9 The Enduring Sources of Failure
Organizational, Executive, and Regulatory

This book has been about the inevitable inadequacy of our efforts to protect us from major disasters. It locates the inevitable inadequacy in the limitations of formal organizations. We cannot expect them to do an adequate job in protecting us from mounting natural, industrial, and terrorist disasters. It locates the avoidable inadequacy of our efforts in our failure to reduce the size of the targets, and thus minimize the extent of harm these disasters can do. But why are organizations so inadequate? First, there are the inevitable human failings of cognition, motivation, organizational designs, and so on, and the unpredictable and often hostile environment the organizations have to work in. This is organizational failure per se, as when workers and management fail to do their jobs for whatever reasons, or the jobs make demands beyond their resources. We saw this in Katrina when first responders failed to take obvious steps to aid people that they could have taken, and when the size of the storm overwhelmed responders. The failure of power suppliers and even the Department of Defense to isolate their sensitive operations from the public network, thus inviting hackers to do damage, is another. Organizational failures are one explanation for the failures of FBI headquarters to follow up on warnings by field officers of the possibility of terrorists using jetliners as weapons, the firing of a translator that warned of mistranslations by a coworker who was tied to terrorist organizations and the subsequent promotion of the translator’s superiors, or the failure of the Clinton administration to correct misunderstandings about the firewalls between the CIA and the FBI. More commonplace is the mismanagement of contracts by government agencies; it can affect our ability to respond to disasters. For example, a multibillion-dollar contract to set up a computer system for the FBI was poorly planned, frequently changed, and not given proper oversight, resulting in extensive waste. (McGroddy and Lin 2004) Lack of agency oversight enabled the Unisys company to overbill and supply faulty equipment to the Transportation Security Administration for a communications system, where $1 billion “went down the drain.” As with FEMA in the Reagan administration, TSA ended up with ancient RadioShack phones and little Internet capability. (Lipton 2006a)

Organizations are hard to run; people don’t always do what they are supposed to do. They also reflect diverse, conflicting external interests and diverse, conflicting internal interests. Information and knowledge is always insufficient, and the environment is often hostile and always somewhat unpredictable. Thus, there is the ever-present problem of prosaic, mundane organizational failure. (Clarke and Perrow 1996) We certainly should work hard at improving our organizations, and there is a large industry of consultants, college and university programs, workshops, and books attempting to do this. But just as I have argued that our response to the three sources of disasters needs to be something more than attending to preparation, response, and mitigation, we need to do more than improving the functioning of our existing organizations; our efforts there can only result in minimal improvements.

Another internal source of organizational failures is what I have called executive failures, where top executives make deliberate, knowing choices that do harm to the organization and/or its customers and environment, as evidenced by the Millstone nuclear power plant case. It is important to contrast this with mundane organizational failures, which is the more favored explanation. When organizations with disaster potentials have accidents or near accidents and many lives are threatened or taken, the response has been to blame the operator, or perhaps the organization and particularly its lack of a “safety culture.” Changing the culture of an organization to correct its ways has become a mantra in the industry that sells organizational-change techniques, and also in the academic field of organizational behavior, where concerns with culture, rather than structure and power, dominate. But organizational cultures are very resistant to change, as the heads of NASA after the Challenger and then the Columbia disasters can attest. The independent investigations of both these disasters cited a “failed safety culture” as the main problem. Identifying this after the first disaster produced no corrections that could have prevented the second one. The same diagnosis was given in the Millstone and the Davis-Besse nuclear power cases, which we reviewed. Why such failures? I think this is because the executives at the top have other interests in mind, and their interests would be threatened by an effective safety culture. This points toward executive failures.

Classifying something as an executive failure rather than a mistaken executive strategy or a poorly performing executive, or even a failure by management or workers, is controversial. Observers can disagree, and since it is easy to have a mistaken strategy or a poorly performing organization, it takes a great deal of evidence to make the case for executive failure. In fact, only when executives are charged in courts are we likely to get the evidence needed for executive failure, as in the Enron and Millstone nuclear power plant cases, but one can easily imagine it plays a large role in the Davis-Besse case. I believe that the administration of George W. Bush was responsible for executive failures in the decision of the president and a handful of top officials to ignore the well-documented threat of non-state-sponsored terrorism and focus instead on threats of state-sponsored terrorism, planning a possible invasion of Iraq (prior to 9/11), mounting a defense against nuclear weapons in case of an attack, and implementing massive tax cuts. These efforts left us more unprepared for the 9/11 attack than we were under the previous administration. But it is only my judgment that this was an executive failure rather than a mistaken strategy, and it cannot be proved. The Clinton administration might have done just as poorly. But bluntly dismissing warnings and cutting the budget requests of the agencies that were alarmed and wanted more resources sounds like more than a “mistake” to me, and more like an executive failure.

The failure is to ignore warnings of disaster that their own experienced personnel sound. Millstone executives did not want to nearly cause a meltdown; the Bush administration did not want to bring about a frightening attack by terrorists. To say they intended these disasters is to support far-out conspiracy theorists who have argued that President Roosevelt wanted the attack on Pearl Harbor in order to bring the country into World War II, and that President Bush ignored the warnings of a terrorist plot to use airplanes as weapons in order to justify his planned attack on Iraq. These charges clearly lack credibility.

If executive failures create opportunities for organizations to do harm—and we should expect executive failures because nothing is perfect—the remedy is to replace the failing executives. This is possible (if difficult) in the case of government organizations where either the executive in question is elected or the elected official is responsible for appointing executives below him or her. But in the case of corporations it is extremely difficult. The board of the corporation appoints the executive, but they effectively, if not literally, appoint themselves or people very much like them as board members. (Khurana 2002) Management and workers in the organization do not have a vote in the election of corporate leaders, nor do the communities affected by the organization. Pension funds and other large holders of stock are increasingly challenging some corporate decisions, but this is a long way from workers or communities going to the polls to choose corporate executives. My point is that for-profit organizations such as corporations are not designed to be democratic, so regulations, and then lawsuits when regulations are violated, will have to be the primary defense against executive failures. Since failures are inevitable, this is yet another reason to have many smaller organizations than one or few very big one; the consequence of any one failure will be less. There are more executives who may fail, of course, but there will be less collateral damage from a failure in a small chemical plant than in one with multiple, tightly coupled vulnerabilities. But, for something like a nuclear power plants, we have to rely on regulating it rather than downsizing it (though deconcentrating the industry would reduce the pressure on the regulators from the industry’s friends in Congress).

Stepping outside of the organization itself, we come to a third source of organizational failure, that of regulation. Every chapter on disasters in this book has ended with a call for better regulation and re-regulation, since we need both new regulations in the face of new technologies and threats and the restoration of past regulations that had disappeared or been weakened since the 1960s and 1970s. The regulatory potential for avoiding disasters and reducing their consequences is obvious. Standards exist, or should exist, concerning the height and strength of levees, building standards, and the reliability and security of key parts of our infrastructure, such as the power grid and the Internet as well as our transportation system and ports. There may even be some existing regulations regarding the quantities of hazardous materials that are stored that could be strengthened. Regulation frequently fails because of political processes, but we have done better in the past and could do better in the future. However, since this enters the thicket of politics, I will postpone a discussion of regulation for later. As difficult as it will be, improved regulation has a greater chance of success than either organizational reforms or the reduction of executive failures.

