Interdependent Security: Implications for Homeland Security Policy and Other Areas

Geoffrey Heal, Howard Kunreuther, and Peter R. Orszag
Peter R. Orszag Vice Chairman of Investment Banking, Managing Director, and Global Co-Head of Healthcare - Lazard

October 1, 2002

The World Trade Center attack underscored the urgent need to assess vulnerabilities in the security of American lives and property and to implement preventive measures against catastrophic events. As policymakers grapple with strategies for dealing with homeland security challenges, a key issue they face is determining when private sector security activities or government interventions are most effective in promoting national security. We argue that in many private sector settings, a combination of regulations, insurance, and third party inspections offers the most auspicious approach to improving security at reasonable economic cost.

To see why the private sector may lack adequate incentives to protect against terrorist attacks, consider airline security—a continuing vulnerability in America today despite recent improvements. Airline security is a complex, interdependent arena in which it is clear that security measures will be effective only if a coordinated system can be implemented. Diligent passenger and baggage screening has been, and continues to be, an effective deterrent to airline catastrophes. But the high cost of x-ray and explosive detection equipment has discouraged or precluded some airlines from using them as standard safety tactics. And if pure cost alone is not enough to deter a company from making this costly security investment, the knowledge that other airlines are not making the investment can clinch a decision not to proceed with it.


Why would an airline decline to take available measures to protect itself and its passengers from harm? Precisely because something is happening that militates against purchasing the desirable screening tools, aside from the issue of pure cost: a phenomenon that causes a critical reduction in incentives for investing in proven preventive security. This phenomenon can undermine the ability of an entire industry to take reasonable precautions against catastrophe. The force that is so powerful that it could negate the compulsion to protect life and property is simply the interdependent nature of airline security. When the fates of many companies are intertwined, their incentives to attend to security issues can be severely reduced. In the private sector, incentives are critical. If private incentives are not aligned with the public good in a compelling way, the results can be catastrophic.

Security problems are interdependent when a catastrophic risk faced by one firm is determined in part by the behavior of others, and the behavior of these others affects the incentives of the first firm to reduce its exposure to the risk. In such situations security cannot generally be left purely to the private market and may have to be addressed via some form of government intervention. Inter- dependent security problems include airline and computer network security, which are central to the security that America strives to attain in the wake of September 11, 2001.

Interdependence occurs in airline security because an airline considering whether to install a baggage checking system must balance the cost (of installing and operating the system) with the benefit (in the form of reduced risk from passengers or luggage). The risk may arise not only from passengers who check in directly with this airline, but also from passengers who check bags on other airlines and then transfer without their luggage being screened at the origin or transfer point. A bag containing a bomb initially checked on another airline and then transferred to Pan Am was responsible for the destruction of Pan Am flight 103 over Scotland in 1988. Thus, even an airline with an infallible screening system is at risk, since only bags checked by passengers who initiate their trip with that airline are inspected; those bags transferred from another airline are not. The knowledge that investing in screening still leaves an airline vulnerable unless others do likewise reduces the attractiveness of investing in screening.

Computer networks are also interdependent. Once a hacker or virus reaches one computer on a network, the remaining computers can more easily be contaminated. This possibility reduces the incentive for any individual computer operator to protect against outside hackers. Even stringent cybersecurity may not be particularly helpful if a hacker has already entered the network through a “weak link.”

A feature common to these problems is that an organization can never achieve perfect security by itself, since the risk it faces depends on the actions taken by others. In other words, your security can be compromised by the failure of others to act even if you take appropriate precautions on your own. The risk faced by an airline depends on its security system and also on the thoroughness with which other airlines address the security issue. This interdependence looms large in homeland security problems, although it occurs in other settings as well.

When security is interdependent, firms acting on their own may choose not to invest in risk reduction measures even though they all would be better off if they did. In some cases, the overall outcome may also be subject to “tipping behavior,” since one company occupying a strategic position may induce all others to follow its lead. Even if there is no single company that can exert such leverage, a small group of companies may be able to do so. This has significant implications for policymaking, since it suggests that it may be particularly important to persuade certain key players to manage risks carefully.

