Ukraine Snake Island Flag - Buy it Here!

Homeland Security


Public Hearing

Wednesday, November 19, 2003

Drew University
Madison, New Jersey
























MR. THOMAS H. KEAN: If I could call the hearing to order. Ladies and gentlemen, before we begin, let me bring your attention to a yellow sheet of paper entitled "Emergency Procedures in the Baldwin Gymnasium." While no one anticipates any emergencies or fire alarm today, part of emergency preparedness includes being aware of your surroundings and looking around whenever you go into a building like this and seeing where the fire exits might be. Since the focus of this hearing is on emergency preparedness, we want your visit here to Drew University to be a safe one, so please take a moment to look over this sheet and be prepared.

So as chairman of the National Commission on Terrorist Attacks Upon the United States, I hereby call this hearing to order. I guess I want to additionally thank the President of the University. But I'm glad -- and thank you all for coming to the university here. I want to particularly thank Emily Walker and Ellie Hartz, as members of the Commission staff, for all they did to organize this hearing and to assemble the really extraordinary panels of witnesses that we will hear from shortly. I also want to thank Former Attorney General John Farmer for pitching in here to help as well.

Let me also express the gratitude of the Commission to the staff of Drew University for all the behind the scenes work they did to assure the success of the hearing. Much of the attention on national preparedness in the two years since 9/11 has centered understandably on the government's role. The government has an absolutely essential role in making sure that we are prepared in the homeland. But almost lost in this tremendous focus on what is the federal and state government doing has been the fact that 85 percent of our nation's critical infrastructure is controlled not by the federal government or the state government or local government, it's controlled by the private sector.

Now, clearly, any successful preparedness strategy must engage the private sector in partnership with the government at every level, whether it's local, state or federal. Today's hearing, I suspect, will demonstrate what Comcast Chairman Michael Armstrong said, providing homeland security is our country's most critical joint venture. So today's hearings then underscore the importance of the private sector in preparing for and responding to disasters, and will provide the basis for the commission's consideration of recommendations to promote energy preparedness -- emergency preparedness in the future.

Now, the families of the 9/11 victims care deeply about this particular issue, and we as a commission share their belief that addressing the issue of private sector preparedness is essential to our work as a commission and even to our security as a nation. Our discussions today have shown that the tenants of the World Trade Center varied widely in their levels of preparedness on 9/11. Many of those companies lacked proper evacuation plans. Many others had never practiced plans for evacuation.

Communications were disrupted immediately, and in many cases there wasn't any backup system that was available. In other words, employees didn't know what to do, and after the event, when companies were trying to account, to the families and others for their employees, they had no system for finding out where those employees were. So many companies didn't even have an accurate list or a count of employees on 9/11.

Now, business continuity, of course, was also a problem. Now, obviously no one could have predicted that horrible catastrophe, but there were elements of preparedness that would have assisted, nevertheless. The lessons learned on 9/11 by those companies located at the World Trade Center have led to notable changes in the way some companies are going about emergency preparedness and providing for the safety of their employees.

But how much has really improved? What lessons have we really learned? Well, a recent survey sponsored by Guardmark, a security firm, reported that 45 percent of some 800 companies that they interviewed were still not conducting emergency drills.

Well, are we spending more on emergency preparedness? The conference board study on security spending since 9/11 reports that spending on security has only increased an average of 4 percent over pre-9/11 spending. Well, are we more prepared? The Wall Street Journal noted recently, and that was on September 29th, 2003, that while, and I quote, "some companies have been revising and updating their workplace security plans since September 11th, a large portion appear to be blithely unprepared for any sort of attack. And many don't even have an effective evacuation procedure in place."

Now, we must not just learn from 9/11. We have to learn permanently. The Commission is concerned that as time passes, the lessons of 9/11 will fade, and our resolve to be better prepared will fall casualty to complacency and sometimes even bottom line expediency.

This hearing today will provide information that will help us make recommendations to ensure that the lessons we've learned on 9/11 will be challenged into action and improvements in overall preparedness, so that in case -- in the deadly case of any tragedy in the future, people will be prepared, and as many families as possible will be reserved from the horrible fate of the families of 9/11. So that is what this hearing is all about.

Our first witness is here -- no, not yet. No, not yet. Governor, yes. It's my pleasure at this point to introduce the Governor of the state of New Jersey, who's been not only a -- he first served as mayor of Woodbridge successfully, then as governor of our state. He's a long and dear and old friend of mine, and, Governor, it's a pleasure to have you open up our hearing today.

GOVERNOR JAMES E. McGREEVEY: Thank you, Governor. And, Governor, if I could, to my right at the table is Mr. Sid Caspersen, the director of the Office of Counter Terrorism. To Governor Kean, to Vice Chairman Hamilton, to the Commission members and staff, particularly Governor Kean, again, welcome home, and thank you for your long, dedicated service to this state and particularly your leadership with Mr. Hamilton as to this commission.

The state enjoys the opportunity to share with you our knowledge and experience. New Jersey was injured deeply on September 11th. We lost nearly 700 of our own citizens. Approximately one out of every four persons who died at the World Trade Center called the Garden State home. Our lives, our sense of security, our economy, were all shaken. But we have worked to take the grief, the pain and the anger and to channel them into making our state measurably safer.

New Jersey in many respects has worked to set a national standard for designing and implementing a comprehensive security strategy. In that effort, the private sector has been an indispensable partner. They hold nearly 90 percent of the critical infrastructure in our state, including the nation's highest concentration of oil refineries, oil storage facilities and pharmaceutical and chemical manufacturing facilities. No domestic security plan would work without their cooperation and dedicated involvement. And so today I thank you for the opportunity to share with you some of the ways we're working with the private sector to make our state measurably more secure.

Any discussion of the domestic security in our state begins with the New Jersey Domestic Security Preparedness Task Force, which was created in the weeks after the September 11th attack. This body, unique to New Jersey, represents intergovernmental collaboration at its highest level. The task force is chaired by the attorney general and consists of Cabinet-level officials charged with significant security responsibilities. These individuals gather regularly to focus on the most pressing security issues confronting our state: counterterrorism, weapons of mass destruction, and bioterrorism, among others.

I'd particularly like to commend former New Jersey Attorney General John Farmer, currently senior counsel to this committee, who served as the first chairman of this task force. The Task Force Infrastructure Advisory Committee is comprised of representatives from New Jersey's 23 industry sectors. The various IAC groups meet regularly among themselves to share information and security strategies. They also meet with the task force and their liaisons and state agencies, such as the Department of Environmental Protection for the chemical sector, and the Department of Health and Senior Services for the healthcare sector.

During the past two years, the task force and the IAC have worked with industry to develop best security practices. These recommendations focused on prevention, mitigation and response and recovery from terroristic activities. They include considerations such as site specific vulnerability assessments, target hardening and mitigation measures, protocols for background checks, protocols related to security, protocols for adjusted security measures, based on changes in the Homeland Security Alert System, communication protocols, crisis response, contingency and continuity plans.

In 2002, the IAC sectors all submitted best security practices to the Domestic Security Preparedness Task Force for review. Now we have embarked upon a second generation of industry best security practices. After they are approved by the task force, they are sent to my office for final approval. In every case, I have directed the appropriate Cabinet officer to work with the industry sector and to monitor compliance towards full implementation of best security practices.

In this second generation review, we have already approved 10 of 23 recommendations. We are working in partnership with the private industry to get these practices in place as rapidly as possible. We have also established an innovative relationship with Business Executives for National Security. A memorandum of understanding has been drafted between BENS and the state Office of Emergency Management to provide a database of business sector volunteers and resources that could be deployed during an emergency.

Working alongside the task force is the Office of Counterterrorism, whose Director Sid Caspersen, who sits with me here this morning. This office, which I created with the Attorney General's Office through executive order last year, under the direction of Sidney Caspersen, a 25-year veteran of the FBI who headed the agency's Office of Intelligence Community Support for New York City, the OCT has taken significant steps towards fulfilling the mandate to identify, detect and deter terrorist-related activity in New Jersey.

As my chief liaison to the federal intelligence and law enforcement communities, the Office of Counterterrorism has forged close ties with the Office of Homeland Security, the FBI, the Department of Energy and the Transportation Security Agency. This partnership has allowed us to develop unique initiatives, like the New Jersey law enforcement counterterrorism training, which has trained literally thousands of state and local police officers across this state.

It has also enhanced our infrastructure protection efforts. For example, if I again -- if I could praise the efforts of Secretary Ridge, the Department of Homeland Security, we have implemented a buffer zone protection plans for a number of the state's high-risk chemical facilities. To test our plans, we conducted New Jersey's first buffer zone protection plan tabletop exercise.

The Domestic Security Preparedness Task Force, the Office of Counterterrorism are now working with the Department of Homeland Security to expand their training on buffer zone protection to critical infrastructure sites in the chemical and petroleum industries identified by the state. This sort of cooperation is critically important because the private sector has every right to expect the government, state and federal, to approach them in a cogent, unified manner. We need to continue improving the coordination so that we are complementing one another's efforts to strengthen security.

OCT is also sharing information and intelligence with the private sector as to potential threats. In the past year, they have sent out more than 80 bulletins and alerts to various industry sectors. They have developed a secure website for infrastructure protection that serves as a statewide clearinghouse for information. And they have deployed a high-speed notification system called the Communicator that automatically sends alerts to an unlimited number of individuals, groups or teams by phone, pager, fax and e-mail.

Another way we are working with the private sector is through the Medical Emergency and Disaster Prevention and Response Expert Panel, MEDPREP, under the leadership of Dr. Clifton Lacy. It is a collection of the state's top health experts, drawn from a wide range of backgrounds, such as emergency medicine, infectious diseases, as well as hospital care. Through MEDPREP, we've become the first state to have a 24/7 bioterrorism rapid response team to provide medical expertise for suspected bioterrorism events. We are the first state to install 800 megahertz non-interruptible radios in all of our acute care hospital facilities, and the New Jersey Hospital Communications Network interconnects 85 such hospitals with state government and one another, allowing for a reliable interoperable communication in the case of a large-scale terroristic event or natural disaster.

We are also including the private industry sectors in our training exercise. The Infrastructure Advisory Committee and the task force created the Domestic Security Exercise Support Team, which has begun exercises and training simulations that incorporate both public and private sector players. The State Board of Public Utilities, for example, has already run a tabletop exercise with water and energy sectors to determine how to best maintain continuity of operations in the face of a terrorist attack.

Early next month, the Department of Environmental Protection will be participating in a similar tabletop exercise with our petroleum industry. The Board of Public Utilities is also working with the IAC to review the results of the August 14th blackouts. This incident provided an excellent test case with a new spirit of cooperation between the public and private sectors. Through close communication with the utility in that case, PSE&G, we were immediately able to get the state police resources to support local police services based on information we received from the utility literally on a minute-to-minute basis.

Just this past Saturday, New Jersey and the Port Authority, along with the Federal Office of Domestic Preparedness and 600 local county and state first responders from 70 agencies, staged one of the largest full-scale emergency exercises in New Jersey history. The exercise simulated the release of biological and radiological agents at Port Newark. Although we await formal after-action reports, from all accounts the exercise went extremely well. I mention this exercise because it is a good example of the cooperation needed at all levels to prepare for future acts of terrorism.

In closing, I want to emphasize again how critical it is that the private sector, which controls 90 per cent of our state's infrastructure, be involved in all security planning. They hold much of the critical infrastructure in our state and throughout our nation, and we must consult with them early and often. In New Jersey we have done that, and as a result, we are immeasurably more secure than we were two years ago, and we're working to become safer every day. Thank you, Mr. Chairman.

MR. KEAN: Governor, thank you very, very much. Would you be willing to take one question from Senator Gorton?

GOV. MCGREEVEY: Yes. And Mr. Caspersen.

MR. KEAN: And Mr. Caspersen, yes.

SEN. SLADE GORTON: Governor, that is an extraordinarily impressive record in the two years since 9/11, but would you say a word about the degree of cooperation you get, in a sense, upward in the other direction with the various federal agencies and the interest that they have in what you are doing at the local level and with the private sector?

MR. SID CASPERSEN: I'll answer that if you don't mind. We have a great working relationship with the Department of Homeland Security, with the FBI, with CIA and with NSA even, and with the 10 northeast regions' state Homeland Security directors and their governors' offices. We established our own information sharing system within the 10 states in northeast region, realizing that we all rely on one another.

Something happening in Delaware could easily -- and Maryland could easily be happening in New Jersey, New York, or all the way up to Maine. So we have a really good information sharing. We share information every day. We created a number of web portals allowing people to access our databases securely. We've set up a Memex intel system which we are giving to the FBI, they already have it in place.

The Office of Counter Terrorism works both with the Philadelphia office and with the Newark office. We're also putting it at NYPD. We have staff there that we keep in the NYPD intel center to make sure we monitor all the time what's going on in the city. Anything affecting the city would obviously affect New Jersey.

We are putting these web portals in Homeland Security. They are designing an initiative for a pilot project for information sharing for the northeast, using the northeast as a pilot project. Both New York and New Jersey would have regional intelligence centers established, having secure communications with Homeland and the other intelligence agencies.

So I think we're doing that but we're working very hard now with the private sector, with DOE, with the Information Analysis and Infrastructure Protection Group, and we've designed a system where we can instantly communicate with our private sector, both sector-wise and both all across the state. We just met with some partners in New York to help them do the same thing in New York with some of their private sectors.

SEN. GORTON: The feds aren't cutting you off from information you consider vital?

MR. CASPERSEN: We are getting information from a number of federal entities, including the FBI. The process of having this new intelligence sharing center creates an atmosphere where we're on the link with the other intelligence agencies we will actually be doing analysis with, DHS. I think what they're working through right now at the federal level is the TTIC, all the combined agencies being together there, and getting that information piped down to DHS and getting it out to state and locals. I think being fair to them, they're working very hard on the system. Coming from the federal system I realize how difficult that is, but I think they're really making great strides.

General Libutti, the undersecretary who's in charge of information protection for DHS is very aggressive in getting the system out and hopefully it will be signed off and we will be implementing it within six months in New Jersey and New York, because I think they're striving to do that.

GOV. MCGREEVEY: And if I can, I'd also like to give praise to Secretary Ridge. I think Secretary Ridge and many of the governors -- in fact, I was among the first governors, the governors to call for the adoption of the Office of Homeland Security. We very much want to recognize Secretary Ridge's efforts, but also one-stop shopping. As everyone on this commission knows, governors frequently have to go from department, to department, to department, and homeland security, as across the breadth of state government, to say the least, frequently was an arduous process. And I believe Secretary Ridge has worked very closely with this nation's governors to provide not only a single point of entry but to work collaboratively.

One recent example was, for example, in Port Philadelphia, Port Camden, as opposed to Port Newark, Port Elizabeth and the Port Authority, there existed slightly different protocols for manifests. It was Secretary Ridge's leadership that helped to provide a uniform framework so that we're operating, ironically, in the same pattern in the southern half of New Jersey as we are in the northern half. The only area that of concern -- that continues to be of concern is obviously the question of funding.

In the Administration's approach of sometimes focusing on the density of cities, municipalities, New Jersey happens to be the most densely populated state in the nation. We were not able to access some of that funding based on having a singular large city, despite the fact that we are that most densely populated state. Secretary Ridge did provide a significant level of intervention but it still remains that the funding formula, both because of the congressional allocation -- New York and New Jersey still receive less than $1.75 per person, whereas North Dakota is $7 plus and Wyoming $10. But in addition to that, our concern that the present funding formula that focuses on occasion on a municipal or citywide, city-centric approach, sometimes places New Jersey at a disadvantage.

But that being said, I believe Secretary Ridge has performed a phenomenal task, and not only centralizing but being available and working cooperatively and trying to put a measured elasticity into a system so that it continues to be responsive as opposed to become simply another bureaucracy.

MR. KEAN: Thank you. Governor McGreevey, Mr. Caspersen, thank you very, very much for being here with us today and for your leadership. Thank you very much.

GOV. MCGREEVEY: Thank you very much, Governor.

MR. CASPERSEN: Thank you.


MR. KEAN: Perhaps no aspect of the private sector is more keenly attuned to the challenges of private sector preparedness than the insurance industry, which must value and allocate the risks associated with a possible terrorist attack. Chubb took the lead in the immediate aftermath of 9/11 when it decided to honor all claims, declining to invoke the standard wartime exclusion, notwithstanding the President's statement that the nation was at war, and in a climate of great uncertainty in the rest of the insurance industry about what to do. Here to talk about Chubb's experience on 9/11, the current climate for terrorism insurance, and future challenges is John Degnan, vice chairman of Chubb Corporation, and former attorney general for the state of New Jersey.

MR. JOHN DEGNAN: Thank you, Governor Kean. With your permission I've asked Matt Campbell, who's the general counsel of our Commercial Insurance Division to join me here, in case the Commission has any technical questions which Matt may be more able to answer than I am. Governor Kean, Vice Chairman Hamilton, members of the commission, I welcome this opportunity to appear before you this morning on behalf of the Chubb Corporation. I'm vice chairman of that company, as the governor has said, and the company has been in the business of providing property and casualty insurance for over 120 years.

We were one of the largest insurers of the World Trade Center itself and of the tenants of the World Trade Center, and expect to pay, as a company, $3.2 billion in gross losses arising out of the September 11 attack on the World Trade Center. It's obviously the largest loss that we've ever experienced and surely the greatest tragedy that we've ever managed, and we're very proud of the role that both Chubb, and for that matter, the entire property and casualty insurance industry has played in meeting our promise of claims payments.

You've asked me this morning to address three subjects, and I'll try to do so briefly. I've submitted to the Commission a more extended set of comments. The first question was our experience as a company in the aftermath immediately after September 11. Second was our experience in the current insurance marketplace in the context of a Terrorism Risk Insurance Act, sometimes called TRIA. And third, the consequences, at least from our perspective, of a failure to reauthorize TRIA, which would -- or substitute legislation, which without congressional intervention will inspire at year end 2005.

So let me start with how we responded to the September 11 attack. I suppose like most folks did, I'm sure members of the Commission, we first confirmed that our family members, our employees, our colleagues and our friends were safe. We reached out to hear their voices, we rejoiced over their emails, we generally reassured ourselves as human being that the awesome horror generated by that event would not cripple us, either as individuals or as a business.

Then within only hours, we had to set about the task at hand, as so many others did. As a company, we had to determine whether, in the absence of a full understanding at that time of who the responsible parties were for this event, whether the attack fell within the wording of the traditional War Act exclusion that most insurance policies have. If it did fall within the definition of a war, then the event would not have triggered covered losses under many of the policies then governing the tenants and the owners of the World Trade Center.

That analysis, as you can imagine, was undertaken in the context of an unknown dimension of the ultimate loss, Who knew on September 11, aside from the personal tragedy dimensions, what the economic consequences would be? But we all knew that it would be many billions of dollars, and surely the largest loss the insurance industry has ever experienced.

Obviously it could have been about the company proposition, although no one had that on their mind that day. Frankly, the debate even within our own company was intense and often emotional about whether this was a war, whether there was coverage under the policies, and whether we would pay the claims. We had no idea whether our reinsurers -- in our business, when a risk is too large we pass off some of that - re-insurer who stands in our stead in paying the losses. And we had no idea, because they had War Act exclusions in their reinsurance treaties with us, whether they would invoke the War Act, many of these not being U.S. reinsurers. And if we said that the War Act did not apply and paid claims and the reinsurers said, yes it did, we won't reinsure you, it meant that we would lose the benefit of the reinsurance.

The President and others in authority that day were, it turns our correctly, probably referring to the event as an act of war, and that had an impact on our deliberations. Finally, though, within about 12 hours of debate, we did what Chubb has, in my judgment, always done, the right thing, and we announced that we would not apply the War Act exclusion and we would adjust and pay all covered claims with speed, empathy and integrity.

While Chubb generally gets credit for having been the first insurance company to publicly acknowledge that position, I'm very proud to say that our industry all came to the same conclusion, reinsurers and insurers alike. And as my submitted testimony indicates, the private sector insurance proceeds, by and large, in my judgment, defeated the economic goals of the terrorists who sought to bring down our economy. It was certainly my proudest moment as an officer at Chubb and as a member of this industry.

I don't want to leave this subject, though, without giving the Commission just a glimpse of how our people at Chubb responded. There are too many incidences of personal sacrifices to recount here, but one set of them exemplifies them all. Our claims adjusters who handle workers' compensation claims came together as a team that day on a volunteer basis to service the most difficult of all claims that have come out of the World Trade Center, those involving injuries or deaths to the employees of our insurers.

Our claims personnel solicited and received permission from the New York Department of Insurance to condense the application required for a workers' compensation claim from about 108 questions to eight. We got permission to accept these claims on an oral basis rather than a written basis, and instead of waiting for the families to submit the claims, we put our people together in a crisis unit and asked them to call family members, and we had perhaps 900 plus of the deaths that emanated from the World Trade Center loss.

We wanted to try, as paltry as it seems, to soften the economic loss to families whose losses were obviously un-reimbursable, either emotionally or economically. But if we could make emergency benefits available, as we had the right to do under the policy within 72 hours, we didn't want to wait until somebody submitted the claim, that they needed the money that day. The calls we made were often emotional and sometimes reached family members who had not yet acknowledged their losses, and they often produced tears and certainly always empathy. In time, some of our own people needed grief counseling.

The Chubb adjusters did what needed to be done economically, as so many people did in those days after September 11, to soften the crushing, and as I said, the un-reimbursable loss of a family member. Like so many others in the company -- in the country -- Chubb and its people responded selflessly and generously and it made me proud to be part of a response which was so much more powerful and inspiring than the attack which prompted it.

Now, with your permission, let me turn to the current environment in the insurance marketplace. After a frustrating and often discouraging public debate, Congress passed and the President signed in November 2002, the Terrorism Risk Insurance Act, TRIA. It took consistent and firm leadership from President Bush and a handful of persistent and constructive Congressional leaders to secure passage of that bill more than a year after that event. There's general agreement, I would say, that at least as it is operating in its first year, TRIA does provide some level of solvency protection for insurers.

Nevertheless the program today has some significant shortcomings. First, perhaps of most concern, is that the per insurance company retentions simply are too high. Before September 11, for example, when an insurer looked at a workers' compensation risk for a financial services provider, as many of the companies in the World Trade Center were, the maximum probable loss of such a firm was relatively low compared to often other more dangerous lines of work. White collar workers generally don't experience the same incidence of claims or severity of claims that manufacturing workers experience, and we underwrote to that risk.

But after September 11, even a moderate sized financial services company can face a maximum risk of more than half a billion dollars. So even under TRIA, each individual risk that we write has a probably maximum loss of up to the per company deductible, and insurers continued to be faced with staggering potential losses. Second, TRIA does not effectively prevent states from preempting federal law. For example, because insurers are required to provide insurance for what we call fire following a terrorist attack in 26 of our states, we're forced to apply inconsistent standards of both underwriting and pricing to national clients who have risks that overlay many state involvements, and we have to tailor the product as well to that.

And third, unlike Pool Re, which is the reinsurance device put into place in the U.K. to deal with terrorist attacks, TRIA is voluntary for the policyholders. An insured makes a decision, based on the availability of terrorism coverage and the price, whether they want to buy it. As a result, the market is experiencing what we call adverse selection, that people with the greatest exposure to terrorist events.

Those who, for example, work in signature buildings, such as the Empire State Building in New York or the Sears Tower in Chicago, generally are buying the terrorist insurance. But if you live in a low -- or you work in a low-rise office building outside Des Moines, Iowa, you're less likely to buy terrorism insurance. And the only way insurance really works as a mechanism is if the fortunate many take care of the misfortunate few by allowing their money to be pooled to deal with catastrophic risk. But because terrorism presents such unique risk management issues and concerns, policyholder participation in a terrorism insurance arrangement should be compulsory.

About 80 percent of our clients and customers are buying terrorism insurance, but there are many companies in the insurance industry who are experiencing much lower rates of companies and customers actually buying the insurance. So as I noted, while TRIA does have some basic value in insuring protection for the solvency of the insurance industry, it does have defects.

And I'd now like to address the challenges that the marketplace will face in trying to manage the risk of terrorism after TRIA expires, the potential prospects of TRIA extension. And I'd like to begin with the very real concern of insurer solvency. TRIA will expire, if nothing else happens, on December 31, 2005. Sadly, the threat of catastrophic terrorism risk will remain after that date. The expiration of the current TRIA program will exacerbate the solvency challenge faced by insurers.

And to give this issue some context, consider that currently the United States domestic property and casualty industry has approximately $300 billion in surplus. But roughly half of that represents automobile insurance and homeowners insurance, leaving approximately only $150 billion -- if you can put an only before that amount. But that's set aside to pay for all types of commercial insurance losses. If we had another event in the order of magnitude of $70 billion, which was the early projection of loss for September 11 -- it's come in somewhat lower than that -- the economic consequences against that $150 billion surplus would be significant to say the least, and would seriously jeopardize the financial stability of the industry, clearly rendering insolvent many of the insurance companies whose capital base is less strong than others.

I would hope that the Commission would agree that were the insurance industry to be insolvent after the next terrorist, event, as it wasn't after this one -- it was solvent after this one -- the economic reverberations of our inability to pay would be felt not only in the United States but around the world. The insurance losses associated with the World Trade Center attack were huge and unprecedented, yet they could have been substantially larger if, for example, the attack had occurred only a few hours later, when even more people were in the towers, if the planes had hit a lower floor or if there was less time available for evacuation.

And the consequences for the primary insurance industry in the future would be far greater than those horrendous consequences of September 11, because if TRIA did not exist, private reinsurance for terrorism, private reinsurance that we would buy from other insurance companies, is generally unavailable today in the marketplace and certainly unavailable for nuclear, biological, chemical and radiological risks in particular. Accordingly, some governmental program is needed. And the approach of the Commission today to study private-public partnership in addressing this risk as a nation is critically important.

Currently the industry, the insurance industry, is looking at a variety of options. They include a federal reinsurance program, a combination of regulatory standards and terrorism reinsurance pools, a workers' compensation only backstop. If TRIA is not available for property risks going forward, would it make sense to make it available for at least workers' compensation risks, where coverage is mandated, an insurance company must provide terrorism coverage for a workers' compensation loss. A tax deduction, perhaps for terrorism reserves, or a federal terrorism reinsurance bond mechanism, state-based solution. Or even private sector solutions in combination with those.

Unfortunately, each of those options in some way has substantial flaws. Given the current reluctance of many to extent TRIA, it's doubtful that the administration and Congress would seriously consider a federal terrorism insurance program, despite the fact that nine countries already have such a program in place. The current system under TRIA of regulatory standards and federal reinsurance might be suitable for ultra high-risk facilities, such as nuclear reactors or chemical plants, biological plants or telecommunications and cyber infrastructure.

However, our attention cannot be limited to those exposures. Terrorists, as we know, most often strike at soft targets in an attempt to disrupt everyday life. An effective federal terrorism insurance program, therefore, has to address the exposures presented by high profile, and to a terrorist, highly desirable targets, like sports arenas, universities, shopping malls, daycare facilities, and even hospitals. And while these soft targets are perhaps the most emotional risks, the greatest terrorism threat to the insurance industry's solvency is workers' compensation.

Inconsistent state regulation limits insurers' ability to effectively respond to workers' compensation exposures. It would frankly benefit the insurance industry and all who rely on it if TRIA were improved and extended if only for workers' compensation. But a truly effective federal program should really address other lines of insurance as well. The tax deductibility of terrorism reserves, which are currently not tax deductible to an insurance company does create an adverse budget scoring implication, growing the federal deficit.

The TRIA bill, by the way, originally improved by the House Financial Services Committee, did have such a provision in it. It would have allowed insurance companies such as Chubb to set up reserves against the possibility of a terrorist loss, but it was stripped out by the House Ways and Means Committee. The purchase of federal reinsurance bonds would probably do little in the short term to build capacity. Those bonds would have to have fairly low interest rates and have restrictive access to the funds. State-based solutions would not be able to build sufficient capacity, nor would they address the reality that terrorism is truly a national problem that must be addressed nationally in a consistent way.

So to rely solely on the private sector to solve the problem cannot be the right way. The terrorism risk is too great, the consequences too terrible to rely only on the private sector's ability to solve it and absorb the loss. Another terrorist attack is sadly a virtual certainty. Only its manner and its timing and its magnitude are impossible to predict. Unfortunately, current prospects for improving or extending TRIA are dim. Even the administration which worked so hard to pass the original bill has indicated it does not plan to push for extension.

As I've said, though, insurers alone probably cannot provide the coverage needed in the face of an incalculable risk. If you can't quantify the risk and determine its probability, it becomes essentially an uninsurable risk. As a result, the insurance industry, and I would suggest even the economy as a whole, remains at great risk. An effective federal insurance program is an absolute necessity, and wouldn't it be a shame if it took another terrorist tragedy on U.S. soil in order to induce us all to do the right thing.

On that note, Governor, let me end by thanking you for the opportunity to appear before you today and particularly to you and Vice Chairman Hamilton and the other members of the Commission for your attention and your leadership on this critical issue. I would be happy to answer any questions that either you or members of the Commission might have.

MR. KEAN: General, thank you very much.

Commissioner Gorelick.

MS. JAMIE S. GORELICK: Mr. Degnan, it's good to see you again. Thank you very much for your testimony today and for your thoughtful comments. While I might wish to return to the body of what you presented today, I would like, I think, to focus on the role of the insurance industry in getting the private sector to where it needs to be.

The Chairman noted at the outset that the national security of this country sits on a bed of infrastructure that is owned privately. And that is a signal challenge to all of us, how to get the private sector to do what it needs to do to harden itself against attack, to ensure that it has procedures to mitigate the harm if there should be an attack, to make sure that it responds approximately to protect its people and its facilities. That is, I think, the largest challenge that we face in the subject matter of the hearing today.

And I come at this not only as a member of this commission but as the co-chair of a commission with Sam Nunn on critical infrastructure protection in the late '90s, where we looked at this. And we're very frustrated by what we saw as a lack of incentives for industry to do what we thought needed to be done. Now, traditionally your industry has led the way. Where there is a potential harm that can be mitigated, there have been incentives in the pricing of the insurance product that lead a business to say, well, this is cost-effective to do.

The Governor came before us and laid out a broad consultative process with industry. If I had had the chance to ask him a question, I would have said, you have cash-strapped companies in your state. What is going to make them, besides a sense of duty to their employees and patriotism, which are good motivators but only go so far when you're trying to manage a business, do what they need to do? And so that's what I'd like to talk to you about.

When it became clear that if you had airbags in your automobile, your losses would be lower if there were an accident, and therefore the insurance company would give you a cut of your rate. Same thing with fire alarms in your house. Where is the industry in establishing a set of best practices that companies can use to aspire to and to try to get their procedures so that their people and their facilities are protected and hardened? Do we have a set of best practices and do we incent companies to adopt those best practices?

