Private Business Must Bear the Brunt of Providing Security

European Affairs

Summer/Fall 2003

Special Report: Allies Against Terror
Private Business Must Bear the Brunt of Providing Security
By Edmund Woollen

Improving homeland security is about much more than protecting the United States and Europe - all the evidence suggests that the task is now global. My company has sent security teams to the Middle East, the Persian Gulf and North and South Asia, and they have found that people and governments in all these regions share exactly the same security concerns as Europe and the United States. So do Latin American countries such as Chile. We are all in the same boat, including the Muslim countries.

Against this background, the security industry and its customers have identified a number of priority areas for new investments and cross-border cooperation. The first of these is protecting what one might call the commons, or the common public infrastructure around the world.

Most recent terrorist operations have been conducted against private sector targets. Nobody has attacked a military base in the United States recently. The terrorists who struck Bali in Indonesia did not attack a military target but a nightclub. The problem is that the private sector accordingly has to come up with much of the funding to protect people against terrorism. So if we are to protect the commons, it has to be done inexpensively. If we had a tenth of the amount of money spent on a nuclear power plant, for example, we could arrange good security protection in a port or at an airport. But we do not have that kind of money.

In the United States, the federal government is issuing a lot of mandates to protect the commons, but the mandates are not accompanied by any significant funding. Government grants for port security, for instance, are anywhere between a tenth and a fiftieth of what is needed. When business looks at how to improve efficiency and security in the transportation of goods, for instance, it must remember that it will have to foot the bill. And we shall have to pay particular attention to transportation because that is where many terrorists try to operate.

Borders are another priority. Although the United States plans to reduce the number of people crossing its frontiers, its borders will remain porous. At the end of the day, protecting the common infrastructure in this case means protecting specific, localized areas.

This is as much an information operation as a border operation. A terrorist, for instance, might use a plastic explosive to make a flat, disk-shaped bomb, put some topping on it to make it look like a pizza, and deliver it in a pizza truck. You could destroy half a building with a weapon the size of a pizza, and we actually know of a case in which it was tried.

Securing the supply chain through which goods move will involve more than just cargo security. We have to think about the vendors who come through our gates - the person who delivers the pizza or drives a vegetable or ice cream truck. The only way to get ahead of this curve is through improved information - to know who is delivering the goods, and to be assured that the goods have been secure from source to destination. It is perfectly possible to have a chain of custody from start to finish - some of the best delivery companies already do it. They did not even know it was supposed to be hard; they just knew it was good business.

We are not supposed to have any undocumented workers in the United States, but we all know that there are plenty of them. We can insist that we are going to check workers' identity papers and ensure that drivers' licenses and green cards are in order. That will still leave about a couple of million people unchecked in the United States, and probably about the same number in Europe. So the question remains: how do you know that the person performing a service at your house or your business is not on the Interpol wanted list?

The technology is available. What it is going to take is political will and organization. The Department of Health and Social Security, for instance, has moved fast to introduce a trusted worker identity card. That is one possible solution. Another is to use biometrics. It might be even better to combine the two: people would have identity cards and separate biometric sources of identity, such as iris scans or other kinds of body measurements, to back up the cards. This is an idea on which some very good work is being done, in both the United States and Europe.

Another requirement is the inspection of goods and people, as is currently carried out at airports with explosives detectors. We need to do more to inspect all types of cargo, whether in containers or not, and the key will be to make the inspections both affordable and efficient. Industry has a major role to play in achieving these objectives, and it has a good chance of success. Significant progress is being made in the United States and other countries, such as Germany and Switzerland. We must look around the world to see who has the best practices, some of which today are to be found in Europe.

Information sharing is another key area, and one in which private industry can probably provide the most useful tools. Although there is a lot of information on a lot of people in a lot of different databases, none of the databases really talk to each other. It is possible, however, to begin to tie all this information together, certainly in the fields of data acquisition, collection, correlation, fusion and strategy.

The necessary technology does exist - there is certainly no such thing as too much data any more. There is no problem in this field that is too big. It is no longer a question of whether the computing capacity or the collection strategy is affordable - it is a question of whether we want to use it.

My company is involved in a program, originally known as Total Information Awareness (TIA), that has become highly controversial in the United States. There has been an outcry in Congress against an alleged threat to the privacy of every single citizen. (The name has now been changed to the more reassuring Terrorist Information Awareness).

The process, however, would simply involve matching people's background records to establish that they were really who they said they were. If you wanted to check whether people lived at the addresses they gave, you could check, for example, where they shop, whether they have telephone numbers at those addresses and whether they pay to get heat there in the winter. Of course, it would require the right legal regime.

There are ways to use information powerfully around the world to single out terrorists from the vast majority of law-abiding citizens pursuing the normal courses of their lives. Most of those involved in the security business, both in Europe and the United States, are either cooperating or competing to achieve these common objectives.

Edmund Woollen is Vice President for Homeland Security at the Raytheon Company. During his 24 years at Raytheon, he has served as Vice President and Mission Area Executive of Integrated Information Systems, Vice President of Government Marketing with the additional assignment to develop Raytheon's entry into the global air traffic control systems market and wide area environmental monitoring market, and Vice President of Raytheon Overseas Ltd.