GAO: Security needs boost

Days before the worst terrorist attacks on U.S. soil, the General Accounting Office put the finishing touches on a report warning that the federal government was ill-equipped and unprepared to combat a major terrorist attack.

From sharing intelligence to coordinating a response, GAO said the government has failed to put in place a critical infrastructure system that works.

"Federal agencies have taken initial steps to develop critical infrastructure protection plans, but independent audits continue to identify persistent, significant information security weaknesses that place federal operations at high risk of tampering and disruption," the report said.

Although the federal anti- terrorism budget has nearly doubled to $12.8 billion during the last four years, including $2.6 billion for critical infrastructure protection, GAO said a strategy is needed to combat computer-based attacks as well. President Clinton's 1998 Presidential Decision Directive 63 requires the development of a national plan for critical infrastructure protection, but GAO said there were significant holes in the current system, little coordination among intelligence agencies and no efforts to include state and local governments in a plan. Since 1998, GAO has reported that poor security program management is an underlying cause of U.S. vulnerabilities.

But there are other problems as well. "The problem with our technology is that we're in the 21st century and still using 20th-century technology," said Phil Burns, president of SyTech Research, a Tulsa, Okla., crisis-management firm.

GAO is not alone in finding fault with the government's policies. Other security analysts say that for all the money the government has spent, it has not taken advantage of the high-tech world that it helped create.

"We do have the ability to change and improve the security without even requiring Draconian measures of shutting down society," said Joseph Atick, chief executive officer of Visionics Corp., the leading company in facial-recognition and fingerprint technology.

Atick, who watched the World Trade Center towers collapse Sept. 11 from his office in Jersey City, N.J., said the federal government has the technology to improve security without embarking on a more driven search for solutions, but has not tapped into it in any significant way.

Nevertheless, technology is not the only answer. Bill Keller, former deputy commissioner for New York City's technology agency, said a federal chief information officer would have been an important leader in responding to the Sept. 11 disaster.

"The major reason why some governments are farther along than the federal government is there is no federal CIO and everything that comes with it — somebody watching the shop," said Keller, now an analyst with Gartner Inc.

In New York City, there is a CIO and an agency responsible for technology. "Without that sort of organized effort, the city would have been in a lot more difficult position than it was," he said.

Now, the federal government is faced with a monumental task, said William Lee Waugh Jr., a public administration professor at Georgia State University and an expert on terrorism.

"At some point, officials will realize that an attack on our critical infrastructure can result in mass casualties," Waugh said. "The damage done to communications and computer systems in the World Trade Center demonstrated that. An attack on our air traffic control system or our power grid or our other computer systems could be devastating." In the meantime, the federal government is evaluating what happened and why. President Bush is trying to cut off financial support to potential terrorists. Authorities have launched the biggest manhunt in history to find those involved in the attacks. And Bush has appointed Pennsylvania Gov. Tom Ridge to head the new Office of Homeland Security where many of the problems identified in the GAO report will be tackled. "What we need to emphasize is preparedness," said Kay Goss, the No. 2 official at the Federal Emergency Management Agency during the Clinton administration and now the associate director of preparedness, training and exercises at Electronic Data Systems Corp.

"The only positive thing that we can ever get out of this is that we, as a country, are totally out of denial," Goss said.