MR. DEGNAN: It's a great question, Ms. Gorelick and I think --

MS. GORELICK: Well, thank you.

MR. DEGNAN: -- it does focus on exactly the right issue, both from an overall economic impact of the terrorist incidents and on the insurability of those losses. Let me answer your question first, bluntly and honestly. There are no standards nationally available that deal with all terrorist events. There are, though, a number of initiatives underway that deal with standards for what I would refer to as conventional terrorist attacks. That would include a nuclear, biological, radiological attack, which raise questions that are much more difficult to address from a standards point of view.

The federal government has taken some steps by virtue of creating working groups around certain kinds of best practices to disseminate information about the availability of those kinds of protective or precautionary devices. There are groups like the National Fire Prevention Association that are developing best practice safety and physical security recommendations that would help mitigate the magnitude of a loss from a conventional nuclear attack.

And while I said that there are standards available, effectively today, much of what you suggested needs to go on is going on with respect to conventional terrorism and property risks or business interruption losses that would flow from those property risks. So, for example, at Chubb. And I think this is pretty typical of the insurance industry today. We have loss prevention control experts. Before we write a risk, we send them out to do an analysis of the structure and the procedures that are in place in that structure.

Based on their findings, if they've made a determination that the company insured has taken precautionary security measures, and I'll list some of them for you, we will write that risk more willingly. We'll probably write it with a smaller deductible so that the insurance dollar comes into play at a lower dollar loss. We'll probably provide more limits if the insured wants higher limits available for the loss than we would if the risk were greater in order of magnitude because of an absence of security devices. So some of the things we look at would be, do they have a disaster recovery plan?

Financial institutions, by the way, are mandated by the federal government, and many of those that lost all of their assets in the World Trade Center, and many of their employees were up and running and doing business within a matter of 72 hours --

MS. GORELICK: Most of them here in New Jersey.

MR. DEGNAN: -- after the loss, many of them coming to New Jersey to use space in order to do that, until they could get back to New York. Where's the company's physical location? Is it in a high-risk, high-profile building or is it even within a high-profile city but a less high-profile building? Does the company do evacuation drills on a regularly basis, something Governor Kean mentioned? Are delivery vehicles authorized to be on the premises? Are their physical security barriers that prevent access to the building?

Do companies use employee screening processes to monitor who they hire to protect themselves from self-inflicted terrorist events? Are the ventilation systems properly protected? Do they use reflective paint in the stairwells so that people can evacuate the premises more quickly? Are chemicals stored on the premises, and if so, how secure they are?

Our loss control folks look at those things and then advise the underwriters with respect to the underwritability of the loss. Again, only against a conventional terrorist act would I argue that you can responsibility underwrite. But we do take into consideration where state law allows, and it doesn't always, us to adjust a price based on that, certainly to provide more favorable terms and conditions to an insurer who has taken those steps. So there is an economic incentive. I apologize for the length of my answer.

MS. GORELICK: No. I had a lengthy question, you're entitled to a lengthy answer. Would it be more powerful in moving industry to implement state of the art evacuation procedures and the hardening of buildings against attack if there were a clear and more universally accepted set of standards? I mean, you've indicated there's a proliferation of information and that your underwriters make a qualitative assessment, but my concern is that the lack of clarity and the lack of unity as to what is the right thing to do breeds a lack of incentive and impetus to do what needs to be done.

MR. DEGNAN: Clearly I think there's not much doubt that a uniform national set of standards that govern property exposure to conventional nuclear attacks would be desirable for the insurance industry, and more importantly, for the companies that have responsibilities for their shareholders and their employees to provide an environment which is safe and allows them to continue to conduct business. That does not exist today.

MS. GORELICK: And that would be for all manner of terrorist attacks then?

MR. DEGNAN: Well, it's not easy but it's much more -- it's easier, frankly, to get one's arms around a set of standards in the face of conventional terrorist attacks, such as an attack on a property or a building or a particular company.

MS. GORELICK: And yet we know --

MR. DEGNAN: Much more difficult than radiological, nuclear, biochemical attacks to devise what those standards would be. We have not been able to do that.

MS. GORELICK: And yet we know that even such basic standards as standards for evacuation procedures, standards for the construction of buildings, where the attack could be with a much more conventional weapon don't exist, and there are few incentives to make them exist. Isn't that true?

MR. DEGNAN: Yes. But that's not a reason not to do it. I didn't mean to suggest that. There are -- a precedent would be the uniform fire code, which provides standardized sets of procedures and best practices. And I actually am recommending and supporting the notion that we ought to have such.

MS. GORELICK: Now, you mentioned a regulatory barrier. Is there a barrier for the insurance industry to offer price incentives to companies that abide by best practices, let's say if there were a set of best practices out there?

MR. DEGNAN: You know, the insurance industry is regulated by 50 different state regulators. It is one of the few major sectors in our economy that requires public oversight that's not done at the federal level. Chubb and many of the companies in our business would support a federal optional chartering system which would allow one federal regulatory to oversee insurance regulation. But the answer to your question is yes, there are barriers, because in many states, commercial property forms need to be filed in advance of their being put on the market.

Rate structures in many states are very minutely regulated and controlled by the state departments of insurance, many of whom are very slow to respond and insensitive at times, not all of them, to the exigencies that require a quick decision. So I would pose that to you as a significant barrier in the ability of the private sector to respond to the normal marketplace impulses or factors and developments that we would want to respond to.

MS. GORELICK: Well, that's a very helpful answer and very concrete. So far I've taken from your testimony, in addition to the concerns you've raised about TRIA, that, while we have a lot of information out there about what might be the best way to protect ourselves, we don't have any coalescing around a set of standards that can be implemented, if you would, by the insurance industry. And even if we had the standards, there are regulatory barriers to offering very clear-cut price incentives to companies to adopt those standards.

MR. DEGNAN: Potentially. And I would focus not just on price but on terms and conditions. Many companies are willing to pay whatever it takes, as long as they can buy enough insurance and they can have it attach at a level which doesn't render them insolvent before the insurance comes into place.

MS. GORELICK: Well, I accept that perfectly. It seems to be me that more broadly one could call it financial incentives to do what is right. I noticed that the Business Roundtable in April came out with a call on boards of directors to make security a key part of corporate governance, and you probably have a window into corporate America that most people don't have. In the report it notes that security generally is a responsibility of someone fairly low down in the organization, not someone very close to the senior leadership and certainly not close to the boards of directors. And it generally calls on corporate America to change that and to make security an important part of corporate governance. Has that happened?

MR. DEGNAN: It's certainly happened at our company. I chair the internal security caucus group that overlays all of the departments of the company. Our board requires an annual update now on the status of our disaster recovery planning and our business continuity planning as well. I would -- I don't know for a fact, but my sense is, as an insurer of many companies, directors and officers' liability, that boards are treating this as a board level matter for attention these days, and when that happens, inevitably the management of a company treats it as a critical imperative.

Certainly in publicly traded companies today, a director would be taking a risk in terms of liability, and not assuring himself or herself of the adequacy of the planning measures and security measures that a company should take. So I suspect it is happening. I was taken by Governor Kean's remarks at the beginning that many of these things do not seem to be evidenced in surveys that are done. From our perspective it's much different, much better and much more engaged than it was before September 11.

MS. GORELICK: Do you at Chubb or do you as an industry have data that reflect these changes, because the data that are available to us are not particularly consistent with that assessment? I don't have any reason to question your anecdotal perception but the data seems to reflect that little has been done, and if that were true, it would be of significant concern to us, and we would address it perhaps differently if we had different facts.

MR. DEGNAN: I wish I did. I don't. It was anecdotal. But one empirical piece of data that I could refer you to is the fact that about 80 percent of our insureds are buying terrorism coverage. That says to me that there is an awareness of the risk on the part of the customer and a willingness to pay a price to secure at least economic protection against it. If they have that, one would surmise that they are incented [sic.] highly to minimize the risk as well as buying coverage for it.

MS. GORELICK: If they're behaving rationally --

MR. DEGNAN: Which not all do.

MS. GORELICK: -- which occasionally is not the case. Mr. Degnan, I want to note that the record of Chubb's activities in the days following 9/11 is really an impressive one. And, you know, I've read Steve Brill's book and read your account of what occurred and the business decision that you made that reflected the values of your company, which was to step up to the plate and fulfill the commitments that you had made to your insureds.

Your testimony, in part, urges us to look forward to the unhappy possibility that this is not a one-off event. And most of the witnesses whom we have heard from in the course of our inquiry so far who are experts on terrorism say that no matter what we do to one extent or another, some additional attacks in our country are inevitable. And so my last question to you is this. Do you think that your industry could and will respond in the same way in the future, which was with a, if I may characterize it, a sense right off the bat that it was the right thing to do to pay these claims? Do you think that you and your industry will be able to act in the same way in the future?

MR. DEGNAN: There will certainly be desire to act in the same way in the future on the part of not only Chubb but of almost every company, particularly domestic companies in the industry. Whether we're able to or not is the more fundamental question. It's very interesting to me. The insurance industry is not a very popular industry in this country, to be honest. When I came to Chubb and I went to a party afterwards and someone said, "Well, what have you done, John, with your career," and I realized I had to say I'd been a politician, a lawyer and now I'm an insurance company executive, I tried to change the subject.


When September 11 happened, within a matter of days, the airline industry secured a limitation by federal law on its liability, defined by its insurance liability standards. So Congress essentially said, pay all of your limits but you don't have to be exposed to any liability. Even Mr. Silverstein, the owner of the World Trade Center, from Congress got a federal bill which limits his liability to his insurance proceeds. The insurance industry did not at the time ask for any assistance in paying these losses. We said, notwithstanding an unknown dimension of those losses, we will pay them. In fact, sitting here today, I'm very proud of the fact that we have and are continuing to pay all of those losses.

What we asked for was help against the next one, because these aren't insurable risks, they're government responsibilities to protect its economy and its people. It took us until November 2002, and only at huge political price, to convince Congress that they should provide a mechanism to soften the economic blow on the next event so that we can meet the promise in the same way we were able to do from our own assets on September 11. Absent TRIA, to be very candid with you, and in the event of a catastrophic loss in the order of magnitude of the World Trade Center alone, much less the greater one that we all know could happen, there are many companies in our industry who will not be able to honor that promise because they won't have sufficient assets to do it.

Last point of this. You know, what an underwriter generally does is try to dimension what the ultimate loss could be. How much is the building worth? What would it cost to rebuild it? How long will it take their operations to get back up in operation, so their business interruption? And we try to put a price to that. It sounds like a mechanical process but it's a fairly sophisticated process. And then what we do is try to price against the probability of that loss.

Now, in terrorism, we can generally dimension the potential loss. We can make a projection of how much is likely to be lost. What we can assess is the probability that that loss will occur. And unless that critical component of the underwriting process can be empirically demonstrated, one can't price the risk, and therefore if you can't price the risk you can't assemble the pool from everyone who wants insurance that allows you to spread the risk to the few who are hurt.

The fundamental proposition I'd leave with this commission is, yes, the insurance industry will do what its contracts oblige it to do. We'll do even more. We'll do all that we can. But it would be wrong to rely on insurance as the softening mechanism against economic terrorism that it was after September 11. We won't be able to.

MS. GORELICK: Thank you for your testimony.

MR. DEGNAN: Thank you.

MR. KEAN: Thank you, General. One last question, and that comes from Secretary Lehman.

MR. JOHN F. LEHMAN: Thank you.

Mr. Degnan, I have a double-barreled question, following on- to Commissioner Gorelick's question. As we examine the vulnerabilities and the inadequacies of the private sector emergency preparedness and crisis management, that the lessons are being drawn from 9/11, we face really two contending schools of what to recommend.

One is government mandates and regulation on compliance, other kinds of compliance such as corporate governance certification and so forth, on the one hand. On the other hand, seeking standards to become enforceable from the private sector. And the reason why the insurance industry is of such interest to us is, as one of the most regulated of industries, they also have evolved -- the industry has evolved some of the best standard setting and rating agencies, like ISO, Insurance Services Office, and so forth.

Does the structure exist within the insurance services industry and the industry itself to provide the kind of ratings such as you did after Hurricane Andrew and so forth for building code compliance to provide the answer to these concerns that we have, so that you'd have a direct mechanism for rating a skyscraper as complying in fire drills, building codes compliance, inspections and so forth? Or is it you feel we have to depend on the federal government to do this for our overall private sector property? Because we're going to recommend one direction or the other or some combination.

And the second, as a related part of the question, do you and your underwriting and your evaluation that you so effectively described in writing and underwriting for these kinds of policies, find a significant difference between regulated industries like utilities, on the one hand? Are they better at it because they're regulated, compared to other industries that are totally unregulated?

MR. DEGNAN: On your first question, Mr. Secretary, I believe that the expertise exists within the property and casualty industry today to devise consistent standards for conventional terrorism risks. We are, notwithstanding the highly regulated environment in which we work, though, fiercely competitive, and we are businesspeople ultimately. We find it sometimes very difficult to put that done to coalesce in one group, and we run some antitrust risk when we do, to say that there's a common set of standards against which we will all underwrite. So there are antitrust considerations to be taken into account and there are competitive considerations to be taken into account.

If, in combination with a federal regulatory entity or some other consolidating unit that was authorized to do that, I can say without any hesitation that the industry would be extremely eager to contribute collectively whatever expertise we have in handling losses in the past, or this one, to that process. And I do think that we would all be aided and better informed and that the country would be better off if there was such a set of standards that could be devised. While we have the expertise, I don't think we'll be able to do it on our own. So it needs to be in combination with others.

As to the second part of your question, without a doubt, in my judgment, regulated risks are easier to write. I made the point about financial services institutions, where every investment bank is required by the federal government -- every bank is required by the federal government to have disaster recovery planning and business continuity plans. That's one of the reasons, to be candid with you, that Chubb is such a large underwriter of financial institutions and why we were the second or largest loss provider or payer in the World Trade Center. These are our kinds of clients. We like them because they have those plans in place.

And, frankly, as large as our loss was, had they not had business interruption capabilities in place to get them up and running in 72 or 96 hours, our loss would have been much greater. The proof of the success of the underwriting to those kinds of preparedness levels is actually exhibited in the size of the loss that we incurred, which would have been much larger without that. I know less about the utility industry, but I'd hazard a guess, although we're not a large writer of utilities for other reasons, that the existence of disaster preparedness preparation, for example, with them and the increased security around their perimeters make them a more underwritable risk for the companies who do that today.

MR. LEHMAN: Thank you.

MR. KEAN: General, thank you very much for your time and for your testimony.

MR. DEGNAN: You're welcome.

MR. KEAN: Good work. Thank you.

MR. DEGNAN: Thank you, Governor. Members of the commission, thank you.

(Tape change)


MR. KEAN: -- and of the need for private sector engagement and preparedness, then the families of the victims of the attacks on 9/11. Two family members are here with us today to talk about their ongoing work.

Sally Regenhard and Monica Gabrielle have formed a Skyscraper Safety Campaign group, looking into the issues of evacuation, safety and building codes. Sally lost her son, Michael, age 28, of the Engine Company 249 and Monica lost her husband, Richard, who worked at Aon who worked in World Trade Center II on the 103rd floor. Sally and Monica are working with the distinguished advisory panel, as well as leading interested groups throughout the country to develop and implement changes to the fire and building codes, as well as evacuation procedures and firefighting technology for skyscrapers. They were instrumental in getting the Columbia University Evacuation Study of the World Trade Center off the ground and I believe they're going to discuss some of that today.


MR. KEAN: Good morning.

MS. GABRIELLE: My name is Monica Gabrielle. I am co-chairperson of the Skyscraper Safety Campaign and a widow of 9/11. I would like to thank Governor Kean, Congressman Hamilton and the commissioners for allowing me this very important opportunity to provide testimony regarding 9/11.

On the crisp clear morning of September 11, 2001, my concentration was abruptly shattered by the extremely loud and out of place sound --

MR. KEAN: Excuse me. Could you speak up a little bit, or put the microphone a little closer, one or the other? I think some of the people in the back are having a little trouble hearing.

MS. GABRIELLE: My concentration was abruptly shattered by the extremely loud and out of place sound of an airliner careening down the island of Manhattan. Minutes later, in my office, I was facing the inconceivable scene being watched by millions, black smoke pouring out of one of the World Trade Center towers. What separated me from the millions, my husband was in one of the towers and I didn't know which one. At 9:02, it would make little difference, as I watched the second plane swing around and slam into the second tower. Both towers were now hit and burning.

The shock setting in would be completely embedded into my being as I watched the first tower fall, now knowing it was Rich's building. It would be three days before I would get any information regarding what Rich had endured. He, along with a group of colleagues, was waiting on the 78th floor sky lobby for one of the express elevators when the second plane hit. The group and approximately 200 others in the sky lobby at the time were thrown around as the building swayed by the impact. Rich was hit by the marble walls, which fell on his legs, breaking and/or crushing them. He was pinned under the marble debris and unable to move.

He was waiting for rescue, most likely under the most gruesome conditions imaginable: fire, smoke, dead, dying, and quite possibly the sound of the building collapsing and falling apart. Imagine their relief when Battalion Chief Orio Palmer and Fire Marshall Ronnie Bucca appeared like angels to help them to safety. These unbelievable men were in the process of coordinating the evacuation of the injured when the building collapsed, stealing their last breaths, crushing every person still in there to death only 59 minutes after impact. They never had a chance.

In my voice, hear the voices of all the victims of the needless, horrible murder crying out. Let my voice, on behalf of all the victims, implore you to listen and listen well. Families left behind to suffer from the memories of this atrocity are too many. We have an obligation to the victims, the families and the citizens of the United States to look at what went wrong and to make sure we do everything in our power to ensure safety and security in buildings going forward.

We must first separate the events of September 11th into two categories: the terrorist attacks and the subsequent building failures, which alone encompass a variety of appalling conditions. Unbelievably, evacuation emergency preparedness were sorely lacking or totally non-existent on 9/11. This, along with critical flaws in the design and construction of the buildings, contributed to the ominous conditions occupants found themselves in, which ultimately claimed the lives of thousands.

I am here today to speak about evacuation emergency preparedness. On September 10th, I, like so many of you, had little knowledge in this area. I, like so many of you, entrusted my family's security and safety to others. That ignorance changed one day later. During the course of the past two years, I have been shocked to discover how very deadly that decision was. In order to properly move forward, we must first go back. As the World Trade Center began to accept tenants in December of 1970, it was fairly common knowledge among those close to the project that there were inherent problems, safety issues, if you will.

The construction of the buildings would be termed fragile by their critics, the fire service, the very service commanded to protect it. The towers shot upward into the sky to the height of 110 stories, a quarter mile. They contained lightweight floors, acre-large expanses of open floor space, substandard fire proofing. The thinnest, lightest steel would be found at the top. Worst of all these innovative, experimental, mammoth buildings were constructed and opened without any automated sprinkler system installed in them.

Subsequently, in any major fire, the risk would be great. There were no fire barriers on these acre spans of open floor space, no water, still the best measure against fire. Any fire was free to spread and spread quickly. The potential occupancy of each tower was 25,000. Each tower had only three staircases, clustered in the center core of the building, along with the elevators, and contained no cement or masonry. The only protection afforded in any emergency or evacuation, whether stairs or elevators, were two layers of fire rated gypsum board, or drywall.

The World Trade Center, over the course of its life would have numerous incidents which would give the Port Authority the opportunity to address the very serious challenges regarding the safety and security of the occupants. As would become all too evident, the strategy of defend-in-place would not work in any major fire in these buildings. Their inherent design flaws, and most importantly, the inadequate, untested fireproofing would require full evacuations each time.

Unbelievably, with all the warnings, the Port Authority, in its arrogance, claimed that these were indestructible buildings, never prepared the tenants for that eventuality. On September 11th, this negligence would cost the lives of thousands and the faulty fireproofing would play a major role in bringing the buildings down.

Before midnight in February of '75, an arson fire was started at the Trade Center inside a closet with switching -- telephone switching equipment, cabinets filled with paper and fluid for office machines. This, combined with the open floor design, allowed a fire to get out of control very quickly. It would take 132 firefighters three hours to finally put it out.

Fire Commissioner O'Hagan stated at the time, "Had the building been fully occupied, and given the stack action that exists in this 110-story building, the rescue problem would have been tremendous." Although it was night, everyone had to evacuate, the maintenance workers, cleaners, security. Pressure was applied and the Port Authority made some concessions. They installed more walls and doors on open floors, they improved some of the alarms and communications, they installed fire smoke detectors. Yet the one sure thing to help control a fire was ignored: water. The sprinkler systems were just too costly to install.

In '81, the Trade Center towers had another scare. A Boeing 707 on its way to JFK International Airport missed hitting the tower by a mere 90 seconds. What had been speculative was now a reality. One of the risks to the towers and their occupants now included the danger of collision by a commercial airliner and fire from its jet fuel. During the '80s the Port Authority finally set the funds aside and started the sprinkler installation which would happen over the course of many years.

In '84, with growing concern with the global climate and terrorism, Peter Goldmark, who was the executive director of the World Trade Center at the Port Authority at the time, ordered a report on the vulnerability of the towers. The Office of Special Planning was born and charged with the task. Appointed to oversee the project was Edward O'Sullivan. He spoke with many domestic and international intelligence agencies and conducted a top to bottom investigation of the towers and assessment, and it was clearly evident that there were numbers of vulnerabilities. The danger for a potential bomb in the parking garage, a plane hitting the towers, even a building collapse was a serious concern.

When they questioned Leslie Robertson, the original structural engineer, with this concern, he claimed that the towers were Gibraltar. By the time the report was eventually completed, Mr. Goldmark had left the Port Authority. He was no longer there. Consequently, the excellent recommendations of eliminating the public parking, or at the very least doing random checks of cars coming into the garage, dispersing the emergency centers, installing better internal radios, battery powered lighting, more video cameras, these were all ignored.

The poor decision making about the recommendations would come back to haunt the Port Authority on February 26th in '93, when a bomb did go off in the sub-basement, as had been feared. The lack of additional security in the parking area allowed the van loaded with explosives to enter. The lack of emergency lighting made the evacuation of thousands a terrifying experience. The lack of the proper venting, the stack effect, caused the life-threatening risk with the smoke that eventually covered the entire towers.

During the '93 evacuations, the lack of preparedness was blatantly evident. People didn't know what to do, they didn't know where to go. The standard optional drills which consisted of moving to a designated area, going down two floors and waiting for instructions, the defend-in-place strategy, didn't help in this extreme circumstance. The evacuation lasted over 10 hours and the buildings quickly filled up with black acrid smoke. Everything went out, lights, ventilation, elevators stopped, trapping people in the cars filled with smoke.

Some tried to walk down to safety, only to return because it was too smoky to come back -- to go all the way down. People were absolutely terrified. Those who knew the building's construction well, the Port Authority engineers, they were able to dig their way through the gypsum board with keys and nail files and escape from a stopped elevator. Others went down through dark smoky stairwells holding on to the shoulders of the person in front of them. The stairwells quickly become crowded as people from other floors entered.

Several were rescued by helicopter off the south tower. After the '93 bombings, some safety improvements were made. Battery operated emergency lighting was installed in the stairwells, luminescent paint was added. A separate emergency command center was put in each building. The ever inadequate and in some places non-existent fireproofing was finally to be increased to one and a half inches, three times the amount that was currently on the trusses. This was to be done as tenants moved out. It would set a potential timeframe for completion at over 10 years. At 9/11, it had not been completed.

For most, the years following the '93 bombing resulted in complacency. For Morgan Stanley, more vigilance. This company took the initiative to make sure its employees knew exactly what to do if there was ever another emergency. The only way to accomplish this was to practice, practice and practice. As a result of the constant drilling, on the morning of 9/11, the only casualties Morgan Stanley sustained were those of the employees going back to help others. So far, each and every incident that occurred at the Trade Center was an opportunity for an honest, critical look at the safety of the buildings, at the evacuation and potential problems with the evacuation of getting nearly 50,000 occupants out quickly.

It was an opportunity to address these things in order to minimize injury or death in the event of another major catastrophe. The bombing in '93 was a major indication that evacuation of these buildings was a very real problem and a comprehensive plan needed to be drawn up, fine-tuned, disseminated, implemented and practiced. An enormous task to be sure, but these were enormous buildings and they brought with them enormous responsibility.

On the morning of September 11th, the first day of school and primary voting would delay many, thereby saving their lives. Unfortunately, many, too many, were at their desks. Occupants of the towers consisted of the usual diversity, employees, people from branch offices for day meetings, companies conducting breakfast meetings, visitors, messengers. When the planes hit the towers, they virtually sliced right through the buildings, penetrating the soft curtain with little to no resistance, taking with them all means of escape above the impact zone in tower one and leaving a lone and barely known about stairway open in tower two.

What happened in those towers is unforgivable. Untold numbers were instantly killed because they were in the direct path of the planes. Those at and above the point of impact in tower one endured unimaginable conditions, as is evident by the number who chose to leap to their death. Others tried frantically to escape, only to learn that every potential access to safety was closed to them, the stairwells were gone and the elevators were gone. Unable to go down, the soon-to-be victims went up. Up to the roof where they encountered locked doors. No one had bothered to tell them that rooftop rescue was no longer an option. Their only escape and chance of survival would have been a rooftop rescue. They waited for help that would never come, a quarter mile above ground.

These innocent souls stood at windows waving to attract attention hoping and praying that someone would reach them in time. Last calls were made, final messages were sent. Too smoky, can't breathe. Should we break a window? What should we do, where should we go, how do we get out?

In tower two, similar events were occurring. The difference, tower two had a critical 15-minute window of opportunity to evacuate, a missed opportunity to minimize the casualties. Instead, occupants were told to stay, to go back. Many already in the process of leaving the building turned around, trusting the announcements that the building was secure. That decision would cost them their lives. Once again, untold numbers were killed by the planes.

Once again, others would find themselves searching for a way out only to be met by locked doors, stairwells that were destroyed, elevators that didn't work. Some were trapped in offices. Again the roof was sought as a point of rescue, again locked doors, wasting precious minutes going up, instead of finding the one lone staircase left, never having been told the rooftop rescue wasn't an option. Again, final messages were sent, too smoky, can't breathe. The ceiling is falling in, the floor is giving way, the stairwells are blocked, the stairwells are gone.

Some of these soon-to-be victims were on phones with loved ones, pleading for information and options. No communication from the Port Authority was forthcoming. Innocent victims sitting in offices waiting for instructions on what to do, most likely contemplating their fate. Innocent victims waiting for rescue, all of them perished, many while still on the phone with their loved ones. These memories will haunt us forever.

At present, there are two investigations of the World Trade Center being conducted. Congress has charged the National Institute of Standards and Technology with the daunting task of conducting a federal investigation into the building failures. Columbia University is conducting an evacuation study. These investigations, along with others around the world, will hopefully submit very concise recommendations which will address the safety and security of occupants in buildings. It is our hope that this commission will push to make sure that those recommendations end up fast-tracked into best practices.

It is our hope that this commission will make an irrefutable statement that it is imperative for all concerned, real estate, architects, builders, code groups, fire service, and advocates for safety to speak in one voice to ensure that recommendations become mandates quickly. It is our fervent hope that the first obvious recommendation issued by this commission is the immediate removal of the immunities to critical building and fire codes, the bare minimum standards, which are currently still enjoyed by the Port Authority in the construction of the new World Trade Center as I speak to you now.

Safety concerns need to be addressed before construction begins, not after. Economic gains cannot be allowed to dictate what those safety measures will be. Emergency preparedness cannot be allowed to remain a vague notion. We must educate all citizens to be able to get out of a life-threatening situation quickly. We must provide them with the tool, knowledge. The responsibility must rest with anyone potentially affected, building owners, building managers, tenants, employers and employees.

In closing, I would like to say that prior to September 11th, I was simply a wife and mother. My life's goal was never to be a public spokesperson or advocate; however, that horrible day has changed my life dramatically. I am honored to be heard on behalf of all the families whose lives will never be the same.

I sincerely hope that this commission understands a legacy of truth, accountability and reform is the greatest tribute to all the innocent victims of this tragedy. The time has come to address the deadly mistakes of 9/11. A safer environment for our children and for all of America will be a direct result. We now look to you for leadership. Thank you.

MR. KEAN: Thank you very much.


Ms. Regenhard.

MS. SALLY REGENHARD: Good morning, Chairman Kean, Vice Chairman Hamilton and commissioners. It is an honor to address the 9/11 Commission today. My name is Sally Regenhard and I am the founder and chairperson of the Skyscraper Safety Campaign.

The Skyscraper Safety Campaign was created in December 2001 by the Regenhard family, in memory of my beloved son, Christian Michael Otto Regenhard, a 28-year-old probationary firefighter, who remains missing at the World Trade Center, along with his entire engine company, 279, to this date. He is one of 17 probationary firefighters lost at the World Trade Center and is one of the 45 percent of victims whose remains were never found. I brought a picture of him today because pictures of the victims I know inspired this wonderful commission. And I brought his picture today to represent all the victims, whether uniformed or civilian, and I know that you will keep them in mind as you go about your most important work.

The goals of the Skyscraper Safety Campaign are: first, to have a federal comprehensive investigation with subpoena power into the collapse of the World Trade Center, this investigation is currently going on; secondly, to encourage better compliance with building and fire codes in New York City and nationwide; third, to educate codes groups to allow the fire service to have more input into the writing of building codes which now, sadly, is not the case; fourth, to ensure that all future World Trade Center development by the Port Authority of New York and New Jersey will be characterized by safety, quality, security and will be under the legal jurisdiction of New York City building and fire codes.

My remarks today will focus on the skyscraper safety issues of 9/11/01. On 9/11, the cloak of competence was pulled off the city of New York. On that dreadful day, we found out how ill-prepared we really were, and this knowledge came at an awful price: the needless death of nearly 3,000 people, 343 of them firefighters, including my beautiful son, Christian.

On 9/11, the city of New York and the Port Authority of New York and New Jersey had no plan for terrorism, despite the fact that the World Trade Center was previously attacked in 93 with deadly consequences. At that time, the terrorists vowed to return to, quote, "finish the job," and they kept that promise on 9/11.

The widespread failures in evacuation procedures, building code issues and emergency communications became a prescription for disaster at the World Trade Center. Despite propaganda to the contrary, the Port Authority, a bi-state agency which built the World Trade Center and is totally immune from all local building and fire codes, really had no evacuation procedures in place at all. They said they did training, but the fact is that evacuation was left up to the individual tenants, not to the Port Authority.

The majority of the occupants who survived felt that they were improperly trained or not trained at all. If they were trained, they would never have gone up to the roof to try to escape. All those who made that crucial mistake paid dearly with their lives. If they were properly trained, they would have known that access to the roof was impossible because of two locked doors that were only accessible to maintenance workers with keys. The inadequacy of codes to ensure safety of persons in high-rise buildings became glaringly apparent on 9/11.

