In a May 1998 commencement address at the U.S. Naval Academy, President Clinton announced his approval of two important Presidential Decision Directives (PDDs). PDD-62 and PDD-63 address counterterrorism and critical infrastructure protection respectively, and are the result of a series of related presidential and congressional initiatives that reflect changing national security policies and priorities.
Over the past several years, the U.S. has been reshaping its perspective of future national security threats to the continental U.S. (CONUS). Once largely focused on deterring strategic nuclear attacks from hostile superpowers and major regional conflicts abroad, this policy evolution is the product of integrated analyses of potential threats from terrorism, the proliferation of weapons of mass destruction (WMD), and the vulnerabilities attendant to increasing economic and societal dependence on information technologies. Such analyses were prompted by events such as the bombing of New York’s World Trade Center, the chemical attack on the Tokyo subway system, the bombing of the Oklahoma City Federal building, and outside “hacking” into DOD computer systems.
The result, captured in the recent directives, is an increased recognition of the need for a coordinated approach to homeland defense against a variety of novel attack modes. It thus provides a broader context for the DOD role in dealing with potential use of WMD in the United States, addressed in our February paper. This paper reviews key elements of these initiatives and how they came together in PDD-62 and PDD-63. In particular, we focus on the policy and organizational framework established by the new directives, addressing the strengths and weaknesses of the new arrangements and obstacles to their success. In the conclusion, we suggest some guideposts for how to focus activities and avoid setbacks in this complex and difficult policy area.
Recent Initiatives
Counterterrorism. The U.S. Government has viewed terrorism as a national security concern at least since the late 1960s, when intercontinental airline travel and global media brought the spectacle of terrorist hijackings to America’s living rooms. Counterterrorism policy was first formalized with President Reagan’s National Security Decision Directive (NSDD) 207, issued in 1986 and based on the findings of Vice President Bush’s 1985 Task Force on Terrorism. NSDD-207 reaffirmed and institutionalized federal jurisdiction over terrorism in two categories: the Department of Justice through the Federal Bureau of Investigation for domestic terrorism, and the Department of State for international terrorism.
In 1995, PDD-39 (“U.S. Policy on Counterterrorism”) was issued in response to the worst terrorist act on U.S. soil – the bombing of the Alfred P. Murrah Federal Building in Oklahoma City. PDD-39 built on NSDD-207 and outlined three key elements of a national counterterrorism strategy:
Reduce vulnerabilities to terrorist attacks and prevent and deter terrorist acts before they occur (threat/vulnerability management);
Respond to terrorist acts that occur, end the crisis or deny terrorists their objectives, and apprehend and punish terrorists (crisis management);
Manage the consequences of terrorist acts, including restoring essential government services and providing emergency relief, to protect public health and safety (consequence management).
The Directive further elaborates on agencies’ specific roles and responsibilities with respect to each element of the strategy. Reflecting the need for greater interagency coordination, PDD-39 charged the National Security Council (NSC) to coordinate interagency terrorism policy issues and to ensure implementation of federal counterterrorism policy and strategy.
The World Trade Center bombing brought home the point that foreign terrorists were capable of operating in the U.S. In Oklahoma City, the plausibility and presence of “home grown” terrorism was also confirmed. Both cases demonstrated the need for effective intelligence and greater attention to consequence management (including the potential for mass civilian casualties).
Critical Infrastructure Protection. Executive Order 13010 (July 1995) created the President’s Commission on Critical Infrastructure Protection (PCCIP) chaired by General Thomas Marsh, USAF (Ret.). Creation of the PCCIP reflected recognition that the growing integration of information technologies into public and private infrastructures such as power generation, telecommunications, finance, and transportation is producing not only greater efficiency and economic growth but also greater vulnerabilities to disruption.
The President created the PCCIP to bring together government agencies with infrastructure-related responsibilities and private organizations and corporations who own or control the majority of the systems comprising critical infrastructures. The PCCIP’s mission was to assess threats and vulnerabilities associated with the various critical infrastructures, formulate strategies for protecting and assuring infrastructure functions and operation against physical and cyber attack, and recommend an implementation plan for the strategies. The PCCIP submitted its report, Critical Foundations, in October 1997.
