Infotech and the Law: Homeland security -- Who pays for protecting infrastructure?
<FONT SIZE=2>In February, the White House issued the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, which describes the work needed in each industry sector to secure the nation's physical resources against the threat of terrorism.</FONT>
Richard Rector
The overarching principle is that homeland security is a "shared responsibility" that cannot be achieved by the federal government alone. It requires coordinated action by federal, state, and local governments, the private sector, and concerned citizens.
In emphasizing the private sector's role, the strategy is similar to its companion documents, the National Strategy for Homeland Security (June 2002) and the National Strategy to Secure Cyberspace (February 2003). Those documents also suggest the private sector -- which owns and operates approximately 85 percent of the nation's infrastructure -- must assume significant responsibility in protecting against terrorist threats.
Noting that the private sector is generally the first line of defense for its own facilities, the newest document states, "Private-sector owners and operators should reassess and adjust their planning, assurance, and investment programs to better accommodate the increased risk presented by deliberate acts of violence."
The strategy reinforces the notion that companies have a heightened responsibility after the Sept. 11 terrorist attacks to engage in risk-management planning and invest in security as part of prudent business operations. The federal government neither expects, nor plans, to bear the lion's share of the costs associated with securing the nation's critical resources.
In one sense, this is surprising, because we are accustomed to the federal government acting as the principal financier and guarantor of national security. Yet, with so much of the nation's infrastructure in private hands, a 100 percent federal solution is simply not practical.
Instead, as the strategy suggests, the nation must adopt a new paradigm of cooperation and partnership. Protecting critical resources will require an unprecedented level of coordination between the private sector, the federal government, the 50 states, the four territories, and the 87,000 local jurisdictions that comprise the nation.
The good news is the strategy acknowledges the burden that this paradigm -- and its reliance on corporate investment -- could have on the private sector. It recognizes there may be situations in which "the private sector looks to the government for assistance when the threat at hand exceeds an enterprise's capability to protect itself beyond a reasonable level of additional investment."
In addition, a guiding principle of the strategy is to encourage market-based solutions. Regulatory mandates should be required only when market forces are insufficient to create the necessary level of private investment, or when a national standard is required to address a particularly challenging threat.
Finally, and most importantly, the strategy reflects the need to develop incentives for private organizations that proactively implement enhanced security measures. The departments of Commerce, Treasury and Homeland Security are charged with identifying such incentives, such as tax breaks, in collaboration with the private sector.
The Defense Department is charged with developing similar incentives for the 250,000 companies that make up the defense industrial base. The strategy states that the department "will collaborate with the defense industry to review contract processes and procedures to determine how to include provisions that address critical infrastructure protection needs."
Presumably, these contract provisions -- like the incentives developed for other industry sectors -- will include more carrots than sticks. But the shape of such incentives is still far from clear. Given the stakes at issue, companies would be wise to closely monitor this policy debate in the months to come. *
Richard Rector is a partner and member of the Homeland Security and Government Contracts practice groups at Piper Rudnick LLP in Washington, D.C. He can be reached at richard.rector@
piperrudnick.com.
NEXT STORY: Firm sets strategy for government market