In 2001, the New York City building codes, as well as all model codes throughout this country, treated a 100-story building with the same guidelines as a 10-story building. No fire drills with full building evacuations were ever mandated, and the World Trade Center occupants were just as totally unprepared for a mass evacuation as they were during the 1993 attack. New York City codes allowed a building designed to house 25,000 people to have only three staircases for emergency escape. It allowed gypsum board walls in stairways, which at the World Trade Center collapsed under impact and pressure, trapping fleeing victims.

New York City codes allowed many or all of the high-rise buildings stairwells doors to be locked, trapping fleeing victims when stairs collapsed and preventing firefighters from gaining timely access to floors where people needed to be rescued. The unfortunate truth is that today, very little has changed in the area of building code reform throughout this country, including few extra safety measures for high-rise buildings.

But any discussion of the New York City code is completely irrelevant to the World Trade Center because these buildings were and remain above the law. The Port Authority's buildings were totally immune from every single New York City building and fire code and were subject to, quote, "the Port Authority's own codes," which remain a mystery to this day because no one has ever seen them. The Port Authority repeatedly claims that they, quote, "meet or exceed New York City codes;" however, history has shown that this is a falsehood. No high-rise building of 100 percent bar joist floor construction before or since the World Trade Center has ever been allowed under New York City standards and practices.

According to the NIST WTC collapse investigation, there is no evidence that fire tests were ever done on the fireproofing of the World Trade Center. This is a glaring example of lack of code compliance, to say the very least. Finally, the untested fireproofing was grossly inadequate, a clear violation of New York City codes. However, since no FDNY violations can be issued to such a, quote, "immune building," no codes violations were ever served on these dangerous buildings. Indeed, the FDNY had no jurisdiction in the World Trade Center, but paradoxically they were required to risk and eventually lose their lives in these buildings.

One of the most tragic and abominable failures of 9/11 was the total breakdown of emergency communication and coordination in the World Trade Center. Lacking any real plan for terrorism and lacking a unified command structure, the Port Authority, NYPD and the FDNY operated basically separately on 9/11. For the most part they did not and could not communicate with one another.

The FDNY generally could not even communicate among their fellow firefighters. Numerous newspaper articles, interviews and 9/11 tapes have evidenced this fact. The fact that my son and his FDNY brothers were sent into the World Trade Center with radios that did not work in 1993 and were no more capable of working in 2001 resulted in evacuation orders which were unheard and therefore unheeded, a fact that surely contributed to their deaths.

In an effort to minimize the atrocity of the deaths of 343 firefighters, heroic urban legends were promulgated by leaders, such as the former mayor of New York, and others who still claim to this day that, quote, "25,000 people were rescued by the FDNY in the largest rescue effort in world history." To the contrary, evacuation specialists and researchers have determined that the true number of occupants who escaped that day was closer to 7,000 people per tower, a total of 14,000 people.

The sad truth is that whoever could get out, did get out. And while the FDNY valiantly entered these buildings to save lives, it was an impossible and deadly situation. They were essentially sent in to an inevitable death, with radios which did not work. To this day, no one has been held accountable or responsible for these massive failures of the public trust.

Since 9/11, we are moving in the direction of change, but far too slowly. Generally, we are crawling, instead of running, towards change. One outstanding exception to this situation is the New York City Department of Buildings and its World Trade Center Building Code Task Force, which is effecting sweeping changes and reform for New York City's building code.

In February of 2003, this proactive department of the Bloomberg administration approved comprehensive safety measures, such as the temporary outlawing of bar joist floor assembly, commonly known as truss construction, which characterized the World Trade Center, in high-rise buildings. They are also calling for the hardening of cores of stair cases and elevator banks, the retrofitting of sprinklers in older buildings, and other safeguards which will be incorporated into the New York City building code. As the Skyscraper Safety Campaign praises such actions, however, we are greatly dismayed that there is still unbelievably widespread resistance to national reform.

One example of this is the fact that all model codes still treat a 100-story building with the same guidelines as a 10-story building. Another example is evidenced in the recent failures of a codes group to initiate basic fire safety reform through the widening of staircases in new high-rise buildings.

For example, the National Fire Protection Association, the NFPA, recently had the opportunity to effect a code change of widening staircases in newly constructed skyscrapers by just 1 foot, yet failed to do so. Who can forget the stories of narrow congested stairwells in the World Trade Center, where it was impossible for firefighters to go up while people were fleeing for their lives, and vice versa?

Scores of still photos of persons evacuating demonstrate that occupants had to stop and turn sideways every time firefighters passed them on the way up because the stairways were so narrow. How many of those deadly 110 stories did my beautiful son climb up on that dreadful day, against the tide of frantic desperate people, fleeing for their lives. Whose child, husband, parent or sibling could have escaped by fleeing more quickly down a wider staircase? Did my son somehow get word of the order to evacuate but could not because he, like the other desperate people, was jammed into a too narrow staircase with a frantic sea of humanity trying to run for their lives? What unspeakable horrors led to the brutal deaths of nearly 3,000 people in those buildings that day?

The cruel reality is that I will never know the answers to these devastating questions, but I do know that a staircase that is 1 foot wider can save a life. Most regrettably, the NFPA yielded to special interest groups and did not pass this most basic building code reform.

The Skyscraper Safety Campaign now requests that the leadership of this fine commission becomes a catalyst for most needed code change throughout this country. The recent fires in Rhode Island and Chicago illustrate that disasters which happen locally should have national implications for change and reform, yet they nearly always remain a local issue.

One example of this is the Seton Hall New Jersey dorm fire disaster, which resulted in widespread reform in fire safety and sprinkler installation for college dorms in New Jersey, but not across the country. I appeal to this commission to further the cause of the skyscraper safety by doing the following.

First, closely monitor the National Institute of Standards and Technology, NIST, investigations, findings and recommendations, and encourage new coalitions of public-private partnerships with a goal of adopting these changes for the purpose of code reform and enhancement of fire safety and evacuation procedures for all buildings.

Secondly, make sure that the NIST recommendations for code changes are quickly adopted. It now can take from three to six years to change codes and practices. We cannot wait that long to safeguard the American public. There must be a national perspective from all disasters like the World Trade Center, the Rhode Island fire and the Chicago fire. We need the shepherding of this 9/11 Commission to effect timely code change, led by the International Code Council and the National Fire Protection Association.

Third, invite the two key organizations which control public safety in buildings in this country, the NFPA and the International Codes Council, to testify at your commission as to specifically how they are positioning themselves to quickly move forward on anticipated NIST proposed code changes. The Skyscraper Safety Campaign has established a relationship with the International Codes Council and we look forward to working with both the NFPA and the ICC with the goal of widening staircases and incorporating many other safety reforms into these codes.

Fourth, invite the General Services Administration, the GSA, and the Building Owners and Managers Association, BOMA, to testify as to why they oppose the widening of staircases in new high-rise buildings, under the proposed NFPA code changes which were defeated.

Fifth, encourage reform and codes groups to allow greater participation from the fire service and fire professionals in the field of codes and practices. Allow the profession of fire protection engineering to have responsibility for fire proofing and fire safety issues in building construction. At present, architects, who are not fire experts, have this obligation.

Sixth and last, require that the Port Authority of New York and New Jersey rebuild the new World Trade Center under the legal jurisdiction of New York City building and fire codes. We need a set of national codes and standards with input from the fire safety professionals for all buildings, including governmental agencies. There should be no exemptions for any agency or authority, and the Port Authority of New York and New Jersey should not be allowed to rebuild the new World Trade Center under their immunities from local building and fire codes. No building should be above the law when fire safety is the issue.

To conclude, please keep in mind that no reform codes and no method of enforcement will be of any value to safeguard the American public unless there is a system of accountability and responsibility in place. We need this for the effective safeguarding of human life in all buildings and especially for the failures of 9/11 in New York City. There was a wholesale betrayal of all those in the World Trade Center and all the rescue workers who ran into a hopeless situation with radios that did not work.

The former mayor, fire commissioner and police commissioner of New York, as well as the Port Authority of New York and New Jersey, are just some of the individuals who must be questioned by this commission regarding what happened to New York City on 9/11 and why the greatest city in the world was so totally unprepared for this terrorist attack, despite warnings. Accountability and responsibility are the hallmarks of a democratic society. Without a system of accountability and responsibility for all public and private officials, there will be no real impetus to change an irresponsible system like the one that characterized the city of New York and the World Trade Center on 9/11.

In closing, I would like to tell you that the writer, Gertrude Stein, once said that, "the dead speak to us." Members of the 9/11 Commission, the dead are speaking to us today. They are asking you, by your work, to give others the gift of life through accountability, responsibility, change and reform. The dead are speaking to us. I hope that you will listen to them. Thank you.

MR. KEAN: Thank you both very much for that factual and very moving presentation.

Secretary Lehman?

MR. LEHMAN: Thank you, Ms. Gabrielle, Ms. Regenhard. Thank you very much for all you've done, first in being very key in bringing this commission into existence, and as importantly, guiding us from the very first day and assisting our staff and us in understanding these issues and guiding the inquiry so that it will, indeed, we are confident, make the kind of difference that you and your efforts deserve.

I have a number of questions, but since my colleague Tim Roemer was one of the principal authors of this commission, I'd like to ask him to begin with a question.

MR. KEAN: Congressman Roemer?

REP. TIMOTHY J. ROEMER: Thank you, Mr. Chairman.

Thank you, John, for that courtesy.

Although very difficult to follow up on what you both have said, if I may, Sally and Monica, thank you so much. I know how difficult -- I can maybe imagine how difficult it is for you to get before the commission and tear open the wounds that you continue to feel so often with respect to Rich and Christian, and we very much appreciate you being here today.

Gail Sheehy has written this book about 9/11 and in it she talks about the heroic acts, the courage and the bravery of people in the towers and those people that assisted others in coming down, despite the un-preparedness of some of the companies involved in not having evacuation plans properly in place, despite not enough planning after the Trade Towers were attacked in 1993, we saw real acts of courage and bravery. And I put your testimony and the families that are here today in the same category. Thank you so much for helping us create the 9/11 Commission. Thank you so much for helping us in having the Joint Inquiry be successful in making certain recommendations to hopefully make the country safer, and thank you for what you are doing for this 9/11 Commission.

My children asked me why I was coming up here today, and what we hope to accomplish in a hearing like this, and as the Chairman has said in his eloquence in his opening statement, when 85 percent of the critical infrastructure is controlled by the private sector, the people in those buildings are the targets for the next terrorist attack. What do we do about this? How do we try to do some things to make this country safer from the terrorist attack that we know is coming next? And you are here today to talk about that, to advise us, to show us through your knowledge and your frustration and your anger what this 9/11 Commission might be able to do in the future, and we're very grateful for that advice.

I want to ask you specifically with respect to the tragedy on 9/11. You travel the country. You have gone to Indianapolis, Indiana, my home state, and you have made presentations there not just about what terrorism's threat might be to us but what inadequacy there is in the uniformity of our building codes, how no building should be exempt from those codes, whether it's in New York City or Indianapolis, and how we need a better set of standards and code enforcement today in America. While our intelligence communities are trying to get better in coordinating and communicating information, they're not nearly there yet. We haven't seen some of the same progress in this area.

You are very frustrated by that. Could you tell me, Sally and Monica, just very briefly in my first question, what did you say to the people in Indianapolis at this conference? What recommendations will you make in the future and are we making any kind of significant progress if you continue to do those kind of conferences across the country, even before we make our recommendations on the 9/11 Commission?

MS. REGENHARD: Well, one of the conferences I attended was the FDIC conference, which is the Fire Instructors Conference which is held yearly in Indianapolis, Indiana. This serves thousands of firefighters, both professional and volunteer, and their instructors, and it's really a place to showcase the latest innovations in firefighting techniques and fire safety. When I addressed this large, large group, I asked them first of all to take a stronger role in advocating for fire safety and the strengthening of fire codes.

The fire service has really been the last group to be -- to have a voice. They are a stakeholder in the area of fire safety and in codes, but they're the last group to have a voice. I asked them to stand up, to insist at their unions, that their national and international organizations which purport to represent firefighters throughout this nation and even throughout the world that the firefighters need to contact these people and tell them, get involved in strengthening building codes, get involved in firefighter safety. Because a firefighter will not be able to save the public unless they have the training, technology, equipment and they are backed by stronger fire codes.

I also appealed to them to recognize that without accountability and responsibility, we're not going to make progress. That has to be the overriding situation. I would appeal to you and to all groups that there has to be a public-private partnership, but it can't be on a basis where if a company feels like being safe, they will be safe. We have to have this commission, which -- I look at this commission as really the last chance for the families of the victims and for the future of the safety of many people in this country on many levels. But when it comes to code change, no one has been able to do it. I spoke to firefighters from Indianapolis to California, and they all shared the same information with Monica and myself, and that is, please help us, we're counting on you.

I get so shocked when I am told that firefighters, fire departments are counting on us and the Skyscraper Safety Campaign. And just to illustrate this, I want to briefly read you a brief email that I received in the aftermath of the Chicago fire from a lieutenant in the Chicago Fire Department. "I am a lieutenant in the Chicago Fire Department. I came across this site, your Skyscraper Safety Campaign site, and I would like to know more about your organization and how it might help the firefighters and the citizens in Chicago." This is a lieutenant on the Chicago Fire Department asking me how I can help them. This shows you the state -- (tape change) -- such as yours, because in the past codes groups are so diverse, there's no standardization --

MS. REGENHARD: (In progress) -- but it's dialogue. But please don't forget it's accountability and responsibility, whether that's of governmental elected officials, governmental agencies, the private sector. Without that, there will be no impetus for real change.

MR. ROEMER: Thank you, Sally.

Monica, if I could ask you a question. Today we're talking about code enforcement and code recommendations as they affect buildings, and trying to make sure that we have certain codes that protect our buildings, and buildings and organizations are not exempt. And we're talking about the width of stairwells and fire code safety and sprinklers. On standards, we're talking about evacuation plans.

I got on a plane to fly from Washington DC up to Newark last night, and it's standard for them to tell us how to get out of that airplane if something should happen. Some people listen, some people don't. And we were given this today about how to get out of this building, should something happen.

In the World Trade Center, in a 100-story building, there was in some instances little or no preparedness for those workers to have an evacuation plan to get out of that 100-story building. What can we do about this standards issue in the future? And especially I want to ask you, if the NIST study comes out in August of '04 and we're supposed to be done, if we can get done, by May of '04, and we make our recommendations in the spring or the summer but the NIST study is after that, I would hope that we would continue to work with you, even anticipating what NIST may say in making recommendations on the standards side. But if you could speak to that in terms of the timing and in terms of what recommendations you all may make to us, I would appreciate that as well.

MS. GABRIELLE: The NIST investigation I think is going to probably come up with pretty much what is already obvious, but I don't think there are any smoking guns. It's obvious that you can't get people out of a 110-story building quickly, it's obvious that there was no preparedness training. It was an optional event that you could participate in or not participate. I think going forward, we have to make evacuation drills mandatory, no questions asked. There are no more options. The only way that you get out of a building or you know what to do is by practicing, so in the case of a panic situation, you're going to do things automatically, and that's, you know, I think a given.

And we have to draw from all sectors. I think it goes -- it's got to flow from top down, starting with the CEO setting an example, and bottom up with the employees taking some initiative for their own safety, and somewhere in the middle come up with the perfect plan. What it is, I don't know. I just know that it's a very critical thing that needs to be looked at.

MS. REGENHARD: I'd like to add also I'd like to see a change in building codes, which now allow stairways of skyscrapers and all other buildings to be locked. There are different guidelines and certainly later on today you will be speaking to some experts, such as our eminent Professor Glenn Corbett, a resident of New Jersey I might add, and someone who has brought the excellent practices and fire code issues of New Jersey really to the table in New York, and I want to thank you for him. I want to thank New Jersey for giving us Professor Glenn Corbett and many others of our New Jersey-based advisors.

But right now, in building codes throughout this country, you can lock all the stairways' doors of a high-rise building if you have a sprinkler system and if you have some other systems in place. That should be eliminated immediately. Industry says you have to lock the stairway doors because of theft and so on. I say put closed-circuit cameras in those staircases, leave those doors open. Observe what's going on with closed-circuit cameras. And that's even an enhancement to fire safety, because if you're in a high-rise building and you have closed-circuit, you can see what's going on up there on the upper floors. Locking doors is an abomination.

Right now in the city of New York, we can -- only every fifth door I believe needs to be unlocked. In the World Trade Center, that was -- it was a disaster, but the -- when the flames hit the buildings, the buildings shifted and all those doors which were locked and supposedly could have been unlocked through a central system were not able to be opened. Locking doors is deadly. And I must tell you, recently I was at a meeting concerning -- the Columbia Evacuation Study -- concerning concerns of the World Trade Center in a very older solid landmark building in New York City on Fifth Avenue. It was a five-story building. I like to take the stairs, so I just ran down to try to get down to where I needed to be, and I was locked in the staircase. I was locked. I went to every floor and then I saw the sign saying, no reentry. You can't get back.

You know, that is a glaring example of the fact that we need to change our codes. We need to change them immediately. We have to prohibit the locking of stairwells. I can't think of anything worse than being locked in a stairwell. In my own example, it was a very large stairwell, it was very well lit. It was not during a fire, a panic, the lights were not out. My goodness. You know, I try not to think about what happened in those buildings because it devastates the families of the victims. But, you know, one of the things we have to do is stop the locking of stairwell doors.

MR. ROEMER: Sally, from that personal experience, it just continues to bring up factually that we have not made enough progress in these areas over the last two years. And when Professor Corbett testifies or talks to our commission later on today, having read his testimony, he looks at standards and he looks at code enforcement as kind of a ruler, and says, here's how we measure our progress in these areas. And too often times, that measurement is absolutely insignificant and insufficient today. And we are very grateful for your continuing to go out there on a daily basis and try to make the code enforcement and the standards for evacuation plans right, front and center, in every city in the country.

Monica, let me ask my last question for you, and it goes to what you said in your testimony. On these ways to measure our standards and our effectiveness in these standards, you mentioned Morgan Stanley as somebody -- as a company who did do some things right. After 1993 and the World Trade bombing there that killed -- or wounded 1,000 people, and some things were done properly then for evacuation plans. What kinds of things did Morgan Stanley do that we would like to see in a measure of better standards set forward for more companies to achieve in the future?

MS. GABRIELLE: Well, I think it's clear that the defend-in-place strategy doesn't work, it doesn't exist, not when you have a high-rise because you just can't get people out. Morgan Stanley practiced evacuation, and I think what we need to do going forward is you have to have an assessment of the building. I mean, everything is going to be different from another -- depending on how big the building is and where you are in relation. And as Sally said, stairwell size is critical because you have that flow of bodies moving into the stairwell, and the further down you go, the more people, and it's going to bottleneck. And we were also in an evacuation, and that was horrifying.

We have to come to the table with all the people that are responsible, the architects, the structural engineers, and address these things before a building is built, and put the safety factors and be innovative and see what's out there. There are elevators that are supposed to be able to be used in fires. These are areas that we need to look at and, you know, bring everybody in to look at these things before a building goes up and put the value on the safety issues, on the structural integrity of the buildings and not the economic gains. I mean, those will come. If everyone does the right thing, the economic gain will be a byproduct.

MR. ROEMER: I just want to thank you again as I hand the questions back over to Secretary Lehman for all your help through the last several years in all our efforts to try to improve not only this but the intelligence and the policymaking and a better response from our country to 9/11 type activities and future terrorist attacks. Thank you again so much.

MR. LEHMAN: I have lots of questions but I know we'll be working closely together, so I'll save most of them for then. I would just like to ask both of you if you would -- now you have a large public forum, you certainly have our very close attention this minute, and I think you have a very large television audience across the nation today. Would you, for the nation, give a report card briefly on a number of important organizations and people that you're talking with? And I'd like you to give it in one of three categories: they're obstructing, they're ignoring, or they're helping.

First, let's start with the federal government, and particular OSHA. The Occupational Safety Hazard Agency is supposed to be in charge of these kinds of issues. Obstructing -- I'm talking about today, not before 9/11. Today, in working with you and as you observe, obstructing, ignoring or helping?

MS. GABRIELLE: It's interesting. OSHA, as we've learned, or come to find out, is reactionary. They respond to complaints, which you wonder why they're there. It's ineffective. They don't do a good job, if anything. What I have here, as a matter of fact, are letters that were sent by the families to OSHA after 9/11. Under normal circumstances, there should be an investigation. What we were told was that because the buildings are no longer there, there won't be one. You know, the companies are still there, the practices can be researched. So, you know, we can do away with OSHA.

MR. LEHMAN: Sally, you agree with that?

MS. REGENHARD: Well, I must say that, you know, keeping in mind that nearly 100 families of the victims felt strongly enough, were outraged enough by what they felt was the flagrant safety violations under which their loved ones worked in those buildings. They wrote these complaints to OSHA will full faith that they would be looked into and either fines or criminal penalties would be issued. And in a startling break with precedence, OSHA announced that in the case of the World Trade Center, there would be no investigation, there would be no inquiries and there would be no fines or criminal penalties. So we are aghast really.

Since that time, the only interaction we've had with OSHA is trying to get copies of these letters. I'm very happy to say after two years we got the copy. I think Monica Gabrielle received the copy the day before yesterday. So I'm really perplexed. I don't have enough information. I'm just not sure what to say about that setup. I would say, however, that any agency that doesn't have enforcement to back it up, I'm just -- I don't know the value of it. I'm not sure.

MR. LEHMAN: So you give them -- you both give them an F for their current effort. Let's go onto the mayor of New York. Obstruct, ignoring your efforts or helping your efforts?

MS. REGENHARD: Well, you know, if we're talking about the present mayor --

MR. LEHMAN: The present mayor. I'm talking about present in all cases.

MS. REGENHARD: Okay. If we're talking about the present mayor, I have to say that I'm known -- most people realize that I'm not a person who gives gratuitous compliments to elected officials -- (laughter) -- to say the least. However, I have to say that the Department of Buildings, under the Bloomberg administration has taken a leadership role and has been, in my opinion, one of the only departments of city government that's taken a leadership role in responding to these terrible failures of 9/11.

The Department of Buildings, Mayor Bloomberg's Building Code Review Task Force was open enough to allow the Skyscraper Safety Campaign and our wonderful advisors and professors of fire protection, fire science engineering, to come in to address their group, to help -- to give input into their reforms. And some of our advisors are still on the technical committees. To me, who was been banging on the door of the government for two years, to me that's the only agency under the Bloomberg administration that's really -- locally, that's ever opened the door. Certainly, you know, this commission has to a great degree. So I would give the Bloomberg administration, regarding their building code work, I have to give them a --

MR. LEHMAN: Helpful?

MS. REGENHARD: I have to give them -- because they're the only ones that have done anything proactive. I'm going to give them an A.

MR. LEHMAN: Monica, do you agree with that assessment?

MS. GABRIELLE: I'm not -- you know what, there's no room for improvement, and I'll give them a C plus, you can try harder.


MR. LEHMAN: Okay. I'd like to then -- in the interest of time, because I have eight more agencies I want you to rate, if you could just answer fail, pass or an A, okay, because I'd really like to get your views on them. The Port Authority?



(Laughter, applause.)

MR. LEHMAN: One of the more powerful groups in New York City, the commercial real estate owners?

MS. REGENHARD: I'd like to give them an incomplete actually, because after years of resisting codes improvements and safety improvements, I see that they are slowly coming to the table and expressing interest in this new field of safe buildings. So I really -- I'd like to give them an incomplete. I'm cautiously optimistic. It remains to be seen.

MR. LEHMAN: Building managers?

MS. REGENHARD: I'd have to say the same thing. You know, I know that they are slowly coming to the table. However, this national BOMA, Building Owners and Managers Association, is one of the groups that effectively derailed the opportunity to have a staircase 12 inches wider. So I have to say for that I'd have to fail them, but hopefully for their willingness to come to the table and change their opinion on that, I'll give them an incomplete.

MR. LEHMAN: The Architects Governing Group?

MS. REGENHARD: Well, architects, I have great respect for architects. The Department of Buildings is top-heavy with architects in the city of New York. I think in general they are on a higher level, they want to do the right thing, they are very talented people, but they don't -- they know very little about building safety -- fire safety, rather. Architects want to learn how to build a safe building, but you know, the way it stands now, they really don't know.

So I will give them -- I'm going to give them, you know, an A for effort, but we have to change the system. Fire protection engineers need to have the responsibility for fireproofing and putting safety into buildings. So I'll give them A for willingness, but as far as their ability to build, you know, a safe building that's very well fire protected, I'm going to have to give them a C because they just don't know how to do it. It's not their fault.

MR. LEHMAN: Overall the business community that would make up the tenants, the large corporations, are they helping or --

MS. REGENHARD: Until we have accountability and responsibility, you know, for their fire safety plan, for the responsibility for the people in buildings, you know, I'm just going to have to give them somewhere between a C and a D. I guess I'm a good grader. I'm going to give them really a D. A D.

MR. LEHMAN: Thank you very much. That's very helpful and hopefully we'll move everybody back into the passing at least before this effort is over.

MR. KEAN: Okay.

Last question, Commissioner Fielding.

MR. FRED FIELDING: Mr. Chairman -- first of all, thank you, Monica and Sally, very much, not just for today, but for all you've done, as has been spoken here before.

Mr. Chairman, in the sake of time, I would ask that we direct the staff to talk to the International Codes Council and to the NFPA. It seems as though they are the leading people, I've heard the testimony of that, the leading organizations. I would suggest that we interview them, hopefully bring them to the table together and find out what the problem is so we can solve it.

MR. KEAN: Thank you, Commissioner.

MS. REGENHARD: Great idea.

MR. KEAN: Sally, Monica, I thank you more than I can say, you know. You are such an example of somebody who has taken your own personal tragedy and have used it to help other people in a most wonderful way, so thank you very, very much for that.

MS. REGENHARD: Thank you very much.



MR. KEAN: If I could ask the next panel, please, to take their seats. We are running considerably behind, so I would ask this panel, if they can, to limit their remarks as much as you possibly can. I know Mr. Andrews will do that because he has to catch a plane, but I'd ask the rest of you also to limit your remarks to the best of your ability.

First of all, we have Richard Andrews, who is senior director of homeland security projects at the National Center for Crisis and Continuing Coordination, and they're about advancing crisis management and business continuity readiness through public-private sector collaboration. He served on the president's Homeland Security Advisory Council and served as director in California of their council.

Next will be Michael Byrne. Michael Byrne is from the Department of Homeland Security. He has a wealth of experience in emergency preparedness, first response, and public sector/private sector cooperation and coordination. He was, by the way, a first responder to the 1993 bombing at the World Trade Center.

And finally General Reimer, director of the National Memorial Institute for the Prevention of Terrorism in Oklahoma City in April 2000. They're doing a database to find the best practices, and it's important that we include the Oklahoma experience in our deliberations today.

So Mr. Andrews.

MR. RICHARD A. ANDREWS: Thank you, Chairman Kean, Vice Chairman Hamilton, members of the Commission. I thank you very much for the opportunity to appear before you today and to assist in a small way in furthering your important work. As requested, I provided the staff with written testimony, and today I would like to highlight several issues and respond to the specific topics that the staff have asked me to address.

The National Center for Crisis and Continuity Coordination, or NC4, is a division of Candle Corporation, an El Segundo, California-based technology company. Candle initially became interested in public-private collaboration during the preparations for Y2K. When we noted that while government and companies were paying a great deal of attention to issues within their organization at the national or state level, little was being done to ensure that local coordination occurred.

Following September 11th, when many of Candle's clients within the financial services sector were directly impacted by the attacks, Candle formed a new corporate division, or NC4, specifically focused on enhancing the coordination between the public and private sectors on issues related to prevention, preparedness, response and recovery for natural and man-made disasters. Over the past 18 months, NC4 has centered its attention in New York City and Los Angeles, working with the business communities and local governments.

While there is much focus on homeland security coordination across federal agencies and from the federal to the state level, our objective is to address the gaps in local coordination between the public and private sectors. The important word here is local. The private sector has their offices and processing facilities and their manufacturing plants in local communities. Our view is that it is imperative that efforts to build partnerships between the public and private sectors be rooted in local communities. Unless solutions are forged at the local level, it is our experience that partnerships between the public and private sectors are unlikely either to be achieved or, even more importantly, sustained.

There are many obvious challenges in working at the local level. For businesses, the jurisdictional complexities of local governments, especially in metropolitan regions like New York or Los Angeles, can be overwhelming. For local government, the private sector can be equally mysterious. Organizational structures are often poorly understood. The distinct functions of corporate security, business continuity, facilities operation or emergency management within the private sector may not be clearly recognized by public agencies.

The initial role that NC4 has played is to facilitate the process of bringing business and government together to initiate a dialogue regarding what steps need to be taken to develop workable relationships that are mutually beneficial. We have found that there's a need for very basic discussions to occur. What information is available from government, from what government agency, and in what format? Can that information be shared with business, and if so, under what circumstances?

What are the cultural, procedural, policy or legal barriers to information sharing? What information does the private sector have that it can share in turn with government, and what information would government like to receive from the private sector? These exchanges have been carried out through facilitated discussions and tabletop exercises that focus on specific public policy problems that have the potential to impact both sectors.

In late October, for example, we conducted a three hour simultaneous bi-coastal exercise in New York and Los Angeles that centered on a simulated anthrax attack that impacted corporate offices and local governments in both cities. Because neither government nor business are able to have full-time staff dedicated to promoting the interaction between the two sectors, NC4 has served, in effect, as an intermediary or program manager to bring the groups together to initiate this exchange.

In New York our efforts have centered on the financial services sector, while in Los Angeles we've been working with a range of businesses, including aerospace and entertainment firms, as well as representatives of the banking and utility sectors. In New York we have worked with the city's Office of Emergency Management to develop an application that refines the processes used by OEM's watch command, which is a 24/7 operational arm of the Office of Emergency Management responsible for monitoring events throughout the city that have the potential to impact public safety. By using the NC4 application, OEM is able to rapidly and consistently enter, log, update, and as appropriate, disseminate information to the private sector.

An essential element of this effort involves the daily use of the information processes. And I think particularly in the previous testimony, one of the things that is, I think, a hallmark of emergency preparedness is the need to have as close as possible daily practice. When extraordinary events like September 11 occur, or extraordinary events like the fires that occurred in California several weeks ago, unless there's been systems of daily practices -- and you've heard about Merrill Lynch and their practices. Unless you build those daily practices into the routines of both public and private organizations, it's extremely unlikely that under the stress of unique and terrible circumstances that people are going to be able to form the way that they need to perform.

Even minor events like a water main break may have the potential to impact business operation. By providing reports to businesses of seemingly routine events, processes are steadily being developed whereby accessing the NC4 system becomes a regular part of both business and government routine. Additionally, the information flow is bi-directional, business can in turn advise the Office of Emergency Management of the status of their facilities and personnel or advise them of activities that might impact a specific area of a city.

