David McWhorter, Security Debrief
<! -------------- Links -------------------->
<! -------------- Links End -------------------->
Mar 12, 2009
This week, Thomas Frank of USA Today reported on the decision of DHS’ Office of SAFETY Act Implementation (OSAI) to award the NFL SAFETY Act Certification. To see mention of the SAFETY Act in USA Today was a great and positive surprise. After spending several years as the lead technical evaluator to DHS for the SAFETY Act where one of my duties was “outreach,” it was a thrill to finally see a major newspaper give it the attention it deserves. I can remember going to meetings, workshops and conferences to deliver presentations where my opening line would be “Who has heard of the SAFETY Act?” and no hands would go up. By the time I left OSAI in November 2007, the tide had started to turn, but to be in the USA Today? Wow!
My excitement quickly turned to disappointment as bloggers and their followers began commenting on the story with misinformed and erroneous statements designed to get the masses angry at a so-called “special exemptions to fat cat industries.” A response to this comment, and others from throughout the blogosphere, are found below.
Comment: The NFL’s Certification represents “special exemptions to fat cat industries.”
Reality: Coverage under the SAFETY Act is not a special exemption. Any seller of a “product, equipment, service (including support services), device, or technology (including information technology) [that is] designed, developed, modified, or procured for the specific purpose of preventing, detecting, identifying, or deterring acts of terrorism or limiting the harm such acts might otherwise cause” are eligible for coverage. There is no eligibility requirement in terms of the size of the business; in fact, small businesses (revenue < $50M) have submitted more applications to OSAI than large businesses (revenue > $1B) by nearly a 2 to 1 ratio (263:167). However, there are specific criteria in the Act that the applications are measured against. These include the criteria that the “Anti-terrorism technology … would be effective in facilitating the defense against acts of terrorism, including technologies that prevent, defeat or respond to such acts” and that there is a large “magnitude of risk exposure to the public if the Technology is not deployed.”
Comment: “But the NFL now can label almsot [sic] any incident it wants as a terrorist act, one more hoop for plaintiff’s [sic] lawyers to jump through after a [sic] filing a lawsuit against the NFL, after some incident where people are injured at a stadium.”
Reality: The definition of an act of terrorism (for SAFETY Act purposes) is included in the text of the legislation itself. It must be declared as an act of terrorism by the Secretary of DHS, and is defined, in part, as “uses or attempts to use instrumentalities, weapons or other methods designed or intended to cause mass destruction, injury or other loss to citizens or institutions of the United States.”
Comment: “What if the NFL fails to comply with the plan?” and “It will shield them from lawsuits when they don”t provide adequate security.”
Reality: Because there has not been an act of terrorism that meets the SAFETY Act definition since the law went into effect in 2003, no one knows how any of it will play out in court. However, the interpretation of the Federal Regulations and the Act is generally that the SAFETY Act covers the product or service as described in the seller’s application, so failing to comply with the plan would result in potential nullification of a seller’s liability protections.
Reality: The SAFETY Act was created to encourage the development and deployment of anti-terrorism technologies. It does this by providing liability protection for solutions that have been evaluated by DHS and external Subject Matter Experts for efficacy. Without the Act, why would a company that anticipates, for example, 1% of its revenue from an anti-terrorism technology, make it available to the public sector knowing that it exposes them to unquantifiable liability? They wouldn’t, thus the Act is a win-win for the seller, who gets to make a profit, and the public, which gets a safer environment (in this case, a stadium).
By the way, please note that no detector is 100% accurate with no false positives. For instance, take a baggage canner at the Dulles International Airport. Approximately 25 million passengers travel through Dulles every year, so I’ll assume that roughly 50 million checked or carry-on bags are examined. Even if the scanners’ probability of detection is an absurdly high 99.9999%, this would still mean that if every single bag contained a bomb, 25 bags per year would still get on board. Would you rather go with those odds knowing that the seller of the scanners have limited liability, or would you rather that the sellers stop deploying the scanners, leaving our airports without the technology they need to detect the other 49,999,975 bombs?
Comment: The NFL “is immune from suits caused by terrorist attacks on it”s [sic] facilities.”
Reality: The NFL doesn’t often (ever?) own the stadiums in which the games are played. These stadiums are usually owned by private entities or municipalities. These entities would have to apply for and receive their own SAFETY Act coverage for their specific security plans which would presumably have the NFL plans as a baseline.
There were many more comments made in the blogosphere, but the ones above were the most worthy of counter-points and clarification.
The SAFETY Act has made tremendous strides as a program in the last few years. It is often cited as one of DHS’ (few) early successes. I hope that the knee-jerk reaction of some commentators does not replicate itself on Capitol Hill. We are a safer, more resilient nation because of the SAFETY Act.
Below is a representative list of products and services that have recently received SAFETY Act coverage:
• Heyltex Corporation is a distributor of Radiogardase®, an encapsulated insoluble powder for the treatment of known or suspected radioactive contamination of people over the age of two. The Technology is designed to decrease the radiation exposure from radioactive cesium, radioactive thallium, or non-radioactive cesium contaminations.
• Ahura Scientific, Inc. provides the FirstDefender™. The Technology is a hand-held system designed to identify solid and liquid chemical materials and mixtures, including chemical warfare agents, toxic industrial chemicals, and explosives.
• Phoenix International, Ltd. provides the MagnumSpike! Tire Deflation System. The Technology is a portable tire deflation system composed of a lattice of metal alloy spikes.
• Smiths Detection, Inc. provides the IONSCAN 400B. The Technology is a desktop explosive and narcotics trace detection system.
• Life Shield Engineered Systems, LLC’s Blast Mitigating Composite Panels are a fiber-reinforced or non-fiber-reinforced polymer and are designed to protect life and critical assets that are directly or indirectly impacted by a projectile strike or explosion.
• FloorView, LLC provides FloorView. The Technology is an off-the-shelf Web-based application designed for emergency management application for first responders. It provides users with important securely retrieved information such as architectural drawings, geospatial information, and floor plans.
• Science Applications International Corporation (SAIC) provides the Radiation Portal Monitor System (AT-980 System). The Technology is a device that uses gamma-ray and neutron detection modules to passively monitor closed, moving vehicles, containers, and/or railcars for the presence of radioactive materials. In particular, it can be used to detect the presence of special nuclear material (SNM) and radiological dispersal devices (RDDs).