Given the limited success we can expect from organizational, executive, and regulatory reform, we should attend to reducing the damage that organizations can do by reducing their size. Smaller organizations have a smaller potential for harm, just as smaller concentrations of populations in areas vulnerable to natural, industrial, and terrorists disasters present smaller targets. Smallness is itself is a virtue if we are dealing with concentrations of hazardous materials or concentrations of populations in risky areas, two of the sources of danger that we have examined. But a third source of danger involves parts of our critical infrastructure. Here, concentrations of political and economic power are central facts and difficult to change. Power involves dependencies; safety and security in the infrastructure involves interdependencies.

DEPENDENCY AND INTERDEPENDENCY IN OUR INDUSTRIAL STRUCTURE

It is a commonplace that we live in a highly interconnected society, but in the case of disasters the connections are largely ones of dependency rather than interdependency. For our vital Internet to be secure, we should not be dependent on one operating system, Windows, for 90 to 95 percent of our computers. Mergers in the chemical industry and the transportation industry have also increased our dependency on fewer organizations. Concentration in the electric power industry has made us dependent on fewer large generating sources (even though we have added many tiny ones) and has encouraged business practices that make us more dependent on long-distance “wheeling” of electricity.

There are other dependencies. The largest power generator in Missouri is the New Madrid Power Plant. It burns 16,000 tons of coal every day and requires railway shipments every 1.4 days. But all of this coal comes from Wyoming and all of it crosses the High Triple Bridge over Antelope Creek, creating a “choke point,” or single point of failure for the whole system. (The coal comes from the Powder River Basin in Wyoming, a major source of coal for the nation, and 56 percent of which travels over the High Triple Bridge.) The bridge could be disabled by flooding, by a railway accident, and certainly by terrorists. Another obvious dependency is the one everyone has on the electric power grid. Power generated in the Northwest travels to California over transmission lines that have a critical link, or choke point, on the Oregon-California border, and when that failed because of overheating from overloading in August 1996, the West had a massive eleven-state blackout.¹ In addition to backup generators or wind or solar power facilities to reduce our dependence on the grid, we need to avoid critical links that can be the single point of failure in our transmission system.

Our society would also be more secure if we were not so dependent on single modes of communication. When telephone lines went out during the World Trade Center disaster, it was fortunate that some people in the affected area had cell phones, BlackBerry devices, pagers, and other specialized forms of communication independent of those lines. It is common for multiple suppliers to emerge during disasters, such as private boats and commandeered barges during the Katrina disaster, and all sorts of means of water transportation as an estimated 500,000 people at the tip of Manhattan when the World Trade Center collapsed performed the largest water evacuation in our history (all occurring spontaneous and voluntary without any central direction). (Kendra, Wachendorf, and Quarantelli 2003) In industry, flexible multipurpose machines and multifirm suppliers and customers reduce dependencies. More important, these involve more multinode, complex networks, which are partially self-regulating, as we saw in the power grid and Internet self-organizing features. More important still for the argument on vulnerabilities, this also results in smaller concentrations of hazardous materials and lower economic and political power for any one organization.

Most of the examples above are those of physical dependencies. Another prominent form of dependency I call spatial dependency, drawing on the work of three engineers. (Rinaldi, Peerenboom, and Kelly 2001) (For a more analytical discussion of the two types of dependencies that predominate in our society but ought to be avoided, physical and spatial, and two types of interdependencies that are to be favored, reciprocal and commonality, see Perrow 2006.) An example occurs when the failure of a electric power source not only shuts down the nuclear reactor but shuts down the cooling system needed to keep the spent fuel rods from fissioning. The two systems—power generation and spent-fuel cooling—need not be linked but are, for minor economic reasons. There are clear economic efficiencies associated with most spatial dependencies. But it would cost only a little bit more to move the spent storage pool to a distant site that does not depend on the nuclear power plant for power (price should not be the only measure of utility). A power failure could crash both the plant and the pool cooling system, and emergency generators frequently fail and soon run out of fuel. (A terrorist attack could also bring down both tightly coupled systems, so keeping the spent rods cool is considered by some to be the major vulnerability of nuclear power plants.) (Alverez 2002) Where catastrophic failures might be experienced, as in the nuclear power case, the risks seem very high compared with the economic benefits.

Many spatial dependencies are so thoroughly built into our constructed environment that little can be done about them. A chemical plant explosion that also disabled the water supply of the town that was needed to fight the fire the explosion caused is an example we have encountered. The collapse of 7 World Trade Center and its Verizon facilities illustrates spatial dependencies. There were 34,000 customers who lost telephone and Internet services, many of whom thought they had redundancies because they did business with multiple carriers. But most of their lines ran through the Verizon central switching office, which collapsed when one of the towers fell on it. Of course, using multiple switching offices would be more expensive, and how often do you expect such a disaster? So the tight coupling of spatial dependency has been largely restored in the new Verizon facility. (Blair 2002; Council 2001)

Concentrated industries have concentrated facilities, by and large, with many spatial dependencies, and some are likely to have hazardous materials. Concentrations not only increase the destructive power of hazardous materials, as with chemical plants, but can increase the spread of toxins, whether the toxin comes from nature or from terrorists. A National Academy of Sciences report says that while the deadly bird flu virus, H5N1, began in wild birds, it developed its power to spread because of the cramped conditions of Asian factory farms. It is factory farming and the international poultry trade that are largely responsible for the spread of bird flu. (Lean 2006) Concentrated factory production methods are also held to favor the spread of foot-and-mouth disease and mad cow disease in feedlots in the United States. (Kosal and Anderson 2004)

Terrorists are unlikely to choose poultry farms or feedlots as a target, but they could very easily choose another point of concentration, the massive silos that hold raw milk. Lawrence Wein and Yifan Liu (2005) note that the release of botulinum toxin in cold drinks, including milk, is one of the three most fearsome bioterror attacks (other than genetic engineering of toxins). In their model, a botulinum toxin is deliberately released in a holding tank at a dairy farm, or a tanker truck transporting the milk to the processing plant, or directly into a raw-milk silo at the processing plant. It does not matter which, the toxin eventually will be well mixed in the silo. In the typical plant, the silo is drained and cleaned only once every seventy-two hours. A silo can hold 50,000 gallons and several in California hold up to 200,000 gallons, a splendid example of concentration. In their model, if only ten grams of a toxin is put into one of these sources, the mean number of people who will consume contaminated milk is 568,000. It would take from three to six days for the casualties to appear. Children are especially likely to die because they consume more milk and are more vulnerable. We would not necessarily have a half-million deaths from just one contamination, and botulism is not necessarily fatal even for children, but even simply disabling a half-million people would have tremendous ramifications. The surge capacity of our hospitals would quickly be overtaken, and the psychological impact of an attack on milk cannot be overestimated. Other possible targets for such an attack are fruit and vegetable juices and canned foods, such as processed tomato products.