The staff has asked me to address the question, what are the areas where the public and private sector partnership should be developed? And I think there are several areas that we should focus on as at least entry point for this dialogue to begin. One involves corporate security and local law enforcement. Strong informal networks generally exist among corporate security officers, many of whom themselves are former law enforcement officials. They represent in the corporate security community a significant force multiplier of eyes and ears to support prevention efforts.

By formalizing the processes by which corporate security officers can provide information to law enforcement, we believe both public and private sector security can be enhanced. A renewed effort should be undertaken to expand participation in programs like InfraGaurd. In turn, law enforcement should consider providing law enforcement sensitive information to properly vetted representatives from the private sector. A secondary involves bringing business continuity professionals into an overall public safety system.

Once centered largely on ensuring the integrity of corporate data systems and networks, business continuity professionals need to work more closely with local economic development and public safety officials to develop a shared understanding of what is needed by each sector to ensure that the impacts of emergencies and disasters on local businesses are minimized. A third area involves closer coordination between emergency management officials in both sectors. Exercises involving both sectors need to be promoted. For example, currently the TOPOFF exercises that are held nationally focus entirely on public agencies. Private agencies are really not brought into these major exercises that test the overall national capability.

A business incident command system should be developed that is compatible with the National Incident Command System that's under development by the Department of Homeland Security. And crisis management plans need to be developed from each critical infrastructure sector and those plans need to be tested and evaluated with local, state and federal planning efforts. What are the key private sector responsibilities of Homeland Security in working with the public sector?

Let me add just a few comments to my earlier remarks. If we want the private sector to be a partner in government prevention, preparedness and emergency response, there needs to be a simple interface to government that is viable and efficient for business to use. The multiplicity of government interfaces, as mentioned earlier, is a problem for business. For example, one of the most common requests from the financial services firms that we worked with in New York City is for assistance in facilitating coordination with public agencies in New Jersey as well as in New York, for example, with the previously mentioned Port Authority. Bridging these state lines becomes a very significant problem for businesses, particularly business that have operations that cross state lines.

In turn, the private sector needs to recognize that their interests extend beyond the boundaries of their company and the protection of their physical facilities and their employees is dependent upon developing and maintaining close working relationships with local public safety authorities. These efforts will be enhanced if government can consider providing incentives to defray the additional expenses to strengthen the resiliency of the nation's critical infrastructure.

What are the key pillars or building blocks that support public-private partnerships? The first is the developing systems that deliver accurate, timely and --

MR. KEAN: If you could sum up now, Mr. Andrews. We're running out of time.

MR. RICHARD A. ANDREWS: Okay. I think the most challenging part of the process to develop workable networks between the public and private sector is simply beginning the dialogue. Where there are examples of private-public partnerships, there usually has been an intermediary. In Dallas, for example, the FBI has taken the leadership in bringing the business community together in north Texas. The challenge is to sustain the effort and to develop the institutional knowledge and accumulate a library of best practices and move from information sharing to more formalized structured and commonly understood methods of interaction. Thank you, Mr. Chairman.

MR. KEAN: Thank you very much.

Mr. Byrne?

MR. MICHAEL F. BYRNE: Good morning, Chairman Kean and members of the Commission. Thank you for calling this important public hearing on emergency preparedness.

MR. KEAN: Move closer to the microphone.

MR. BYRNE: I'm sorry. I'm pleased to represent Secretary Ridge and the Department of Homeland Security today to discuss the state of public-private sector initiatives in this vital area. The department's commitment to partnering with the private sector is reflected in the organization of the department. Within the Office of the Secretary is a team of talented people solely dedicated to working with the private sector to improve coordination, communication and cooperation.

Often when discussing the public and private sectors, the focus is on the differences between the two. However, I see one very strong similarity that has become especially evident since the September 11th attack. Among the highest priorities, if not the highest priority, of both sectors is the protection and safety of their workers and customers, particularly against terrorism. Toward that end, the Department of Homeland Security is working to expand the very successful campaign to target the private sector.

The goal of the effort is to develop guidelines with businesses on how they can best protect their employees and business processes in today's threat environment. The guidance focuses on planning, communication and training for employees so that they are familiar with and practice then, the full range of protective measures that may be necessary. It is also -- it also addresses the importance of business continuity planning. These efforts can and do pay off.

Business continuity and contingency planning has taken on a new urgency and importance in both the public and private sectors. Developing the capability to recover quickly from any form of disruption, natural or man-made, ensures that essential government services and vital business activities continue. This ability to continue functioning in the face of adversity provides not only the practical benefit of continuing business, it also provides a significant psychological benefit by demonstrating success of our preparedness activities and planning efforts and by allowing essential goods and services to continue to be available during times of crisis.

One area in which the Department is leading significant efforts that will shape the guidance we develop for our workers and the plans we create for all contingencies is in the area of standards and guidelines. This effort represents one of the three significant trends developing in public safety that will shape public-private sector involvement and cooperation in preparedness, response and recovery as we move into the future.

The major trend areas are, first, developing a nationwide system for public safety, or the National Incident Management System. Two, the regionalization of public safety assets, both public and private. And third, the enhanced information sharing.

As called for by the National Strategy for Homeland Security and in Homeland Security Presidential Directive, or HSPD-5, the Department of Homeland Security is currently leading an effort to develop a national incident management system. This will provide a systematic framework that will allow us as a nation to better respond to incidents of national significance, as well as in day-to-day incidents around the country.

Building on the principles of the Incident Command System, NIMS will provide a common method of responding, including common terms, common command and control, scalability to fit any incident, and uniformity and standard. It will support and make easier mutual aid across and among jurisdictions at the local, regional and national levels. For the private sector, this means that the public sector will be better organized and will operate in largely the same fashion across the nation.

This will provide a significant benefit to the private sector in planning for their own activities during an event, and also in knowing how, where and when to plug into a response and to offer the most effective and needed support.

We will accomplish this by implementing NIMS in our planning, training and exercise together on a regional basis. The private sector's role in this regionalization will be realized by becoming part of the system of public safety in the region and integrating their assets and resources into the public safety system there. We are becoming one team, one fight, and this is the collaboration that the world we now live in requires. We train together -- we need to train together, exercise together and build plans together. Unity of effort will be the key to success.

As you know, much has happened since the tragic events of September 11th that make our country stronger, safer and more secure. In particular, significant collaboration between the public and private sectors has and continues to lead to better preparedness. I'd like to address a few of the key initiatives that highlight the collaboration. One is the initiative in the public-private sector collaboration, is in the Homeland Security Advanced Research Project Agency to guide private sector efforts in developing technologies most needed to prevent, respond to and recover from terrorism.

Through the Science and Technology Directorate, the Department of Homeland Security is harnessing the nation's scientific knowledge to protect America and our way of life. Private industry is a key partner in this effort, and the directorate is working with large and small firms in the following ways. Contracting tools that simplify interactions with the private industry. HSARPA is leading the Department's efforts to attract private industry to homeland security research and development. Implementing the Safety Act, a tool to encourage development and deployment of qualified anti-terrorism technologies. And working with private industry on interoperability of communications.

In May of 2003, HSARPA and the Technical Supporting Working Group, or TSWG, released a joint broad agency announcement for near-term technologies that can be rapidly prototyped and deployed to the field. More than 3,340 responses were received in the following broad categories: chemical, biological, radiation and nuclear countermeasures; PPE, or personal protective equipment; explosive detection; infrastructure protection; physical security; and investigative support and forensics. Responses are currently being reviewed and contract awards are beginning.

Another important initiative is the establishment of the Private Sector Senior Advisory Council, as part of the Homeland Security Advisory Council, which I'm pleased to be here with one of the members of that council. The PSSAC is comprised of senior private sector leaders from across the country who will meet regularly to advise the Department on homeland security issues and concerns, especially as they impact the private sector. They will also review relevant national policy and operational documents to ensure that the private sector requirements and concerns are adequately addressed.

Another initiative has been the creation of the Critical Emergency Operations Communications Link, known as the CEO COM Link by the Business Roundtable. CEO COM Link provides a secure telephone communications system to connect businesses and government to exchange threat and crisis information in a timely manner. The capability to communicate with private sector leaders around the country and to provide critical information regarding potential threats is vital to protecting our critical infrastructure and maintaining homeland security.

As the Director of the Office of National Capital Region Coordination, I have seen the efforts and priorities of the private sector being shaped at the regional level. Through close coordination with the Greater Washington Board of Trade, the private sector in the National Capital Region is developing a regional recovery resource catalog of private sector assets and an accompanying implementation strategy for use of the assets in the case of an emergency. They are also organizing a volunteer regional private sector leadership team to help the private sector speak with a collective voice to aid economic recovery in the National Capital Region.

Finally, they are developing a baseline assessment of the potential economic impacts of possible risk and scenarios that may serve as a basis of additional or incident-specific federal, state and local support.

Secretary Ridge recently stated, every citizen, family and business owner and employee can and must be empowered in their own protection. We cannot wait and let others act for us. Businesses must take ownership of homeland security. You must be ready. Those words speak not only to the need for each and every one of us to be ready but also for us to be ready collectively. We must continue to develop the communication and coordination between public and private sectors so that we are prepared for all threats, so that we can quickly respond and more easily recover, should something happen. We must build on the public-private initiatives developed since 9/11 and continue our efforts to make our country better, safer and stronger. Thank you.

MR. KEAN: Mr. Byrne, thank you very much.

General Reimer.

MR. DENNIS J. REIMER: Thank you, Mr. Chairman. Mr. Chairman and members of the Commission, I want to start off first of all by saying it's an honor to be here and to appear before this commission to share some thoughts on this critical issue. And I thank each of you individually for your distinguished service to our nation and collectively for once again answering the call to take on a critical challenge.

I firmly believe that America faces the most serious external threat to our homeland since 1812. I believe that it's important that we recognize this and recognize also that although a national concept of operation is being developed, it is far from understood and implemented. The freedoms that make this country great, freedom of movement, rights to privacy and others, also make it more challenging to defend our people and protect our property. I think we must think about this anew and figure out how we go about approaching this in a different manner.

I believe the foundation of this new effort is partnership. There has to be a partnership amongst the federal, state and local level to the extent that does not exist now. There has to be a partnership amongst the civilian first responders, emergency responders in the military to the extent that does not exist now. And, of course, the subject you were addressing, private and public sector partnership is absolutely critical in this particular area.

And so let me focus a few remarks on that last partnership. I believe that this is more of a cultural challenge than a technological challenge. The military has considerable experience in protecting critical assets. And, as you mentioned, Mr. Chairman, in your opening remarks, 85 percent of those assets belong to the private sector. We know how to apply techniques to protect those assets. It's a matter of making up our mind to do it. We're not starting with a clean sheet of paper. We must recognize that PDD 63 and HSPD-5 represent the basis of an initial effort, but they need to be refined and meshed.

Information sharing is absolutely key to our efforts in this area. If we want to prevent attacks like 9/11, we must have proper intelligence. But as everybody here knows, domestic intelligence is tricky business. If we want to maximize the return on our investment, we must be able to share honest information on lessons learned from previous incidents and exercises in both the public and private sector.

There are a number of obstacles associated with this information sharing. Handling of classified information does not move smoothly. There are liability issues associated with committee mistakes and training exercises. There's the protection of sensitive information that may assist potential terrorists themselves if we make too much of that public. And finally, there's the disclosure of competitive information in the private sector that bothers many of the private companies.

We've made some progress in each of these areas and we should leverage this progress. I think the information sharing and analysis centers that are set up seems to me to be a step in the right direction. They're not robust enough now and we need to figure out how to make them more robust. I think the partnership program that was highlighted here between the state of New Jersey and the Business Executives for National Security is probably as good as I've seen, and it needs to serve as a pilot program for all of the states.

And from a broader perspective, I think there are a lot of good efforts going on around the country, and I think we have to pull them together. The organization that I represent, the National Memorial Institute for the Prevention of Terrorism, has been in this business for some time. We actually came out of the Murrah Building bombing in 1995 and our charter is really to do everything we can to prevent what happened in Oklahoma City from happening again. We are supported by the family members and survivors there in Oklahoma and I can assure you that that charter is very meaningful to us.

One of the first things we did is to try to get organized and pull together the emergency responder community. We recognize as we traveled around the country and visited first responders that there were pockets of excellence. And if we could share that information on the good practices that were occurring, that everybody would have a model. And we felt by doing that, we would also be able to get into an honest exchange of information on accurate lessons learned that were taking place. The nation cannot afford to have everybody go through every training exercise, so we have to share information concerning these training exercises, and that's what we've been primarily doing.

Congress has supported us with four different appropriations and we've mainly focused those on science and technology that we think the first responder community needs, but we've also been involved in a number of exercises like Dark Winter and Silent Vector that have helped educate us and form our opinions about what needs to be done in this partnership role that I mentioned. I think there are a lot of issues to be addressed. They're not easy but they're solvable and every one of them is critical.

The fundamental issue, however, is how do we provide security for our citizens, while still protecting the individual rights and liberties that have made this nation great? How do we continue to have a free movement of goods and people, while making sure that we know that those goods and people are not intent upon destroying us. Definitely there is a productivity issue associated -- homeland. Just-in-time logistics is dependent upon free access and free movement.

But it's more than a productivity issue. What we're talking about I think was highlighted by the panel before us. This is a moral issue. While we can never provide a risk-free environment to all of our people, we must do everything possible to reduce that risk. Really, when you stop and think about it, the first responders, or the people the previous panel talked about, they're people just like you and me, but those who were caught in the impact zone of the Murrah Building bombing, the World Trade Center and the Pentagon.

We need to do everything we can to protect them, and experience has shown us that without a plan to protect our people, both in the public and private sector, we will lose too many. We must organize and strengthen the public and private sector efforts to ensure we do everything possible to take care of those wonderful people. Thank you very much for your kind attention and I look forward to answering any questions you might have.

MR. KEAN: Thank you very much, General.

Commissioner Gorton.

SEN. GORTON: Mr. Byrne, according to the Washington Post, you're about to leave the Department of Homeland Security and go to work for Microsoft, an enterprise with which I have some familiarity. Will you, in working for Microsoft, be working on the other side of the coin that you're working on today in the Department of Homeland Security in some kind of public-private partnership with respect to security, at least for that company? And assuming that the answer to that question is yes, will the work that you're doing for that single corporation be of value to other significant private sector firms or individuals?

MR. BYRNE: I would hope so, sir. The opportunity I'm going to Microsoft to work on is in the area of public safety and justice. That's the position I'm going to be holding. And what I'm hoping to do is to take a lot of the policy and the concepts that I've had the honor of working on in the last two years and to start making them real and to do -- as my colleagues here have said, take some best practices and institutionalize them, and to leverage technology in such a way that it can make us safer, because I truly believe it can and that's why I plan on trying to help them do that.

SEN. GORTON: And will you be working with DHS from that private sector and advising it on its practices?

MR. BYRNE: Haven't worked that out yet, sir. This is -- the Post coming out, this has all just happened very quickly. It's just -- actually, a lot of the details we're just still working out at this point in time.

SEN. GORTON: But you will be working in the same field that you're working in now --


SEN. GORTON: -- except that you will be working in the private sector?

MR. BYRNE: Yes, sir.

SEN. GORTON: General Reimer, you have the honor of working in a very typical medium-sized American city that suffered a terrorist attack considerably before 9/11. Is it your observation that Oklahoma City, the public-private partnerships there, are far more aware of and far more sensitive to and now far more successful in putting together an appropriate plan that would be the case in many cities like Oklahoma City that didn't suffer such a tragedy?

MR. REIMER: I think, Senator, in answer to that question, I'd say that the real lesson of Oklahoma City was that terrorism can take place anyplace. We did not expect it on the 18th of April, 1995, and when it happened, people reacted and they reacted very well. I think there was an initial surge to move out and to try to do everything possible first of all to take care of the family members and survivors and ensure that as many people as possible survive that. That is still ongoing. And I certainly can identify with the previous panel because we deal with those people in Oklahoma City even eight years after the tragedy, and there's tremendous emotion associated with that.

The efforts, I think, had not expanded to the point that you direct in your question, and we hadn't gone to the point of private-public partnership at that particular point in time. There's movement afoot to do that. But I think as everybody here knows, the issue here is resources and being able to address some of those issues that I identified. The private sector is a little reluctant to come forward with concerns about Freedom of Information Act, open records, open meetings. And so we have to overcome some of those obstacles. I think the --

SEN. GORTON: And so that's true even in Oklahoma City?

MR. REIMER: In Oklahoma it is, yes, sir. And the willingness is there, but I can't say that they're better off than anybody else for the reasons I just mentioned.

SEN. GORTON: Mr. Andrews -- and the other two can comment on this as well -- when you speak of these public-private sector partnerships, I at least get the implication that the overwhelming number of your associations are with relatively large corporations, and perhaps, you know, most where there's a real fear or apprehension of terrorism. What, in the views of any of you, can be done to broaden the concept of preparedness, and especially of responses, particularly responses maybe of people who weren't the immediate victims of terrorism, but those who helped them afterwards.

So smaller and medium-sized companies to smaller and medium-sized communities like Oklahoma City. And even to get some of this knowledge and awareness through to people in their individual lives. When we talk about public-private partnerships now, are we really talking mostly about New York City, Washington DC, Los Angeles and San Francisco and big companies, or do we have some kind of ideas of spreading these concepts more broadly?

MR. ANDREWS: Well, first of all, I think particularly with regard to the critical infrastructure and key assets, we are largely talking about large companies and firms that have what may be considered to be a likely potential terrorist target. But I think one of the challenges, not only just in preparedness for a terrorist event but for any kind of emergency has always been what you've identified, how do you involve the small businesses and how do you involve the individuals?

One of the programs that really started in the city of Los Angeles has now spread nationally, is used by many companies, is used by the Department of Homeland Security, is something called CERT, Civilian Emergency Response Teams. And this is a very basic kind of training program in first aid and search and rescue and how to organize volunteers in the immediate period after a disaster. And that program has really spread on a nationwide basis.

And preparedness is a constant process. It's the constant exercising of it by Merrill Lynch that made the difference. It wasn't simply having the plan. And so I think it is institutionalizing things, like the CERT program, and again, that's had, I think, very, very significant success and something we need -- it's one of those best practices that we need to continue to propagate across the country.

MR. REIMER: Senator, can I also comment on that, because I think this is an important point? I think there's a lot that can be done. I think, first of all, it's an educational process that this could affect all of us. I think you all talked earlier about corporate governance, and that is an important issue, I think. But, again, as I say, it goes beyond corporate governance. It goes beyond -- it goes to protecting our citizens. I attended a seminar a little while back, run by Marsh Consulting in the USA, and they took a half day seminar where they brought companies there to talk about a scenario in which there was a chemical attack and how you would go about reacting to it. The bottom line was, if you didn't have a plan, then you weren't going to be able to do a lot about the line of scrimmage.

And so we have to do the educational process, we have to have the plan. The plans are not that difficult. Those plans then have to be integrated in with the community, local police, the firemen, that type of thing, so we know floor plans, we know the vulnerability of those particular assets, we know the threat that exists. This is not laser brain surgery in terms of getting prepared. It's a matter of making up our mind to do it.

A good example in our home state, Tulsa has done a good job, I think, of bringing the public and private sector together, bringing the volunteers together, and it's basically done on the force of personality. Mayors who care, people who run project impacts, those people make a difference. And I think that's the point I would make, it's the individuals who will make a difference here.

SEN. GORTON But you were -- I should have picked up more quickly on a rather surprising commentary you made. I expected you to answer my question, yes, everybody in Oklahoma City knows what's going on, they're really prepared for it the second time around, and you didn't answer me in that fashion. But you did mention what I think may be one difficulty that you could comment on or the others could comment on, the fear of some in the private sector, that when they get too close to the public sector, they're subject to Open Meetings Act and they have to give up information that they consider to be improprietary and that could be of advantage to a competitor and the like. How much of an obstacle is that and is there anything that we can do about it?

MR. REIMER: It's huge, Senator. It is huge. And I think it is the primary stumbling block for these private sector personnel in terms of being able to overcome these obstacles that exist. The intent there in Oklahoma City is there. You don't have to fire up the intent, they know what happened in '95, and they're willing to do everything they can.

But when they do the risk benefit analysis of it, they're not sure that they're going to be able to do it and still protect that information, still be able to do what they have to do, and I think we have to address those valid concerns. They may be perceptions but that's what they're dealing with out there. So I think it's a huge issue that has to be addressed.

MR. ANDREWS: And I think someone had reference earlier, the differences across the states of regulations as they relate to insurance, the same thing relates to the Freedom of Information Act. For companies that operate across state boundaries, the regulations in different states are different. I think there's an exemption under the law that established the Department of Homeland Security that information that's provided regarding the critical infrastructure to DHS is exempt from disclosure, and some states have passed laws to that effect. But the absence of that on a nationwide basis is very definitely a deterrent to particularly the owners and operators of critical infrastructure sectors to providing that information.

SEN. GORTON: Mr. Byrne, is that last comment true and do the private sector people that you deal with believe it and are they willing to do more than they otherwise would be willing to do?

MR. BYRNE: I do find that in the National Capital Region, but it is something that we have to nurture. It's something that is new, it is something that everybody's getting used to, but I do find good cooperation, especially with the power companies in the National Capital Region. We're doing a critical infrastructure analysis, not just of each individual asset, but its cross-dependencies, and then working together. And they're at the table doing this and willingly coming up with a list of what steps should be the ones we take first to protect the infrastructure.

SEN. GORTON: Well Mr. Byrne, you're going to private sector company that has an awful lot of trade secrets, and I hope that you're going to be able to work with them and with others in a way that will make any lessons that you have applicable beyond a single company and perhaps an example to others.

MR. BYRNE: I sure we'll work on it, sir. I'm not changing who I am or my goals, I was very moved by the testimony of the previous panel, as I am sure all of us were. I knew two of the firefighters they mentioned, they were friends and colleagues of mine. It's too important to be proprietary.

MR. KEAN: Commissioner.

MS. GORELICK: One brief question for General Reimer. When I last worked with you, General Reimer, you were head of FORCECOM, and so that is the capacity, and I find it very interesting to see how your career has segued.

My question to you is this. We have a challenge to our nation that we are currently meeting with good folks like the people in Homeland Security who are amalgams of various agencies that already had preexisting missions when they were brought together at the Department of Homeland Security, and to a certain extent law enforcement outside of the Department of Homeland Security.

And just taking, for example, the FBI. The FBI has approximately 11,000 agents for the whole country, and they are given primary responsibility for defending us, if you will, against domestic attack, with some additional resources at the Department of Homeland Security. Whereas the Combatant Commander or CINC for say, the Pacific might have 300,000 personnel to defend U.S. interests in the Pacific. And this is a question to you. Looking across your career, wearing all the hats you've ever worn, have we right sized, and designated the right people in our government to defend us domestically?

MR. REIMER: Commissioner Gorelick, first of all, let me just say that I remember you well from the Department of Defense and I would be remiss if I didn't say thank you for keeping me out of jail. You went on to do bigger and better things, but --

MS. GORELICK: It wasn't hard. For the national audience, it was not hard to keep this gentleman out of jail.

MR. REIMER: The question is a very good one, and I give you my personal view on this right now. I truly believe that the Department of Defense needs to be more involved in an assist mode. The first responders in terms of -- or the emergency responders are going to be the firemen, the policemen, the emergency medical personnel, those people that are on the front lines. They're civilians.

MS. GORELICK: As they were in Oklahoma City, they were the first people there.

MR. REIMER: Exactly right, as they were in the World Trade Center and the Pentagon. And there's been a fire chief who's been the Incident Commander in all three of those that you mentioned. So I don't think the issue is that the military is going to come in and take control. The military though has a number of things that I think lend themselves very well to the issue we're talking about. I'm a big proponent of the National Guard pulling a greater role. First of all they have the dual status of both the state and federal status. They are readily accessible to the Governor, they have a Title 32 responsibility which you know well, but they're allowed to operate inside the posse comitatus limitations that the federal force is not allowed to operate with.

So I think they provide a great role. I think also the experience that Defense has gained, just the idea of sharing lessons, the lessons learned that we're trying to put together is patterned after the Center for Army Lessons Learned. We have experience that tells us that people will not share honest information on this, and if they're going to feel like their heads are going to get cut off, are you're going to come down hard on them. So you have to kind of figure out how you're going to do this so that people will talk honestly about the mistakes they made.

There are big issues associated with this in the civilian world, with liability issues, bosses who might come down and say, well, you made that mistake, we don't need you in this department any longer. So I think there's a lot that the military can do in terms of things that we have benefited from over time. We have to find a way to civilianize those. We can't just take the military model and superimpose it upon what we're trying to do in the homeland. But I think the military can assist, and particularly the National Guard can assist.

MS. GORELICK: If you were looking at rough orders of magnitude of the numbers of personnel, of people in the government who would need to be deployed to adequately assess the vulnerabilities of our infrastructure, make plans for protecting the-- and activate such protective mechanisms when an area of our country is under threat, rough order of magnitude, how many people would you -- wearing your FORCECOM hat, how many people would you allocate to that job domestically?

MR. REIMER: Are you talking about military personnel?

MS. GORELICK: No, forget the hat they're wearing. I'm talking about are we right-sized for the job that we're discussing today?

MR. REIMER: Well, I think it's got to be more of an interagency approach to this thing, and I think as we talked about, I believe the military can assist. I think the military can assist primarily through the National Guard, and I don't think it will require additional force structure or troops to do that type of thing, it'll require some fine tuning.

It makes no sense in my mind to take people who are emergency responders, firemen and policemen, mobilize them and send them to Germany to protect an airbase. That's not very smart. And I think we have to figure out how we use the Department of Homeland Security and the Department of Defense to merge together in a better way.

I would be very hesitant to give you a number except to say that I think the numbers exist. That's not the issue. The issue is trying to get the police to coincide and make a decision that we're going to do it. I think the numbers are there to bring them together.

MS. GORELICK: We're quite short of time today, but I for one would like to make more extensive use of the expertise that is on this panel today, and I hope you will all agree to help us in our private sessions.

MR. REIMER: Glad to assist.

MR. KEAN: Thank you, Commissioner. All right. If there are no further questions, General Reimer, Mr. Byrne, Mr. Andrews, thank you very much for your help today, we, as Commissioner Gorelick said, we hope to be able to call in some of the expertise later on, particularly as we get to writing our report, we've got a lot of information for us.

We are going to try and get as fast as -- a eat fast lunch, and be back here as close to 2:00 as we can. We're going to aim for 2:00. For those in the audience who want to get something to eat, there is a student cafeteria, that's just -- walk that way and you'll hit it.

Thank you.



MR. KEAN: The first thing I'd like to do is announce that the Commission's next hearing will be called "Security and Liberty." It will take place on December the 8th in Washington, D.C. Now, in addition -- rather to into a lot on the next hearing, there's material available on our website,, and you can get any materials if you want to find out about that hearing there. The prepared testimony and transcripts, by the way, of today's hearing, will also be posted on our website as soon as we have them available.

I'd also like to note that Senator Jon Corzine has submitted a statement to the Commission for the record, and I'd like to acknowledge the presence of his staff member today's hearing, Elizabeth Mattson, and thank her for coming.

Let me say, by the way, as long as I'm mentioning Senator Corzine, that he has been one of the most helpful members of the Senate to this commission from its very beginning. He's been very helpful to the Commission as a whole, and frankly very helpful to me as chairman, and so I'd publicly like to say that, and thank Senator Corzine for all his help.

Now this morning, we heard about the many private-public sector initiatives that are under way. There are grassroots efforts underway across the country, and the Commission has learned about many of these efforts in New York City in the course of staff discussions with the private sector, and during our investigation. Though it's not possible to highlight everything that's going on across the country, we wanted to hear testimony on some of these important efforts. In this regard, we have asked the King County Office of Emergency Management in the state of Washington and the International Association of Assembly Managers in Texas to tell us what they're doing in their public-private sector partnerships to promote preparedness. IAAM representatives here today are Mr. Joseph Floreano of the Rochester Convention Center and Turner Madden.

And now I think we'll start by viewing a couple of videos.


VOICE ON VIDEO: The regional disaster plans for public-private and non-profit organizations in King County, Washington began its process in October of 1998. King County is made up of 1.8 million people. We have the 12th populous county in the United States. Additionally, we have over 160 agencies that make up King County, with over 700 elected officials.

This plan is an effort that involves cooperation between local governments as well as the private sector to effectively respond to disasters. The plan at this point is a response plan that consists of eight documents. We are following the guidelines of the National Response Plan, which in effect has emergency support functions, ESF, that address the roles and responsibilities of the signatory agencies. It's a cooperative plan that's going to pull together all the agencies that exist within King County. We are not immune to disasters here in King County. We have had 18 presidential declarations, so we are very versed in our abilities to collaborate with one another, but understand that we need to be in the preparedness mode and develop those relationships ahead of time. So, we see the relationships that have with the public and private sector very critical to our capabilities to respond and get our communities up to normal after a disaster.

So far, we have 114 signatory agencies to the regional disaster plan. Of that, we've got seven large corporations that have signed on, such as Microsoft Corporation and Puget Sound Energy. Additionally, we have the Boeing Company as well as Bank of America and Washington Mutual. We continue to pursue other large corporations in King County, but additionally, we have 19 hospitals in King County, and of those 19, 18 are signatories to this plan, and many of them are privately owned hospitals.

Additionally, we are working with the Chamber of Commerce to engage the middle and small sized businesses in King County. So again, we're a collaborative effort trying to pull all of these partners together because we know we need to have those relationships in place ahead of time, and we need to have this response plan in place to do that.

VOICE ON VIDEO: We decided to become a member of the regional disaster plan because we recognized that having relationships in place prior to the disaster and being able to share information at the time of disaster was extremely important. We built our plan internally to be self-sufficient as a company as much as possible, and to make Microsoft a disaster resilient company, but we find that becoming a member of the regional disaster plan allows us to share information, resources, and to know folks that will, as a community, allow us to recover and to respond to the disaster in a more efficient way.

VOICE ON VIDEO: Puget Sound Energy had a strong motivation to become a partner in the King County regional disaster plan. We are a combined electric and gas utility that provide energy services to 39 different cities within the county. We also serve 10 other counties in the state of Washington. The regional disaster plan provides us an opportunity to coordinate our communications for all 39 jurisdictions from one central point at the King County Emergency Coordination Center, that's a great benefit to us, rather than trying to communicate with 39 different jurisdictions in an emergency event. We also have the mechanism now to provide resources back and forth. Puget Sound Energy has a number of qualified employees and resources that we can share, as well as we may need the resources that the King County agencies and other businesses might share with us.



VOICE ON VIDEO: Following the terrorist attacks of September 11th, managers of sports, entertainment and convention facilities across North America organized a speedy and practical industry response to the new security concerns. Their professional association, the International Association of Assembly Managers, immediately formed a task force, led by Frank Poe, past president of the association, and CEO of the Birmingham-Jefferson Convention Complex in Alabama.

