Last week I posted a particularly interesting story in the weekly Security News Roundup. The article, featured on the Government Security News website, states that the DHS has published a voluntary training program targeted at some 850,000 employees who work in the chemical industry. According to the article, it is estimated that over 400,000 of them, approximately 47%, will take the course. As I read through it, my initial reaction was actually excitement that they had implemented something so useful.

The DHS, more known for its infamous policies such as taking your shoes off at the airport and often disregarded “threat level orange,” has really hit the nail on the head this time. Millions of Americans go to work each day in an industry that may be vulnerable to terrorist attacks. Industries from transportation to port security to energy infrastructure have all been noted to have exploitable weaknesses. These services have become so integrated into American life that it would be hard to imagine going without power, airplanes, or clean water due to a terrorist plot.

Technology makes it possible

Considering how much money we spend every day on security, the cost of making this training available is virtually negligible. When we utilize the power of the internet to distribute the course and/or software, the only cost is the upfront investment of development. In the case of chemical workers, the program cost about 16 million to develop. As I mentioned, the fixed costs were high, but the DHS can continue to distribute this program for years with minimal continuing costs.

Expansion is key

The question is – why isn’t this available in more industries? Further, how quickly can it come about? If we have learned anything from the implementation of security procedures, it is that if the employees don’t understand or don’t care about them, the procedures are destined to fail. Though it would not be feasible to ask the government to design courses with enough company-specific information to replace private corporate training, there are many areas that can be addressed. These include, at a minimum, the broad-level policies and initiatives that are expected of individuals working in a vulnerable industry. For instance, the “see something, say something” idea put forth by DHS Secretary Napolitano, along with examples of how and when to use it. In addition, content could feature typical attacks and shed light on social engineering, IT security, and other common points of entry for wrong-doers.

Comprehensive security in America is ultimately the result of a partnership between the public and private sectors. In the absence of a totally authoritarian state, private entities and government interests need to combine for the greater good. Unlike so many spending initiatives which have gone awry, using tax money to raise the minimum security standard is something I whole-heartedly support.