The milk industry is aware of its vulnerabilities, but all prevention methods are, as we might expect, voluntary. The methods involve locking tanks and trucks, having guards at each stage, inspectors, and improved pasteurization. (Wein and Liu 2005) Since the appearance of their article (first rejected by Science magazine at the request of the government), Wein, in a personal communication, notes that the industry has taken further steps. But the simplest method is to reduce the size of the targets; terrorists would not find them as attractive, and industrial accidents would be limited to harming fewer people. Are the economic advantages of concentrated milk processing so overwhelming that we should not consider limiting silo size?

Or consider hazardous materials on railroad cars on heavily used transportation corridors. Rerouting ninety ton railroad tank cars away from urban centers seems obvious, but it was done only temporarily for Baltimore and Washington DC. The federal government could require that fewer hazmats be carried in large quantities on any single freight haul—to spread them out, as well as require safer freight cars and tracks. No new laws are required; the government already has the authority to require stronger containers to replace the aging ones, to require that they withstand grenades and other terrorist weapons, to reroute shipments, and to require simple tracking devices that would allow local police and firemen to know what they have to contend with. When New Jersey tried to regulate in this area the Supreme Court upheld the railroads’ assertion that only the federal government can regulate rail traffic, a catch-22. (Kocieniewski 2006) (Why doesn’t the federal government do more safety regulation?)

The ideal industrial structure that reduces dependencies is one that has multiple producers that draw on multiple suppliers and sell to multiple customers. If anyone of these fails, there are alternative sources of producers, suppliers, and customers. Multiplicity promotes competition within each of the three factors. If customers demand reliability and security in their operating systems, multiple producers are more likely to emphasize reliability and security than, say, prices or features. With a single dominant operating system, this choice may not be available.

An ideal industrial structure also should promote interdependencies as well as reduce dependencies. Interdependencies involve reciprocal coordination where, for example, the supplier can recommend to the producer changes in his product that would make the supplier’s task easier (and price lower) and even improve the product. The producer should be able to do the same with the customer, getting the customer to change her requirements to facilitate the producer’s tasks. (The best salesperson is the one that is able to alter the behavior of the customer to the benefit of both the supplier and the customer.) The incentive to engage in interdependent, reciprocal, and even power-sharing relations is most likely to appear where there are multiple customers, producers, and suppliers. Monopolies do not encourage this kind of behavior. Having many, rather than a few, organizations reduces the size of the targets, creates redundancies that can better handle extreme events, and also reduces the dangers of choke points.

The more ISPs in the Internet, the more redundant pathways will be present and the less defended any one of them will need to be. Choke points threaten many parts of our critical infrastructure. In addition to the transportation of coal from Wyoming and much of California’s energy from the Northwest, there are choke points on oil and gas pipelines (Lewis 2006, chap. 10) and on evacuation routes from hurricane-blasted coasts. The answer to this problem is having multiple connections so that fewer nodes are critical. Multiple connections are more likely to be produced where there are multiple producers and customers. Choke points are the result of concentrations, and many of these are large firms with monopoly or near-monopoly power.

Barry Lynn (2005) applies this kind of analysis to the world industrial system, rather than just the critical infrastructure in the United States. By eliminating the “bulkheads” that traditionally existed between companies and even between nations, which protected them from shocks and distributed risk, globalization has increased single-point dependencies in the search for efficiency and low prices. A war on the Korean peninsula would remove half of the global production of vital D-ram chips, 65 percent of Nand flash chips, and much more. The electronics industry would be disrupted along with the many industries that depend on it. An earthquake in Taiwan in September 1999 caused a weeklong break in the island’s electrical and transportation systems. Production ceased and inventories of key computer goods ran out in the United States, closing thousands of assembly lines and tumbling the stocks of major electronic firms such as Dell, Hewlett-Packard, and Apple. The world output of electronics was cut 7 percent below predictions in just the next month, and at Christmas time in the United States there was a shortage of computers and electronic toys. (Lynn 2005) In an article he shows how Wal-Mart in particular has promoted large, sole-source production in developing nations, forced its U.S. suppliers to outsource, and fought all attempts to increase port security. (Lynn 2006) In his book, Lynn writes:

Our corporations have built a global production system that is so complex, and geared so tightly and leveraged so finely, that a breakdown anywhere increasingly means a breakdown everywhere, much in the way that a small perturbation in the electricity grid in Ohio tripped the great North American blackout of August 2003. (Lynn 2005, 3)

I couldn’t have put it better!

NETWORKS OF SMALL FIRMS

There is an alternative model for relations between organizations, first theorized about fifty years ago after economic demographers in Italy discovered a strange phenomenon. Northern Italy had a very large number of small firms, and while this should have been associated with low economic development it was actually associated with high economic development. Many of the firms were in high-tech industries and leaders in their field, but they generally had fewer than twenty employees. They were in increasingly prosperous areas, with low rates of unemployment and high rates of access to child care and higher education for females. Since its first theorization, there has been a burgeoning literature on the efficiency, resiliency, reliability, innovativeness, and positive social outcomes of networks of small firms in a variety of countries. Northern Europe, Japan, Taiwan, and even parts of the United States (for example, Silicon Valley and centers of biotech excellence) have seen their appearance.²

Networks of small firms include the core of producers, some distributors (which may also engage in production), and a range of suppliers, most of them small themselves. With multiple producers, distributors, and suppliers, there is a great deal of inexpensive redundancy in the system. Dependencies are low because there are multiple sources of supplies, producers, customers, and distributors. The failure of one firm (whether for business reasons or one of our disasters) does not disrupt the interdependencies, since other firms in the network can easily expand to absorb the business. Firms have multiple suppliers and multiple customers, reducing dependencies. With few investments in single-purpose equipment or layout, changes in customer requirements are easily met. With many links to the environment, new innovations and changing demands are readily sensed. Personnel move between firms easily (even without changing their car pool), carrying with them the innovations that are now “in the air” and keeping the whole network up-to-date. Wealth is decentralized, since it is spread over many units, and thus the economic power of individuals or single units is kept in check while the power of the network is enhanced. (Appendix B discusses some of the issues associated with networks of small firms that are raised by critics, such as transaction costs, the range of products, and threats from large organizations.)

But can this be a model for chemical plants, nuclear power plants, the electric utility industry, and all the other parts of our critical infrastructure that are vulnerable? Clearly not, in the sense that the chemical industry or nuclear power plants cannot be turned into networks of small firms. But partial steps can be taken in this direction. The nuclear plant’s spent–fuel rod pool can be de-coupled and moved, the giant chemical plant installation could be replaced with several smaller ones. Though it does not figure in our critical infrastructure, our giant steel mills were successfully replaced in many cases by mini mills that have some of the characteristics of networks of small firms. Chemical plants might be similarly reconfigured. If the externalities associated with their operation were taken into account, giant feedlots and poultry complexes would prove to be more inefficient than small-scale production. Parts of Silicon Valley are already made up of networks of small firms; some of the large firms in the valley function much as networks of small firms. (Saxenian 1996) And as I have argued, operating systems for the Internet would be more reliable and secure if they were not dominated by one large firm. Unfortunately, examples of networks of small firms would also have to include terrorist networks, and it is to these that we will now turn.