Public assembly facilities such as arenas, stadiums, convention centers, and performing arts venues always have placed the highest priority on making a safe environment for their guests. After 9/11, the industry faced new challenges in a new security environment that emphasizes control of terrorists or criminals who might enter a building. Facility executives managed spaces designed to ingress and egress large crowds quickly. Admissions staff have been selected and trained to provide excellent customer service, not to help manage a rigorous security programs.

In forming their response, IAAM's leadership knew it was important to gather a working team representing all the various interests who work in and use the facilities. The new safety and security task force included representatives from the various venue types, security staffing firms, major leagues, such as Major League Baseball and the National Basketball Association, the NCAA, touring entertainment companies, and exhibition managers. Using this expert group, as well as IAAM volunteer committees for various facility types, the SSTF created a series of best practices planning guides.

VOICE ON VIDEO: One of the first key decisions that we made was to look at very carefully what had been developed at a federal level, color coding of various alert levels as a need that we should embrace as far as the development of our best practices for public venues. Then a venue manager had a series of action steps that could be taken for their particular venue based upon their assessment of threat, based upon their security and safety needs. They gave venue managers a full spectrum of flexible steps that they could employ based upon what the federal level assessment was for a threat that might be imminent to our country.

The SSTF utilized a series of audio Internet conferences during the first year of its existence. Principally, those conferences were used as a forum to share information with our membership as we developed segments of the best practices for a particular venue type. As an example, our first audio Internet conference really looked at the best practices for arenas, stadiums and amphitheaters. And from that, the -- bringing in obviously venue managers in those areas but also reaching out and bringing in representatives of the local law enforcement team in a respective community, or emergency personnel, to ensure that the information we were sharing was cutting across a broad spectrum of individuals that would be involved in the safety and security preparation as well as response.

VOICE ON VIDEO: Training and information dissemination also has occurred through a wide range of IAAM activities, including conferences and seminars, magazines, audio and videotape programs, and the Internet. A key annual activity of updates on post-9/11 security is IAAM's International Crowd Management Conference. The 21st annual ICMC just concluded this week in Baltimore. The program included numerous sessions led by government officials and regulatory agencies. IAAM is now planning a week-long intensive training program tentatively set for the summer of 2004 in Salt Lake City. The curriculum will include comprehensive training in the areas of security planning, emergency preparedness, crowd management, crisis communication, and life safety planning.

VOICE ON VIDEO: The National Safety Training Academy -- or Safety and Security Training Academy, which is in its formative stages right now, is basically going to be a tool to give more in depth and detailed training and professional development for venue managers, directors of security, operation managers, not only for public venues, but also for the major professional sports operations.

VOICE ON VIDEO: Sports, entertainment and convention facilities, like so many commercial entities that make up our national economy and infrastructure, face enormous challenges in the post-9/11 era. Our economic health is dependent in part on the public's perception that attending events is safe. Through efforts such as those of the International Association of Assembly Managers, America's citizens can be confident in the vigilance and preparedness of those responsible for their safety at public events.


MR. KEAN: Thank you for those two informative videos.


MR. KEAN: I'm going to ask Mr. Yun, please, to join us.

You know, the experience of 9/11 resonates with many of us as an attack on our country, for indeed this was the case, the physical attack, occurred directly to individuals and the companies that were residing in the World Trade Center. The experience was undoubtedly the most challenging a corporate executive could face, both personally and professionally. Our next panelists faced that directly. William Y. Yun is president of Fiduciary Trust Corporation -- Company International. Mr. Yun was responsible for the personnel and the organization of departments following the 9/11 event. He works closely with chairman and CEO Ann Tetloch, as well as Fiduciary's management committee and its emergency management team on emergency preparedness and disaster recovery issues since that time. We appreciate very much the fact that you took the time to be here with us today and spoke about what I know was the most difficult day for your company, for your colleagues, and that you're willing to share with us some of the lessons that have been learned. Mr. Yun.

MR. WILLIAM Y. YUN: Thank you, Mr. Chairman. And thank you to the members of the 9/11 Commission. I'm very pleased to have the opportunity to speak with you today and to answer any questions you may have regarding 9/11 and our response and our continue preparedness for other types of disaster scenarios.

Just in terms of background, Fiduciary Trust was located and headquartered in the South Tower, World Trade Center Two, on the 90th and 94th through 97th floors. We tragically lost 87 employees that day, and seven business partners who were also on our premises on 9/11. I was there earlier in the morning but had left by 7:30 to go see a client, so I was one of the fortunate ones who was out of the building at that time.

We are an investment management company, and we are also a subsidiary of Franklin Templeton Investments, which is a large mutual fund company based out in San Mateo, and that was -- I'll get to that later, but that's an important part of the whole story of our 9/11 recovery.

In terms of just our background for 9/11, we did have a disaster recovery plan, in part due to our concerns about potential power outages being -- affecting our business, and being up in the World Trade Center. So, we had conceived a disaster recovery plan in the -- in the mid-'80s under the leadership of our former chairman. And again, the concern there was a power outage.

After the '93 bombing on the Center, we were able to take advantage of this disaster recovery plan by being able to use facilities outside of New York City in New Jersey. We had established and off-site disaster recovery facility through an agreement with Sun Guard, which was a company that is involved in this business on a national basis. We were outside of our premises for approximately five weeks, but in that time, we did learn a number of lessons in terms of our preparedness, not only for employees, but also for running our business overall. And one of the key things was, obviously, data back-up. And in terms of what we did to improve our systems, at that point was not to have it stored in our current headquarters but to move that data facility outside of our headquarters, and we in fact moved that to a Sun Guard facility where we used our -- their premises for any types of business continuity.

We also created business plans, business continuity plans in terms of how we would run our business. Fortunately, that -- and those types of items were critical in terms of our recovery in 9/11.

You asked in your letter to me several issues you'd like me to address, and I'll go through each one of those and I'll just start with the first one: "What were the key issues that we faced as an organization on 9/11?" And obviously the first one was employees, employee safety, who was -- who was where, who was accounted for, who was missing, and certainly communication with families, clients, and any types of associates with our business. That was our number one priority and number one concern.

And we were fortunate in having a parent that was based out in California that acted as an off-site command center for us, which was able to effectively put together information for us and be able to help on communication lines on a constant basis. In fact, we had hourly calls where we described -- first, update situations on who was missing, who was accounted for, and that was -- ultimately enabled us to make plans for how we would move forward as an operating entity.

So, we used many types of communication, and I would emphasize that that was probably one of the key elements that we took away from the 9/11 disaster was safety of our employees, but then communication on what was happening with the business and the employees overall.

We had a 24-hour hotline with messages updated to keep people informed, families informed of the business of what was happening in terms of our organization, our people -- our recorded telephone updates, conference calls, regional office assistance, websites -- we lost our website as a company, where we had our server based in New York, but again, our parent company was able to reestablish that quickly. That became our message board and for many families to be able to communicate to one another in terms of what was happening in terms of any information we could provide with -- for our families overall.

In terms of, again, other issues, obviously employee safety is first. We were really following the directions of the Port Authority and following their guidance in terms of what we should do as an organization in terms of our evacuation of the building.

Just other points, in terms of -- ultimately, we needed to restart the business, and that was done out of our disaster recovery center out in New Jersey. As Mr. Chairman indicated, I was responsible for our personnel but also in terms of reestablishing our business. One of the first things we look at as a financial organization is our core systems, our critical system. We had over 30 systems that we needed to establish as a business to get up and running again so we could operate going forward. We had tremendous support, not only from our employees, people who were doing everything humanly possible and beyond to reestablish our business, and for that I'm truly grateful for all the efforts shown on that day, with tremendous support from our parent company and from outside vendors such as Sun Guard and IBM in terms of helping us get back to running our company.

We were able -- as a bank, we needed liquidity -- we were able to establish a Fed-wire on Wednesday. We were able to establish our bond trading capabilities on Thursday. And then over the weekend, we were able to get our office and our business back for the opening of the equity markets on that following Monday. We established -- while we were out of New York, we did soon, quickly thereafter, sign an office lease in Midtown Manhattan at Rockefeller Center. We're located there permanently, but we felt that was an important sign for our employees to show that we were not only back in business but we were committed to New York and to show stability for our clients overall.

So, we learned -- we had many key issues facing us on 9/11. Obviously, the emotional ones, the personal ones were the hardest ones to work through. But, again, it was something that we as an organization pulled together, not only with the families but employees and, again, I thank everyone for their incredible efforts there.

The next question you asked was: "What have we changed in terms of our emergency preparedness, crisis management, and continuity of our business since 9/11?" And one of the things that we did as a business was we accelerated our integration with our parent company. We had sold our company in April of 2001, so integration efforts were beginning, but quickly after 9/11 we accelerated our business and vastly transformed many of our operating and technology systems.

One of the key things was relocating our data center. What we felt was important was not to have it regionally located, so we moved our data center out to California, which we felt mitigated further risks to our business by having it outside the region. And that facility is since backed-up outside of California in Colorado. So, we have redundancy of our business and off-site data center storage.

In terms of our local business, all of our business units have developed business continuity plans, in effect, how to run our business if we are out of the office. These are inclusive of call trees, personnel reports, contact numbers, et cetera. This was very effective in the blackout of earlier this year, and it continues to be something that we test on a regular basis. You mentioned our emergency management team, which I am a member of. We also review, and I think I heard earlier today, tabletop exercises -- we do that on a frequent basis as well.

And we also have a very good partnership with the building management at Rockefeller Center, and I feel that that is something that we benefit from as an organization in working with our property manager in terms of safety, evacuation drills, fire drills, et cetera.

And then finally, obviously our employees have gone through a considerable amount, so there is a heightened awareness in terms of safety, evacuation procedures, et cetera, so this is on the forefront of everyone's mind in our organization. We did move to -- as a conscious decision, moved to lower floors instead of being up of the 90th and 94th floors, we are now located on floors 2 and 4 through 7, and I think people take a great comfort from that from an employee standpoint as to how we are located in New York in today's environment.

So, we feel like we've done quite a bit in terms of our disaster preparedness. In fact, we also do twice annually disaster recovery preparation or testing in our off-site facility, bringing up our systems from scratch. We, again, have the same number of critical systems, but we are able, in fact, we are able to bring up all our systems within two hours. So, the improvements in technology, improvements over the past several years have increased our ability to recover our business and we feel we're very prepared from that perspective.

We continue to learn by various training exercises, and that's one of the things I would recommend for corporations in the private sector, continual training, because every time you go through an exercise you learn something different. One of the things we learned just recently was that some of our critical storage files, e-mail files, bringing up those applications, we decided that we had so much in terms of our storage of e-mails, something like 600 gigabytes, that we decided that takes time to bring up. What we wanted to do, and what we are going to do is have our employees have a specially designed DR files, critical files that they need to bring up, or e-mails that they need to bring up going forward, that will save time ultimately, and bring up the less critical ones at a later point in time.

The next question you asked is: "What is the role of, as president and that of senior management, in setting the tone in leadership for emergency preparedness?" This is absolutely critical. I don't -- I think that if it doesn't come from the top, then the rest of the organization will not be sensitized to it and will not take it seriously. So, all of our senior management is involved in terms of emergency preparedness and really sets the tone. We report this to our board of directors and give updates in terms of our disaster recovery plans for recent exercises that we've gone through. The board is very interested in this. I think it's something that many organizations have adopted, wanting to know what preparedness efforts are underway. It's critical, again, for the employees, but also for an ability to run a business, what is the planning process here. And as board members, as directors, they ultimately have, you know, the governance and the oversight for the business and the shareholders and the interest of the overall concerns.

The next question you asked is: "What would be some of the key recommendations that we would give to other companies that may have not faced our situation on 9/11?" And again, it goes back to having a plan, a detailed plan, and to practice these plans, and to have regular exercises going through this. You learn continually through it. And even the best plans require ad hoc decision-making and that is the importance of having a good call tree, a good communication center, one that is regular, one where you have special dialing numbers, and one that is effective and practiced frequently.

The other thing I would recommend to companies is that to manage the risk of the business and of a disaster happening, you have to have key, critical information in your data centers off-site, off-location, outside the region perhaps. And you also have to have personnel that can make decisions outside the region. Our senior management is based in New York, but after 9/11 we decided that we needed to have managers or other individuals located outside of New York that could make decisions in the event that somehow the senior management in New York was not able to, or was traveling, et cetera. So, we have a much more diversified approach to a disaster that is outside of New York and that encompasses several regions.

I'd also emphasize the business continuity efforts of organizations. In fact, we're going through one right now in our Miami office where we're expecting to see quite a bit of protests and demonstrations, so we have people from that office operating out of a Ft. Lauderdale location, out of their homes, out of New York today. And again, we are able to conduct our business and be able to effectively communicate to employees, clients, and to manage the business outside of the regional location.

Those are some of the recommendations I have. But again, the most important one is employee safety, and that cannot be underscored enough in terms of sensitizing the employees to what is important in terms of their overall safety.

And then lastly you asked: "What is the role of the public sector in helping your company in this area, and what else could be done?" Well, again, we feel, and we want to be partners -- I think that's the best way it works for private companies is to have good chains of information, of any types of communication, broader networks. I would love to see more available from web access, other types of communication forms so that we can make our decisions quickly. Once decisions have been made from a top-down level, a city or governmental level, we as a private concern or business entity can make our decisions based on those top-down concerns, or, you know, in fact pass those down to our building management, and then they can pass that on to us. But it's timeliness, it's information, it's accuracy. And all those things play into what I think is a successful communication chain of command or linkage so that we can effectively make decisions and take care of our employees and our business.

I'll end my formal comments there, and I'm very pleased to answer any questions you may have regarding 9/11 or our continued preparedness.

MR. KEAN: Thank you, Mr. Yun.

Commissioner Ben-Veniste.

MR. RICHARD BEN-VENISTE: Thank you very much, Mr. Yun, for coming today and being so responsive to the questions that were put previously by the staff and working together with the staff. So, on behalf of all of my colleagues on the Commission, I want to thank you very much for your presence here today and sharing your experience with us.

The public should know that the husband of Kristen Breitwieser, an employee of your company, and that Ms. Breitwieser has been tireless in her efforts, not only in the creation of this commission but as we have moved forward, to assist us in all kinds of important ways.

We are obviously very mindful of the business continuation precautions and preparations that your company took in advance of 9/11 and the importance of those precautions and level of preparedness in the continuity of your business upon which so many others rely in connection with their investments and their personal sense of well-being and continuity.

I would like to focus more directly on the human element of the 9/11 disaster and ask you, sir, whether, prior to 9/11, you coordinated in any way with other tenants at the World Trade Center or in some way with management in terms of preparedness for emergencies.

MR. YUN: We did not coordinate with other tenants. We again were working under the auspices of the Port Authority. In fact, that's one of the lessons we learned. Today, in fact, we are coordinating with one of our other tenants in the building that we currently occupy. I mentioned we're on two; the tenant above us on three. And we have had discussions on how we can partner better in terms of a potential disaster.

MR. BEN-VENISTE: And in that regard, it seems to me that it would be useful on a much broader level for you to be able to share your experiences with other companies, but also for you to continue to learn from the experience of other companies.

And my question is whether there is any facility or organization to which you are a member or you are aware which coordinates simply on a community basis, if you will, the lessons and applications which may be useful in times of emergency.

MR. YUN: Well, that's a good point. We are members and involved with many different types of forums or organizations, whether it be the Investment Company Institute or the Institute for Institutional Investors, things like that, that are forums for our peers in the business.

But we -- specifically there's not, that I know of, an organization that focuses on preparedness or disaster recovery. I think we have shared our story in many forums with our peer group, but we've not made it or not seen it as an official type of sharing of information or networking, focusing on continuity or recovery. I think it's a good idea, actually.

MR. BEN-VENISTE: And so it would make sense, from your point of view, if someone would take the lead in organizing some way of sharing information and perhaps organize some level of seminars or face-to-face meetings where your representatives could meet with other companies' representatives and share information and know-how.

MR. YUN: Yeah, I think that's a good point. I know, just from what I was seeing here on the video, of trade groups such as that. I know in New York City, property managers or building owners have meetings where they do discuss preparedness. And I think that would be very useful for representatives of the private enterprises, the lessees, to take advantage of those types of --

MR. BEN-VENISTE: I think it would make sense for our commission to hear from companies like yours and others around the country with some ideas about essentially providing some framework for meeting together and sharing that information outside of government, within your own organizations. It sounds to me like that might be quite a useful thing to do and something which companies would wish to participate in.

Let me ask you about the experience on the tragic day of September 11th, 2001. We have heard a lot about Morgan Stanley and the precautions Morgan Stanley took in preparation, as well as what occurred on that day in terms of their security director essentially directing Morgan Stanley employees to evacuate the South Tower after the North Tower had been hit, despite what was perhaps at best the ambiguous information coming over the loudspeaker from the Port Authority people. What was your experience at your company with respect to evacuation?

MR. YUN: We had individuals make the decision to leave as soon as the first tower was hit. Our director of HR was helping to assist in that. But again, under those ambiguous comments or directions, some of our employees -- and this is again from what I hear -- turned back and went back or stayed in the building, based on some of the information they were hearing.

Certainly after the second building was hit, where we were located, then it became a full evacuation. And, again, many of the people in our HR department had heroic efforts to get people down as quickly as possible, but in doing so, lost their own lives by taking the time to look for others.

MR. BEN-VENISTE: Do you have any sort of estimate of how many lives were saved by the level of preparation that your company had made in advance of 9/11?

MR. YUN: No, I don't know off-hand, off the top of my head. We had at that point had about 650 people located in our New York office. We lost 87. The time of the day had an influence in terms of how many people were in the building, the travel schedules, et cetera. But I can't say with any accuracy how many people were saved due to preparedness in terms of the evacuation of the building.

MR. BEN-VENISTE: From the standpoint of just the arithmetic, it sounds like a substantial number were able to get out.

MR. YUN: Or had not been at the building. I don't know the exact numbers.

MR. BEN-VENISTE: In the aftermath of 9/11, we have heard anecdotal information about both the utility of conducting full-building evacuations and some of the hurdles that companies have faced. Have you at Rockefeller Center gone to full-building evacuations?

MR. YUN: Yes, we have.

MR. BEN-VENISTE: And we had heard that there was -- and again, this is anecdotal, and I'm sure it's building by building -- but we had heard that in the case of one large company, it took them something like four or five months to get through all the red tape associated with doing a full-building evacuation of their employees because, at the end of the day, the building management required waivers to be signed and assumptions of liability by the company in the event of any mishap during the evacuation.

Have you faced any sort of hurdles? And do you have any recommendations about standardizing full-building evacuation procedures?

MR. YUN: I don't have any specific recommendations. But what we experienced in the recent blackout earlier this year was that while people were out of the building, it was a more dangerous situation, or potentially dangerous situation, out on the street.

So it was actually potentially safer and actually safer in the building, and that was an issue of getting people back in. So once we realized that there was very little transportation available, it was almost better to stay in the building rather than try to wander the streets to get home.

MR. BEN-VENISTE: In the event of a calamity that makes the building itself unsafe, as compared with a simple outage, which makes it uncomfortable for staying in a building, at the least -- I don't minimize that -- but having a full-building evacuation seems to me, without any particular expertise on the subject, a much different proposition than having individual evacuations of a floor or two floors, because the real questions -- as we have heard, the real problems associated, putting aside all of the impediments from smoke and darkness and so forth, but the real impediments are in the large numbers of people who must evacuate a large building simultaneously.

Do you have some feeling with respect to the difference between a full building evacuation and one which is more limited in scope?

MR. YUN: We are currently in a smaller building with fewer occupants and a fewer number of floors, so our type of evacuation would be easier. We have experienced that. And, again, we're on a lower floors, so that, by design, makes it easier for us as an organization. But, again, I couldn't comment on the technical aspect of an evacuation.

MR. BEN-VENISTE: Well, let me finish up with two more general questions, and they are directed to what could be done better on a local level, from the standpoint of cooperation from city or local authorities, in your view, and where you might look to the federal government or more regional, at least, governmental approach.

MR. YUN: Again, I would reiterate the communication links are key. If we can have quicker access or more direct access to any top-down decisions made by either the federal or local governments, that would assist us in being able to make quicker decisions on our own and to evaluate what we need to do as an organization.

MR. BEN-VENISTE: Thank you very much.

MR. KEAN: No other questions?

Mr. Yun, thank you very, very much --

MR. YUN: Thank you very much.

MR. KEAN: -- for taking the time to share your thoughts with us.

MR. YUN: Thank you.


MR. KEAN: If I could ask Professor Glenn Corbett and Randolph Yim, please, to join us.

In our investigation of the current state of preparedness in the private sector, we've become woefully aware of the many standards, regulations and codes that are in the public arena. In this panel, Professor Corbett will discuss the myriad standards that exist and make recommendations about this situation.

Professor Corbett is an assistant professor of fire safety at John Jay College in New York. He's on the distinguished advisory panel of the Skyscraper Safety Campaign. He's also importantly captain of the Bergen County, New Jersey volunteer fire department. He's currently appointed to the federal advisory committee which will oversee the NIST investigation of the collapse of the World Trade Center.

Randolph Yim in 2003 had the report, "Potential Terrorist Attacks: More Action Is Needed to Better Prepare Critical Financial Markets," which makes several recommendations regarding markets' ability to deal with future disasters. GAO has also been concerned about the sustainability of our homeland security activities as well as the need for standards to address these concerns.

The leader of all these discussions has been our panelist today. Randolph Yim, a managing director in homeland security and justice at GAO, leading the national preparedness team. He draws on his private and public-sector experience with ISA rules on environmental issues.

I don't know which of you would like to go first. Professor Corbett?

MR. GLENN CORBETT: Thank you. Good afternoon, Chairman Kean, Vice Chairman Hamilton and members of the National Commission on Terrorist Attacks. Thank you for inviting me to speak on the very important issue of standards for disaster, emergency management and business continuity.

I'd like to begin my testimony today with a brief overview of where national building codes are related to emergency preparedness standards. Codes of standards establish the minimum level of acceptable performance. They also can be used as a ruler to see how specific facilities' emergency procedures measure up.

Generally, codes deal with the built environments, the design of the buildings themselves. Standards typically establish procedural protocol, such as how and when to evacuate a building. While this description generally holds true, emergency procedures have, in fact, found a way into codes, however.

The design of buildings and the emergency procedures used within them are critically linked; for example, the ability to quickly and safely evacuate a building is based upon the relationship between the structure's design and its adopted evacuation procedures. The effectiveness and success are dependent upon the articulation between these two areas that are covered by the codes and standards.

Despite the importance of life safety in buildings, we have no single code or standard to follow. Instead we have a myriad of organizations preparing these documents, some of which are in the public sector, while others are in the private sector. Some are guidelines without the force of law, while others are statutes that must be followed. Several codes and standards overlap, while some are completely duplicative.

Unbelievably, when it comes to terrorism-resistant building designs, we have no comprehensive national codes for building designers to follow. Despite the fact that a certain number of buildings or many buildings within our country are potential terrorist targets, we have yet to develop a single set of comprehensive and detailed terrorism-resistant building regulations that provide a nationally accepted base line.

Generally speaking, building codes are enacted at the state and local levels of government. Cities and states typically adopt a model building and fire code, a set of nationally-developed regulations, which can then be amended to meet local needs. There isn't any federal regulation that requires adoption of a building or fire code at the state or local level. Some jurisdictions have not adopted any construction or safety codes at all.

States and cities can choose from two sets of model building and fire codes, one prepared by the NFPA, that was mentioned earlier, the other by the International Code Council, also mentioned. While these two sets of codes broadly cover the same topics, they are different in format, and their specific requirements do vary. States and cities adopt one of these two sets of model codes and typically add their local amendments, making building safety uniformity difficult to achieve across the United States.

Neither of these two -- issue of terrorism resistant building design. If a building designer or building owner wishes to have their building made terrorism resistant, they cannot simply look to their locally adopted model building and fire codes for guidance. They are forced to wade through a variety of narrowly focused terrorism guidelines that address specific issues, such as glazing, or air handling system design. Often the building designer or owner is forced to retain the services of a consultant, who conducts a risk assessment, and to advise them as to how to deal with the problem without the benefit again of a single comprehensive and detailed national code to measure themselves against.

The strength or weakness of the consultant's assessment and his recommendations are solely based upon the consultant's expertise, not the baseline of a national code.

Obviously most buildings do not need to be rendered terrorism resistant. However, many communities have potential targets within their boundaries. Willing designers, the owners and community leaders should have the ability to assess a particular structure's vulnerability to a terrorist attack.

It appears that the Department of Defense has made the only attempt at a broad set of terrorism resistant design guidelines in their minimum anti-terrorism stance for buildings, U.S.C. 4-010-01. It's very broad in nature, but it's primarily explosion driven and lacks any real detail for either biological or chemical attacks.

When it comes to national emergency preparedness protocols for evacuations and the like, the situation is a bit brighter. There are a variety of emergency planning tools, both stand-alone documents, or text imbedded within larger safety-related documents. For example, OSHA requires that entities under its jurisdiction comply with specific regulations that mandate emergency action plans, specifically fires and what they term "other emergencies." They don't specifically address terrorism specifically, and the regulations themselves are very, very light in detail.

Getting back to the NFP and the ICC, they recently upgraded both of their fire codes to include more extensive emergency planning requirements. These codes, however, again, must be adopted and enacted for them to have the force of law within a jurisdiction. For example, the state of New Jersey is in the process of adopting a new fire code which will likely be in the 2003 edition of the International Fire Code. Until that time of adoption, however, the requirements contained within these regulations cannot be enforced by the state.

New York City has taken a different route. As a result of the attacks on the World Trade Center, they established a World Trade Center Building Code Task Force within the City's department of buildings to review the need for updating the city's building regulations. The task force issued a report including 21 recommendations, which included recommending full building evacuation plans to be developed for non-fire events in high-rise structures, and also another one that deals specifically with biological and chemical attacks by requiring heating ventilation air systems fresh air intakes to be at least 20 feet above grade, and away from any loading docks or loading bays. New York City Mayor Bloomberg subsequently reviewed these 21 recommendations and is now in the process of moving forward immediately with 13 of them, including those two I just mentioned.

As mentioned earlier about full building evacuation, they are of grave concern nationally to life safety specialists. Our model regulation codes do not anticipate full high-rise building evacuations. Stairwells are designed to handle the evacuation of only a few floors, leaving most occupants in the building to stay where they are located. The experience of the 1993 World Trade Center bombing and the events of 9/11 certainly contradict this what we call "defend in place" strategy that's common to nearly all high-rise buildings across the country. I'll mention briefly there is an NFP-8 document, NFP-1600, which the next panel will discuss in detail and I won't take up time talking about, but it is an important document for emergency planning procedures.

In light of what was talked about basically, there is a lot of work that we do, and obviously this whole code and code situation is very complex and confusing, and you can imagine what it's like for the private sector to attempt to deal with these kind of issues. The private sector entities must first establish what local laws apply to them, if any, and determine whether or not these codes or standards include provisions for emergency planning. If they are constructing a new building and desire that it be terrorism resistant, they will need to retain a consultant, as I mentioned earlier.

A related issue that I would just like to briefly mention is the role of local and state government approval of specific buildings and emergency procedures within them as it relates to terrorism preparedness. While emergency procedures used within a given building will typically fall within the jurisdiction of a local fire code enforcement official, the building design features are a different story. Should local governments dictate which buildings are terrorist targets and require specific anti-terrorism building features, or should the building owners make that decision themselves?

I would suggest that the answer lies somewhere in between for that particular question. State and local governments must take an active role in conducting terrorism risk assessments within their communities and identifying their vulnerabilities. Building owners whose facilities are identified within that assessment should be encouraged to expand their emergency preparedness plans to include issues specifically of terrorism, if they do not already, and develop a list of terrorism-resistant building design upgrades to address the threat.

A useful model that would help move this forward quickly would be one that is used currently within the public sector, called the Emergency Management Accreditation Program, or EMAPs, developed by several entities including FEMA, the International Association of Emergency Managers and the National Emergency Management Association. This program accredits individual communities for disaster mitigation preparedness and response and recovery programs. So here's something that is out there in the public sector right now that accredits specific communities across the United States that perhaps could be redefined or remolded for specific buildings within a community.

In light of the situation, I've got some recommendations for the Commission to consider. The first one is that the Department of Homeland Security should take a very proactive role in beginning the initiation of a code for terrorism-resistant building design. The code should provide detailed and specific requirements that establish a minimum level of acceptable protection against terrorist attacks.

The next recommendation would be that an accreditation program for private sector facilities to evaluate their emergency preparedness. Both the physical plant and the emergency planning aspects should be established. Such an accreditation program would not only be useful for building owners, but for local governments as well, because if you have an accreditation program like that, local communities can then make decisions on response plans of their own, concerning how many people they are going to send to a particular facility and what they should expect to find there if there's a terrorist attack.

The model code groups that I mentioned earlier, the NFPA and ICC, should be encouraged to coordinate their emergency planning criteria. This will make it easier for multi-site private sector businesses with operations in many states to have a better chance of achieving uniformity. The fact that we have two model code groups both competing for cities and states to adopt them, is a major issue I think that you probably should be looking into.

And finally the "defend-in-place" strategy that I mentioned earlier and the issue of full building evacuation needs to be fully studied and assessed. Today's reality is that building occupants do not follow orders to remain in place during emergencies. It's very possible they will self-evacuate into stairwells that are not designed to handle the crush of people, and we have seen that time and time again, especially we saw what happened in the Chicago high-rise fire about a month and a half ago, which I was disappointed to learn that NIST in fact is not going to be investigating that, because that is such a landmark fire with this specific issue of concern.

On that note, I would like to thank you again for inviting me to speak, and be glad to answer any questions.

MR. KEAN: Thank you, Mr. Corbett.

Mr. Yim?

MR. RANDALL YIM: Thank you, Mr. Chairman, Vice Chairman Hamilton, distinguished commission members, September 11th family members, ladies and gentlemen. On behalf of the comptroller general of the United States, David Walker, thank you all for your very important and dedicated efforts to improve homeland security for our nation and its people. We at GAO hope that our efforts have been of assistance to you, and we pledge our continued support.

What I'd like to do is to highlight and illustrate some of the key points of my written testimony, and then be so presumptuous as to suggest some additional actions that could be taken along the lines of setting standards, national standards, to improve homeland security.

Are we better prepared to counter the threats of terrorism since September 11th, and as a result of the start-up of the Department of Homeland Security? The answer is certainly yes. Unfortunately, many believe that this is an inadequate standard by which to judge our success today. Judging our success will depend to a large extent upon what we identify instead as our homeland security goals. As a nation we are unlikely to definitively, quote, "win the war against terrorism," since terrorist threats are subject to constant change, resources are finite, and it is simply impossible to be 100 percent secure in such an environment. Nor could our nation definitively say that we are doing enough for homeland security, since although much progress has been made, much more needs to be done. And like many of our complex issues facing our nation, always more could be done.

