On September 12, 2001, I was sitting behind Senator Joseph Lieberman (D-CT), as his Professional Staff Member on what was then the United States Senate Committee on Governmental Affairs. He had asked me in July to conduct this hearing; 9/11 happened the day before and we were the only hearing on Capitol Hill that Wednesday. It was during that hearing that Senator Lieberman stated publicly that we needed to have a Department of Homeland Security.
Several colleagues on the Committee and I spent the next nine months drafting legislation that, probability and experience would tell us, would go nowhere…until President George W. Bush released his version of the legislation in June 2002. For the next five months we negotiated and compromised across agencies, political parties, branches of governments, and chambers of Congress, to develop legislation that would ultimately be passed by Congress in November 2002 to create the Department of Homeland Security (DHS).
During that time, I worked with a small team of people to draft the Department of Homeland Security Emergency Preparedness and Response Directorate, among other directorates. One component of this directorate was determining how our nation would respond to a bioterror incident or large natural or manmade disaster. At the time, one of our greatest fears was the release, by Al-Qaeda, of a biological weapon on our homeland.
Our work was informed by numerous conversations with experts, including many in the medical field. One of our primary experts was Dr. Anthony Fauci, who spent extensive time with us working through scenarios and appropriate planning and response approaches to biological hazards. We laid out plans for how to execute mass vaccinations around the country, an approach for storing medical equipment, supplies, and pharmaceuticals, paying attention to expiration dates, creating a process for putting those supplies back into the national supply chain and knowing when and how to replace them. We planned for scenarios focused in large metropolitan areas, but given the open wounds of 9/11, we also planned for scenarios that hit our entire nation at once.
As we struggle today to respond to the COVID-19 pandemic, I am reminded of the considerable work we invested in 2002 to develop a directorate within DHS for the purpose of responding quickly and effectively to a biological and health catastrophe. What happened over the last 18 years? How did we lose this capability in government that we had worked so diligently to create?
The directorate called for an Under Secretary for Emergency Preparedness and Response, who would lead the federal response to a national disaster or emergency. The legislation mandated the transfer of functions, which were identified to be critical in responding to a national disaster or emergency, from their current agency to DHS to create a comprehensive preparedness and response functionality within the newly-formed agency. As we negotiated, we faced opposition from each impacted agency because we were taking their best capabilities, their “crown jewels.” But our reasoning was that we needed to co-locate and integrate the government’s “best of the best” to be prepared for the worst of the worst.
The Under Secretary would also be responsible for coordinating federal resources in response to a terrorist attack or major disaster and building a national incident management system with federal, state and local government personnel. In this time, when governors are bidding against each other and getting price-gauged by the private sector, the lack of this role within the federal government is glaring. The federal government should be responsible for the procurement and distribution of resources – ventilators, masks, and gowns. The legislation was explicit about this need.
As I watch our response to this pandemic unfold, I am struck by our short-term memory. We planned for this biological event 18 years ago and, over time, we have let the integrated capability slip away. The Emergency Preparedness and Response Directorate morphed into the National Protection and Programs Directorate in 2007, which in the fall of 2018 became the Cybersecurity and Infrastructure Security Agency (CISA). While we certainly need a dedicated agency to address our nation’s cybersecurity and infrastructure challenges, the organizational structure for responding to a national biological event that was created immediately after 9/11 has dissipated. We now find ourselves struggling to identify who is in charge of managing the response to this pandemic and who is responsible for coordinating resources across the states and territories and ensuring they are distributed to the areas of greatest need.
While some may be inclined to make a political argument out of our current predicament, I assert it is a cultural one. Our fundamental challenge is, as a nation, we do extremely well in responding to a disaster, but we struggle in comprehensively preparing for one. When chaos strikes, we call upon our first-world resources to step in and engage with urgency – whether it is the availability of doctors and hospitals after 9/11, the private sector minds of Silicon Valley, stepping in after Obamacare’s website initially failed to create a solution in 60 days, or the donations of 1000 generators and 700 miles of sandbags after Superstorm Sandy. But we need to prepare with urgency. The event itself shouldn’t be the catalyst for planning and execution; these efforts are required, pre-event. And the current crisis illustrates what happens when you wait for the event to happen to figure out how to respond. What is unfortunate is that we already had the crisis to catalyze preparedness – 9/11…but we forgot.
As a society, we have a mindset that doesn’t allow us to prepare adequately. We make a risk calculation that relies on probability rather than a worst-case scenario. As a nation, we need to recalculate how we assess risk when the lives of every American are at risk. We need to embrace the power of negative thinking to consider what the worst of the worst would look like and plan accordingly. If we envision the scenario, we can be empowered by our planning and not paralyzed by a lack of it.
The DHS legislation was certainly not perfect, and it needs an overhaul. But it was drafted with the memory of 9/11 fresh in our minds, which means it was drafted to anticipate the worst of the worst. I am an optimist by nature, but I am also a realist and believe we are the most prepared and the safest when we anticipate the perfect storm. We continue to learn that our planning falls short because we do not expect or plan for the worst to happen.
Following the data breach of law firm DLA Piper, the CEO shared that they had exercised and planned for each of the company’s critical functions to be breached, but what they hadn’t tested for was the entire company and all critical functions to be hit at once. A large law firm may not have the resources to prepare for the perfect storm, but our nation should…and we did. We prepared for the perfect biological storm but, over time and as other issues were prioritized, we got complacent in our thinking and believed nothing like that could happen.
As our threat landscape grows – across multiple areas including cyber, technology, health – our nation needs to heed the lessons of the past to inform our actions for the future. A first step should be for DHS, in coordination with HHS, to take back the authority and responsibility for coordinating and managing a national biological or health crisis because we are likely to face another pandemic soon. We cannot view Covid-19 as an anomaly. We need to prepare for it happening again and we should use this power of negative thinking to keep our nation and our citizens safe and secure.
Kiersten E. Todt was a senior staffer on the U.S. Senate Committee on Governmental Affairs and a primary drafter of the legislation that created the Department of Homeland Security. She most recently served in government as the Executive Director of President Obama’s independent Commission on Enhancing National Cybersecurity and is currently the Managing Director of the Cyber Readiness Institute.