America remains dangerously unprepared to prevent and respond to a catastrophic terrorist attack on U.S. soil. That was the unanimous conclusion of a blue-ribbon panel I directed one year after 9/11. Among those who signed off on this sober warning were the panel's chairmen, former Sens. Gary Hart and Warren Rudman; two former secretaries of state; two former chairmen of the Joint Chiefs of Staff; a former director of the CIA and FBI, and three Nobel laureates. Now we have an equally impressive group of Americans in the form of the 9/11 commission arriving at the same judgment. But after watching our government in action last week, you don't need to be a senior statesman or a Nobel Prize winner to realize that we have a long way to go to secure our homeland.
When it comes to investing in prudent measures to protect the softest targets such as our seaports, electrical grid and chemical industry, we have largely squandered the past three years. This bipartisan state of neglect is not a result of a conscious decision to leave the nation exposed. Instead, it stems from a misplaced faith in our military and intelligence capabilities. Washington has been treating the war on terrorism like the other wars we fought and won during the last century - as an "away game," so to speak. Last May in a speech to a class of newly commissioned Coast Guard officers, Vice President Dick Cheney put it this way: "Wars are not won on the defensive. To fully and finally remove this danger (of terrorism), we have only one option - and that's to take the fight to the enemy."
This "over there" approach has translated into virtually all of America's counterterrorism eggs being placed in the offense basket. Consider that Washington is spending more every three days on the war in Iraq than the federal government has invested in the past three years to secure the nation's 361 seaports, including Port Elizabeth and Port Newark.
Meanwhile, the enemy is not cooperating. Rather than patiently waiting to be rounded up in Iraq or Afghanistan, al Qaeda is methodically staking out targets in the United States. There are plenty to choose from because the systems supporting America's daily life - finance, transportation, information, energy, food and water - are wide open.
The dilemma is clear. We have a second-to-none military, so our enemies are doing what all adversaries do: trying to exploit our weaknesses. We can afford to spend more on military hardware than the next 30 nations combined because we are also the world's dominant economic power. But our economic power derives from our reliance on domestic and global networks that the marketplace never got around to securing. Al Qaeda has figured this out, so why hasn't Washington?
Part of the problem is that the federal government has created a division of labor that restricts its own ability to act. According to President Bush's National Strategy for Homeland Security, the federal government's job is national defense and border security. But "for other aspects of homeland security, sufficient incentives exist in the private market to supply protection."
But it turns out there is not a market case for the private sector to secure itself. Without clearly defined and well-enforced requirements, private companies are not investing in comprehensive measures to protect the infrastructure they, and we, depend on. Executives worry such investments will place their companies at a competitive disadvantage. Security is not free; a company incurs costs when it invests to protect the portion of the infrastructure it controls. If other companies do not make a similar investment, the security-conscious company stands to lose market share.
Also, when terrorists strike, a company that invested in security still will suffer the attack's disruptive consequences. Given this reality, rational CEOs may be tossing and turning at night, contemplating how vulnerable their sectors are to terrorist attacks. But they wake up to focus on the bottom line, which does not include new investments in comprehensive security.
Washington and the private sector need to wake up to the two central realities of our post-9/11 world. First, the U.S. government will not be able to provide intelligence that is specific and timely enough to guide targeted security investments. This means that a "wait for an alert"approach will always end up generating the kind of spasmodic, unfocused and expensive security measures that we are witnessing in Newark, New York and Washington.
Second, we cannot rely solely on offense. A laissez-faire approach to critical infrastructure protection is not working. Our exposure to profound disruption in the wake of the next attack - or threat - can be mitigated only if everyone is playing by the same security rules and those rules have teeth. When the standards are universal and mandatory, their cost is equally borne across the sector.
The debate in Washington and in boardrooms should not be if security measures are necessary, but what they will be and how to enforce them. The latest terror alert has amplified the urgency with which the federal government should be galvanizing the market to protect itself and the rest of us - because we are living on borrowed time.
Stephen Flynn is the Jeane J. Kirkpatrick senior fellow in national security studies at the Council on Foreign Relations and author of "America the Vulnerable: How Our Government Is Failing to Protect Us from Terrorism" (HarperCollins, 2004).