Success for homeland security may be better measured in terms of continued progress for becoming better prepared. And since homeland security relies upon the coordinated actions of federal, state, local governments, and the private sector, and in many cases upon layers of defenses, progress has to be measured across numerous dimensions. Standards, particularly systems standards, management standards, hold great potential to both improve coordination across such dimensions and enhance measurement of continued preparedness. Such standards addressing performance and design and what an organization does to manage its processes and related activities could help identify interdependencies; define roles and responsibilities; assign those responsibilities; and link federal, state, local governments, not-for-profits and the private sector in a measurable, dependable and reliable manner.

We are not just talking about connecting the dots; we are talking about connecting players and connecting their capabilities to make our nation safer.

The private sector already sets standards within various business chains such as in the design, raw materials, supply, manufacture, sales, delivery and customer support chain. Should we continue homeland security really as this type of business chain, where standards would be essential to measure and assure the stability and reliability of all links in this interdependent chain?

And let me make clear, Dr. Corbett talks, and previous witnesses talked about he importance of building standards, product standards, et cetera. There's another family of standards: systems standards, a systems engineering type of approach that is equally important to talk about. So not only must be increase for example the bandwidth of our radios so that our first responders can talk to each other; we must have some sort of systems standards that when they are able to communicate they are acting in a coordinated, effective, efficient manner that does not put them at risk and enhances their effectiveness.

I think we have much to learn, members of the Commission, to how we have approached other crises in the past, and some disturbing ways in which we've approached crisis mode management.

I'll take you back to the late 1970s when we first began to experience exploding automobiles, if I could use an example. You all recall the exploding Pintos -- when people would have automobile accidents. And what was the government's response, industry response initially? It was to bolt on big bumpers to our automobiles. If you will recall, we all owned tremendously ugly cars. But the theory was that if I bolt on this big bumper, and of course if I only got hit in the rear in a vertical-type of collision that I would survive that crash. And over time people began to realize that was probably not the most efficient way to handle it. We should have perhaps been designing automobiles to avoid accidents -- to talk about more rigid body structure, better tires, better instrument panels that would not only fundamentally make the car safer, but also more efficient at the same time.

To a large extent, we are at a big bumper stage in homeland security. How can we incorporate standards, print homeland security principles to make not only the country safer but the agency missions and the important business processes that we wish to make more secure fundamentally more efficient also? One of the greatest concerns at the GAO is for homeland security how will we address the sustainability of the efforts, integration of the efforts, so that we can incorporate homeland security principles into these agency missions and business processes without destroying the viability of those business processes themselves?

How can we strike the proper balances between security and add the word "security" to economic security, financial market security, health care system market, environmental security, many other important priorities that this government must fulfill? And how do we hold people accountable? -- not only for the significant amount of funds that are being reprioritized for homeland security, but if we begin to assign responsibilities in some sort of systems approach, how can we hold these sectors accountable, that if a crisis occurs they will have the ability, they are sufficiently prepared to fulfill their assigned responsibilities.

Moving away from this big bumper type approach allows us to systematically address the core issues necessary to become better prepared, to help us set priorities, be able to continue to measure progress toward improving homeland security, to be able to address a key problem identified by our comptroller general who notes, quote, "At the present time the federal government is flying either blind, or with inadequate instruments in many areas." We need a government-wide strategic plan and annual performance and accountability plans that are linked in some way to key national indicators and integrated into agency and individual plans.

Where do we start? There are so many things that can be done, and it is unlikely given the fiscal position of our government, that we can do them all. And certainly no one entity -- federal, state, local, not-for-profit, private sector can do everything. Instead, it is increasingly apparent that homeland security will require strategic and shared capabilities and investments among these federal, state and local governments and the non-profit and private sectors.

These investments should emphasize the development, augmentation, maintenance and linkage of capacity to respond to the three central missions of homeland security -- prevent terrorism, reduce vulnerability, and respond and recover quickly in the event of an attack. The development of this type of capacity to counter a broad-range or potential threat, an all-hazards approach if you will, is critical due to the uncertainty as to the nature of the specific terrorist tactics to be deployed and questions about sustainability of any other approach.

It also will allow us to address the central core questions of what are these likely threat scenarios that we must address? Who is in charge, and who should be in charge under these various scenarios? What should be done and what sector is in the best position to do that? Who pays for it and how are we going to pay for it? How much is it going to cost? And, again, how do we ensure accountability, again both for the use of the funds as well as fulfilling the assigned responsibilities. We believe that one promising methodology is the adoption of national standards, both product and individual service standards, as Dr. Corbett mentioned, but also systems integration type standards.

We've heard testimony today about various methods in which we could go about adopting some of the standards, the national strategies, set some goals and milestones. The GAO has been critical of the ability of those national strategies to both horizontally and vertically integrate -- horizontal in the sense of coordinating the activities across the diverse federal agencies, and most importantly vertical integration between the federal government, state and locals, private sector, not-for-profit.

We've heard some testimony about ISACs, these Information Sharing and Analysis Centers. GAO's past work has found that there are currently 16 ISACs, and although DHS has formal agreements with most of them, additional efforts are needed. Not all sectors have fully established ISACs. And even for those sectors that do, our recent work has shown that participation is mixed, and the amount of information being shared between the federal government and private sector organizations vary.

For examples, efforts were still in progress to establish baseline statistics and sectors do not or always coordinate among other sectors. It is absolutely crucial that if we are going to have a shared investment, shared responsibility strategy that we have shared input into what that strategy should be. And if we are going to, as Chairman Kean indicated, involve the private sector in the protection of the 85 percent of the critical infrastructure that is owned by them, it is absolutely important they have an input into the development of types of standards that the federal government and state and locals will need to employ.

Certainly, it also will have an impact on the type of federal stimulus programs that need to be designed. We're not just talking about grant programs for state and locals, focusing today on the private sector. There are many ways, going through Commissioner Gorelick's question: How do we incent the private sector? We had testimony from insurance industry representatives. It's very interesting to look at some of the standards for environmental management that were adopted -- the ISO 14,000 series for environmental management, that set protocols for the handling of potentially toxic materials.

Not only did those standards originally just evolve as best practice voluntary, but when they began to become standards of care in the industry, because many of our environmental statutes allowed private rights of actions, when they became standards of care and potentially a negligent standard for the private sector, then the insurance industry, as a precondition to providing environmental liability insurance, or in the case of terrorism insurance, could impose additional auditing protocols that drove -- that provided an incentive.

So, again, we could have manufacture investment credits, we could have certainly positive incentives. But there may need to be employed some carrot and stick approach also, and I think the insurance industry plans a very, very critical role. But without some sort of capacity type or performance goal it will be increasingly difficult to measure and answer the question: Are we continuing to become better prepared? We're not just talking again just about the thickness of the Kevlar vest, but the capacity of, for example our hospital infrastructures to be able to triage and isolate X number of patients for X amount of time until additional resources can be brought to bear: push backs can arrive, or other units can arrive from other sources.

The ability of our water purveyors to be able to continue to provide water in the event of a widespread power outage for X numbers of time. We have a capacity standards like this that have been created in the crash and fire for example at airports. There are standards for being able to respond to an event at an airport within X amount of time, a performance goal that dictates where the fire stations should be located and how many people should be there. It is not just about equipment.

The lack of performance standards tends to drive federal stimulus programs to countable things: How many pieces of equipment can we buy? How many people are employed in particular sectors? -- as opposed to, What are the fundamental capabilities of those sectors to respond? And it's also important to note that we don't want people to have the capability to do the same things. To have a layered type of defense approach, we should be looking at the commonalities of our private sector, state and local to respond to certain all-hazards emergencies. And what are the variants as a result of terrorism that cause you to have to develop additional types of capabilities? That's what the approaches are.

Some suggestions, if I could, Mr. Chairman. We need to begin a very effective dialogue on how we would go about setting these types of national standards. What is a -- to use perhaps an impolitic term -- a safe environment --

MR. KEAN: If you'd sum up now.

MR. YIM: Yes, yes. A safe environment to discuss the creation of standards because of the difficult policy choices involved. A body like this can lay out the playbooks or various scenarios in which standards would provide the most benefits, to talk about what are the common capabilities that must be addressed and what are the variants that need to be done on a national level, to talk about incentives and also to talk about emerging technology. If we are going to set standards that are capabilities based and we are going to have many vendors talk about their ability to meet those capabilities, we need the ability within government to assess the viability of those emerging technologies. How we do that I think will be problematic, but we hope that this commission could provide guidance on this.

Thank you, sir.

MR. KEAN: Thank you very much -- very interesting and important testimony. Questions from the Commission? Which one of you would like to go first?

Secretary Lehman?

MR. JOHN F. LEHMAN: Yes, thank you. That very helpfully augments and elaborates some of the earlier testimony we had today on this issue. There's no question there needs to be a process for establishing standards in these areas. So far we have heard no consensus about how this is to be done. Both of you have had extensive experience in governmental and in dealing with private sector environments. We need some specific recommendations with regard to where do you recommend the leadership reside in establishing an environment? We heard explanations that are quite valid that there are real restrictions for companies, particularly in the insurance industry, getting together and setting standards. There are competitive -- there are Sherman Act kinds of problems. We heard these same things when the ISO standards were begun in the engineering world, that this was some kind of constraint of competition and so forth.

But we have precedence where the ISO 9,000, ISO 14,000 standards have been set without really government leadership in doing it, but in government encouragement and a kind of willingness on the government's part not to pursue antitrust and anti-competitive kinds of enforcement where these things make common sense. In fact, in the case of insurance services office, it was the specific exemption under McCarran-Ferguson to allow the pooling of this kind of information, which has led to tremendous benefits in setting of standards for instance in rating local code enforcement for building codes and fire codes and so forth. That exists.

Do you believe -- I would really like to get specific recommendations from each of you on what we at the Commission with this rare opportunity of the total focus of both Congress and the Executive Branch, ready to willingly or unwillingly act on what our recommendations are. What should we recommend? There's no question we need a standards process to set standards in these areas. Should it be mandated from Congress? Should there be a new kind of non-governmental organization like ISO set up specifically to do these standards with a mandate to do it? Obviously it can't be done purely at the federal level, because every local jurisdiction has its own unique set of issues and requirements. You can't impose what you'd want for the Empire State Building on a two-story garden apartment complex in Florida. So could you get down to specifics in recommending a program for what this commission in your judgment could do in its report to see that real action is taken?

MR. CORBETT: To answer your question directly, as far as building design goes there are standards-making organizations already. I mean they exist. The NFP and the ICC are the two recognized code-writing bodies here in the United States. The problem is of course is that there are private sector entity that doesn't report to anyone other than their membership. So, as far as the federal government is involve, I think the only solution to that is to strongly encourage through DHS a meeting of the minds. They do have a relations -- ICC and the NFP both have relationships existing within FEMA, and within the U.S. Fire Administration, and I think that can certainly be an area that you could explore specifically to move it forward.

I think if DHS was for example to hold a conference on this or some type of, again, meeting of the minds, to move it forward, I think that could happen. As far as the emergency response protocols within the private sector, again, there's a bunch of them out there right now. The problem is that there's, again, there's no single one that it's followed everywhere. And that's one of the issues here. I mean, this, and this is a fundamentally a, as I mentioned earlier, that you know, code enforcement is considered to be a local and state function, and the fact that these are national issues makes it very difficult to try to massage this into a way that we can have some kind of uniformity across the United States.

I would have hoped that, you know, there was a chance five, six years ago that the NFPA and the ICC actually were in partnership to develop a single national building code, and it fell apart, and the fact is that we have two of them now, right here. We've got two codes that are used nationally, and they're competing with each other, trying to see which jurisdictions will adopt them. So, that's a -- again, the only thing that I can suggest is strong encouragement from DHS.

MR. LEHMAN: Well, is there a certification process with teeth that could be used in this case? I mean, Congress could mandate that if -- that there are these say, two certification agencies, and if one or the other is acceptable, if they meet the standards, but that if there -- if a building is not certified to it, then there are real penalties.

MR. CORBETT: There isn't any, to my knowledge, any certification specific for buildings. That's the problem. And of course, these code writing bodies only write the codes. They don't go out and look at buildings. They have them there -- you know, they develop them, and then they're adopted by the cities and states. So there is no existing certification process for buildings.

I can say that, you know, my experience is that when there were NIST hearings, or I should say, House Science Committee hearings a year an a half ago, when the issue came of up of should there be federalization, for example, of building codes, you could feel the room shake when that was brought up. And so this a very sensitive issue, and again, it's a states rights versus federal authority. And again, it's one that I don't know the simple answer to that. I mean, like I said, I think as far as moving the codes forward, DHS is your best route. As far as, you know, having a certification process, I think it's -- as I mentioned earlier, it's certainly an important thing to have, and perhaps some third party could organize something like that along the EMAPs route as a model, basically.

MR. YIM: I wonder if I could add, Mr. Secretary, that I think that perhaps we should be looking at a -- not just a role for DHS, but Congress obviously plays a very, very important role, and perhaps there should be a two-step type of process on that. That the Congress and the Administration should not be, in all likelihood, setting the standards themselves. The standards to have a widespread support and buy in need to be scientifically based, and have a great deal of involvement from the private sector, and the federal, state and local governments also, but the private sector really has to buy into those adoption of standards.

What the federal governments could do, Congress and the Administration could do is begin to set the priority areas. What are the areas that would most benefit from standards? Design certain types of play books. What are the common scenarios that we as a nation must really begin to become better prepared. Is that a bio attack in a major urban areas? An attack on the power grid. It is a weapon of mass destruction in a port that would have significant supply-chain ramifications and really lay out, story-book out, design with playbooks that we must be concerned about. And, secondly, identify the points of intercession that may be non-obvious to begin adopting standards. One of the best ways as we have heard testimony before is standards should not come after the fact. They should be incorporated upfront into the design of a building, into the design of a system process.

There are opportunities as we discussed, important recapitalization of infrastructure in the United States over the coming years, to identify points of inception in which homeland security standards could be interjected into, for example, the reauthorization of the Surface Transportation Act as we are fundamentally thinking about recapitalizing our mass transit infrastructure, our highway infrastructure, building in homeland security principles; as we are debating energy policy, how we can make the power grids and the supply side more secure; as we are debating recapitalization of emergency rooms, how we can augment the capabilities to deal with a bioterrorism attack. And then have the executive branch and legislative branch inventory and identify the entities that have the ability to do scientifically based consensus standards setting themselves. Is that ISO, is that ANSI -- many other bodies that have been talked about. But I would suggest a two-step type approach along those lines.

MR. LEHMAN: Well, I agree with that, but isn't it time to cut to the chase and name a specific, like they did in the case of ISO, a specific organization that has the certification authority, even though it's a non-governmental? Otherwise it's more meetings and bureaucracy without real standards being established. And it doesn't have to be done by the government. It should be done on a more decentralized basis, but with a certifying authority like ISO.

MR. CORBETT: I think there's a great deal of support on that. The ISO certifications were sometimes criticized by industry as being very, very complicated to actually obtain. But even an interim approach of a self-certification would be a great advancement on our current standards.

MR. LEHMAN: But, see, that's exactly the right precedent, because everybody moaned about ISO, and oh, how can you comply? Now most big OEMs will not buy from a supplier that is not ISO-certified, because in fact it turned out to be a very valid set of standards, and is constantly being evolved. And it's not the government doing it. Yet it has all the full effectiveness or more effectiveness than a government mandate.

MR. YIM: And I think history has shown that the increased cost of complying with the standards can be offset by the stability and reliability in the business chain that is created by the adoption of those standards.

I think that we do have to adopt more than a voluntary approach, that it may require legislation to begin to adopt a carrot-and-stick type approach, because there also needs to be some review of the statutory authorities available to centralized agencies. If we are going to adopt a standard approach, there may be a requirement to begin to direct resources from the federal agency to actually begin to direct the resources of the federal, state, private sectors in an emergency situation, and we should do a comprehensive review of whether or not sufficient authorities do exist or under what circumstances could those authorities be executed. I believe it will take some concerted and legislative action, as well as some budget reallocation to have management attention being paid from the Administration.

MR. LEHMAN: Thank you.

MR. KEAN: Congressman Roemer?

REP. TIM ROEMER: Thank you, Mr. Chairman. It's always difficult following Secretary Lehman. He does such a great job getting right at the heart of some of these questions.

Dr. Corbett, thank you for your time. You come very highly recommended by the families. Dr. Yim, thank you. And I want to just take 10 seconds to thank the General Accounting Office for all their excellent nonpartisan work. As a former member of Congress I used the General Accounting Office many, many times, and you put out an excellent product. And I also want to say that the Joint Inquiry that I served on, the General Accounting Office provided us with one of our most valuable employees, Raoul Gouta, who I think is here today. And we appreciate you being here. Take our appreciation back to Mr. Walker for his leadership there at the General Accounting Office.

Let me be very blunt with you. The first time I read through your testimony, Dr. Yim, I thought: this is pretty confusing, complex, and how do we get at this? How do we better understand it? And I thought about maybe too simple of an analogy, but let's say I represented the University of Notre Dame's basketball Team, and Secretary Lehman represented Navy's basketball team.

MR. LEHMAN: You'd be in trouble.

REP. ROEMER: And besides being up against a formidable opponent who we'd probably beat by 12 points, but we would want to assess our vulnerabilities and Navy's vulnerabilities. We would want to know what we're doing right, what plays would work, what plays would specifically work against his team. We would probably have some films and some scouting, and we would have a priority of plays that we would want to run in certain situations against his defense.

I think that what you are saying in standards, and developing a set of standards for the government, is that two years -- two years after 9/11, in many ways with our critical infrastructure needs and our priority for spending in Congress and in the Administration, we still don't have a good way to measure our progress and our priorities and our results in this. And let me try to get more firmly at this by asking you some questions.

Let's say Congress decides to prioritize first responders, and spend billions of dollars on them. Who has set the first responders as one of the highest priorities, and how do we determine what to spend money on? Is it walkie-talkies? Is it HAZMAT suits? Is it a watch list for terrorists? And how do we measure what communities are getting those types of equipment to best make sure that we are best prepared for the terrorist attack that is going to happen in a year or two years?

MR. YIM: I think that the priority setting should focus on capacity and capabilities, and leave the actual solution, how to meet those capabilities, to the individual sector or region variations. One of the great mistakes I think in reflecting my past in the Department of Defense, responsible for our military installations infrastructure, was when we dictated to the private sector or to others how to do things for the Department of Defense, as opposed to saying we needed certain types of performance goals or things done for us according to certain standards. I think the great role that the federal government could play is saying we need first responders to be able to meet these types of performance goals, these performance standards, these capacities, certain types of capacities.

We are going to leave them up to you because the maturity of their existing infrastructure varies by sector, by regions. We are going to leave it up to you on how you are going to finance this, how you are actually going to meet these type of performance goals specific to your particular region. But we are going to measure you against your ability to be able to perform to that certain level over time, and we are going to judge the efficacy of our federal grant programs, our federal stimulus programs in raising you closer to the performance capacity levels, rather than a mil specification type approach, a more performance approach that the military has adopted I think holds great promise.

REP. ROEMER: Well, with respect to the different priorities that we should be spending money on in fighting the war on terrorism and better preparing our critical infrastructure out in the country, let's say, you know, according to these reports there are 104 nuclear power plants in the United States. Who determines that that should be a priority to protect those, and then how do we measure the best way to protect those, and how many of them are protected currently?

MR. YIM: That fundamental policy decision must I think reside both in the Congress and the Executive Branch. I don't think either entity could do that by itself. There are certainly budget implications. They should, again, set the priorities. So both the administration must propose that budget, Congress must consent and approve. There is going to be regional variations, there's going to be statutory changes that are likely to be necessary. I think there has to be some sort of joint effort, so not just to reside in DHS.

REP. ROEMER: Okay, you're too nice a guy here. Let me push you a little bit harder. Has Congress or the Administration proposed which ones of those plants are more vulnerable or more important than others? How many can we currently ascertain how many of those we have protected, if any?

MR. YIM: I think that we are lax in completing our threat vulnerability assessment.

REP. ROEMER: Two years after 9/11 we have not adequately prepared our threat vulnerability assessment on even nuclear power plants?

MR. YIM: I think that we have examples of this moving forward -- for example, the maritime safety statutes require vulnerability assessments to be completed. I understand they are on track by the end of this year, first part of next year, for our major ports -- that type of activities that must be completed.

REP. ROEMER: Now, Dr. Yim, when you say that too, let's say we complete it, and we say that the following plants are more important than others, and this is a top-secret document, and we're also assessing how many we've protected. You're also saying that it shouldn't be dependent upon Congress to fund that, because Congress may have certain people on certain committees that are more interested in getting money to one state or members on the Appropriations Committee to another particular region or state than others. How do we make sure that those monies would currently reflect the standards and the strategy of that document, whether it was a document assessing the number of power plants, nuclear power plants, or where nuclear power plants were in line of comparison and priority to the power grids, the seaport containers, the HAZMAT suits, the cyber security needs of this country?

MR. YIM: It's obviously not an easy question to answer. But if we consider this as purely a program that's funded by the federal government, then I think we would have those difficult problems of dealing with individual jurisdictions. But it's clear that the federal government doesn't have enough money to do it that way. If we think of the federal programs as stimulus programs, a combination of tax policy with direct grants, with liability standards or provisions that are imposed, to provide a series of drivers for people to become better prepared -- either financial incentives or liability incentives or both -- then I think perhaps we can generate more than just political momentum for that.

There's a business self-interest for the private sector to adopt some of these standards, just to assure the viability, the stability of their own business model. In many ways in the environmental arena, despite the initial aversion to adoption of environmental management standards over time, not only did people incorporate green sources to minimize their liabilities, they incorporated waste minimization, energy conservation, that improved their bottom line. If we could devise federal stimulus programs to provide both carrots and sticks, incentives that are economically driven, stability or reliability driven, rather than just give people money, then I think we'll have the opportunity to --

REP. ROEMER: Theoretically let's say we do that. Let's say we devise a system of carrots and sticks and we come up with a pot of federal and state and local monies to incentivize that. And let's say furthermore, hypothetically, you're on a commission that the Congress and the Executive Branch puts together to try to determine what priorities should be first in place for this incentivizing structure, for priority standards that are implemented. What recommendations would you make in terms of such important things as nuclear power plants, our water systems, our electrical grids and cyber security? How would you rank those four things in terms of their importance for standards?

MR. YIM: That is virtually impossible for particularly the GAO to be able to rank --

REP. ROEMER: I'm asking you to get out of your GAO hat and not officially put it on a GAO letterhead -- you are a personal member of this commission now: How would you try to ascertain the best way to prioritize?

MR. YIM: And even when I think of it personally, Congressman, it's very difficult because you cannot compare the value of the safety of citizens of Oklahoma versus citizens of New York or citizens of New Jersey. It's inherently such a difficult policy decision to begin to rank those priorities. I think that the better approach would be to tie it to threat risks analysis, a risk management approach: Can we link the priorities to the anticipated threats? It's not a question of is one sector more important or another. What are the anticipated threats that may occur? Can we link the priorities? You're good at getting away from my question.

Let me try to conclude here and ask Dr. Corbett this based upon maybe threat assessments then. Let's say hypothetically that the intelligence that comes in since 9/11, and what this commission puts out, says that in terms of monuments or historic buildings or skyscrapers -- some of your areas of expertise -- the terrorists had prioritized or thought about attacking the following sites, and you've seen some of that in the press. We can put together some lists of priorities. As Dr. Yim has said, you can't do everything -- you have to begin somewhere. That's what standards do for you. In terms of the list of 460 skyscrapers in this country, how would you assess the progress we've made in the last two years on better protecting the top 25 of those skyscrapers from a catastrophic terrorist attack, and improving on the problems and the difficulties in the errors in the World Trade Center?

MR. CORBETT: Well, I think, you know, if you look at just for example high-rises, the level of risk for each one of these buildings, either in New York or around the country, is really assessed by the building owners themselves. I really don't think that we've done a very good job from a city, county and state perspective of identifying target hazards within the communities. Let me illustrate it with an example here. I am a captain in a small fire department, Bergen County, about 10,000 people. We're a volunteer department. There are 69 fire departments in Bergen County, so we have an extensive mutual aid system that works pretty well. I mean, we've used it for many, many years. The county did receive some funding for purchase of HAZMAT suits. We did buy apparently five -- what are called level -- and you've probably heard this before -- level B protective sets of clothing for each piece of fire apparatus in our county.

The problem for me is that -- and, again, I'm a mid-level officer in one of these departments -- is that it's not clear to me what my responsibility is, what risk assessment has been done within our county -- I am sure our county OEM, county fire marshal has done some of that work. But I think we have done a very poor job of communicating if in fact there has been a risk assessment done within these communities of what our responsibilities are. Because again, as a local responder, we potentially could go to surrounding communities where the large amounts of shopping malls -- for example Paramus, New Jersey is a very large center around New York that has a lot of shopping malls -- not seen that. And I would suspect that, just anecdotally, I've talked to other fire people across the country. I think you may have heard that here, that the first responders are still in a murky area. In some cases equipment is being bought. But where it fits into the big picture, and again, has that risk assessment been conducted? Nobody can say or no.

I don't think there's any one entity that's in charge of doing this. I mean, there's money being thrown around, but tying money to risk and that kind of thing, I don't think really we've done a good job at that. I would suggest that there is a model out there through our EPA regulations; Title III, for example, where local communities have to set up committees basically to respond to hazardous-materials incidents. This is from several years ago.

And maybe that's the kind of approach we need on the county level, typically, across the country to have a committee like that, a terrorism committee if you want to call it that, that is responsible for identifying the top 20 target hazards within their county and then develop a plan to respond to those, because a lot of the risk assessment, in my opinion, again, has been done within the private sector with their own facilities, not any that I could see visible public-sector entity.

REP. ROEMER: Well, thank you, Mr. Chairman. I think that's just a key question, is if you get $100,000 in your local community and you have no risk assessment plan, and we're two years after 9/11, are you going to buy five HAZMAT suits or are you going to put more patrols around your nuclear power plant? Nobody knows two years after. We don't have that kind of direction out there at this point, even for something as basic as what the local responders might do.

Thank you very much. Thank you, Mr. Chairman.

MR. KEAN: Thank you, Congressman.

Last question from Commissioner Gorelick.

MS. GORELICK: Thank you, Mr. Chairman.

I would just -- I do have just one question. I would like to follow on Commissioner Lehman's and Commissioner Roemer's sense of urgency on the issues you two have presented to us today. And I look at your background, Mr. Yim. We worked together at the Defense Department. You operated at the intersection of the public sector and the private sector and leading the effort on privatization. So you know how difficult this is.

And I was struck with respect to both of you that you have a sense -- you have a comprehensive and astute perception of what needs to be done and isn't being done. You now both sit outside the Executive Branch of government. And I would put, just for convenience sake, this question to Mr. Yim.

You know, it is striking to me that the Department of Homeland Security, whom we invited to come here at a very senior level but who declined to provide someone at a very senior level, that's the department you would think would be doing the things that the two of you have been talking about today, whether it is setting priorities, whether it is doing these community-based assessments, whether it is creating a standard-setting process.

So I'm going to do what Secretary Lehman did with another panel this morning, because we've been asked to hold people responsible. And I'm going to ask you this question. If you look at what the Department of Homeland Security has done to date on the subject of risk assessment, setting standards for physical security, setting standards for systems, if I asked you, are they very helpful, are they not helpful but not harmful, or are they an obstacle, which would you say?

MR. YIM: I think in terms of requiring that the risk assessment/vulnerability assessment be completed that they certainly are not trying to do any harm, but they could be much more aggressive about requiring that those be provided, and by sector, be completed and provided to policymakers.

In terms of setting standards, there's been a great deal of attention in the Department of Homeland Security setting individual product standards. They've created a Homeland Security Standards Panel. It has paid less attention to the systems-type approach, the vertical integration that I've talked about.

Again, I don't believe that people are trying to do harm or trying to do a bad job. They should be much more aggressive, in my opinion.

MS. GORELICK: Mr. Corbett?

MR. CORBETT: I would agree with Dr. Yim that they're not -- they could be considered harmful from the standpoint that they're not doing anything about it, perhaps. I think the ball is in their court to take the lead role here, both in terms of developing county -- it seems to me counties are the best level for a county-based terrorism committee that makes that risk assessment. There's the plans; make sure it's communicated to all the emergency responders, the equipment is purchased that relates specifically to that level of performance that Dr. Yim is talking about. That needs to happen and it's not.

The codes, again, as I mentioned earlier, FEMA has probably the closest, and within them, the U.S. (Fireman's Industry ?) has the closest relationship with ICC and NFPA. And they need to take that leadership role of prodding the NFPA and ICC into moving forward with the development of those documents, because, again, there's no standards out there, you know. And if we're attacked again, we're going to see where our vulnerabilities are.

And this is a very complex issue. I mean, at John Jay we spent an entire day talking about glass. We just talked about glass. The only thing we discussed was glass. And there was no consensus even then of what exactly we should be doing in terms of glazing within buildings, because we know glazing kills a lot of people, not just here in the United States but around the world, during terrorist attacks.

So, again, I think it's harmful from the standpoint that we're not moving forward on it. That's definitely something that should be said.

MS. GORELICK: Thank you.

MR. KEAN: Thank you both very much; very valuable and important information.

Thank you.


MR. KEAN: May I have the final panel, please?

In order to begin the discussion of strategies for the private-sector preparedness, we decided to have this last panel in the form of a roundtable format. The panel will be facilitated by William Raisch, who has chaired three roundtables for us this fall in preparation for this hearing. He serves as founder and director of the Emergency Corps Program, a nationwide initiative sponsored by the Greater New York Safety Council. His past experience at Salomon Smith Barney, coupled with his expertise in emergency management, provides an excellent background for our panel.

The Commission, sir, is deeply indebted to you for your service to our work. He will introduce the panel, by the way, which includes our third New Jersey attorney general to participate today in one way or another, I noticed. If you'd like to introduce the panel, sir, we'll --

MR. WILLIAM G. RAISCH: Thank you, Chairman Kean, Vice Chairman Hamilton, distinguished members of the Commission itself, and fellow citizens gathered here today.

I will take the opportunity to briefly put you in context, if I could -- in fact, I'm going to pause just a moment, prior to introducing our panel, to set a historical parallel that may be of some value. I'd also ask the folks on the A/V side to swing over to this slide projection here.

And if you'll bear with me for one moment, we will be able to, I think, outline perhaps a positive element that comes back from some history that might invigorate us after what has, I think, been a bit of a frustrating period of time here.

I can sense from the Commission members themselves that this is clearly a complex area, one with not a lot of easy answers or silver bullets, if you will, and perhaps one that lends itself to a format that we're about to undertake here with respect to a panel that includes a diversity of perspectives, the stakeholders, if you will, that are critical in making any sort of final result a reality.

