat includes examining alternativemediods of securing an asset and using the traditionaltools of regulatory analysis. Policymakers must decidehow much security they will consider "adequate" for aparticular site or sector (given diat diere is no perfect orimpenetrable level of security), determine whether addi-tional security is required, be explicit about whatassumptions they are making and die level of uncer-tainty in die terrorism risk analysis, and compare costsof alternatives. Performance standards, incentives andmarket mechanisms should always be favored overcommand-and-control regulation for achieving securityobjectives.DeterminingWho Pays forAdded SecurityA security program that provides a benefit to onlya select few should ideally be paid for by those

Terrorism: Real Threats. Real Costs. Joint Solutions


8/8

beneficiaries. The traditional responsibility of govern-ment to provide for the common defense and to guardour borders suggests that security risks of national sig-nificance should be overseen and paid for by thegovernment. The challenge of allocating the costs ofsecurity occurs between these two ends of the spectrum and is complicated by the indeterminate nature ofthe terrorist threat. Any newly implemented securityprogram should include a close analysis of the questionof funding. If the government mandates extraordinaryadditional costs to enhance homeland security againstterrorism, those costs should ordinarily be borne by thegovernment.

Executive Summary in

fo b3 public hearing 11-19-03 2 of 2 fdr- june 2003 business roundtable- terrorism- real threats-...

Documents