TERRORIST ORGANIZATIONS

Networks of Small Cells

Unfortunately many of the resiliencies, economies, and decentralization that characterize networks of small firms are found in the radical Islamic terrorist organizations.³ There are estimated to be thousands of cells throughout the world at least loosely tied to the Al Qaeda network. They are very reliable. Rounding up one cell does not affect the other cells; new cells are easily established; the loosely organized Al Qaeda network has survived at least three decades of dedicated international efforts to eradicate it. There are occasional defections and a few penetrations, but the most serious challenge to the Al Qaeda network was a lack of a secure territory for training, once the Taliban was defeated in Afghanistan. But the invasion of Iraq has provided an even better training ground.

Terrorist networks can live largely off the land, can remain dormant for years with no maintenance costs and few costs from unused invested capital, and individual cells are expendable. There are multiple ties between cells, providing redundancy, and taking out any one cell does not endanger the network, just as in the Internet and the individual generating plants in the power grid. Reciprocity is presumed to be very high. Devotion to a common religion ensures a common culture (rather like the IPs in the Internet), even if the primary motivation is not religious. Like the power grid, the Internet, and small-firm networks, there are at most four levels of hierarchy in this vast network of terrorist cells. (For a more systematic comparison of these four forms see Perrow 2006. For a recent book with good coverage of terrorism, and another of its network form, see Pape 2005; Sageman 2004.)

As impressive as these organizations are, it is important not to exaggerate their effectiveness. For example, these are organizations and like all organizations, terrorist organizations also make mistakes. While one must be impressed with the 9/11 terrorists’ extensive planning, many earlier terrorist plots were bungled. A fire in a terrorist’s apartment led to the discovery of the 1995 plot to blow up several passenger jets over the Pacific; an ill-trained driver led to the discovery of the plot to blow up the Los Angeles airport in December 1999. Terrorists responsible for the bombing of the World Trade Center in 1993 were arrested because one of them insisted on getting back a $400 deposit on the van used in the bombing, which he claimed had been stolen. On several occasions the 9/11 plot came very close to being uncovered because of sloppy preparations or trivial infractions that caught the attention of authorities. They were even indiscreet in their places of employment. (These examples come from the report of the 9/11 Commission. [Staff 2004]; see chapter 4, above.) An FBI agent tried to warn his superiors of a suspected plot to fly an airplane into the Twin Towers for two months prior to 9/11 but was rebuffed. Simple failures by the terrorists led to his suspicions. (Sniffen 2006)

One failure of the 9/11 terrorists was surprising. On United Airlines flight 93, on which the passengers fought the hijackers, the hijackers knew passengers were making cell phone calls but they did not stop them. Either it did not occur to them that the passengers might be aware the planes were being used as weapons, and foil their plan, or they could not conceive of the passengers attacking them. This failure saved either the White House or the Capitol. (Staff 2004, 12) The passengers’ response, emergent and heroic where so much else was bureaucratic and bungled, was the only act that day that reduced the damage.

Chapter 2 of the 9/11 Commission report gives a compact history of Al Qaeda, and in organizational theory terms it should not leave us trembling because we think this group is a unique, invulnerable weapon; it is after all only an organization with all the problems of organizations, especially before its present network form was fully realized. Ideology is the key component, but not all of the core swore fealty to bin Laden; they had problems with corrupt staff, and there were signs of all-too-human disaffection. (For a striking analysis of the familiar organizational problems that affect even terrorists groups see Shapiro [forthcoming].) Al Qaeda had its ups and downs, like many organizations, and changed its structure when needed. In Sudan, prior to its expulsion and move to Afghanistan in 1996, the organization had a familiar holding group or franchise structure; it concentrated on providing funds, training, and weapons for actions carried out by members of allied groups. It changed tactics in the more friendly environment of Afghanistan, then controlled by the Taliban. Here it could centralize, and it did—with a clear leader, the equivalent of an executive committee, and specialized units for finance, training, operations, and media relations. The report says the effective, well-coordinated attacks on the U.S. Embassy in East Africa in the summer of 1998 were different from the previous ones. They had been planned, directed, and executed under the direct supervision of bin Laden and his chief aides. (67)

Subsequent disruption of the organization by the U.S. invasion of Afghanistan and the collapse of the Taliban, and the loss of perhaps a third of the leaders that we knew about, led to the vastly decentralized operation assumed to exist today. Major targets were apparently still chosen by bin Laden, but his staff and key operatives sometimes forced him to change his mind and plans, and there were divisions within the leadership as to targets; for example, some wanted to emphasize Jewish targets, others, imperialism in general. (150) (One of the few mentions of the Palestine-Israel conflict, which some believe to be a driving force for many of the terrorists, occurs in this connection in the report; unfortunately the commission was not about to visit that crucial aspect of our foreign policy, and there are few references to it. For a criticism of this aspect of the commission report, see Mednicoff 2005.) In short, the organization ran a loose franchise initially; then it centralized when the conditions were favorable and they needed an intensive and large-scale training program; and when that was more difficult, it increased its dispatch of trained agents into the world to organize and proselytize, creating the detached cells that our quite attached, bureaucratic counterterrorist organizations find so evasive and welcoming alliances with several other terrorist groups. It is presumed to have become ever more decentralized in the last few years.

There are resemblances to some Western organizations, such as direct sellers and marketing organizations, evangelical groups, and insurgent political parties. We could include criminal groups, but the important difference from these is the need for secrecy in terrorist and criminal groups. Cells were informed about plans and each others’ role strictly on a “need to know” basis. Here many dots were not to be connected. Apparently, only the pilots among the 9/11 hijackers knew of their mission until they boarded the four airplanes. Our intelligence services and counterterrorism groups within them may have to match this adaptive, decentralized, economical, and efficient structure to meet the challenge (while operating within the law, which terrorist groups do not). Given the unwieldy bureaucratic structures in which our organizations work, so well denounced by the 9/11 Commission, and the necessary legal restrictions, this will be very difficult. Unfortunately, the commission does not recommend decentralization to match the enemy’s; as we have seen, it prescribes centralization of all intelligence functions, rather than giving our presently dispersed units more leeway, diversity, and voice.

Setting Up the 9/11 Attack

The 9/11 Commission’s account of organizing for the attacks is compelling. Those of us who wonder why Al Qaeda has not struck again should contemplate the report’s account of the difficulties of the operation. The terrorists were hardly automatons. One, slated for flight training in Malaysia, did not find a school he liked, so he worked on other terrorist schemes. Headquarters found out, recalled him to Pakistan, and then sent him to the United States for flight training in Oklahoma. (225) The operation ran into many other difficulties. One hijacker could never learn English and was not successful in enrolling in a flight school. The flight instructor said he evidenced no interest in takeoffs and landings, only control of the aircraft in flight, and only in Boeing jets. (Airbus jets, the terrorists believed, have autopilot features that do not allow them to be crashed.) (245) He went back to Yemen. Khalid Sheikh Mohammed, who organized the 9/11 attack, wanted to drop him from the plan, but bin Laden said no. (222) (He did not become one of the hijackers.) There were problems with girl friends, and tensions between Mohammed Atta, a key pilot, and another pilot that almost delayed the attack because without the second pilot, they would have to use only three planes. (248)

Flight training was not easy. Hani Hanjour, who piloted one plane, was rejected at a school in Saudi Arabia, went to the United States and started at two flight schools there, stopped, and went to a third. In three months there, he earned a private license, and several more months gave him a commercial license. Then he was rejected at a civil aviation school in Jeddah, Saudi Arabia (higher standards?), and went to Afghanistan for terrorist training. He then traveled about, ending up in Arizona a second time, struggled through a program on a Boeing 737 simulator, with his instructors saying he should give up, but completed it in March 2001, well in time to pilot American Airlines flight 77 into the Pentagon. (226– 27) One can only be impressed with the determination of our enemy, but as I keep repeating, all formal organizations are in part failures.

