How should US protect privately owned facilities?

The disruption of an alleged plot to blow up a fuel pipeline and tanks at John F. Kennedy International Airport is an intelligence success, but it also reveals one of the most complex homeland-security challenges: How should the federal government go about protecting privately owned facilities?

The nation's electric grid, oil pipelines, storage tanks, ports, computer nerve centers, and many other facilities are all vital to the daily functioning of the economy. Known as critical infrastructure, 85 percent is privately owned. And as the alleged plot at JFK shows, those facilities also have the potential to become prime terrorist targets.

The 9/11 attacks necessitated a new way of thinking about the security of such facilities, experts say: Intelligence can catch some threats, but not all. That puts the private sector into an unprecedented national-security role and requires a shift away from complete reliance on the intelligence sector for security.

"The only way to be secure is to assess the vulnerabilities of our country and plug those vulnerabilities," said John McLaughlin, former deputy director of the CIA, at a recent conference at the Johns Hopkins School of Advanced International Studies. "That's the mind-set we have to have, and I think it's beginning to take hold."

Prior to 9/11, the government regulated the security of only the most dangerous facilities, such as nuclear plants. The Environmental Protection Agency was charged with ensuring that facilities like chemical plants didn't pollute the land, water, or air, or cause undue harm to people living nearby.

But after 9/11, the private sector had to think like security experts. And the federal government had to figure out ways to encourage this – through regulation, tax incentives, and, in cases like the chemical industry that fought regulation for years, suggested requirements.

In essence, it's had to create an entirely new kind of public-private partnership. It's a process that's still very much in the making.

"So far we're doing critical infrastructure protection sector by sector," said Daniel Pietro, senior fellow and director of the Homeland Security Center at the Reform Institute in Alexandria, Va. That makes it difficult to harmonize the implementation, he added, speaking at the same Johns Hopkins conference.

Soon after 9/11, Congress created the Department of Homeland Security and radically ramped up aviation security, federalizing all preflight security screening and mandating that private airlines do things such as strengthen the cockpit doors.

During the next three years, Congress and DHS began developing various plans and regulations to protect everything from water supplies to the electric grid. For instance, Congress mandated that lists of all cargo coming into the nation's ports be screened. It required ID cards of port workers and the installation of radiation detectors at major ports.

DHS also developed various plans for voluntary cooperation on security, in particular for chemical plants and petrochemical plants. Late last year, Congress mandated that chemical plants must produce security risk assessments.

But it wasn't until last month that DHS finally released its comprehensive National Infrastructure Protection Program. It identifies 17 "critical infrastructure and key resource sectors that require protective actions to prepare for, or mitigate against, a terrorist attack or other hazards," according to DHS. It includes sectors as diverse as agriculture, banking, information technology, and rail and calls for "unprecedented" cooperation between the public and private sectors.

"The approach that we've taken here is to harness that natural desire and energy, the patriotism of the private sector – but also, to be honest, the rational, self-interest of those who work within it – to come up with the best possible plans sector by sector. [They] can then be disseminated throughout our economy as guides and templates for individual businesses to know how to best protect themselves against the possibility of a terrorist attack," said Homeland Security Secretary Michael Chertoff on May 21 when he announced the plan. "At the same time, we must avoid imposing onerous security measures that would damage or make economically impractical the very systems that we're trying to protect."

As part of that process, the federal government is also working to transform the way it shares classified security information with the private sector. That's evident in the way it dealt with Buckeye Pipeline Company, which owns the 12-inch-thick, 40-mile pipeline that was allegedly targeted by those just charged. Company officials told the Associated Press that they were fully informed by DHS of the potential threat and remained in constant contact with law enforcement.

But companies like Buckeye also have information and technology they consider proprietary. They're wrestling with how to share that information with the federal government. Experts say finding the right balance is crucial, particularly because of the nature of the threat of terrorism.

"There's an unprecedented degree of asymmetry here. This is the first time in history that so few people can do so much damage, and it's global in scope," said Mr. Pietro. "We're at a time when the traditional tools of government don't work real well against that backdrop. Trust is essential now between the government and private corporations and vice versa."

Secretary Chertoff says the challenge of protecting all the different segments of American society is so broad that everyone – businesses as well as individuals – will have to make some sacrifices.

"Everybody says they believe in security, but when it comes time to accept a little bit of inconvenience or impingement on their business model, they go, 'Oh, we don't want to do that, it will hurt our business,' " Chertoff says. "Anybody who says they don't want to take adequate security measures have to ask themselves if they'd feel differently if their child perished in the thing that occurred because we didn't take that measure."