In the wake of the worst act of terrorism on American soil, political officials joined hands and vowed to put politics aside and work together to win a new war. They promised unprecedented cooperation between rival agencies and pledged billions of dollars to the battle. And they warned that a long, continued exercise would be the only way to defeat this new enemy.
Now a year later, with budgets on empty and an election upcoming, some are concerned that although intentions are good and effort is being made, the window of opportunity may be closing for the chance to effect change. That there's no money trickling down to where it needs to be, and that a huge reorganization at the federal level may only jumble things even more, and that old political habits are dying hard.
At the federal level, there's the look of politicians jockeying for the next elections and throwing money at programs that will win votes, such as the $180 billion farm bill OK'd by President Bush recently to help sew up the farm states. In the works is a new Department of Homeland Security, a body whose purpose would be to facilitate a collective effort between the feds and state and local agencies, but that threatens to instead create a whole new bureaucracy and with it even more political infighting.
At the state and especially the local levels, where these wars are ultimately fought, there is a sense of frustration among some that the first-responders have been left to fend for themselves on key issues, including cyber security and interoperability.
"People seem to have gone back to a routine," said Todd Sander, CIO of Tucson, Ariz. "It's a dangerous situation because the threat hasn't gone away."
In a recent editorial, Eric Holdeman, manager of the King County, Wash., Office of Emergency Services wrote: "...In the end, the unfortunate situation we are faced with today is that citizens we serve have the false perception that we are working together to make our communities safer. We are collectively living a lie."
In King County, first responders must compete with the population of cell-phone users during emergencies. There is no priority given to governmental services. After Sept. 11, the Office of Emergency Services saw an opportunity to gain some leverage with the stage and remedy the problem. But that opportunity is beginning to slip away. Holdeman compared it to a tractor pull "where initially it starts going pretty well, but then that dead weight of previous relationships kicks in and everybody has an ax to grind and progress slows down."
"To me, the big thing is this opportunity to try to develop relationships where there were no relationships before," Holdeman said. "As we get further away from Sept. 11, those lessons get lost in everyday politics."
Cyber space is seen as one of the key battlegrounds for future terrorist strikes, and yet some state and local government agencies, not to mention federal, may be as vulnerable as ever. They point to a lack of industry standards, a lack of understanding by political officials and a lack of dollars.
"What we really know is we're not secure," said Wincy Carr, division manager for Data and Security Administration & Internal Systems in Fresno County, Calif. Carr said the problem stems from a lack of standards or basic principles that agencies can look to. "The problem is our window is going. The problem is when the window goes, we'll never get this resolved and we'll be back to where we were prior to 9-11."
Carr said politics have gotten in the way of the adoption of any standards. "Industry doesn't let politics regulate it and politicians don't really want to regulate it. If the government says the best VPN is supplied by Cisco, well, Microsoft is going to sue the federal government for establishing a standard that's contrary to fair trade."
So, as Los Angeles County CIO Jon Fullinwider says, "Everybody is kind of doing their own thing, doing it a little bit differently, and some people have done nothing and that's unacceptable."
Another problem is the federal government doesn't make a lot of money available for technology, Fullinwider said. "It's not a sexy issue, it's technology and nobody wants to deal with technology."
"The feds are planning to spend billions on enhancing the fidelity of their network infrastructure and intrusion detection and things of that nature so they recognize the need," Fullinwider said. But that money is not being made available to the states. "You go to these meetings with Richard Clark, who's working for (Homeland Security Director Tom) Ridge on the cyber side of the homeland security issue, and he basically just says, we know it's an issue and by the way folks, there is no money. It's kind of up to us, and that's difficult."
One source said that out of the large appropriations that Congress provides, typically upwards of 90 percent stay within the Beltway. "They go to the federal agencies and the other 10 percent trickles down first to the states, then to local government."
What Can They Do?
Aside from aid for bio-terrorism defense, local governments aren't getting funded. Part of the problem is a lack of political savvy on the part of local public safety officials, according to Sander. Public safety officials spend their careers preparing to respond immediately to disasters and don't quite understand why resource allocation takes so long.
"Oftentimes, public safety officials, chiefs, captains and commanders, aren't really well prepared for the process that we're engaged in now, which is principally a political process," Sander said. "It's about positioning, it's about competing for a limited number of dollars within a large political process."
Local agencies would do well to hobnob with some political officials, Sander says. "They need to find themselves some champions. They need to align themselves with people who are more experienced in the political process, who are able to navigate the dangers of a political process." It could be key legislators, sympathetic congressmen or senators or even CIOs, who had to become more adept at handling these issues during Y2K.
"We've had to figure out how to balance the needs with political desires with the need to make demonstration and receive credit," Sander said. "This is a chance for us to participate in making our communities more secure by helping the police chiefs, the fire chiefs and the directors of the departments through this process."
Huge Government Reorganization
State and local officials are waiting anxiously to see what turns up with the new Department of Homeland Security and how that office will effect communications with state and local agencies. Some are concerned that the feds would attempt such a comprehensive, complex reorganization in the middle of the fight.
"Reorganization of government is a very difficult process at any time and to undertake that large a reorganization is quite surprising to me," said Dallas Jones, California's director of Emergency Services.
Plans for the new cabinet-level department remain sketchy, but in essence the department would combine a multitude of agencies and organizations involved in homeland defense into a "single enterprise architecture" designed to eliminate duplicative and poorly coordinated systems. Among other functions, the department could take over some "key cyber-security activities" performed by the FBI's National Infrastructure Protection Center and the Department of Commerce's Critical Infrastructure Assurance Office.
The idea has potential sources say, but there are a lot of reasons for it to fail. "The focus shifts to who's going to be doing what rather than what's getting done," Jones said. "And this is going to go on for quite a period of time."
In combining organizations that traditionally have had some jurisdiction over security, there are bound to be hurt feelings.
"There are so many agencies, departments, offices, congressional committees that have some responsibility over security, and they get people and they get money," Sander said. "To bring all of that together in one place means there are a lot of people who are going to see themselves as having lost something."
To be successful, the office will need more input from local officials, said Bob Andrews, president of the International Association of Emergency Managers. "So much of it is federal input and a smattering of state input and, of course, terrorism in the final analysis is a local affair. They've got to do better at reaching out to local governments and local public safety."
Several sources said communication between the feds and the states has improved since Sept. 11.
"The Office of Homeland Security has been very good with our representative, George Vinson," said California's Jones.
But others said the progress isn't happening fast enough.
"The coordination process is the single most important consideration in terms of what we've yet to accomplish under the homeland security initiatives," Andrews said. "We're working hard, along with others, to try and persuade the federal government to give more attention to the coordination process than they have been."
That effort should emphasize that because emergency response is a coordinated effort among different agencies, training and funding allocation should be seen as a collaborative effort between disciplines. Andrews sees promise in the idea of a Department of Homeland Security, "Because the intent there is to improve communications."
A federal source said that has happened to a great extent already. "We are actually at an unprecedented level of coordination and information sharing between federal, state and local law enforcement," said Mark Corallo, a spokesman for the Department of Justice. "In changing our focus from prosecution to prevention, we turned 180 degrees in the way we look at our role and the way we function at the federal law enforcement level. It's only been 10 months. These things don't happen over night."
Everyone agrees that the process of defending against terrorist attacks will be a constantly evolving process with no end in sight. It will mean educating politicians and senior executives in government who must change their mindset to one that views security as part of business continuity planning.
The key to that effort is putting in place an emergency operation that takes into consideration the significant dependence on information infrastructure and that business and security need to be forever linked.