What I'd like to do just for a moment, though -- and this will take me probably about two minutes in total -- is to put you in context. I appreciate the reference to the Emergency Corps Program. I would note that there are some positive elements. Some of them we've seen earlier today. And they reflected the positive side of public-private partnerships.

I can tell you that within the New York area, our efforts really have been cooperatively supported by FEMA, FBI, OSHA, New York State's Emergency Management Office, New York City's Emergency Management Office, as well as FDNY and NYPD.

And our particular focus has been in the area of emergency management plans, as well as also looking at the issues of workplace response teams. Earlier today there was reference to the CERT team, a FEMA initiative. That actually grows out of the Los Angeles Fire Department's initiatives in that regard. And we've been very successful in generating, I think, both interest as well as outcome in terms of the private sector.

For a moment, a parallel, and perhaps a challenge. And this speaks to an issue of a situation where there was a dramatic catastrophe that impacted everyone, when fire rained down on one of America's greatest cities. The death and destruction that resulted were certainly heartbreaking. Many asked, and, in fact, could only ask why at that point in time.

There were some, perhaps like we have today, that took it upon themselves to make sure, if disaster struck again, they would be prepared. These were a collection of business and government individuals who stepped forward and basically looked at it, a simple, if we can aim for that, but effective response of organized people, technology and, if you will, the raw American spirit.

They were led by a man named Benjamin Franklin. The year was 1736. The city was Philadelphia. And the tragedy was a series of deadly fires that impacted large areas of the city, resulting in the dramatic loss of both life and property.

The initiative that they started there, simple but effective, was the first community-based volunteer fire department. And if you look forward in terms of what its impact was, we created a model there that today is reflected in hundreds of volunteer fire departments across the United States and thousands of volunteer firefighters themselves.

That being said, we might really look at the impact of just a few individuals. Again, the parallels to my mind are very much here in both the collection of the Commissioners as well as the public and private representation, both on this panel and more generally what we've seen today.

But to a great extent, we have a similar choice or similar opportunity today to try to do something about a consequence that perhaps in the 1700s seemed like a relatively small event. Clearly we have national scale in this case, but I think it can be something that these models can continue well into the future and have dramatic impacts.

If we could just look at where we've been today, there's clearly been a diversity of conversation on a number of topics, many of them both perspectives from private sector and public sector. We've looked at issues of actual experience as well as proposals for the future.

And finally, we are really at the stage now of more or less reflecting what had been at least gleaned by some of the earlier roundtables that the Governor just mentioned before. These roundtables were held with the support of the 9/11 Commission, but they were held outside of its direct activities. And there was a rationale behind that. But it did set, to a great extent, really the tone for at least some of the elements that we've addressed today.

Roundtables -- I'll just mention them briefly, what the ground rules were, because we're going to more or less apply some of them here, and some of them may hold promise for how we will proceed forward. These roundtables involved stakeholders from a diversity of areas. The next slide will give you some of that flavor.

We encourage the free flow of ideas, and that was the focus really on prospective solutions through a ground rule that we set, which was essentially off the record, not for attribution, and it facilitated discussions on a diversity of areas that might not have ever happened in a public format.

We found -- the findings, I think, were a little bit more perhaps to the mark than those that are sometimes created in the public environment, where one must be cognizant of either representing one's firm and/or one's industry.

Finally, what we've been able to successfully do is evolve some of these discussions, both through facilitations on-site as well as afterwards through various communications. And you'll see some of these individuals present here on the table, but also it's a much wider group that participated in the roundtables.

I guess I want to mention this in context, that some of the things we're going to address right now are really a distillation of what were dozens of individual organizational presences as well as just individuals themselves with their perspectives. And they range the gamut of private sector and public sector, as you can see there, incorporating both different industries as well as also looking at specifics of government involvement as well.

What did we learn? We learned, in terms of foundation, that while the governor mentioned earlier, too, that the initial focus, if you will, was on the public sector, the private sector really has the most infrastructure employees. That's been mentioned several times.

But also I think it's worthwhile reflecting on the fact that purely from an impact on private sector, that all of us pay, if you will, and it may be specific to a corporation or an industry, but in the end it is a public cost, if you will, that's borne more generically as well as also directly, if only through payments via such entities as FEMA and the like.

We learned also through the various discussions -- and these individuals included safety security directors as well as senior management on various levels, a realization that obviously preparedness minimizes impact and that there's, from a purely efficiency perspective, there's a weakness sometimes in defining what everything other than the government is.

And I hear this -- in fact, if I could paraphrase it -- a close friend of mine is very active in emergency management and holds an official position in that regard. He says we tend to look at everything non-government as the general public, and oftentimes we lose the opportunity of addressing organizations that are, in fact, what the private sector is about and the ability to impact perhaps hundreds, certainly sometimes thousands, through a single relationship as opposed to the attempt to deal with it in a more generic, more public awareness type campaign. So there's a clear efficiency opportunity in that regard.

In speaking with many of these firms, and even though these are folks which arguably by their job title are focused on this area, it was concurred that there was a dramatic amount of lack of perceived risk. And clearly if you're in the Empire State Building or if you're in a signature building, that was not the case. But as we emanate both in terms of distance and time from 9/11, distance from signature buildings, time since the attacks themselves, there is a low perception of risk many times.

And even those that do see some opportunity there for undertaking some preparedness, the lack relatively of any significant incentives or motivating benefits for preparedness, it's very amorphous out there for many of the entities that were involved.

Those that do want to do something, I think we see it by the prior panel here, which are arguably experts in their area, and look at this on a day-to-day basis. There's confusion as to what is preparedness.

That is not only on a firm-wide basis, but I think we see it reflected in our presence by insurance industry members, who essentially said, "Listen, we're willing to look at the issues of giving incentives and impacting both our underwriting and pricing standards, but we're not sure what a prepared entity is. And if there's a consensus in that regard, then you know what? I think we're likely to step forward and do something about it. But right now we're not sure."

So a clear need in that regard to look at some specific incentives, but also all of that based upon the existence of some sort of general consensus standard.

And I think, in essence, if we were to distill down the three various functions, various activities that we have in terms of roundtables, there was a need for three elements: Guidance and/or standards, some place to go. Where is the private sector to head? There clearly is not going to be one size fits all in that regard. It'll likely be focused on specific industries and organization size, but the general direction is very important.

Secondly, incentives, both positive and negative, an acknowledgement of the need for both of those.

And then, finally, some level of education that communicates both the standards and the incentives and puts it in the context where there's an opportunity to then undertake some level of training.

So those were the three key elements. This particular effort will be continued in the form of a working group on American private-sector preparedness. A tremendous amount of effort went into putting all those individuals together. We found that it was an effective forum. And we will be continuing that in a working group in that regard.

And I think this sets the context really within which we should really welcome the panel, because I think the panel -- if you look at the slides there themselves, we have representatives from the various perspectives, I think areas that will be critical for any final result to have any impact.

We have Thomas Susman. Mr. Susman is a partner with Ropes & Gray and a chief author of the Business Roundtable report on "Terrorism: Real Threats, Real Costs, Joint Solutions." He and the Business Roundtable itself, I should say -- I should preface this -- is an organization; I believe it's 160 CEOs, high-level CEOs throughout the United States.

And we're really looking to Mr. Susman not only for his topical expertise in this regard, having been the chief author on this paper, but also to reflect the corporate management perspective that I think is critical in all of this; the ground to all of our desires to do important things in short order, but at the same time, clearly with the need to reflect those individuals that are going to be involved in implementing any of it.

We also have James Haviaris. We look at Mr. Susman to a great extent as the general corporate representative or proxy, if you will. Mr. Haviaris, as vice president for the Rockefeller Group, is a strong representative, if you will, of the building side, the physical building owners and managers.

Rockefeller Center is clearly one of the signature buildings, signature complexes in the United States. It's high-profile, both economic as well as arguably a symbolic target. And we're looking really for Mr. Haviaris to reflect the building owners' and managers' perspective as we look at issues such as codes.

We have Mr. Harvey, Peter Harvey; again, attorney general of New Jersey, chairman of the New Jersey Domestic Preparedness Task Force, and bringing with him not only just a general government perspective but also the opportunity here in this respect to reflect on his experience in recently undertaking a statewide program that involved working on an industry-by-industry basis on a set of security standards that were cooperatively developed.

Finally we have Peter Orszag, who's a senior fellow in economic studies at the Brookings Institution. We have through Peter the opportunity to have, if you will, a neutral, independent, nonpartisan perspective that hopefully will give us the opportunity to look at all these issues from a more generic and, as I mentioned, independent perspective.

That being said, we're going to briefly go through three rounds. We're going to talk about standards and guidance. We're going to talk about incentives, and we're going to talk about education and other initiatives. I'm going to ask each one of the panelists really to lead with the existing, because I sense there's clearly an understanding and a desire to get something done in short order.

As we talk about proposals of items that should be undertaken, we're going to try to take a look at what's existing out there right now and capitalize on that, and then move to the more developmental and prospective in each of their remarks.

With that being said, I'd like to be able to move initially to the issue of standards. We see two types of standards discussed today, essentially those that are building or fiscal plant-oriented, those reflected really in the life safety, fire and building codes that were discussed just in the panel prior, but also process-oriented standards, the more generic elements that include questions of what is a well-prepared organization functionally.

I think, in our distillation, we saw a dramatic focus on one particular standard, NFPA 1600, which was grown -- which grew, in fact, out of the development or experience with FEMA over many years and with strong influence in creating that standard.

And what I'd like to initially lead with, starting really with Peter Orszag, is a reflection on 1600 as a starting point; a straw man in terms of what might be an overall process standard from his perspective, and going from there, given the freedom to really evolve as to what else he would see out there in terms of the emergency management standard, having done the research he's done.

With that, Peter, I welcome you and I turn the mike over.

MR. PETER ORSZAG: Okay, thank you. I do think that that standard provides a broad set of guidelines that are sensible. It's comprehensive enough to cover -- it covers the bases.

But what I really want to talk about -- and I sensed from the previous panel a sense of frustration, which I think is entirely warranted. It's been two years now, as has been noted, more than two years since September 11th. Governor Kean, you mentioned Senator Corzine; I heard several panels ago. He is one of the leaders on chemical facilities. Let's just take that as one example, one out of many, but one example.

More than two years since September 11th, more than a year since the current Secretary of Homeland Security wrote in the Washington Post, and I'll quote, "Chemical facilities must be required to take the steps the industry leaders are taking at their facilities. Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve." That was more than a year ago. Nothing mandatory has happened.

"60 Minutes" had a dramatic expose within the last week to 10 days in which camera crews were able to enter chemical facilities, open gates unguarded, walk up to dangerous chloride, ammonia, other tanks. If they had been wearing explosives, one can imagine what would have happened. And, again, it's two years since September 11th, a year since this statement. Nothing has occurred.

I think one of the most important things that this commission could do is issue a very clear call that that's just unacceptable. And leadership needs to be exerted both from the Executive Branch and from the Congress to move forward.

I'd be happy to talk about the specific of how I think, for example, in chemical facilities or other areas we can move forward. I think there are ways of doing this in a market-friendly way so that we are using market forces rather than just assuming that markets will work. We're instead guiding them and harnessing the power of markets to provide better security.

So that, I guess, took me a little bit off the immediate topic, but I think it's so important that I wanted to get it in. I have nothing against the standard that was being discussed. I think it is a good start, but it's not enough.

And I think one of the most important things that this commission could do is to provide clear guidance that we have not done enough on strengthening market incentives for protecting potentially catastrophic attacks against private-sector entities.

MR. RAISCH: I'm going to segue over to Thomas Susman at this point in time to look at the private sector persepective in particular in mind and, if you will, the management viewpoint in terms of looking at an overall standard, again, to keep us at least initially focused on NFPA 1600 as a good starting point, and then more generically where you'd like to see things go from there.

MR. THOMAS SUSMAN: Thank you. It's always easy to be comfortable with process standards. Even as Mr. Orszag said, it's useful to have market-friendly standards. I wish that it were so, and therein lies the problem of what I've heard today is basically a rush to standards.

I don't want to suggest that those standards are a problem or standards should not be imposed or adopted by the business community, but I do want to suggest that standards carry with them historically, whether building standards or product standards or process standards, they carry with them certain caveats.

They are often used to suppress competition. They often result in freezing technology. They often burden businesses more than the expected return. They're often used by one sector or segment against another within an industry. That's why we have two building codes still.

And so this notion that part of the problem is the top-down standard, which the public generally would like to see -- that is, government set standards, Congress give us standards, Department of Homeland Security give us standards -- there is another way.

And I think the collaborative standard-setting that involves the stakeholders, which will take a longer time -- and I would share the frustration of "You mean we were going to wait longer to have this happen?" And the answer is yes. If it's going to be done in a way that the affected sector or geographic area of the business community understands, buys in, doesn't oppose the standards process, doesn't try to undercut it, doesn't try to use it or abuse it, then it's going to take time.

But the key to all of this is cooperation and collaboration. And if done really from the bottom up rather than the top down, these standards processes can succeed.

MR. RAISCH: Thank you. In fact, Peter -- a good follow-up -- Peter Harvey, as I alluded to earlier, you've just undertaken an effort really within the state of New Jersey that involved the diversity of joint efforts between both the governmental side and the private-sector side. Could you reflect on that and tell me whether or not there's a relevance there?

MR. PETER HARVEY: Sure. What we did in New Jersey is, shortly after September 11th, in October of 2001, our legislature enacted a statute that created the Domestic Security Preparedness Task Force. It is made up of governmental heads. It is now chaired by the attorney general. It includes the heads of the Department of Health & Senior Services, the Department of Environmental Protection, Transportation.

What we did was first identify 110 critical infrastructure sites in the state of New Jersey that required protection. The second thing that we did was identified 23 industry sectors with which we would work. Now, the act that creates the task force also creates the infrastructure advisory committee.

I think it was the legislature's understanding that government and business have to be interdependent in this task. We cannot get into, at least in our view, a series of governmental mandates, because I don't think we'll get uniform cooperation. I think it'll ultimately produce more conflict than it does harmony.

But through these 23 industry sector chairs, the task force issued an order that required that these industries, number one, conform to any existing federal standard; secondly, that they also go beyond that in protecting their own industry facilities by implementing either industry-mandated or offered standards or by implementing best security standards developed by the infrastructure advisory committee, or, if those two didn't exist, by the task force standards.

I think what we've had with our best security practices is layers of security. And let me suggest that I think that ultimately where we'll end up nationally is with layers of protection and layers of security. Here's what I mean.

I think that the national government, certainly in collaboration between the Congress and the Executive Branch, can set certain minimum standards. But I think that's all that the national government can do. I think after that you have to almost go industry by industry.

For example, nuclear power facilities are almost invariably by water. So while the NRC controls the internal workings of those facilities, what do you do about water approaches? That's invariably going to require that you have standards and it's going to require equipment and protection from the Coast Guard. In our state, we have the New Jersey State Police. They have marine patrol units. But some states don't have them. So what is going to be your standard of protection for those facilities?

And I would always ask the question, as I think the task force does, what are we protecting against? When you look at these standards, the National Fire Protection Association standards, let's keep in mind that they were designed to protect against fire.

Let's think about the kinds of risks to which we are now exposed. We're exposed to chemical hazards, biological hazards, nuclear hazards, incendiary devices. So as we look at standards, we're going to have to identify standards that address these several types of hazards. And that's what we tried to do through working seamlessly with industry.

The goal here is to make sure -- and by the way, the standards that apply to one industry, it's stating the obvious, don't apply to other industries. There may be standards that apply to the chemical industry that really don't apply to the pharmaceutical industry or don't apply to the hospital sector.

So I think as we go sector by sector and also as we work with the national government, we will come up with layers of protection. There will be a minimum level of protection. And then we will go industry by industry and add more layers on, depending upon the kind of protection that that particular industry needs.

MR. RAISCH: Peter, only because this is a potential model, could you just briefly elaborate on -- let's take an industry, chemical perhaps. How did that happen? You identify it. You know where it is in your state itself.


MR. RAISCH: As a regulatory entity, presumably you're environmental protection, among others.

MR. HARVEY: Well, I think what we tried to do and what we, in fact, implemented was a relationship between that state governmental entity that had jurisdiction or supervision for a natural match with that particular industry. So in the case of a chemical facility, the Department of Environmental Protection is the most likely state department that has some regulatory authority over that industry.

We have an infrastructure -- excuse me, a domestic security preparedness planning group that is essentially the staff of the task force. That planning group sat down with representatives of the chemical industry sector and they began to identify all of the known perceptible risks. And they also began to identify the kinds of hazards from which each was seeking protection.

Now, what came out of that was a best security practices protocol that incorporated governmental ideas about what ought to be good security practice, but also industry ideas.

Let me caution us. I do not believe that simply because we are in government, it makes us smarter. I happen to think that sometimes, because we don't come out of certain industries, there are nuances about that industry that we simply don't know and you have to learn them. That, by definition, requires the input of people who work in those industries, who can tell you about nuances that you would simply overlook.

Some of the kinds of security practices that we looked at are which employees have access to which portions of the plant? What kind of security badges do you have? What kind of background checks do you do on your employees? What kind of chemical storage do you have? And, by the way, how much of that information do you put in the public domain?

So these are the kinds of issues that we had to explore. Our committees worked on these plans very carefully, and what we came up with were best security practices that we are now about the business of implementing. And we're going to come back and monitor the implementation. The task force will come back and monitor the implementation of the security practices to assure that they're not simply written and that they don't just sit on the shelf, but they're actually being performed by the industry.

But I think we will get more cooperation and compliance because this is the industry's program as much as it is government's.

MR. RAISCH: Both you and Peter Orszag mentioned, if you will, a mixed approach with some minimum standards, coupled by arguably what might be some voluntary standards. What would you see as base minimum, though, to more or less move across a number of different industries relative to preparedness? I'd ask Peter Orszag first.

MR. ORSZAG: Well, I think it is difficult to define even a minimum across a wide variety of sectors. But I would make two or three points with regard to the generic approach. I guess we're morphing a little bit into incentives, but that's inevitable.

I think, in a lot of settings, the kind of approach that makes the most sense is one similar to the rules that apply when you drive your car. There's a regulatory approach. You need to take a driver's test in order to be allowed to drive your car.

But there also are incentives for you to be safer than just, you know, the average person. So, for example, if you're a particularly safe driver, you will get an insurance break, at least if your insurance company is like some insurance companies. And that gives you an incentive to drive more safely than just sort of a minimum regulatory standard would otherwise suggest.

Similarly, within the homeland security arena, setting some minimum standard -- and we can talk about specifically what that is; I have some ideas for chemical facilities, for buildings and others -- but a relatively low minimum standard provides a sort of base level of security which should only apply in areas where there's a potential for catastrophic harm.

I don't think we should be setting homeland security standards for corner supermarkets. But for athletic arenas, that's a different story. So a minimum standard. It also provides guidance -- this came up on the earlier panel -- it provides some guidance for negligence and for liability -- if there would be an attack -- for the legal system.

And then you go beyond that in various different ways. One area that I want to commend the Administration on, an article in the New York Times this morning about incentives for shippers to go put more secure devices on the containers that are coming into the United States, the so-called smart boxes.

And the incentives are very simple. You do this; you come through customs very quickly. You don't do it, you go into the red zone and it's going to take a lot longer for your shipment to clear customs. It makes total sense, in my opinion.

There are a whole variety of dimensions in which we can provide that kind of incentive to go beyond some minimum and to become a lot safer that are not overly intrusive government regulations that provide incentives for innovation and that will allow us to address this problem at least cost over time.

MR. RAISCH: Mr. Susman from the private-sector perspective about minimal regulations.

MR. SUSMAN: Well, I think minimal standards can be useful. As we suggest as an approach to regulation generally is let's first see whether the private sector responds on its own through incentives of the marketplace -- insurance, liability, good citizenship, corporate board management.

In cases where years have gone by, government has said, "You should do something," industry gets together and no progress occurs -- and we've heard some examples of that -- then government appropriately can step in at the time. Alright, what does government do when it steps in? These standards don't come sort of like magically out of the head of Zeus. They have to be developed by someone. And that's a process.

I don't have the answer about where it should be said, but I can suggest that we have processes for going about regulating business that include public participation, public notice, cooperation, sometimes negotiation, studies, research, so that we do have some level of confidence that we set the standard in the right place, because one of the problems, of course, is if we miss by a lot in either direction, we either have done nothing or we're going to have widespread avoidance activities, and we'd be better off not having a standard.

MR. RAISCH: This might be a worthwhile opportunity to maybe segue to the other, if you will, private-sector perspective, James Haviaris. Clearly there's a lot of, on the building side of the house, of buildings and owners, a lot of clear baseline standards that reflect themselves in life safety codes, fire codes, building codes and so forth. And I guess I would pose to you the question of do you see a need for evolution in that regard in the post-9/11 environment? And how would you see that happening?

MR. HAVIARIS: Well, it's very funny. I got your NFPA 1600 and I actually had to read it, because that's not what building always follow. They follow Local Law 5 in New York City. That's what everybody considers their emergency preparedness. And it is predominantly for fire and evacuation on just two floors -- the floor of the fire and the floor below. That is it.

Full evacuations, I heard many people ask about liabilities and questions, you know. It is a liability issue. Does a building owner have a trophy property, having 9,000 to 10,000 people in the building at one time, you want to evacuate in Manhattan? We saw it happen on 9/11. We saw it happen the day after. And in the Rockefeller Center area, we had upwards of 125,000 people on the street. We had to shut down streets. Sixth Avenue, which almost never gets shut down, became total chaos. We do not follow that code.

We would like to see a code now that does involve bombs, lethal gas, radiation, water contamination. The Local Law 5 needs to evolve into a bigger code that consists part of your NFPA 1600. But in New York City, your major cities like Chicago, I think I agree with my panelists here that there probably will need to be layers, depending on where you are.

The Rockefeller Group owns trophy properties in midtown Manhattan. We also own properties on Exit 8-A in Cranberry, New Jersey that don't have the same threat. We have property in buildings in Orlando, West Palm Beach. There's no threat.

When we had all these threats and we had all these problems and I conferred with my counterparts in these locations, they were going, "I'm going home; I'll talk to you tomorrow." Meanwhile, I'm in Manhattan; everybody was locked down. You couldn't get out or in, whether you liked it or not.

I totally agree, there needs to be different levels. There needs to be some cooperation between local, federal and state officials, though, and all the parties involved in some kind of national code. You see this right now with the electrical code. There's New York City code, there's fire department code, and there's a national code.

And they've worked very hard now to comprise one code nationally. It hasn't been approved and ratified by everybody yet, and it's two years in the making. But if we could get to a point where we all have a code and understand very literalistically that there's got to be different levels, I think that's a very significant improvement for everyone at this point.

MR. RAISCH: Actually, you echoed a number of things that came up in the actual roundtables themselves, and they did reflect the frustration even by those folks that were, if you will, internal code enforcement in the firms themselves, saying, "Listen, I've got this on this side saying this; I've got a federal code on that side; I've got city codes, state codes," and clearly confusion, to a great extent, as to which is predominant.

Question: In particular, New York State had an evolution -- it was mentioned in New York City -- but an evolution of its code that was referenced earlier today relative to Local Law 5 and the post-9/11 situation. We didn't really get into too great a detail in the prior panel on that.

Are you familiar with those? I think it was 13 that were essentially approved by the mayor. And what is your perspective on those, as to how they are, their relevance in how they impact your operation?

MR. HAVIARIS: The 13 approved out of 22 will not have a major overall impact as far as cost or manpower or anything like that goes. Some of the bigger issues, you know -- the biggest issue right now is most people do have their fresh-air intakes that supply your HVAC systems at the street level, and they're very vulnerable. And a couple of my buildings are that way. And the impact to change that would be in the millions of dollars category, and lost revenue because of rental and just trying to reconfigure the building.

The other codes that he's proposing changes, most of the building owners were part of the committee are for it. And we'll make every effort to do it quickly rather than wait for maybe or possibly his five-year rollout, like there was with Local Law 5.

MR. RAISCH: Can you bullet-point two or three of what they were?

MR. HAVIARIS: The major one is we noticed that because you have fire department electrical code, your staircases have to have lighting on a four-hour battery backup. They don't have to run forever. And in a major event, it's going take more than four hours to get everybody down the staircase in a high-rise office building. So they're talking -- the proposal was to put photo luminescent paint or tape or something like that on the staircases.

The proposal to do full-building evacuations is great. It creates a code that we have to follow and there's no more liability issues. We did it in several buildings. People having health conditions couldn't make it down the staircases. We had to call an ambulance. But if there's a code in effect, everybody will follow and you can plan much better.

Those are two major ones that I see everybody complying with quickly. The HVAC issue could be a nightmare for a lot of the bigger buildings, especially the older ones, the vintage 1950s, much like Time & Life, the old Rockefeller Center, the landmark properties, the Empire State Building. They will have major issues trying to configure their building and their systems to meet those codes.

MR. RAISCH: If we're to more or less kind of develop some sort of relative consensus -- at least maybe to echo some of the comments, I think on both private and public sector, there's a concurrence that some level of standards or common directions are out there, a need clearly for them out there, a desire perhaps in the private sector to lead with voluntary and industry-oriented perspectives; to paraphrase, I think, Mr. Susman, to essentially let us deal with our own issues to start with, and if not, allow government to step in; the question being really at what point in time do you think that would be appropriate?

But if we're looking -- just, again, to reflect that that is one of the issues at least I heard on your end, a consensus that there's a need out there for some directions, but a concern, if you will, relative to government stepping in too soon. What type of timetable would you put on that?

MR. SUSMAN: Actually, I'm glad you re-raised the issue, because it sounds as if, when you repeat it -- and it's probably accurate -- that I suggested that government ought not be involved from the start. The interdependence of all of the businesses and business and government -- you mentioned sectors, technology and communications, transportation. I mean, there are no clear lines.

And so the notion that government shouldn't be engaged and involved early on is not what I was advancing. It was the notion that government shouldn't start with the theory, with the approach "We need to regulate this," that Congress and the agencies shouldn't begin with a regulatory mentality, but government should participate in the development. And if government is participating in the development of the standards, then the government agencies involved will know when the time has come to step in with the regulatory approach -- and if they're not, if they are just sort of standing back, then they won't have an idea of how difficult some of these issues can be to resolve. For example, they may think that moving HVAC entries is a relatively easy thing to do. And unless the people from the various responsible government agencies are a part of that process, they wouldn't understand that you would have to reconfigure a building to accomplish that goal.

MR. RAISCH: Peter?

MR. ORSZAG: I just wanted -- I guess I have a slightly different perspective. I agree that the government should not approach, frankly, any homeland security problem with the thought that a regulatory approach especially an old command and control type regulatory approach, is the initial way to go. But I think it is equally dangerous, and perhaps frankly even more so given what we've observed over the past two years, to assume that market forces alone will develop the security that's needed. I just don't think that will happen. The incentives are there, but they are not strong enough to provide an adequate level of security, like Secretary Ridge himself emphasized. And to return to the example of chemical facilities again, I think it's clear we've waited too long. And I don't see why we continue to wait. It doesn't make any sense to me. So while I agree that we should not assume that we're going to regulate our way out of this problem, that would, A, be excessively costly; and, B, not be particularly well attuned to the problem that we face. Terrorism, unlike many other problems that government has tried to tackle in the past, is an evolving threat in which the people that commit the acts of terrorism can respond to what you've done. So you go and regulate A, fix A, terrorists respond and just don't attack A -- they attack B. And that's a fundamental difference. You know, natural catastrophes don't think that way, for example -- terrorists do. So a regulatory approach is one that should be avoided and used as only a last resort. I agree I think with Tom perhaps on that note. But I think we should not approach this as thinking that the government can, not exactly sit back, but at least just observe and interact without worrying about how market incentives are aligned. You can't just let markets work; you need to make markets work in homeland security. They will not work by themselves.

MR. RAISCH: You've actually opened up the issue of incentives. And if we presume for a moment on the standards side that there's a relative consensus that whatever is done standard-wise should be joint in nature, how soon the regulatory element comes to play is an issue of discussion here. And perhaps some of those regulations, there's a clear acknowledgement, at least on the standards side I should say, that whatever standards are developed should be specific most likely where possible to both industry as well as probably location and/or organization size.

But if we move to really what is the second element of really what was distilled down by the round table, and we look at the issue of incentives, the question becomes given that for a moment that we have a set of standards that arguably may be specifically developed in cooperation on an industry basis, what is going to motivate their application? And I've taken the liberty to throw up some existing incentives if you will that are up there. I don't want to bound the discussion by that, this mention of the OSHA emergency action plan requirement which is a very fundamental simple requirement, really requiring an evacuation plan -- really no description per se beyond that other than the fact that it needs to be in writing if there are more than 11 employees. Life-safety code compliances. Clearly we mentioned earlier that those challenges still exist in terms of both sometimes conflicting but also issues of jurisdiction. The legal liability issue that was referenced earlier with respect to concern about liability for suit -- we saw the federal judge, his ruling most recently in September relative to the liability of the airlines themselves, and that as a motivating factor. Certainly importance of general social commitment by an organization to both its employees and its community business survivability, hopefully a bottom-line oriented desire to make some investments in that regard. And also some issues relative to insurance, but that need for having some level of standard to define whether or not an entity is prepared. Other incentives as well. But if we could start at least initially discussing what the existing incentives that were out there. So hold back if you will for a moment on what might be developed. But what do you see, each of you, in terms of what's most effective out there right now that is motivating at least some level, and maybe perhaps could offer more prospect and more potential if it was spotlighted? Peter Harvey?

MR. HARVEY: Well, I suppose a possible answer that I'll share with the committee is one that I learned on a trip that Attorney General Sampson and I took to London to meet with New Scotland Yard, and ultimately with representatives of MI5, as we were trying to better understand terrorism. As many of you know, London has gone through 30 years of bombing, and so there are things that we take for granted here in the United States that just don't exist here -- like garbage cans -- they don't have them in train stations -- they're out in public -- because they've had too many experiences of bombs being placed in garbage cans and people walking away and it detonates.

But we got a presentation from a fellow who had been I think a colonel in the British army, a bomb expert, and he gave a presentation on what bombs can do to buildings -- how they shred glass, how buildings that don't have proper support simply collapse. And we asked the question -- he made the observation that before businesses build buildings in London or throughout England they come to check with these experts to get their impression of the security procedures and technologies that are being implemented with the construction design. And I said, "Well, what happens if they don't do that?" He looked at me oddly and said, "Well, that's the unthinkable." I said, "Well, what do you mean?" And he says, "Well, they won't get insurance." He says first of all nobody will build it because of legal liability, and, number two, nobody will insure it.

I think that there are some market forces out there that will help us get to this goal of security. One is lawyers and lawsuits. They are a very effective tool.

MS. GORELICK: Nobody has said that in the course of our hearings -- (laughter) -- nobody has thanked us lawyers at all. So thank you very much for that. (Laughter.)