The PCCIP divided its work into five sectors, based on the common characteristics of the industries and technologies:
Information and Communications Systems
Energy (including electrical power systems, and gas and oil transportation and storage systems)
Banking and Finance
Physical Distribution Systems (including air, sea, and land transportation)
Vital Human Services (including water supply systems, emergency services, and continuity of government)
As described in an Administration White Paper, the essential finding of the PCCIP was that “our economy is increasingly reliant upon interdependent and cyber-supported infrastructures, and non-traditional attacks on our infrastructure and information systems may be capable of significantly harming both our military power and our economy.” The PCCIP found that the threats and vulnerabilities associated with electronic, or “cyber” attack, are poorly understood. The capabilities required for a damaging cyber attack are inexpensive and readily available with a broad range of potential attackers, and the complexity and interdependencies of critical infrastructures are extensive and difficult to measure. Thus, old tools for threat and vulnerability analyses are ill suited for assessment of risk to cyber attack or the potential cascading effects of cyber or physical attacks. Furthermore, the tools that exist and the capabilities being developed across the threat spectrum – from risk mitigation to crisis response to consequence management – lacked coordination to create and maintain national awareness of problems and solutions.
The PCCIP recommended organizational changes to enhance interagency coordination and a revised program of research and development to review, coordinate, and deploy technologies that already exist, and to refocus R&D investment priorities on technology requirements derived from risk assessments. The PCCIP organizational recommendations are presented later.
Nunn-Lugar-Domenici and WMD Response. A number of studies and plans have focused attention on the need for U.S. capabilities to mitigate the consequences of a WMD attack in both domestic preparedness and force protection roles. In 1996, the Nunn-Lugar-Domenici (NLD) Act (also known as the Defense Against Weapons of Mass Destruction Act) was enacted as Title XIV of the FY97 Defense Authorization Act. Seeking to enhance domestic preparedness and response capabilities, this legislation provided funding to improve the capabilities of federal, state, and local emergency response agencies to prevent and, if necessary, respond to domestic terrorist incidents involving WMD.
DOD responded to the Act in May 1997 by establishing the “Domestic Preparedness in the Defense Against WMD Program,” directed by the Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict (ASD, SO/LIC). This program seeks to provide DOD support for preparedness and response capabilities at the federal, state, and local levels through assessments, exercises, nationwide training support, the establishment of contact networks and Chemical/
Biological “Hotlines” and databases, loans of equipment, and military assistance to law enforcement. The Domestic Preparedness Program directs DOD efforts only in WMD consequence management and does not change Posse Comitatus laws that prohibit DOD agencies from conducting law enforcement operations. The DOD has set as its goal assessing the requirements and providing training to the 120 largest U.S. metropolitan areas by the end of 1999.
Concurrent with the PCCIP report and implementation of the NLD Act, the Defense Science Board addressed the theme of asymmetrical threats in a 1997 report on “DOD Responses to Transnational Threats.” We reviewed this report in our February 1998 paper of the same title. The DSB Report advocated the use of DOD assets in the spirit outlined by the NLD Program and recommended the DOD remain the lead executive agency with stewardship of the Program. The DSB Report also advocated using the National Guard in a more central domestic preparedness and response role.
Subsequently, the Deputy Secretary of Defense directed development of more detailed plans for including the Reserve components in WMD response. The National Guard and Reserve Component WMD Response Plan, announced by the Secretary of Defense in March 1998, outlined a menu of capabilities, constituted from National Guard and Reserve components, designed to assist local first responders. These capabilities include teams for Rapid Assessment and Initial Detection (RAID), NBC Reconnaissance, and NBC Patient Decontamination.
Development of the Guard and Reserve WMD response capability is based on a five-year plan. The first year begins with a pilot program placing one RAID element in each of FEMA’s ten geographic regions. Complementing the 10 RAID elements will be 28 NBC Reconnaissance and 64 Decontamination elements drawn from the existing Reserve component force structure. The plan calls for an initial operating capability to be ready after FY1999 and full operational capability after FY2000. A Reserve Component Consequence Management Program Integration Office was established to identify and task DOD capabilities needed to implement this plan.
Yet another initiative is the Commission to Assess the Organization of the Federal Government to Combat the Proliferation of Weapons of Mass Destruction, chartered by Congress in late 1996. This “Deutch-Specter Commission” (named after Chairman John Deutch and Vice Chairman Sen. Arlen Specter) was established to focus on the potential terrorist threat to CONUS from the proliferation of WMD and how well federal agencies are prepared to prevent or respond to such crises. Established in early 1998, this Commission has yet to complete a final report.