A Simplified Problem

Consider two identical and independent divisions in a fictitious company, Be-Safe. Each division operates a plant, and there is some chance of a catastrophic accident in either plant. If such an accident occurred, the costs would bankrupt the entire firm. Each division can invest in protective measures to reduce the chances of a catastrophe. Even if Division 1 invests in protection against catastrophe, there will still be a risk of Be-Safe going bankrupt if Division 2 does not take its own precautionary measures. In other words, the employees in Division 1 could lose their jobs because of the carelessness of Division 2, even if they have behaved in an exemplary fashion themselves. Each division can be destroyed by the failures of the other.

If each division wants to maximize the expected returns to its own employees, the risk posed by poor safety at Division 2 will attenuate incentives for Division 1 to be safe, and vice versa. In other words, the possibility of contagion reduces the incentive to invest in protection. Why? Because if the firm had only one division, investment in protection would buy all the employees freedom from bankruptcy. With a second division, there is a chance that even if Division 1 invests in protection, Division 2 can have an accident that can bankrupt the firm if it does not invest in security measures. Yet the cost of investment to Division 1 is the same regardless of whether or not Division 2 exists. Since the benefit of the investment is reduced, but the cost is unchanged, the interdependence with another group discourages the investment.

The results for a two-division company carry over to more general settings. The incentive for any division to invest in protection depends on how many other divisions there are and on whether they also invest in protection. Divisions that do not invest reduce the other divisions’ incentives to invest. And as more divisions do not invest, the incentives for the other divisions to invest are further reduced. However, there may be one division in the firm occupying so strategic a position that if it invests in protection, all others will be compelled to follow suit.

Solutions to Interdependent Security Problems

How can we as a nation overcome the security risks from linked systems? Several broad types of options are possible. The first involves collaborative actions within the industry. In the airline industry, for example, one possibility is that airlines agree to accept baggage only from adequately secured airlines and that an industry association stipulates this as a rule. A second broad option is that policymakers develop and implement regulations and standards to align private incentives with the public good. A third option is that policymakers enact tax incentives to encourage better private security. Reliance on insurance and liability systems offers other possibilities. Each of these approaches may be aided by the fact that some companies or groups may play a leadership or strategic role and be so influential in the industry that if they change their policy, others may follow.

Collaborative Actions: Collaborative action may encourage improved security. A trade association can facilitate collaboration by stipulating that members must follow certain rules and regulations, including adopting security measures. Some large-scale associations have tackled security problems by instituting new association-wide regulations. For example, after September 11, the International Air Transport Association (IATA), the official airline association, instituted intensified baggage security measures. But a collaborative action such as IATA’s is unlikely to work unless all airlines are association members. Since not all airlines are IATA members, IATA would need to require its members to refuse to do business with non-members (or with members who do not go along with the security measures) before this system could address significantly the airline security problem. For example, IATA could require that each member airline not accept in-transit bags from airlines that do not adhere to its regulations.

Achieving the requisite collaboration is not easy. The most likely way for it to come about is through public pressure and the threat of more drastic interventions. This may result in protection becoming the norm for firms or divisions in an organization. But establishing such social norms is a challenging task, since attention is difficult to sustain over time in the absence of imminent threats and visible benefits from investment in protection. Government intervention may therefore be appropriate.

Government Regulations and Standards: Interdependent security provides a rationale for well-enforced government regulations and standards requiring individuals and companies to adopt security mechanisms. For example, the Aviation and Transportation Security Act enacted on November 19, 2001, sets a deadline of December 31, 2002, for a checked baggage security program to screen all bags for bombs (see box at right). Legislation pending in Congress could extend that deadline for some or all airports.

Another way to surmount the monumental interdependent security problems is shown by the new building codes that have been proposed following the World Trade Center collapse. Engineers and policymakers are exploring the feasibility of new national standards for constructing buildings to make them more resistant to catastrophic failures. One difficulty is that no federal agency has the power to enforce building codes; these have normally been the purview of state and local governments. The Americans with Disabilities Act (ADA), however, was able to mandate changes in buildings across the country, providing a precedent for federal preemption of local building codes. Although the ADA does not directly affect existing building codes, the legislation requires changes in building access and permits the attorney general to certify that a state law, local building code, or similar ordinance “meets or exceeds the minimum accessibility requirements” for public accommodations and commercial facilities.