Why have they not struck the United States again (as of this writing, in August 2006)? We should not think of terrorist groups as smooth-running machines that are quite unlike our bungling bureaucracies; they have many of the ups and downs and problems that ours do. They are often foiled, or they fail of their own mistakes; there is dissent in the leadership (Staff 2004, 250–52), and it takes years of preparation to bring off a successful major attack. But there is precious little comfort in that, and it does not explain why smaller attacks requiring less planning and coordination, which are frequent abroad, have not occurred in the United States. Unfortunately, the report does not discuss this issue, though I shortly will.

Putting the Terrorist Threat into Perspective

Throughout this book, I have implicitly given equal rank to the threat of natural, industrial, and terrorist disasters. However, natural disasters have been more consequential, predictable, and frequent than the other two. I think the threat of industrial and technological disasters is increasing because of increasing concentration, but we have not had any disasters that have come close to 9/11. (We have come close however, as discussed in the chapters on chemical plants and nuclear power plants.) The threat of a terrorist attack from abroad is serious and we should do whatever we can to avoid and defend against one, but because this is a “strategic adversary,” there is less that we can do in the way of defense than with natural and industrial disasters. A strategic adversary can evade our defenses in a way that no flood or industrial error can. Thus, with terrorism, reducing the size of the likely targets is all the more important.

The threat of radical Islamic terrorism is only two decades old, so it is hard to compare it with the threat of domestic terrorism. But domestic terrorism is a constant in our society, and in addition to blowing up buildings, as they did in Oklahoma City, they have attacked targets of more concern to this book, such as nuclear power plants, the power grid, huge propane tanks in heavily populated areas, and the Internet. If international terrorists were to evaporate, we would still have to consider reducing such targets.

Reducing the size of our vulnerable targets is truly an all-hazards approach, in contrast to the all-hazards approach, concerned with prevention, mitigation, and response, of our Department of Homeland Security. Defending their emphasis on the terrorist threat, officials in the department argued that defensive measures against terrorism make us safer from other disaster sources. Some of the programs do apply to all hazards; more emergency-response services such as health personnel and hospitals will help in a hurricane, epidemic, or a chemical plant explosion. So will better emergency communications. But the majority of the new expenditures have only one use rather than two or three. These include border security and port security (these may reduce drug smuggling but that is not a disaster threat), surveillance of citizens and suspicious organizations, radiological detection devices and programs, a vast expansion of highly secure bioterrorism laboratories, the biohazard suits and equipment spread across our rural counties, attempts to coordinate intelligence agencies, “human assets” for penetrating terrorist cells, and so on. (As noted, these expenditures, specific to terrorism and limited to them, appear to have been at the expense of responding to natural disasters.) In contrast, reducing the size of targets will reduce the consequences of all three disaster sources. An all-targets approach is more efficient than the department’s all-hazards approach.

Though it is only tangential to the thesis of this book, it is worth putting the threat into perspective and reflecting on the degree of threat from radical Islamic terrorism. One hesitates to make a prediction in this area but I think the chances of an attack that could kill one thousand or more and/or significantly harm our economy (say, more than the 2003 blackout did) is extremely low, so low as not to warrant the expenditures made to prevent it. Somewhat higher, but still fairly low, is an attack of the scope of the two London subway bombings in 2005 or the Madrid train station bombing in 2004, the planned explosions of gas stations on the East Coast, and early planning of a coordinated attack on jetliners flying to the United States (As of this writing there was no indication that the latter involved terrorists who had tested or even fabricated the liquid bombs.)

I think we have the most to fear from natural disasters, next industrial disasters, and the least from terrorist disasters. We now have sufficient awareness and primitive prevention devices to forestall attacks similar to the 9/11 attack. A complicated, large-scale attack like that is very vulnerable to even a modest degree of preparation on our part. The attack almost failed at several points where we are now more secure. The airlines are on greater alert (though their cargo is still not inspected), and the police are more likely to investigate traffic violations by suspicious persons; the air traffic controllers are more likely to halt takeoffs at the first sign of a hijacking, which might have prevented at least two of the four hijacked planes from departing, and so on. The other suspected terrorist attacks on our territory since 9/11 have been far less sophisticated, and have been foiled. The reconnaissance of the Brooklyn Bridge to see if the cables could be cut with an acetylene torch was truly inept, for example, and it was ordered by a top Al Qaeda leader. (Shrader 2005) The surprising thing is that unsophisticated attacks on railroad tank cars, chemical storage tanks, spent-fuel pools at nuclear plants, and our milk supply have not occurred. The explanation may be that there are no or few active cells; the FBI recently declared that it could find no evidence of Al Qaeda cells in the United States, though other intelligence agencies appear to disagree. (Ross 2005)

We have not had a terror attack here in five years, despite the ease with which one seemingly could occur. If we do have one, it is likely to be less than catastrophic, such as a subway bombing as in London or a truck bomb at a target with more symbolic than lethal consequences. Margaret Kosal, a chemist, however points out that small-scale chemical weapons (improvised chemical devices, or ICDs) are easy to manufacture, and terrorists’ skills at improving their improvised explosive devices (IEDs) in Iraq are consistent with the possibility of making deadly ICDs. Chemical threats are underestimated, she argues. (Kosal 2005) I agree, but without a great deal of sophistication on the part of their makers, evidence of which is lacking, an improvised chemical device is not going to do massive damage.

However, a biological attack would be massive in its devastation. Scientific advances in just the last five years have made it possible for a small laboratory to download recipes (the genetic code) from the Internet for lethal synthetic viruses, order online from hundreds of eager suppliers the tiny bits of viral DNA necessary, and assemble them in a lab. A biochemist at Rutgers University is quoted as saying “It would be possible—fully legal—for a person to produce full-length 1918 influenza virus or Ebola virus genomes, along with kits containing detailed procedures and all other materials for reconstitution. It is also possible to advertise and to sell the product, in the United States or overseas.” (Warrick 2006)

Experts say there are no adequate countermeasures, including stockpiling of vaccines for a multitude of unknown pathogens that can be set loose. According to CIA study in 2003, “the effects of some of these engineered biological agents could be worse than any disease known to man.” Still, the capability of terrorists to launch such an attack is “judged to be low,” according to a DHS intelligence officer. A more likely source is a lone scientist or biological hacker, such as the Unabomber or the person(s) who sent anthrax through the mail. (Warrick 2006)

Regardless of ICDs, truck bombs, biological agents that could destroy Islam itself, and so on, Islamic terrorists would do better to increase their attacks on authoritarian and failed Muslim states, such as Egypt, Kuwait, and especially Saudi Arabia, in the hope of destabilizing their regimes. Further attacks on the United States would mainly be morale boosters, and given the success of both local and international terrorists in Iraq, and the mounting hatred of the United States in that part of the world, a morale boost is hardly needed. A truly horrendous attack on the U.S. soil might be counterproductive if it brought redoubled efforts from the West to attack terrorists. It is even reported that one Al Qaeda leader reprimanded bin Laden for the 9/11 attack since it led to the destruction of their training grounds. (Diamond 2006) (But another terrorist thought they should have shipped radioactive materials in the cargo of the hijacked planes!) (Whitlock 2006) Bin Laden was reported to have been quite surprised by the amount of damage done in that attack. Another massive attack on the scale of 9/11 may simply not be in their interests, aside from the difficulty of carrying it out, given our much heightened awareness and somewhat heightened defenses.