MR. HARVEY: You're welcome. Lawyers will help you get there, because they will simply commence suits and they'll fight about it, and sooner or later somebody will write a huge check, and they won't do it anymore.

The second is insurance companies. I have been for a long time, and members of my staff, have been looking for a bomb expert here in New Jersey, because I want to have the capability in the Office of Counterterrorism that is in the attorney general's office -- and I've said this to the 23 industry sectors, and I've said it to business groups when I've had the opportunity to talk to them. I want to have the capability of having engineers and bomb experts on my staff that can tell a business and make suggestions to a business how a building ought to be constructed or not constructed -- everything from having pylons embedded in the roadway at a sufficient distance from the structure so that if somebody is driving in a truck they can't penetrate the building, to what kind of glass to use, what kind of brick to use, what kind of reinforcements to use. I think it's a service the government can provide.

Ultimately I believe that from a national standpoint it would be very helpful, I think, to have some kind of national organization study these kinds of issues and make recommendations. And you could almost set up committees that can address various industries. These committees can issue guidelines that address those committees. The committees can be made up of persons from government as well as the private sector. And the insurance companies that are looking for guidance can use those kinds of guidelines to measure whether or not they are going to insure or not insure a particular industry. And if the industry says we are not going to abide by national organization guidelines number 63 or whatever it is, the insurance company can say, fine, if you don't want to abide by those guidelines, we are going to charge you 200 percent more than we'll charge somebody who does abide by them.

MR. RAISCH: And in fact we had that alluded to in the roundtable. Cognizant of the fact that we have both the opportunity of summarizing at the end of the day, and also unfortunately we are the buffer for any overages prior to that, I am going to ask each of you perhaps to address both existing as well as prospective incentives in your comments. And we want to give an opportunity for the Commissioners themselves to ask questions of you. So with that being said, Tom, could you give a perspective?

MR. SUSMAN: Let me mention three incentives. One is I think it's really perhaps the most important that General Harvey mentioned, and that is the role of government in assisting the development of best practices, guidance, things of that sort. I also work with a number of small businesses, and they haven't got the foggiest idea. They are not part of a critical infrastructure sector. They probably need to do something. They are very uneasy about the notion of OSHA regulating security. We had this discussion earlier. OSHA may in fact be ubiquitous when it comes to small businesses, but they are not viewed as a friend and ally, and so they would hardly be the ones that would be looked to for guidance. But I think that the Department of Homeland Security along with whatever agency works with the industry, if any, or with local government for small businesses could provide tremendous assistance in that regard.

Secondly, if you have a regulatory incentive, that's the stick. If it's going to be regulatory, I'll go along with the Orszag - market-friendly, I like that -- I'm going to use that term -- performance standards, not command and control standards, maximum flexibility. Agencies are doing that now. I just went through a process with the Coast Guard under the Maritime Security Act, and they allowed industries to develop alternative plans, and they accommodated industry needs as part of those alternative plans. And the alternative plans didn't meet the international standards that were first produced in the Federal Register a year ago, but they accommodated in a lot of special cases. And so that approach to regulation can be done.

And, thirdly, incentives -- I mean, there is money. I mean, resources are limited in local government, state government, the federal government and the private sector. And I think all of these so-called solutions that people are coming up with have costs. And we have to remember there are trade-offs in each instance, and it doesn't work for government to say, Oh, that's a good idea -- let's impose a mandate on business and let them come up with the money for it, because that kind of an approach then makes government unaccountable for what it's requiring ultimately the public to pay. So, sure, tax incentives, grants, loan programs -- there are a lot of good ideas of how you can spend money to increase private sector preparedness. I think priority setting is probably the most important element of that. We talked about that some. It was talked about earlier in the day. All states are not created equal. All ports are not equal, all buildings are not equal, all chemical facilities are not equal. And so we have to set our priorities before we start allocating resources.

MR. RAISCH: Thank you, Tom. James?

MR. HAVIARIS: Well, currently for a building owner, a manager incentive for preparedness is pure rent. If you could say I installed -- I have K-9 bomb detection dogs on my facilities, I have safety ballards, I have X-ray machines, card access, CCTV, turnstiles -- just to name a few of what some of the owners are going through, hopefully you could drive your rent roll. You get a perspective tenant, the financial institutions are probably the people that drive this right now, and they're willing to pay a premium to have that at your facility. So that's probably the biggest driving force for incentive, as well as most of the big property managers and owners, and we feel it's a social responsibility to keep Manhattan safe. And also it's an asset, they are a billion dollar assets to everybody. Nobody wants to see them fall, nobody wants to see them have a terrible accident which you couldn't recover from and probably kill your company.

The future incentives? Everybody would love to see us meet some kind of standard and get a lower premium for terrorism insurance. There's no question about that -- and rebate on real estate taxes maybe. Or New York City has or New York State has NYSERDA rebates, where you can get electrical money spent as long as you increase your capacity or you do some kind of savings of kilowatts. If there's something out there like that, where people could put money into a building because I met a certain criteria. People are very willing to do that.

MR. RAISCH: Thank you, James. Peter?

MR. ORSZAG: First, with regard to current incentives, I would join my co-panelists in noting that legal liability and lawyers do provide incentives. But I think that's actually a good example in which there are inherent limits. Take an example where you have a firm worth -- you know, make up whatever number you want -- a billion dollars. That firm has an incentive to avoid a catastrophic attack. But it has no extra incentive to avoid an attack that would impose costs of $10 billion, $100 billion, $2 trillion -- because of the great thing of limited liability attached to corporations. So that illustrates that there is an incentive, but it's not sufficient. It doesn't do everything that we need to do, because there's no incentive for the firm to avoid the really catastrophic attacks as opposed to the somewhat catastrophic attacks.

Forward looking, again, I think market-based regulations will play some role. By market-based or performance-based I mean we don't specify the number of exit doors you need and the number of this thing and that thing you need. Instead you set a target. For example, you need to be able to show if you've got more than X thousand people in your building that you can evacuate them within Y period of time. And whatever way you want to come up with achieving that goal, that's fine, but you have to show us that you can do it.

And I would agree, I think the Coast Guard, the recent regulatory rule-making was actually a fairly good example of what could be done.

Also forward looking, we need to avoid creating a massive government bureaucracy in these areas. We can't afford that, and it wouldn't make good sense anyway. There are promising examples at the state level in which you don't need such a large bureaucracy. Let me give you one example. In Delaware and Pennsylvania, in order to conform with Section 112(r), which applies to the safety instead of security, but the safety of chemical plants, the state level EPAs have allowed -- have basically said, insurance firms, you can go out and hire third-party auditors to go in and inspect the firms. That then feeds back into the insurance premiums and provides a guidance to the insurance firms and to the chemical facilities themselves. But the third-party auditors are then playing a very important role, because you don't need as many EPA officials. Furthermore, they are becoming centers of best practices. They can go into -- after visiting plants A, B, and C, they can go into plant D and say, well, you guys really didn't do so well here, and you should know what other firms in the industry are doing -- you could do this, you could do that -- to help get the security up to a sufficient level. I think that kind of model is the right one in many sectors.

Finally, on tax incentives, while they may have a role in the portfolio, I would just remind the panel that we do face a very significant fiscal gap at the federal level, and so there are inherent limits to the degree to which we can unfortunately take advantage of that tool without passing more costs on in terms of future national income.

MR. RAISCH: Peter, thank you. A final point, very briefly. In terms of education, it was distilled down in terms of the commentary given to us by the various roundtables, was essentially threefold: Number one, give us some sort of standard what to do in terms of private sector. Number two, publicize those and give us some sort of sense of what the incentives are to do it. Tell us why we should do it. And, finally, promote in your efforts one way or another some sort of level of training so that we know how to do it. And that I think perhaps most succinctly really reflects what the comments were in terms of the actual roundtable discussions that we held prior to this.

That being said, I would certainly defer to the Commission and whoever would care to speak.

MR. HAMILTON: Commissioners Gorelick and Fielding? Mr. Fielding, Commissioner Fielding?

MR. FIELDING: Thank you. Thank you, Mr. Vice Chairman. First of all, I would like to thank, and I know the Commission would like to thank you all for this presentation. It's been very helpful, it's been very lively, and it's been insightful. And we appreciate that. And I also would be remiss if I didn't make comment about how impressed we are with the work of the state of New Jersey. It certainly seems to be at the front end of meeting this challenge.

In respect to the hour, I will just have one question. Our task at the end of the day is that we have to make recommendations. So if you sense some frustration on our part, it's because we are in areas where we are on uncharted water and we are trying to figure out what recommendations we should make. I mean, our basic task is to understand what happened on 9/11, what might have been done to protect it and prevent it, and what recommendations we have to make to ensure as best one can that the mistakes of the past are not repeated.

In making recommendations, we obviously have to make them that are realistic and practical and workable. There are a lot of recommendations you could make, but they're not going to go anywhere. These have to be workable recommendations.

And we are studying the federal government and how it reacted and how it was prepared for terrorist attacks. But as you heard many times today, the private sector controls 85 percent of the crucial infrastructure of the nation. So the national preparedness can't be separated from the preparedness in the private sector. It can't be.

So I guess what I'd like you each to do is join our commission for the moment, and you have the opportunity to make one recommendation in this area. I'd be appreciative if each of you would try. Peter?

MR. HARVEY: One of the things I looked at before coming here, I think there was Presidential Decisional Directive 63 that sets up a kind of model that there are interesting parallels between that model and New Jersey statutes that created the domestic security preparedness task force, in that it matched governmental entities that had responsibility for certain industry sectors with those industries to work collectively on procedures, security procedures. Now, whether you follow that by using all the breadth of the existing agencies, or whether you take that model and house it in a particular agency, like Homeland Security, I would leave to you. But I do think that in order for you to develop workable, intelligent standards that will be followed by the industry, I think you need a collection of governmental persons that have expertise in that area, and industry representatives who have expertise in this area. And I don't mean industry figureheads. I mean the technical people who really know what their business is, who can sit down and help you work through these issues about security, what's workable, what's not workable. And I think secondly there ought to be some national body that promulgates these regulations and then helps private industry and government exercise to test a lot of these security procedures.

One of the things that has been most beneficial to us in New Jersey is that we conduct exercises. We conduct tabletop exercises. And we just this past weekend did a full-scale one out at the Port Authority that involved several municipalities, the Port Authority, federal agencies and several state agencies. Because we have to see if these things will work. Our goal is not to pat ourselves on the back and prove how smart we are. Our goal is to find flaws in what our practices are so we can change them. We know that there's going to be another attack here -- it's just a matter of when. We also know that that attack is going to occur to private industry, because that is how you hurt America. You cripple our economy and you frighten us. So we are always thinking the private sector. Nobody is going to hit downtown Trenton, New Jersey or Newark, New Jersey or the city hall in New York City. That's a worthless target. They're going to hit an office building or some kind of plant that disrupts that industry.

So I would suggest that you follow the model that we have in New Jersey, and I think that is reflected in Presidential Decisional Directive 63. And whether you do it by using multiple entities and agencies in the federal government or whether you house it in a single agency, I think you need to do it, and I think you need to make that expertise available to states that really want to do this but don't have the resources to do it economically, don't have the structure to do it governmentally. And I think you have to make some of this available on the Internet and by software, CD-ROM, so that you can essentially train people to farm, rather than farming for them.

MR. FIELDING: Mr. Susman?

MR. SUSMAN: Great question, and I do have one answer. You're limiting the answer to one, right?

MR. FIELDING: One. We'll accept others later.

MR. SUSMAN: I don't know how to do this, but I want to think about it, and we should all think about it. But I think probably we would move the fastest and farthest towards security and preparedness if every business entity, government institution, et cetera would be required -- here's where I step back -- I'm not wearing anybody's hat -- required to think about security and preparedness and write down your assessment of how your institution or business is doing. Okay?

Now, I don't follow this up by saying some government agency, a homeland security czar ought to swoop down and read it and tell you where you're going wrong. I don't know the answer there. I think employees, shareholders, insurers, would all be very interested in what you had to say. And I do see with large and small businesses that there is -- many of them are doing a great job of assessment and planning. But, many, many are not. And so just maybe thinking about security would lead to a great deal of action in boards of directors and among senior managers who have left this to their security and risk staffs so far.

MR. FIELDING: Thank you.

Mr. Haviaris?

MR. HAVIARIS: I think the building managers and owners would just like to see one governing body that takes the lead in developing, mandating and enforcing the code and not have, like we have in New York City, the fire department superceding the building department and the building department superceding the national electrical code, and the electrical code superseding somebody else. We would like to see one governing body that we have some input with. And not to berate anybody here, but not with the CEOs -- with the technical people, the meat-and-potato people, or the people in the trenches, for lack of a better word. I think that would all do us justice as an owner or a manager of a building.

MR. ORSZAG: Mr. Fielding, I'm going to give you one answer with two parts. (Laughter.) The two things that I think would be most effective. First, I think that you should recommend, and I would have the Department of Homeland Security take the lead here with deference to industry groups as appropriate, but ultimate responsibility rests with the Department of Homeland Security, to set standards by a date certain in the top -- you can truncate it however you like -- the top ten sectors, and we can go down the list -- chemicals, transportation, telecom, et cetera -- it's not hard to make the list -- by a date certain. And if you want -- if the Department of Homeland Security wants to defer to one of the ISACs or an industry group to set the standards, fine, but by X. There has to be a standard.

Part B is -- and this goes beyond what might be immediately feasible, but I think that in areas in which a terrorist attack would involve the loss of thousands of lives or the substantial interruption of millions of lives, that mandating anti-terrorism insurance would provide the kind of market-based pricing incentive that would be effective. And I think -- my own personal thing is it has to be mandated to avoid the problems that otherwise occur in insurance markets with collection effects and the greatest risk not taking up the insurance.

MR. FIELDING: Mr. Moderator, do you want to join us too?

MR. RAISCH: I would love to. Briefly, I'd say if you could do one single focus it would be to spotlight a particular, albeit it high level standard, process-based standard. And FPA 1,600 was started in 1992. It's had dozens and dozens of organizations. It's build upon the experience of decades of FEMA's involvement. It yet has nonetheless been signed off by private sector entities. It is clearly not the detailed level or with the specificity that one would like to have down the road with one for chemical, one for transportation, et cetera. But it is a functional base standard that I think on the whole could be a very effective voluntary standard paralleling I believe it was Mr. Gorton earlier today when he focused on ISO -- parallel the ISO experience where in fact entities would look to embrace this as part of their -- if you will two-fold, their marketing perspective. They are in fact an FPA 1,600 compliant organization. And, secondly, once that's in place, it would allow the insurance companies themselves to give that price and underwriting perspective that they discussed. It would also allow market-driven approaches, just as we heard from the Rockefeller Center experience. If an entity was in fact complying with an FTA 1,600, it would be the possibility that whether it be a tenant situation or whether it be an individual that might even be an employee, they could decide whether or not they wanted to work for or do business with a particular entity if it had this accreditation. So I think that's doable. The standard is out there, it's existent. It's already reflective of over 10 years of evolution, and I think that's doable in the short run.

MR. FIELDING: Thank you all very much.

MS. GORELICK: It's been a long day, but I think all us have learned quite a bit from it, and actually as the day has evolved each panel has built on the one before in a very interesting way, at least for this commissioner. And because Bill has asked the questions, which is normally our role, I'm going to make a statement or summary, which is normally your role. (Laughter.)

First of all, I learned a lot from the written material. I think Peter Orszag's piece is very interesting, and I commend everyone on the roundtable piece that Tom Susman did is terrific. And, substantively, you all have provided us with lots of grist for the mill.

What is interesting to me is at the end of this day there is in fact something emerging like a consensus. And here's what I'm hearing: First of all, we have to have a standard-setting process, and it has to involve a tremendous amount of industry input and ownership, if you can get it. Sometimes you can't always get it. It's true, Peter Harvey, that the ISAC process established in PDD 63 looks great -- not happening, in my personal view. Could, but they are not standing up and saying we are going to set standards for our industry. They're just not where they need to be. And therefore government's role is in establishing a timetable and sense of urgency with the ultimate notion that if the private sector can't come together or won't come together there will be a standard set for it, which is a pretty good incentive from my perspective in counseling industry. So that's number one.

Number two, if you do have standards, it seems to me all of you are saying they have to be performance based, that command and control, micromanaging by government doesn't work. And a corollary of that is agility. I think one of you -- it may have been Peter -- made the observation that you can't just solve for the last attack and the last challenge. And therefore we have to figure out a way to be agile in a way that we haven't been before. Agility and government regulation are not two words, two concepts that you generally hear in the same breath. At the same time they need to be cohesive so that, James, so that the private sector is not responding to six different inconsistent requirements.

And then we talked about incentives -- the carrot that flows from lower insurance premiums, for example; or the stick that comes from legal liability, if you don't do what is reasonable, what the industry has set as a standard. And I liked very much Tom Susman's point about the other stakeholders, that just giving transparency to what a company is doing or not will unleash all kinds of pressures that are really not there right now, because there is not that transparency. So the board members, the shareholders, the community members I think would be good pressure on industry to step up to the plate.

And then one thing I would add of my own, which we haven't really heard today, but which I think is true, is that if you have a standard, and it becomes the way in which an industry addresses a particular problem, then the one company that would otherwise be the leader and be perhaps out there all by itself doesn't bear the cost that puts it at a competitive disadvantage. And that's where this sort of regulation, if you will, is pro-business, because right now if you expend the money to make yourself hardened against the attack and to do the right thing for your employees, you are incurring a layer of costs which your competitors may not be. And that's something that business understands and appreciates, and is fearful of.

So that I saw as your pupil this afternoon is what I have taken from your lessons, and I want to say I think it's been an enormously valuable experience.

Thank you very much.

MR. KEAN: I want to thank the panel very, very much. You have contributed greatly to our knowledge and our work, and I suspect to our recommendations. I want to thank members of the families of 9/11. I think we probably had more families here than at any other event we probably held on this commission. And I want to thank them for their continuing help, for the work of this commission. I want to thank Drew University in the person of its board chair, Barbara Caspersen, who I think has been here for almost the entire day I think. And thank you very much, and thank the university.

For me, we take from today's hearing perhaps three principal lessons. First, that the 9/11 catastrophe was not just about government choices, but it was also about private sector choices, and whatever is true 9/11 is certainly true today: businesses own 85 percent of America's critical infrastructure. Second, that private sector preparedness and our evaluation of it is hampered because there is no generally accepted standards for companies to aim at or against so they can then be judged.

Third, even if such standards did exist, there would still be a need somehow to develop incentives -- financial or regulatory or both, so that the private sector could improve its preparedness.

The centrality of the private sector to any national security strategy was underscored, I think, early in the day by John Degnan from Chubb, who outlined tremendous exposure faced by the industry and the private sector generally from future attack.

When preparedness fails, people die. We saw that human cost first hand in the moving testimony of Sally Regenhard and Monica Gabrielle, two people who have turned their private tragedies into tremendous public service.

We learned that there are some good public-private partnerships that are now underway. They are working in tandem for preparedness at the local, regional and national level, including those sponsored by the federal government's Department of Homeland Security. But there are some critical areas that really need a lot more focus.

We learned that a multitude of codes and standards exist for fire safety in buildings and evacuation plans, but no one standard is either enforceable or operative nationally. And this confusion makes life harder for firms that indeed perfect preparedness.

Finally, we had a frank discussion of the need for better incentives to spur private sector actions. Although there is no current consensus on whether regulatory, insurance or corporate governance would be most effective in providing incentives for private sector preparedness, it seems to me the overriding message of today's hearing is clear: we ignore the absence of proper standards and incentives for private sector preparedness at our own peril. Many of the lessons from 9/11, bought at such a terrible price, are becoming very apparent, but they have not yet been learned.

Thank you all very much for today's hearing.

Congressman Hamilton and I will be available for a press availability right after this session.

Thank you all very, very much.

(Sounds gavel.)



STAFF: Would members of the media please come forward now? I would appreciate it very much. And would the public extend the media the courtesy of asking the questions. And we ask the media please to state your name and your affiliation.

Thank you very much.

MR. KEAN: Mike? Oh, I'm sorry. You don't have a question.

Q Governor Kean, could you just outline the terms of the agreement with the White House -- (inaudible) -- out?

MR. KEAN: We probably will be releasing the terms I suspect tomorrow, provided that we -- what we want to do tonight and maybe tomorrow is to discuss who our representatives should be for the special panel who's going to review all the documents. And I think it might be appropriate really to release the terms at the time we release the members' names and all that. Does that make sense?

Q Are some of the members going to be -- (off mike)?

MR. KEAN: Well, if we told you, that wouldn't be releasing it tomorrow. (Laughter.)

Q (Off mike)?

MR. KEAN: Yeah, but then that might get modified.

MR. HAMILTON: Well, the Commission has not actually acted yet with regard to the representatives, and we will be doing that this evening and tomorrow, and I think our plan at the moment is not only to release the names of the so-called "gang of two" and "gang of four," but also to give you a fairly precise outline of what the agreement is. We will do that tomorrow.

Q Any word on the FAA and the --

STAFF: State your affiliation.

Q Oh, Robert Hennelly, WNYC Public Radio. Any response from the FAA or NORAD?

MR. KEAN: What is the --

MR. HAMILTON: Well, we have -- yes, we have had a response from them and a good bit of information delivered to the Commission since the subpoena. We have not evaluated that completely, so we don't know if there's a complete response. But there's certainly after our meeting with Secretary Rumsfeld, and then that was followed by the subpoena to NORAD, we have had a response which supplied us with a lot of additional material.

Q -- Free Press. You talked a little about building codes -- (off mike) -- I am (still missing ?) an investigation to Building 7. I would like to hear three answers on why they are not looking to inspect that Building 7 was -- (off mike) -


MR. KEAN: I don't have the answers to any of those, but I would suggest that you submit them in writing and give them to our staff and we'll try to get you an answer.

Q (Off mike) -- Port Authority and officials for the City of New York -- (inaudible) -- ? What's your reaction to that

MR. KEAN: We have -- that's one of our task forces, really very much into the whole response in the area of New York City. We are already investigating that area. We'll probably --

Q You will be bringing them?

MR. KEAN: We will probably have a public hearing in that area, and we'll certainly have the officials of the City of New York at that public hearing.

MR. HAMILTON: There's been a lot of emphasis in the Commission so far about getting access to federal documents and papers. But in order to tell the story of 9/11 and to make recommendations we need information from New York City as well, and I think we are in the process of getting it, and there certainly will be a lot of attention to not just the federal response, but state and local response as well.

Q What about the Port Authority? Bob Hennelly, WNYC -- the Port Authority, have they already complied fully?

MR. HAMILTON: I don't want to comment on that. I don't know actually. But they certainly are on our radar screen.

MR. KEAN: All the document requests are out there. The papers are coming in. It may be just a touch early to evaluate totally the response. If the response is not adequate, we will tell you.

Q Randall Pinkston, CBS News. With respect to the agreement with the Executive Branch, do you anticipate that this agreement will eliminate the need for subpoena of executive branch documents going forward?

MR. HAMILTON: We make no judgment about the entire executive branch. There's still many agencies in the Executive Branch to consider, and we certainly hold open the possibility of additional subpoenas. So the agreement that we have reached with the White House does not preclude action on other executive branch agencies.

Q Mr. Chairman, Peter -- (inaudible) -- CBS Radio. A lot of commissioners asked panel members to give grades and assessments. How would you assess overall the cooperation of the federal government, the city of New York and the Port Authority individually?

MR. HAMILTON: Well, I thought the answer given this morning was pretty good -- incomplete. I say that somewhat facetiously. It's a serious question. But we still are very much in mid process here, and I think enormous amounts of documentation has been presented to us. We don't frankly know the answer to the question whether everything the agencies and departments have have been presented, but enormous amounts of material have been. Now, that varies somewhat from department to department, but overall they have been quite responsive.

But we are now at a point in the investigation where we have a lot of very specific questions on our mind, and we have a lot of very specific documents we want to see. And I'm not able to answer whether we have all of those documents yet. I don't think anybody on the staff can answer that yet, but we are certainly narrowing the focus of our investigation.

MR. KEAN: We are. It is massive. The staff tells me we have access to over two million documents right now.

Q With so much stuff out -- Hennelly, WYNC -- with so much time spent on document production, how are you feeling about your overarching timeline in terms of your deadline?

MR. KEAN: Pressed. (Laughter.) There's no question we have a staff that is working long hours, well beyond the normal working day, a number of them working weekends, and --

(Tape change)

MR. HAMILTON: -- the commission and the media. But it's important to recognize that while that effort for access has gone forward, a lot of staff work -- a lot of staff work has been done on the subsequent questions, so that staff for the last several months have been, number one, writing the narrative of what happened and what did not happen on September 11th. And, number two, they have begun to shape for us the broad policy questions that we'll have to address. So, you're right, a lot of attention on access. But that is only a part of what the Commission has been doing.

Q Larry Arnold from AP. You've maintained your practice of not asking witnesses at the public hearings to take oaths. Are you all taking oaths in your private interviews of people?

MR. HAMILTON: The Commission is moving into a stage of interviewing a very large number of officials. Some of that has been done, but not most of it, and the Commission will be discussing the question of administration of oaths. No final judgment has been made about that.

Q And then none has been issued -- it hasn't happened yet?

MR. HAMILTON: No, I -- in some instances it has been done. I'm not going to identify those instances for you, but it is a future question for us, immediately before us.

Q As I remember this morning, you said in your opening remarks that no one could have anticipated the events of 9/11. Isn't that a question that the Commission is charged with determining?

MR. KEAN: No one could have anticipated what actually happened. Whether or not there should have been some things done that would have lessened the chances of happening, or even prevented it in some cases, is certainly a question for the Commission. To say that anybody out there anticipated the 9/11 attacks --

Q Have you reached the conclusion that no one could have anticipated the events of 9/11?

MR. KEAN: If we -- at the end of our work we will reach conclusions, not now.

Q Governor, just clarify something -- the documents that will be given to you by the White House, will they be redacted or not?


Q They will not be redacted?


Q Are they selected portions -- 9/11 Citizens Watch -- are they selected portions? They're not the whole PDB?

MR. HAMILTON: They are fully responsive to our requests.

Q Let me follow up with my other question. There have been complaints by family members that what you are going to see will not have the context of say, for example, if it were a daily briefly, will not be the fully briefing in context rather, paragraphs that meet the requirements, or refer directly to 9/11.

MR. HAMILTON: Look, we have a mandate. That mandate is specific. It's not open-ended. We cannot request information and materials that are not pursuant to the mandate. We have made requests that we think are necessary to fulfill our mandate.

Now, there are many things that happened in the national security area that are not within our mandate, and we have not asked for them. But we believe that we will have access to all of the materials that are responsive to our requests, and that will enable us to fulfill our mandate.

MR. KEAN: I might say the requests that went out to the White House were no different in that regard than the requests that went out to any other government agency. They're always specific as to our mandate.

Q Let me just say if there is a document, a free document and it has about your mandate -- the things that occurred that produced the 9/11 event, and also other things in them, those other things in them will be redacted?

MR. KEAN: If half the document is on 9/11 and half the document is on China, we will not see the half on China.

Q Tom Flocco, from the Governor, I'll ask you this question: Following up on that, regarding the readers and the selection of the readers once they are selected, will there be presidential minder-lawyers with them, sitting with you as these documents are being read, and you're only allowed to take notes -- is that correct? You are not allowed to make carbon photocopies -- you're only allowed to take notes from what you read? Is that correct?

MR. HAMILTON: I don't think we should go into the details yet, the details to that extent, at this point. But the question of minders has come up, however not in this context. And so the answer to your question is no, minders will not be present. The question of minders has come up in the context of interviews.

Q Who would supervise the notes that you take if you're not making photocopies?

MR. HAMILTON: I think we should go into that in more detail tomorrow probably.

Q Kyle Hence, 9/11 Citizens Watch. It has come to light there is a discrepancy between what Condoleezza Rice represented to the nation on May 18th in the wake of releasing certain details in the presidential daily brief when she said that it was outside the box to think that planes could be used as weapons. I understand in the Joint Inquiry there were some people who came forward who indicated that indeed there was understanding or knowledge or awareness of that potential threat, that method of attack. How would you go about, or how are you going about resolving the differences between what Condoleezza Rice represented to the nation -- this is completely outside the box -- when clearly there were inferences in which it was well established that there was this kind of method had been contemplated by terrorists? So --

MR. HAMILTON: We will of course look carefully at any statement made by the National Security Advisor, but that is not the only source of our information. So we will be looking at a variety of sources of information. The question on everybody's mind, I guess, is what did the Presidents Clinton and Bush know, and when did they know it, with regard to terrorism, and I am not going to venture a guess to answer that now, except to say that I think we will have available to us information which will permit us to make a judgment on the crucial questions that are confronting the country on 9/11.

Q But that specific conflict in terms of witnessings and accounts, things that you've heard, or on one hand someone saying it was outside the box, we didn't know about it?

MR. HAMILTON: I just don't want to try to make a judgment as to whether or not there was a specific contradiction. We will certainly be looking at the statements of the National Security Advisor. We'll be looking at a lot of other information that flows to the president and to other top-level officials. And if there are in fact differences in that, we will note them.

Q NSC documents and briefings would be part of that process?

(Cross talk.)

MR. KEAN: Let's go to somebody who hasn't asked a question yet.

(Cross talk.)

Q When news came out about the settlement it appeared there was some controversy within the Commission itself -- some members were not too happy with the settlement as it was announced. Have you resolved those differences with them, or are there still some disagreement in the Commission?

MR. KEAN: We've had some honest differences in the Commission, not only on this question, but other questions as well. We have had a number of votes where there majority of the Commission has not been -- where the majority of the Commission is decided but all the commissioners haven't been of the same mind. And that's going to be true on a number of issues. On this particular issue, the original position of all of us was that every commissioner should be able to see every document. That was what we all believed. That was the position we took into the negotiation. We made a compromise in which the majority of the Commission believed will enable us to see all the materials that we need to do our job.

Some members of the Commission still would have been happy and think that maybe we should have stuck to the original position, and I guess they believe somehow that may have prevailed. So it's an honest difference, and there will be other honest differences as we go along. The important thing to me in the kind of Washington that I've run into in this investigation, what's interesting and valuable I think is that we have got five Republicans and five Democrats in a city with great partisan divides, and we've never had five Republicans on one side and five Democrats on the other in any of the controversial votes we've had since Day One, and I hope that continues.

Q Continuing up on that, I noticed two of the members were not here today. Is there any reason for that?

MR. KEAN: They had other business.

MR. HAMILTON: May I say in response to your question, as the Chairman has stated, the Commission would have been very pleased if all 10 commissioners have seen all the documents. The only problem with that position is it doesn't take into account the other side here, and you do have to reach an accommodation. And it is the view of the Chairman and the Vice Chairman that had we held to the position that all 10 commissioners must see the documents, we would not have access to the critical documents we need to make crucial judgments. We would have had no access.

STAFF: Thank you very much.


Join the mailing list