September 2009 was a busy and successful month for law enforcement with the disruption of three terror plots, all around the eighth anniversary of 9/11. Najibullah Zazi, a 24-year-old airport shuttle driver who allegedly received explosives and weapons training from al Qaeda during a trip to Pakistan last year, was charged with conspiracy to use weapons of mass destruction. Hosam Maher Husein Smadi, a 19-year-old Jordanian, was arrested after attempting to detonate a fake bomb outside of a Dallas skyscraper. American citizen Michael Finton, a self-professed jihadist fighter, was arrested after attempting to detonate a car bomb outside a federal building and courthouse in Illinois. Including these three plots, U.S. law enforcement has disrupted 26 publicly known terror plots since September 11, 2001.
Although these foiled plots demonstrate just how far information sharing and cooperation amongst local, state and federal law enforcement has come since 9/11, they also demonstrate that the threat of terrorism has not diminished; indeed, it’s on the rise. Homeland Security Secretary Janet Napolitano recently stated, “It is fair to say there are individuals in the United States who ascribe to al-Qaeda-type beliefs. . . [a]nd so it makes information-sharing, it makes effective law enforcement and it makes the shared responsibility of law enforcement ever so important.”
We should take comfort in these successes but cannot afford to relax and let our guard down. Every citizen must remain vigilant and the private sector can and should play an important role as a force-multiplier in the detection, prevention and mitigation of terrorism.
There are many tools available to the private sector. The “Support Antiterrorism by Fostering Effective Technologies Act of 2002″ (SAFETY Act) provides significant liability protections and other benefits to the developers and users of anti-terrorism technologies. The result is an ever-growing catalog of processes and products approved by the Department of Homeland Security. Under the SAFETY Act, a user of a qualified anti-terrorism technology cannot be held liable for real property or personal injuries caused by the technology in connection with an act of terrorism. At the same time, any damages that might be assessed against the seller of such devices are capped and punitive damages cannot be assessed. The SAFETY Act web site lists all approvals with a brief product description. If you are involved in security for your company, you should regularly access the SAFETY Act web site to ensure that your company is layering its security efforts and liability protections.
In addition to the SAFETY Act, corporations can partake in voluntary precautions, including the use of standards created by professional organizations and government endorsed certification programs. On August 3, 2007, President Bush signed into law HR-1, which implemented recommendations of the 9/11 Commission. Section IX of HR 1 encourages private sector participation in preparedness accreditation and certification programs. Recognizing that the private Sector owns or controls approximately 85% of the nation’s critical infrastructure and key resources (CI/KR), the Department of Homeland Security instituted the Voluntary Private Sector Preparedness Accreditation and Certification program, or “PS-Prep.” This program seeks to protect CI/KR by increasing the level of preparedness in the private sector. Yesterday, the Department published a public notice proposing that PS-Prep incorporate the use of standards developed by the National Fire Protection Association, the British Standards Institution and ASIS International. These standards provide guidance on ways to improve resilience through effective business continuity and disaster and emergency management programs. Ultimately, PS-Prep will enable an accredited third-party to certify that a private sector entity is in compliance with one of the aforementioned preparedness standards.
Several other standards provide important guidance to the private sector. The National Institute of Standards and Technology creates widely used security standards that can be used by the private sector in their continuity planning. The standards focus on information security policies, asset management, human resources, environmental security, communications, and business continuity planning. The Federal Energy Regulatory Commission created the first “mandatory and enforceable” reliability standards addressing cyber security. These industry wide reporting standards require the establishment of security policies by corporations within the energy sector. Companies falling outside of this sector can and should use the standards as a guide for proper precautions.
Remember, an alert Circuit City clerk did not like what he saw on a video and reported it to law enforcement, which lead to the discovery of a terror cell that was planning to attack Ft. Dix. Every person in this country must be watchful and report to law enforcement questionable or unusual behavior. The private sector has an even greater responsibility to be prepared, because it controls 85% of our nation’s CI/KR. Those who have selflessly taken an oath to guard and protect us need as much help as they can get.
Scott Louis Weber is a partner at the law firm Patton Boggs LLP and is the former Senior Counselor to the Secretary of the U.S. Department of Homeland Security.