Both chemical and biological attacks would require more sophistication than any of the attacks that have occurred in recent years, and there is no evidence Al Qaeda has that capability. Milton Leitenberg argues that U.S. government officials and the media have exaggerated the threat of bioweapons, especially by nonstate actors. He criticizes the large expansion of biodefense research and development for two reasons. It is disproportionately large compared with that being spent in other public health areas. Second, the expanded research programs are likely to increase the wrong kind of interest in biological weapons and, in consequence, promote their proliferation. (Leitenberg 2004) There is no evidence of capability on the part of nonstate terrorist groups. The title of one Associated Press review is “Terrorists inept at waging war with chemicals.” (Hanley 2005)

The Madrid train attack required sophisticated coordination and fairly sophisticated timing devices, but the explosive power cannot be described as massive. The London subway attacks were truly primitive and did not do the damage a more sophisticated attack could have. (This surprises me; there are much more devastating targets in these cities that would require only easily available explosives and very little planning and, instead of killing one hundred or so in a subway, could kill thousands.) Though captured documents and interrogations have demonstrated Al Qaeda’s interest in attacking nuclear power plants, chemical plants, and the electric power grid, none of these attacks have occurred. (A domestic white supremacist is serving eleven years in prison for possession of a half a million rounds of ammunition, sixty pipe bombs, remote-controlled bombs disguised as briefcases, and improvised hydrogen cyanide dispersal devices that could kill thousands in a minute. [Kosal 2005] It is possible that we have more to fear from even inept domestic terrorists than from international ones. We know they are here, and they have tried.) The all-targets approach I am recommending—reduce the size of targets—rather than the all-hazards approach of the DHS, which amounts to a disproportionate emphasis on terrorist threats, would reduce our vulnerability to all three of the disaster sources that we have been considering. Even if international (and domestic) terrorism were no longer a threat, we should reduce our vulnerability to natural and industrial disasters. If terrorism remains a significant threat, the consequence of an attack would be lessened by this reduction, and there would be fewer attractive targets as well as less-consequential ones.

WHAT IS TO BE DONE?

Reducing the size of targets involves two areas of concern: population concentrations in risky areas, and parts of our critical infrastructure such as power, telecommunications, chemicals, and transportation. The federal government plays a role in the first through its programs of insurance and disaster relief and some federal standards, but much of this risky-areas problem is a state and local problem. However, the parts of the critical infrastructure that is our second area of concern are national in scope and thus are primarily a federal problem. Unfortunately, however, almost all of these infrastructures are in the hands of private corporations. While citizens have a say in electing federal, state, and local representatives they have none in the case of organizations that control our infrastructure. We have to depend on regulation and market structure in this area. This in turn depends on our three branches of government: executive, legislative, and judicial. Our government, in turn, depends on our electoral system, which is seriously flawed. Every attempt to reduce our vulnerabilities will be compromised by our flawed electoral system.

The Electoral System

By design, our forefathers ensured that the Senate would be unrepresentative, with the small states having the same power as the large ones. (It is a form of gerrymandering writ large, but at least senators run on a statewide basis, unlike the gerrymandered House, which enables its members to have safe seats, which in turn makes national issues less relevant.) We saw the effects of our unrepresentative Senate when small states received homeland-security funding grossly disproportionate to both their population size and their vulnerability to terrorist attacks. (Our electoral college system is a comparatively minor defect, although it can be a major defect if presidential elections continue to be close.) Equally serious is the transformation of our electoral system occasioned by the powerful impact of television campaign ads on viewers. Before the advent of television, candidates campaigned primarily through personal appearances and, to a limited extent, on the radio. Campaign financing did not require the enormous budget that TV does. Business and industry contributed to the campaigns, but so did individuals and groups not associated with business. Corruption in the form of buying privileged access to politicians and buying their votes existed, of course; it has always been a problem, peaking in the period from about 1870 to 1929. But the blatant cases were few and could be brought to light, and the lack of a huge war chest did not prevent politicians who were free of business blandishments from getting elected.

Now politicians spend most of their time raising money for the all-important television ads that make or break most elections. Even where there are safe seats for a party because of gerrymandering, a Democratic challenger in a Democratic district will need campaign financing from business for his or her challenge. This has given business and industry an enormous advantage over other interested parties because of their deep pockets. They are able to ensure that politicians amenable to their interests get nominated and elected; as a consequence, the politicians have been able, as we have seen, to weaken environmental rules, avoid building safer levees, allow settlements in risky areas, reduce safety inspections by the Nuclear Regulatory Commission, allow Senator Gramm to institute the deregulation that led to the Enron scandal and concentration in the power industry, and direct homeland-security funds to very questionable projects that benefit business. The larger the corporation, the greater the political and economic power it is likely to wield. Of course, this influence is even more striking in campaigns for the presidency.

Campaign finance reform has been on the agenda for two decades, but very little progress has been made. Even the scandals regarding lobbying in 2005 and 2006 have not produced significant changes in lobbying restrictions—another loophole in our democratic system. Full public financing of campaigns, or at least serious spending limits, is probably the most important reform that could lead to the changes needed to reduce our vulnerability that I have been advocating. (There is a possibility, however, that the Internet may reduce the power of corporate financing of political campaigns. The political parties are finding that advertisements on the Web and political bloggers are reaching the approximately fifty million people who use the Web to get their political news. These methods are much cheaper than TV ads and so might reduce politicians’ dependency on business financing, but only somewhat. ISP concentration in the Internet might reduce this grass-roots effort. Furthermore, it is possible that the critical swing voters are unlikely to get their political news from the Internet, but from Fox TV.)

Trends In The Executive, Legislative, and Judicial Systems

The White House and Congress are responsible for our judicial system, and the role of Supreme Court justices and justices of the circuit courts is vital to any reforms I have been advocating. The trend in the courts has been to favor private property rights and rights of eminent domain, which favor business interests over community rights. This has hampered the states in their attempts to preserve wetlands, restrict settlements in risky areas, and control standards of construction. Most alarmingly, the Supreme Court has also asserted the right of federal regulations to preempt state regulations even when the federal standards are lower than the state ones. For example, preemptive federal regulations regarding industrial hazards are weaker than those of some states, so the lower federal standards hold.

Unfortunately, the courts are just following Congress here. Since the 2001 election of President Bush and the dominance of Republicans first in one, then in both Houses of Congress, there has been a systematic and marked preemption of states’ laws and regulation in social policies; health, safety, and environment protection; and consumer protection laws. A study ordered by Representative Henry Waxman (D-CA) indicated that in the past five years, Congress has voted fifty-seven times to preempt state laws and regulations, passing twenty-seven preemption laws. The federal floor, below which states cannot fall, is replaced by a federal ceiling, below which they must operate. This prevented states from setting higher standards than the legislated federal ones on air pollution, health insurance and health safety, contaminated food, spam prevention, and gun control and gave immunity from liability to vaccine manufacturers, gun manufacturers and dealers, rental car agencies, manufacturers of homeland-security products, fast-food restaurants, and manufactures of dietary supplements. The report quotes a Los Angeles Times story: “the Bush administration is providing industries with an unprecedented degree of protection at the expense of an individual’s right to sue and a state’s right to regulate.” (U.S. Congress 2006) Of particular concern to us is the Energy Policy Act of 2005, which “strips states of their authority over siting of liquefied natural gas terminals, notwithstanding the significant public safety and environmental concerns associated with the construction and operation of these facilities.” Pending is a bill to limit states’ authority to regulate toxic substances. (U.S. Congress 2006)

The country has taken small steps to reduce population concentrations in risky areas. FEMA relocated some communities following disastrous floods, turning the land into water-absorbing wetlands, but the program was discontinued under President George W. Bush (ironically on the same day a destructive earthquake demonstrated the program’s value). The program could be restored and expanded. We could make a more vigorous attempt under a reorganized FEMA that began to recognize basic vulnerabilities. Unfortunately, as we saw in Missouri, local interests have succeeded in rebuilding on floodplains following disastrous floods, still with inadequate levy protection. After the 1993 Mississippi River flood, Missouri passed legislation that prohibited any county in the state from setting higher standards than the state, whose standards were already low. This is an instance where federal regulation should supersede state and local laws, unless local ones were more stringent. With more recognition of how the rest of the nation eventually helps pay for this shortsightedness, national legislation might have a chance.

Unfortunately our Congress, the Bush administration, and our Supreme Court have all joined together to weaken wetlands preservation since 2001. In Holland, the shock of a 1954 storm as large as Katrina led its government to take strong measures to protect its citizens. These eventually included not just the dikes and other forms of protection but deconcentration of especially risky areas and the restoration of wetlands—entire communities were moved. Neither the U.S. Congress nor the White House has been willing to fund the restoration of the wetlands on the Gulf Coast, which would go a bit of the way to making New Orleans a viable city (downsizing is needed in addition) and protect many others along the Gulf Coast. All the necessary measures are far from impossible: relocation, enforcement of standards, reduction of federal flood assistance where business and citizens do not take out insurance or violate standards, repair of levees, and restoration of wetlands. Some of these address prevention and remediation rather than the basic vulnerabilities that are the major concern of this book, but increased awareness of the need for prevention and remediation could lead to more awareness of the need to reduce basic vulnerabilities. A credible announcement that the federal government would refuse subsidized flood insurance for vulnerable areas and would provide no relief in the event of a disaster that could be averted by population deconcentration would do wonders for long-term planning, building standards, evacuation routes, and population densities in risky areas such as the Gulf Coast and the southeastern seaboard.

Extensive federal regulation governs the use and handling of highly hazardous materials, particularly chemicals. But there appears to be no significant legislation restricting the volume of storage of such materials or their location. The most promising legislation regarding the protection of chemical plants from terrorists in recent years focused on physical protection of chemical plants and other users of toxic substances, and requires only consideration of safer processes, but nothing on storage volumes or processing volumes. The law, sponsored by then senator Corzine, did not make it out of committee. A weaker one was still under consideration in March 2006, but it contains the pernicious clause that would require states such as New Jersey, with higher safety standards than the federal ones, to lower them. Given the failure of the earlier legislation and limitations of the current proposal, I am not optimistic about the more basic approach of reducing large concentrations of hazardous materials in storage and in production processes, but it is not inconceivable. What probably is inconceivable, unfortunately, is a breakup of those corporations vital to our critical infrastructure into networks of smaller firms where, I believe, we are much more likely to find reliability and security.

We have successful regulations and incentives in many other areas of our lives. Federal government standards (even though not well enforced) govern transportation, civil rights, education, worker protection, health care, and so on. The reduction in toxic emissions since the establishment of the Environmental Protection Agency is certainly encouraging. Unfortunately, as we have seen, the regulations have emphasized voluntary adoption of standards and uncertified inspections. The result has been that the firms that signed on to the standards reduce their emissions less than those that do not, presumably because they expect to escape scrutiny. But without regulations, especially those from the federal government, our society would obviously be much more vulnerable to our three sources of disaster. Many of these regulations were once stronger than they are now, especially in the antitrust area and pollution abatement. The ideology prevailing in our federal court system does not favor tougher regulations.

The Supreme Court and the Circuit Courts are not immune to public sentiment. But those sentiments must be very, very strong. At best, strong public sentiment affects specific issues rather than the prevailing ideology. The Supreme Court and the circuit courts are much more responsive to the politics of the political party that put them in power, by virtue of presidential appointments of judges to these positions and consent to these nominations by the party controlling Congress. Better regulations will have to stem from the electoral system, and even then, the process will take time because of the lifetime appointments of circuit and Supreme Court justices.

One alternative to government regulation would be a change in court rulings that would make it easier for citizens to sue corporations. Citizens have had a great deal of difficulty in suing corporations for damage done to themselves or to their environment, while recent rulings have made it easier for citizens and special interest groups to sue the government in cases of “private property rights.” But we should not forget that it is only in the past seventy-five years or so that citizens have had any significant chance to sue powerful organizations. Citizens’ rights to sue corporations expanded in the 1960s through the 1980s, partly in association with the environmental movement that was discussed in the chapter on the chemical industry. For a time, the courts went along with this. But since then, there seems to have been a contraction. Were a reinvigorated environmental movement to embrace the analysis presented in this book, there might be some success in this direction.

What is required is the passage of specific laws that would establish violations that then could form the basis for citizen’s legal action. If the laws were upheld by the courts, and this is problematic, organizations would seek insurance policies that would protect them from lawsuits. Even without specific laws, we have seen the important role that liability suits might play in promoting a more reliable and more secure Internet. In addition, as the principal customer of operating systems and software, the federal government could require more reliable and secure performance than we are getting, that is, changing priorities of the suppliers. Again, it is a state—Massachusetts—that is leading the way. It is even conceivable that in many parts of our critical infrastructure, an insurance company would reduce a firm’s premiums if it made the necessary expenditures to ensure access to multiple suppliers and multiple customers, so as to prevent the kind of breakdowns that excessive dependencies and critical nodes can cause.

(Insurance companies obviously play an important role in assessing and reducing risks. But they have no incentive to do so if the costs of disasters are fully socialized, that is, borne by the public at large, as is the case with most natural disasters. They are unlikely to bring to our attention the widespread negative incentives of making the public pay, since then they might have to pay. Governmental regulation could require it, but as we have seen in the examples of rebuilding on floodplains after the 1993 Mississippi River flood, hurricanes repeatedly destroying homes on a barrier island and the government paying handsomely to rebuild them, and the protection afforded nuclear power plants by the Price-Anderson Act, it is unlikely to.)

Nevertheless, despite all these obstacles, corporations are far more vulnerable to lawsuits by citizens and voluntary associations than they were one hundred or even fifty years ago. There is, then, some reason to hope that the upward trend of the past could be restored. One is entitled to hope that the present state of affairs is only a pause or a small setback in a historical trend that clearly favors federal involvement in disaster relief, safety standards and safety regulations, antitrust legislation, and the closer regulation of toxic and explosive substances. Laws that could protect our critical infrastructure have been weakened, or not enforced, for approximately two decades. This process was accelerated under the present administration, but it did not begin there. Nevertheless it could be reversed.

Could Further Calamities Help?

Will further calamity capture our attention sufficiently to change our direction? The experience of Hurricane Katrina is not encouraging. We may stick some fingers in the dikes and shout warnings, but like the bungled recovery effort still going on as of summer 2006, further engineering of the levees will probably also be bungled (even private contractors doing the work warned the Army Corps of Engineers that what they were doing was faulty), the Gulf states will not tax themselves to raise money for restoration of the natural barriers (the federal government has offered only a pittance), the mayor of New Orleans has declared that every one should come back, which would produce a population concentration that cannot be defended. Our response to 9/11, establishing the Department of Homeland Security, was a disaster in its own right because despite our huge expenditures on safety, it has done very little to thwart terrorism but a great deal to further pork-barreling in government, further the privatization of the federal government, de-unionize a significant portion of its employees, limit civil liberties, and help justify a disastrous war in Iraq. We may hope that another large terrorist attack does not occur, not just because of the immediate damage to lives and property, but because it may further reduce our ability to handle the more frequent and predictable natural and industrial disasters, provide more opportunities for the looting of the public treasury by private firms, further limit civil liberties, and even launch a new war. We should not expect further “wake up calls” from terrorists to make us safer.

Unfortunately it may take a disastrous nuclear power plant accident with extensive radiation over a few hundred square miles to weaken control of poorly regulated private utilities over the dangerous nuclear beast. A revitalized Nuclear Regulatory Commission could do the job if senators heavily financed by public utility firms were unable to threaten the agency with budget cuts unless it cut back on inspections, as noted in chapter 5. It is encouraging that a Connecticut public utility agency persisted in exposing the malfeasance of the executives that brought the Millstone nuclear power plant so close to a serious accident and gave us our first clear documentation of executive failure in one of our large utilities. Another grim wake-up call that might produce legislation would be a massive contamination of a 400,000-gallon milk storage silo that would tragically endanger thousands of people, especially children. This just might prompt federal legislation not only to make them safer, the inevitable first response, but to deconcentrate this industry, the proper, long-term second response.

The spread of mad cow disease through our giant feedlots might do the same for the cattle industry, which is highly centralized. (But even the voluntary inspection plan was recently severely cut back. It was already flawed because the industry would only inspect those dead animals that would not be likely to have the disease.) (McNeil 2006) A few chemical plant explosions might wake up Congress, but the run of mine disasters in 2006 has prompted very little reform. We can expect more massive blackouts, but it is unlikely that their connection to deregulation will be seriously investigated. As we have noted, the 2003 blackout has failed to bring about such an investigation. It is possible that hackers (or even terrorists, though that is unlikely) could cause such a wrenching disablement of the Internet through malware planted in Microsoft’s software that we might see the appearance of liability lawsuits. (It would take a change in attitude on the part of the Supreme Court, but twenty years ago the Court was more willing to entertain the notion of corporate liability for harms done to citizens; it could go back to that position if there were huge public pressure.) The specter of very expensive liability insurance for firms that pay insufficient attention to reliability and security would catch everyone’s attention. This might delay the next version of an operating system such as Microsoft’s Vista by two or three years, but it would produce a more reliable and a more secure one. I think most of us could wait that long.

The only hopeful signs are, unfortunately, tiny. But there are beginnings. We might get a marginally reasonable chemical safety bill out of the Republican-controlled subcommittee, and if it did come out it is quite likely that it could pass even in the Congress of 2006. (The choke points for preventing enlightened legislation are often as small as the composition of a subcommittee.) A variety of national engineering and environmental groups have put forth realistic plans for restoring the wetlands in the Gulf Coast. Most people were not aware of the basic cause of New Orleans’ drowning, but they are now, and support for these plans could mount. Though protecting the Gulf is a federal problem, local education, and even local education of those not living in the Gulf states, can create an issue that congressional representatives might have to attend to.

One important thing we need to do is assess our vulnerabilities. The comical effort of the DHS to do this is scandalous—allowing states to declare petting zoos and flea markets as terrorist targets. (Lipton 2006b) More important, the assessment ignores the targets of natural disasters and industrial disasters. Half in jest, I would recommend the disassembly of the twenty-two agencies thrown together in the Department of Homeland Security and the formation of a Department of Homeland Vulnerability instead. The GAO could tell us what the most dysfunctional relocations of the twenty-two agencies were, so we could return them to their former status as independent agencies, and which agency relocations were useful and should be preserved. An independent commission, with engineering experts such as Ted Lewis and wise men such as Circuit Court Justice Richard Posner could survey our basic vulnerabilities and make highly publicized recommendations to Congress to reduce them. (Lewis 2006; Posner 2004)

Even without cataclysmic prods to our federal government, including its courts, it is still possible that incremental changes could be sufficient to protect us. It took decades of slowly evolving court decisions in the nineteenth century to finally stop blaming workers who were killed on the job for their deaths. Our federal Food and Drug Administration is the result of an evolutionary process rather than of a single catastrophe. Almost no one had health insurance in my childhood and we came very close to having national health insurance, such as all other industrialized nations have, during the Truman administration. Business interests, which helped defeat that attempt, now have reason to regret their stand. Steady pressure from unions and public interest groups produced the Occupational Safety and Health Administration. There are some federal building standards; there could be more. We are better prepared today to handle the disasters experienced in the past. However, there are more disasters today than in the past, and they are more serious. We are more prepared, and yet we can improve. But we have hardly began to do the most effective thing: reducing the size of the targets that inevitably will be attacked. We are not safe. Nor can we ever be fully safe, for nature, organizations, and terrorists promise that we will have disasters evermore. Let us minimize their consequences by minimizing the size of our vulnerable targets.

¹The examples come from a PowerPoint presentation by Ted Lewis. See other illustrations in his remarkable book Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation (2006).

²There is a vast literature on networks of small firms. The classic book that gave the notion, discovered by Italian demographers, its first prominence, is by Michael Piore and Charles Sabel. (Piore and Sable 1984) The concept is developed by Mark Lazerson in Lazerson 1988 and Lazerson and Lorenzoni 1999, and is illustrated in a study of the garment industry by Uzzi (1996a; 1996b). For a synthetic review, see Perrow 1992. For a more recent extension, see Amin 2000. For an application to nineteenth-century America, where networks of small firms were much in evidence, see Perrow 2002.

³Portions of this section are adapted from Perrow 2005.