Whether the absence of another major terrorist attack on American soil on the scale of the September 11, 2001 attacks on the World Trade Center, the Pentagon, and an unidentified third target left untouched by the heroic efforts of passengers on United Airlines Flight 93 is attributable to the government’s efforts or simply reflective of an unwillingness or inability on the part of hostile terrorist organizations to carry out another such attack is unknowable. What is known is that the 9/11 attacks illuminated a disturbing failure on the part of disparate departments and agencies spanning all levels of government to work together in a productive manner.
Many of the failings revealed by post-attack investigations—most notably that conducted by the National Commission on Terrorist Attacks Upon the United States (known informally as “the 9/11 Commission”)—were ostensibly addressed through the USA Patriot Act (Public Law 107-56) and by establishment of the US Department of Homeland Security (pursuant to passage of the Homeland Security Act of 2002, Public Law 107-296). The latter in particular was intended to break down statutory and cultural barriers between federal agencies and between federal and state and local agencies, such as in the sharing of information the possession of which by the right people could prevent or help better prepare for an attack.
All of this is pertinent in discussions of the National Incident Management System (NIMS). It was created in response to the findings of the 9/11 Commission and other studies all of which revealed the failures of government departments and agencies to work together toward a common goal, usually on account of historical and cultural impediments to cooperation, usually with a financial component involved (in effect, protecting one’s jurisdiction and budget from encroachment by the other guy’s activities). Interestingly, or ironically, the establishment of NIMS in 2004 was a belated recognition of the obvious: that federal departments shield themselves from each other out of bureaucratic and jurisdictional jealousies and because, in the realm of intelligence collection and analysis, laws existed limiting or blocking the ability of foreign intelligence agencies to share information with domestic law enforcement departments, a legacy of the domestic spying scandals of the 1970s. Whether intended or not, the Federal Emergency Management Agency (FEMA), the agency responsible for administering NIMS, alluded to the federal government’s lengthy failure to work constructively on the nation’s behalf when it wrote in its 2017 report,
NIMS is the culmination of more than 40 years of efforts to improve interoperability in incident management.
In other words, nobody wanted to or was capable of working cooperatively with anybody else, so now it was going to be mandatory. The scale of the problem, however, should not be understated. Again, as noted by FEMA,
The jurisdictions and organizations involved in managing incidents vary in their authorities, management structures, communication capabilities and protocols, and many other factors. NIMS provides a common framework to integrate these diverse capabilities and achieve common goals.
The question now, then, is how far the nation has moved in the direction of improving disaster preparedness and response. When Hurricane Katrina destroyed much of New Orleans in 2005, the government’s failures, especially with regard to FEMA’s role in preparation and response, was, again, illuminated, prompting yet more demands to improve what should have already been improved. Addressing again the challenges involved given the size of the country, the difficulties inherent in reforming bureaucracies, and the effects involved in working across fifty states and hundreds of cities and counties, a certain amount of patience is warranted. Compelling compliance with NIMS, however, is easier said than done, especially given the fact that much of the nation’s critical infrastructure (e.g., electrical grids, rail systems, air travel, and banking networks) resides in private hands—a situation making compliance even harder. The government’s most important tool in compelling compliance (excluding penal servitude) involves the power of the purse: in other words, threatening to withhold federal grants intended to improve coordination. An independent study published in Homeland Security Affairs Journal noted,
NIMS compliance was made a precondition for any agency or organization to receive homeland security preparedness funding—a potentially powerful incentive for adopting and implementing the system. However, the impact of actually withholding funds from jurisdictions that did not comply with the NIMS mandate may have seemed too strong or even counter-productive to those developing the regulations for NIMS compliance. Withholding funds would have removed resources that those entities needed to improve emergency response systems, and that action would undoubtedly have caused political reaction by local, state, and federal officeholders representing those jurisdictions. Therefore, states and sub-state jurisdictions, when applying for homeland security grants, have only been asked to self-certify, with minimal documentation, that they are NIMS compliant.
Whether NIMS has proven successful is difficult to say, in part on account of the lack of another natural or manmade disaster on the scale of the 9/11 attacks and Hurricane Katrina. The US Government Accountability Office (GAO), in a 2016 study, found the following flaws with respect to FEMA’s ability to measure progress:
FEMA uses states’ self-assessments to determine if states have implemented the National Incident Management System (NIMS), as required, but does not assess NIMS implementation using the results of preparedness exercises.... Although states generally report high levels of NIMS implementation, officials from all four FEMA regional offices and 9 of 10 states GAO spoke with said that the NIMS self-assessments are perfunctory and do not measure whether, or how well, NIMS is being implemented. FEMA officials said they do not verify states’ self-reported NIMS implementation information because of the scope and breadth of the information. All of the FEMA regions and 8 states said the best way to assess NIMS implementation is to review states’ performance in after-action reports following exercises and real-world events. However, FEMA officials do not review these reports to assess NIMS implementation. Doing so could allow FEMA to better assess NIMS implementation and identify areas for improvement.
Government mandates routinely entail a requirement for implementing agencies to measure progress, and those metrics are almost always late to be developed and even later to be implemented. Even when implemented, subsequent investigations by GAO and other government and private watchdogs invariably conclude that significant weaknesses regarding systems to measure progress still remain and need to be addressed. How well the government and private sector are prepared for an attack involving chemical, biological, radiological, and/or nuclear weapons, therefore, remains to be seen. Clearly, needed equipment has been purchased and put into place at locations of greatest vulnerability, such as maritime ports through which pass thousands of large shipping containers every month, any one of which could contain a weapon of mass destruction. Use of imaging to scan the contents of a container, however, is only one part of a larger problem when skilled engineers, chemists, microbiologists, and others working on behalf of a hostile foreign government or terrorist organization are able to incrementally amass components, such as chemicals that are independently benign but yield highly toxic substances when combined. The challenge is enormous, but federal, state, and local agencies, including first responders such as police, fire and EMTs, are far better equipped and trained than they were before September 11, 2001.