Presidential Decision Directives 62 and 63. The results of separate analyses on counterterrorism, WMD domestic preparedness, and the vulnerabilities of information and related infrastructures were brought together at the federal level in PDD-62 and PDD-63.
In PDD-62 (“Combating Terrorism”), the President sought to reaffirm agencies’ counterterrorism roles and strengthen the interagency coordination process through creation of the Office of the National Coordinator for Security, Infrastructure Protection, and Counterterrorism. PDD-62 also re-emphasized the role of consequence management as an element in an effective counterterrorism strategy and specifically addressed the threat of bio-terrorism. Most notably, it called for a stockpiling of vaccines and antibiotics for public distribution in the event of attack.
In PDD-63 (“Critical Infrastructure Protection”), the President set out to establish a National Infrastructure Assurance Plan and set a five-year goal for being able to protect critical national infrastructures. PDD-63 designated responsibility for specific infrastructure sectors and functions to lead federal agencies, as follows:
Information and communications Department of Commerce
Banking and finance Department of the Treasury
Water supply Environmental Protection Agency
Surface and air transportation Department of Transportation
Emergency law enforcement services FBI
Emergency fire services FEMA
Continuity of government services FEMA
Public/emergency health services Department of Health and Human Services
Electric power Department of Energy
Oil & gas production and storage Department of Energy
PDD-63 further designated lead agencies for responsibility of special functions as within their normal missions (e.g., DOD for national defense, CIA for foreign intelligence, etc.).
In addition, implementing many of the PCCIP’s organizational recommendations, the President created or reaffirmed:
The Office of National Coordinator of Security, Infrastructure Protection, and Counterterrorism, a member of the NSC staff, to focus on critical infrastructure protection, foreign terrorism, and domestic weapons of mass destruction, including biological weapons.
The Critical Infrastructure Coordination Group (CICG), chaired by the National Coordinator, and composed of sector liaison officials, lead agency coordinators, and other relevant officials, responsible for implementing PDD-63 directives.
The Critical Infrastructure Assurance Office (CIAO), within the Department of Commerce, to provide support to the National Coordinator’s work with government agencies and the private sector in developing and implementing a National Infrastructure Assurance Plan. The office will also help coordinate a national education and awareness program, and legislative and public affairs.
The National Infrastructure Assurance Council (NIAC), a panel of major infrastructure providers and state and local government officials, to enhance the partnership of the public and private sectors and provide guidance to policy formulation for the national plan.
The National Infrastructure Protection Center (NIPC) within the FBI to warn of, and respond to, cyber and physical attacks on the infrastructures; promote information sharing between various departments, agencies, and the private sector; and to coordinate a response to hacker attacks, investigate threats, and monitor reconstitution efforts. The NIPC was established before PDD-63 and incorporates the capabilities of its predecessor, the FBI’s Computer Investigations and Infrastructure Threat Assessment Center (CITAC).
PDD-63 directed that each lead agency appoint a senior official (or “Sector Liaison”) to sit on interagency councils and develop (within 180 days) a plan for protecting its respective critical infrastructure sector from physical and electronic attack. The Directive also mandates the National Coordinator and the CICG assemble these agency plans, along with analyses of interagency dependencies, into a National Infrastructure Assurance Plan. The plan should establish vulnerability mitigation procedures and declare milestones for accomplishing: vulnerability analyses and remedial plans; warning, response, and reconstitution mechanisms; education and awareness plans; research and development agenda; intelligence collection recommendations; expanded international cooperation; and legislative and budgetary requirements.
The Directive mandates that this National Infrastructure Assurance Plan be implemented to accomplish an initial operating capability by the year 2000. By no later than May 2003, the Directive mandates that the U.S. will have achieved a maintainable ability to protect the nation’s infrastructures from any significant degradation other than interruptions of infrastructure service that are “brief, infrequent, manageable, geographically isolated and minimally detrimental to the welfare of the United States.”
Assessing the Initiatives to Date
Recent initiatives, taken together, seek to establish a robust, responsive system of interagency coordination to identify federal capabilities and integrate them into missions for counterterrorism, WMD domestic preparedness, and infrastructure assurance. Perhaps the biggest impact of these initiatives falls on U.S. counterterrorism policy. Previous policy addressed themes such as deterrence, interdiction, and hostage rescue. Now, WMD or infrastructure attacks in a terrorist mode (whether by terrorist groups or governments hoping to achieve plausible deniability) seem to be the most severe scenarios motivating the new approach.
