Approximately 90 percent of America’s critical infrastructure is owned by the private sector. This infrastructure is vital to the security and health—economic, social and cultural—of the United States. Pipelines, electrical lines, water systems, communications infrastructure, broadcast companies, financial markets, and gathering places such as stadiums, malls, theme parks, hotels, and office buildings are all privately held. As then-Homeland Security Secretary Tom Ridge aptly stated, “We are a target-rich environment, and the private sector owns most of the targets.”
Our nation’s dependence on the private sector is not lost upon the terrorists that seek to do us harm. Osama bin Laden has acknowledged that the Twin Towers were selected because they were symbolic of American economic power. Since 9-11, bin Laden has called upon Al Qaeda to attack the American economy and the critical infrastructure that supports our way of life.
Almost five years after the 9-11 attacks, we do not yet have a coherent and logical critical infrastructure protection system. In some sectors security has been greatly increased and is now more intrinsic to business operations and decision-making. Despite these measures, a dangerous pre-9-11 complacency is returning.
From the private sector’s standpoint, this complacency is entirely rational:
- Global markets are highly competitive and companies are under extreme cost-cutting pressure. An American company that faces substantially higher security costs than a foreign competitor is potentially at a significant comparative disadvantage.
- In today’s just-in-time markets, anything that delays a company’s operations is seen as counter-competitive.
- The United States has enjoyed four years without another significant terrorist attack on our homeland. False alarms have created a proverbial “Chicken Little” dilemma.
- Political leaders tell the private sector that we are at war and that they are on the frontlines. However, many of the same political leaders are unwilling to place security burdens on those companies that may present the greatest risks.
- The risk of an attack against any particular company is uncertain and perceived as small.
However, while the likelihood of an attack against any specific company may be relatively small, the probability of an attack against this nation and its critical infrastructure companies is high. In other words, one could argue that critical infrastructure companies are betting their security on the roll of a dice, by virtue of what they do. Ongoing military efforts may reduce the ability of terrorists to conduct operations. However, as last year’s London attacks demonstrate, the threat remains.
This report examines, in particular, disclosures under securities laws, rules, regulations, and practice as a market-based measure for strengthening critical infrastructure homeland security. It then examines ways in which the Securities and Exchange Commission could encourage or compel companies to provide shareholders and the public with better homeland security information. The report also provides select recommendations to companies regarding homeland security governance and disclosure issues to put more security in securities.
Read the full report:
View Powerpoint from Presentation: