“Future enemies, whether nations, groups or individuals, may seek to harm us in non-traditional ways including non-traditional attacks on infrastructure and information systems that may be capable of significantly harming both our military power and our economy.”¹ 

It may be hard to imagine a time in American history when our homeland has been so exposed and so vulnerable. Yet the prescient quote above is from a policy that dates back to 1998. It was a harbinger of what would transpire three years later. 

On September 11, 2001, a horrific attack by foreign adversaries was perpetrated on American soil; Al-Qaeda, a transnational extremist militant organization founded by Osama bin Laden, weaponized critical infrastructure and almost instantly claimed nearly 3000 casualties.  9/11 marked a loss of innocence and left us shaken for years to come. It exposed a failure of imagination² and collaboration. It led to the creation of new institutions and partnerships intended to make sure such destruction and disruption would never happen ever again.

Today we face new, existential threats driven by sophisticated actors: adversarial, ambitious, and at times rogue, Nation-states targeting our critical infrastructure and our democratic institutions; a virus that has outsmarted our public health system and capitalized on a weak federal response; the slow burn of a changing climate that is driving more intense storms, ravaging the West Coast with fires, and affecting air quality thousands of miles away; and the rise of white supremacism and domestic terror, stoked by political leadership and misuse of the mediums of free speech and free press.  

I am pleased to have contributed to the Belfer Center Studies in International Security’s new book: Beyond 9/11: Homeland Security for the Twenty-First Century (MIT Press, August 2020). In the “Critical Infrastructure” chapter, I write about the important partnership between the federal government, private industry, and state and local authorities in securing and enhancing the resilience of our homeland, and the remarkable fact that much of this effort is the product of voluntary cooperation and collaboration.  

The critical infrastructure that underpins our way of life is a complex interdependence of financial institutions, electricity, communications, and other critical functions. The evolving threat environment—especially asymmetric, hybrid warfare propagated by transnational actors and an aging infrastructure under stress from rapid growth and a changing climate, as well as continued naivete (or lack of healthy paranoia) about the lengths to which our adversaries will go, make once low-probability events more likely and more consequential. COVID-19 is a stark reminder of the outcomes of a failure of imagination and a failure to anticipate, prepare for, and respond with all available resources.  

The failure of large public institutions in the crisis has highlighted the collective power and important role of private industry as the first line of defense and catalyst for reimagining and modernizing how we protect our homeland and ensure a resilient future.   

Global interconnectivity and transnational actors that transit in the seams of interconnected networks are the catalyst for why we must approach the threat landscape differently. Whether it is technology, supply chains, information, or economies; interconnectedness creates greater potential, but it also creates greater risk. More interconnectedness means more “weakest link” vulnerabilities, cascading impacts, and discordant responses that are a harbinger of more dystopian realities. It is why security and resilience need to be approached at an ecosystem level and with greater collaboration between the public and private sectors.  

Today, September 18, I am honored to participate in a George Mason University Criminal Investigations and Network Analysis DHS Center of Excellence event. The “Beyond 9/11 – Homeland Security and Transnational Crime” panel discussion will examine what it means to “secure the homeland” in the twenty-first century. Failing to “secure critical infrastructure from asymmetric threats” may be one of the most existential risks we face.  

Enhancing the security and resilience of the infrastructure ecosystem requires a collaborative and disciplined approach that unites stakeholders in the same cause but with at times different ROIs. The rules of how we partner are changing, as are the expectations of the role of the private sector and the federal government, in part driven by the blurring of the roles and responsibilities of each. At Toffler Associates, we have devoted some time to thinking about how to maximize public private partnerships for a common purpose:   

1. Understand Strengths. Identify and assess stakeholder organizations’ unique capabilities and strategic advantage. Make sure those capabilities are well understood within the partnership and can be used to drive solutions forward. ​ 
2. Strategically Curate the Partnership. Scan the ecosystem for potential impacted organizations – to include nontraditional and novel members – that can contribute to the mission through leveraging their unique capabilities, resources, and perspectives. Diversity of membership can maximize the strategic capacity to accomplish the partnership mission.  
3. Deliver at Scale. Standardize rules of engagement with partners to align the partnership on future-focused goals and objectives. Create common lexicons, speak each other’s language, and set clear expectations to enhance collaboration. ​ 
4. Innovate to Lower Risk. Create a culture of innovation and use futures and foresight analysis to anticipate emerging risks. Human nature is to plan for the risks we’ve experienced, it takes concerted effort to imagine threats we’ve haven’t experienced. Periodically inventory new risks, these can be the catalysts for innovative approaches to deterrence and response. 
5. War Game. Talking about collaborating and high-level planning is one thing, putting plans into action is something else. Stakeholders should regularly gather and war game threat scenarios to continually stress test plans, highlight blind spots, and clarify roles and responsibilities before events occur. 

Toffler Associates has been using our foresight expertise and broad security and resilience experience to improve both enterprise resilience and ecosystem resilience through preparing for an uncertain future and creating strong partnerships. 

Please contact us if you would like to talk about enterprise resilience or improving the effectiveness of public/private partnerships.

[1] National Security Council and National Security Council Records Management Office, PDD-63—Critical Infrastructure Protection, May 20, 1998.

[2] Thomas H. Kean, and Lee Hamilton (2004), The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon the United States, Washington, D.C., p. 336.