Official perceptions of the threat are changing. What kind of threat the U.S. might face has now been focused on domestic WMD attacks. In addition, national security officials are considering different sources and locations of the threat. There is now greater concern for domestic security, and investigations into asymmetric strategies suggest that potential adversaries may choose covert action within CONUS (involving the use of WMD or cyber attacks) as a preferred tool of their national policy rather than conventional military capabilities which face overwhelming U.S. superiority. These perspectives differ from previous concerns about nuisance-level, state-sponsored terrorists and the safety and security of U.S. citizens or facilities abroad. Finally, concerns about the targets of potential threats are being adjusted to reflect wide-ranging dependencies on information technologies in areas vital to economic stability, military capabilities, and day-to-day functions of society.
While the changes in threat perceptions embodied in the above initiatives are certainly legitimate, a caveat seems in order. It appears that a growing perception of U.S. vulnerabilities may be driving perceptions of the threat. High vulnerability doesn’t always mean high threat, though there is often concern that vulnerabilities tend to generate threats that will exploit them. However, the potential threats to national security from terrorist use of WMD by their very nature will be more difficult to observe and measure than conventional military threats. Assessing potential cyber threats will be even more difficult since the tools for disruption of information-related systems are widely available, and the threat is difficult to characterize. While intentions have always been difficult to discern, emphasis on capabilities and movements has, in the past, provided observables for indications and warning. These observables are usually not present for terrorist or cyber attack. Thus, assessing vulnerabilities may prove easier than measuring threats.
Implications for DOD. Support for domestic disaster relief and law enforcement have long been secondary or collateral DOD missions. Recent initiatives appear to broaden and deepen these commitments. Focus on the potential use of WMD in CONUS is a major driver, since DOD’s ongoing R&D efforts to detect and defend against nuclear, chemical, and biological weapons use against deployed forces in the field now have an important domestic role. In addition, the potentially disastrous effects from the use of WMD in CONUS seem to reinforce the perspective of DOD as a source of ready resources to be called upon in such an emergency. As a result, DOD faces new policy, organizational, and resource issues.
On the whole, DOD elements may not want additional missions associated with domestic preparedness. Both the Guard and Reserves, especially in the Army, are looking for closer connectivity to active forces. The Reserves, for example, may express concern over potential growth in the National Guard in areas (such as civil affairs) largely assigned to them. The National Guard, for its part, wants to retain its major combat units and avoid being pigeonholed in constabulary-only missions. In fact, both the Army National Guard and Reserve remain suspicious of any hint (legitimate or otherwise) that the active Army is attempting to relegate them to noncombat missions.
These issues aside, DOD appears reasonably well positioned to support these initiatives if adequately resourced. The recent establishment of the Defense Threat Reduction Agency combined technical support for nonproliferation, nuclear weapons, chem-bio defense, counterproliferation, force protection, and defense technology security. Previously narrow counterterrorism policies have broadened into a “force protection” mission which (when combined with missile defense) is now in turn described in Joint Vision 2010 as “full dimensional protection.” Protection of DOD information infrastructures has been a DOD priority for several years (especially so following the SOLAR SUNRISE incident), with major responsibilities assigned to military departments, the Defense Information Systems Agency, and the National Security Agency.
The reliance of the Defense Information Infrastructure on national and commercial sources of power and telecommunications, and its vulnerability to cyber-related threats, are major factors driving DOD into closer collaboration with domestic agencies and the private sector. Since DOD has long been active in telecommunications security through the National Communications System (a federal interagency organization), PDD-63’s assignment of the Information and Communications Sector responsibility to the Department of Commerce has raised some questions. Congressional overseers wonder if PDD-63 charges Commerce with an inappropriate national security mission. Nevertheless, the role of Commerce reflects the broad economic impact of telecommunications and the necessity for private sector involvement, both of which this agency brings to the table. Moreover, while DOD has an important stake in national information infrastructure protection, it is not clear DOD is or should be interested in or equipped for the lead role in national policymaking.