Taxation and Subsidies: An indirect way of encouraging greater security is to levy a tax on companies not investing in protection. The magnitude of the tax would ideally depend on the number of firms and the cost of these measures. Subsidizing protective measures could similarly induce firms to invest in security. The problem with this approach reflects political economy realities: the tax would be unlikely to be adopted by Congress and the subsidy would further widen the nation’s fiscal imbalance.

Insurance: Insurance appears to be a logical way of encouraging security because it rewards those who adopt protective measures by reducing their insurance premiums to reflect the decreased risks. Although insurance can indeed encourage some security provisions, a complication arises in the context of interdependent security problems. For example, assume that security at a particular airline is lax. If a bag transferred from that airline to a second airline explodes, the insurer for the airline on which the bag originated should pay for the cost of the damage to the second airline. Without that outcome, the original airline would lack the incentives to improve its security. However, the difficulty in assigning causality for a particular event means that it is unlikely that insurance contracts could be implemented in a manner that would address the interdependent security problem.

Liability: If an airline caused damage to others by not adopting a protective measure, and were then held liable for these losses, the legal system would offer another way to “solve” the interdependent security problem. In other words, each airline would have an incentive to take into account the implications of its decisions for the risks faced by others. Unfortunately, the liability system operates differently in practice. Even determining liability could be difficult. In the case of an aircraft explosion, for example, it would be difficult to know whether a bag from another airline was the cause or whether it was one of the airline’s own bags. The Pan Am crash in 1988 illustrates this difficulty. The bag that destroyed the plane was in a container of transferred bags and it took considerable forensic research to determine which one actually caused the crash.

Toward a Mixed System: Private-Public Partnerships

The most auspicious mix of these approaches is often to combine a performance-oriented standard or regulation with private market mechanisms such as insurance, and third-party inspections. The regulations are necessary to provide a backstop in ensuring that private incentives are consistent with the public good. The insurance and third-party inspection components reduce the burden of enforcing the regulations by a public sector agency.

More specifically, third-party inspections coupled with insurance protection can encourage companies to reduce the risk of accidents and disasters. Under such a program, insurance corporations would hire third-party inspectors to evaluate the safety and security of firms seeking insurance coverage. Passing the inspection would indicate to the community and government that a firm has complied with the safety and security regulations. The firm would also benefit from reduced insurance premiums, since the insurer would have more confidence in the safety and security of the firm.

This system takes advantage of two potent market mechanisms to make firms safer, while freeing government resources to focus on the largest risks. Insurance firms have a strong incentive to make sure that the inspections are rigorous and that the inspected firms are safe, since the insurers would bear the costs of an accident or terrorist attack. Private sector inspections also reduce the number of audits a regulatory agency itself must undertake, allowing the government to focus its resources more effectively on those companies that it perceives to pose the highest risks. The more firms that decide to take advantage of private third-party inspections, the greater the chances that highest-risk firms will be audited by a regulatory agency. Knowing that an audit is more likely induces even the high-risk firms to adhere to standards.

Studies have shown how such a program can be implemented. In Delaware and Pennsylvania, the State Departments of Environmental Protection have worked closely with the insurance industry and chemical plants to test this approach. The results have been encouraging, and suggest that the basic approach is both feasible and sound.


In the face of catastrophe, different groups and companies find that their fates are linked. Security in the modern economy is frequently interdependent. Consequently, companies are discouraged from adopting protective measures. In these circumstances an entire industry may be unwilling to take reasonable precautions against catastrophe and all the divisions in an organization may take unwarranted risks. The events of September 11 have highlighted the importance of addressing the questions associated with interdependent security. Interdependent security problems mean that market forces may not be sufficient to protect private sector sites within the United States from terrorist attack. The public and private sectors together need to reexamine their roles and the ways in which they can cooperate to develop fair and efficient strategies for providing protection against catastrophic events.