​

THE HOMELAND SECURITY and critical infrastructure protection fields are full of buzzwords, but several experts are hoping the term “resilience” doesn’t get lost in the clutter. Earlier this year, several resilience proponents gathered in Washington, D.C., for a panel discussion hosted by the nonpartisan Reform Institute.

No matter how much threat prevention is done, some disasters cannot be stopped, said Jeff Gaynor of American Resilience Consulting, LLC. In those cases, resilience—or ensuring strength in infrastructure and interconnected systems after an attack—becomes important.

Gaynor has been advocating that officials pay greater attention to resiliency for years. He says that in 2006, the Homeland Security Advisory Council recommended that the Department of Homeland Security (DHS) place greater emphasis on resilience. “That recommendation was somewhat less than warmly received,” recalls Gaynor.

The United States has been continuing with iterations of Cold War infrastructure protection, using gates, guards, and guns, Gaynor told Security Management. Instead, the government should be adopting a resilience matrix, to “ensure all-hazards operation performance in infrastructure,” he says.

Gaynor recommends answering questions such as how long it will be before people can get food, before businesses are up and running, and before utilities are back on track—and how will governments and organizations manage in the interim. The metric could include questions such as “Which resources are important to you?” and “How long can you do without that?”

It’s also important to assess which capabilities are in place for the time when resources are lost. For example, what groups have backup generators for when electricity is lost?

John A. McCarthy, a private consultant who formerly studied resilience as director of the critical infrastructure protection project at George Mason University, says that the federal government has actually gotten a lot better about resilience. For example, the National Infrastructure Protection Plan (NIPP) 2009 highlights resilience.

“For the purposes of our national security, homeland security, and critical infrastructure protection, specifically, I think the new national infrastructure plan has come up with a good [framework] for implementing concepts of resiliency across various infrastructures,” he says.

Some other examples that McCarthy cites are the Obama administration’s emphasis on rebuilding infrastructure to include resilience from a design standpoint.

Michael Balboni, former deputy secretary for public safety for the state of New York, agrees that resiliency should be designed in. He says that millions of dollars can be saved by “baking in” security and resiliency rather than trying to add it after something is already built.

McCarthy agrees, saying, “I think there will be significant opportunities as we begin to examine and look at building and repairing existing infrastructure to begin to challenge the designers to build this in.

Liz DeGregorio, former director of DHS’s Office of Community Preparedness-Citizen Corps, talked about the importance of making resiliency a grassroots issue, with ownership at the local community level. “All national crises start out as local problems,” she said at the conference.

Gaynor agrees that it shouldn’t be just the federal government telling people exactly what to do, because that “disempowers” communities. DeGregorio noted that the national service bill currently in Congress will have the power to improve resilience efforts by increasing funding to community groups.

DeGregorio recommends, however, that there be a national clearinghouse to which local groups can turn for guidance. That way, local governments won’t each have to reinvent the wheel, and they won’t feel so overwhelmed.

“We’re doing our communities a disservice by not somehow aggregating this information,” DeGregorio told the attendees.

The federal government can also serve as a model in certain situations, according to McCarthy. For example, it could provide a list of the top 10 IT concerns businesses should build resilience against. This information would be especially useful to small business owners who may lack the internal resources to make this assessment on their own.