At the same time, a broad range of policies and strategies now need to be considered. The Director of NSA recently suggested in congressional testimony, for example, that cyber attacks by foreign governments could potentially be categorized as weapons of mass destruction. If so, perhaps some kind of deterrent strategy could be formulated. However, while a legitimate question, it potentially defines only one piece of the threat spectrum and presumes the connection to a foreign government can confidently be made. The more difficult zone, it appears, will be the cyber threat from an uncertain source with serious but not necessarily catastrophic results. Here, only preventive defensive measures combining warning, detection, tracking, and mitigation (including redundancy) are likely to be successful in minimizing the effects of cyber attacks. While perhaps deterring or lowering the success rate of some attacks, the problem of how the U.S. should respond to more coordinated and/or malicious attacks affecting national networks remains a vexing one and will require the integration of intelligence, law enforcement, and defense perspectives.
The initiatives will also likely complicate DOD’s perception of CONUS defense and highlight the complexity of DOD activities potentially involved in this mission. CONUS defense is beginning to look like more than “aerospace” and “land” defense, incorporating multiple DOD capabilities including the intelligence and special operations communities, WMD/NCB expertise, missile defense, engineers and technical/information systems managers, and a mix of active duty and Reserve component personnel. Those units involved in nuclear, chemical, and biological detection and decontamination, and information assurance, in particular, could have operational responsibilities both in CONUS and abroad. DOD also will likely review the assignment of broader homeland defense responsibilities among the Unified Commands, perhaps even before the scheduled 1999 Unified Command Plan review. However, the potential ambiguity in discerning foreign and domestic threats and peacetime and wartime activities reinforces the interagency character of these initiatives – a reminder that not all activities related to national security will necessarily be assigned to DOD.
At a higher level, necessary attention to issues related to CONUS defense may generate potential tension with other missions such as power projection. The two missions are, of course, related: as the U.S. military establishment becomes progressively more CONUS-based, the ability to project military power abroad becomes crucial to our military response options. A WMD attack against CONUS-based power projection capabilities could severely degrade our ability to respond during an overseas crisis. However, some high-cost capabilities required for each of these missions may not be applicable to the other, and political-military decisions concerning the use of U.S. forces abroad seem certain to become more complex as more plausible threats to CONUS enter the picture.
The resource implications for DOD also remain to be determined. A comparison with Cold War spending for strategic nuclear deterrence is one way to conceptualize the resource challenge. Spending on this low-probability but high-consequence mission previously averaged roughly 9-15 percent of annual Cold War defense budgets. This amount is now reduced to about three percent; however, the potential threats to CONUS are changing – prompting the need for greater DOD support to domestic security and (some would argue) perhaps even missile defense. So, how much DOD can or should invest in CONUS defense without an increase in its topline budget remains an open issue, especially since the Department is already behind in the modernization of conventional forces.
Obstacles Ahead
Bureaucratic Complexity. The level and complexity of coordination required in these initiatives is perhaps the biggest challenge. Interagency coordination is no small task, even among agencies accustomed to participating in the national security community. Bring into the mix agencies with little experience in national security activities, states, and territories, and a private sector reluctant to address their own vulnerabilities in a public forum, and the degree of complexity becomes evident. Counterterrorism alone involves the integration of no less than 40 U.S. agencies but is at least recognized as a federal responsibility. Critical infrastructure protection, on the other hand, requires the active participation of the private sector, which owns or operates (under close regulation) nearly all of the relevant assets.
Furthermore, efforts of the new sectors, committees, groups, and councils dictated by PDD-63 for vulnerability assessment could be weakened if their products are not adequately integrated. Critical infrastructures are complexly intertwined and mutually dependent, hence the accentuated vulnerability. In PDD-63, respective infrastructure assessments are not integrated until after they reach the CICG, when they are handed to the CIAO and then “integrated” into a National Infrastructure Assurance Plan. Integration must ultimately be an end-to-end effort, and a heavy burden will fall to the National Coordinator to focus on a variety of scenarios that recognize the complex interdependencies of critical infrastructures and measures to protect them.
Resource Requirements and Oversight. Although some aspects of these initiatives are included in the President’s budget (e.g., ongoing support for existing capabilities, plus $94 million in new spending for stockpiling vaccines), the future resource implications are unclear. In crosscutting interagency matters, establishing a baseline of current expenditures, identifying and costing relevant goals and measures of merit, and deciding how much is enough are especially difficult problems. Three examples highlight the challenge.
