John McCarthy isn’t interested in isolating himself in the world of academia.
As director of George Mason University Law School’s Critical Infrastructure Protection Project, McCarthy is putting academic research at the forefront of efforts to guard against terrorism.
“The project is kind of a metaphor for what we’re trying to accomplish on a national and state level,” he said. “It’s not just talking about the problems, it’s taking it to the next level.”
McCarthy’s two-year, $6.5 million project received recognition from Gov. Mark Warner (D) Monday, Dec. 9, in a press conference to announce recommendations for the Secure Virginia plan, an administrative and legislative initiative to improve the state’s ability to respond to terrorist attacks or natural disasters.
The program is intended to increase the security of telecommunications and computer networks, utilities and financial institutions like banks, in Virginia and the U.S.
But business leaders and civil liberties advocates worry that the program will cut too deeply into the very freedoms that define America, cutting into privacy rights while stripping away the press and citizens’ right to know what the government is doing.
WARNER HELD the press conference at GMU’s Law School, because it plays an “incredibly leading role in studying cyberterrorism, and how to protect against it and other threats to infrastructure like utilities and banking networks, he said, industries crucial to the nation’s economy and day-to-day functions.
Mark Grady, Dean of the GMU Law School, said research efforts to protect such institutions are important for several reasons. “If [those industries] were attacked by terrorists, it would dispirit people and would also potentially have more serious consequences,” he said, “so one solution would be for the government to ordain security standards.”
Government can’t solve the problem alone though, according to Warner. Over 90 percent of critical infrastructure, like utilities and telecommunications networks, is owned by private industry, according to government officials and GMU researchers.
When disaster strikes, though, the government is left to fix many of the problems. For that reason, the government wants and needs to know as much as possible about those industries, according to Warner, especially about potential security weaknesses. The Secure Virginia initiative calls for businesses to share information with each other and with the government.
But forcing industries to disclose information has some people worried. Warner said business leaders have expressed concern that talking about security needs to the government could put them at a disadvantage, if their competitors learned where they were weak.
It’s a groundless concern, according to Grady. Sharing information about security measures could actually increase output of services, he said.
ONE WAY to ensure that businesses aren’t hurt by the security measures is to develop self-regulating measures, which would make government restrictions unnecessary, McCarthy said.
The Critical Infrastructure Protection Project is working on developing solutions that could be put in place by businesses, rather than more rules and regulations being imposed by the government, he said. Kip Thomas, associate research director for the project, said those “market-based solutions for cyber-security” would be more efficient than government regulations.
Nevertheless, McCarthy said, the governor is on the right track by trying to bring business and government together to work out solutions. “Any kind of initiative that looks at the issue from an interdisciplinary approach… is a good thing,” said McCarthy.
Interdisciplinary approaches lead to conflicting opinions as well as shared ideas. Sean Gorman, a GMU graduate student of public policy, is studying vulnerabilities in the national telecommunications networks, particularly how they affect financial institutions. Before Sept. 11, he said, few people were interested in the field outside of those already studying it. Now his research is a national security issue.
With attention from politicians like Warner, logical academic approaches to the issues could be compromised, said Gorman. For instance, it is possible that preventative measures like Secure Virginia could cost more in the long run than a terrorist attack.
“Is it really politically sustainable to say that it’s not economically feasible?” said Gorman.
CIVIL LIBERTIES GROUPS share Gorman’s concern, questioning the restrictions that Secure Virginia would put in place. To restrict access to information on critical infrastructure, the Secure Virginia plan would exempt some government agencies and actions from the Freedom of Information Act.
While improving information-sharing between business and the government, Secure Virginia policies would restrict media access to some of that same information. “Whatever the press knows, the terrorists know,” said U.S. Rep. Tom Davis (R-VA), who spoke at the press conference to support the Secure Virginia plans, some of which were modeled after legislation he introduced at the federal level. “That’s information frankly we don’t want them to know,” he said.
Even research on how to guard against terrorist attack can provide dangerous information to enemies, said McCarthy. The project at GMU is discovering vulnerabilities in American infrastructure. “If you want to do harm to the system,” he said, “it can give you a road map to that.” Grady said keeping that from happening is an increasing concern for administrators.
Any time the government tries to restrict the media’s, and therefore the public’s, access to information, there is cause for concern, according to Rebecca Daugherty, the service center director for the Reporters Committee for Freedom of Speech.
“When the government takes an interest in these kinds of matters, it’s usually because the public has a strong interest in what’s going on,” she said. When the public has an interest, they deserve to have access to information about the topics in the news.
Restricting access to information “is not the way you conduct participatory democracy” and would subject citizens to unknown safety hazards, said Daugherty. “To me that’s a lot scarier than the notion that a terrorist can somehow figure out what a weakness is,” she said.