The first example involves counterterrorism programs. PDD-62 states that it promotes a more systematic approach to counterterrorism by “bringing a program management approach to U.S. counterterrorism efforts.” Currently, the NSC and FBI coordinate counterterrorism policy issues, and the Office of Management and Budget assesses competing funding demands. Federal expenditures for unclassified terrorism-related activities were estimated at $7 billion in FY1997. However, no agency establishes funding priorities for terrorism-related programs across agencies’ budgets or ensures that agencies’ stated requirements have been validated against threat and risk criteria. The General Accounting Office thus concluded that there is no assurance against gaps or redundancies in counterterrorism activities or that the priorities of a national strategy are being met.
A second example concerns the Office of National Drug Control Policy (the “Drug Czar”). This office often faces challenges because of its limited coordinating authority. While it controls some central funding, much more is contained within and executed through other departments and agencies. Since agencies are balancing multiple policy objectives, expressions of presidential policy in a specific area do not always overcome a reluctance by government bureaucracies to spend their own budgets executing someone else’s priorities. On the surface, it appears PDD-62 and PDD-63 delegate even less power to the National Coordinator than that held by the Drug Czar.
A final example, involving DOD expenditures on “information assurance,” illustrates the difficulty of establishing a baseline of current expenditures. When recently asked by Congress the amount being spent in this area, DOD was unable to produce a credible estimate. Among the reasons: the current terminology did not necessarily conform to earlier coding of databases, and these activities are buried within larger C4-related programs. DOD has responded by organizing a Defense Information Assurance Program within the office of the ASD/C3I, and sorting out the baseline of current expenditures will be its first order of business.
These examples suggest the challenges ahead developing a baseline of activities and resources related to PDD-62 and PDD-63 and establishing mechanisms for their effective oversight. Beyond these challenges for the Executive Branch, a highly complex, distributed, and potentially disjointed process of congressional oversight on these matters can also be anticipated.
Conclusion
The recent Presidential directives deal with a very difficult set of policy issues that affect individual freedom and economic growth as well as national security. On the one hand, better awareness of existing vulnerabilities to terrorism and WMD, and now critical infrastructure dependent on information technologies, has been a stated goal of many of the initiatives outlined above. In this regard, the initiatives have already had some success. On the other hand, the level of commitment in these initiatives is not clear. The initiatives move to change policy and establish coordinating mechanisms, but it remains uncertain how far these changes will extend. A real strategy has not yet been offered, nor have solutions to bureaucratic obstacles.
Agencies will take time to develop their plans, (probably more than the six months provided by the President’s schedule), with months more for integration and approval of a strategy. After this initial process, the requirement for closer integration of assessments and/or different assessment methodologies will likely need to be recognized. In addition, this learning process will churn up a variety of policy, organizational, and resource issues across federal agencies, and between the federal government and private sector. With few exceptions (such as the existing capabilities available through FEMA, the National Guard, and/or the National Communications System), the WMD consequence management and infrastructure protection capabilities envisioned in PDD-62 and PDD-62 are several years away .
We cannot expect 100% defense against these threats – particularly against ad hoc terrorism as witnessed with the Oklahoma City bombing. On the other hand, government has an obligation to take reasonable actions to prevent and defend against such threats and reduce their potential impacts. Recognizing total prevention or preemption is impossible, PDDs 62 and 63 stress enhanced vulnerability mitigation and consequence management. At the same time, effectiveness in dealing with threats to widespread vulnerabilities is difficult to measure, especially when those threats are unfamiliar or not easily quantified; efficiency and rapid accomplishments are not to be expected. How much to do will likely emerge as a future issue. For now, it is important to recognize the progress that the Administration has made in these initiatives and establish realistic goals for the future. We see four key priorities:
Developing the interagency processes to allow for an effective National Coordinator and establish a resource baseline for PDD-62 and PDD-63 related activities;
Better discriminating vulnerabilities – physical and cyber – and potential threats, including improved intelligence capabilities to deal with threats before they become incidents and policies to reflect a range of potential responses;
Further developing national-level programs and exercises to coordinate and demonstrate capabilities for WMD and cyber crisis response and consequence management; and
Extending concern for the robustness of critical infrastructures into regulatory structures and other domestic policies affecting private sector decision-making.
These priorities are simple enough to preserve focus and rough enough to allow continual invention on how they should best be pursued. While there will no doubt be many pitfalls along the way, and reasonable people may disagree about details, the new policy and organizational framework provided by PDD-62 and PDD-63 seems an important step toward managing, rather than solving, problems that are essentially insoluble.
Neal A. Pollard (15 July 1998)
Founding Director, Terrorism Research Center, Inc.
Senior Director for Emerging Threats and Capabilities, H&AI.