Identify and repair the weakest links in vulnerable systems and infrastructures;
Use defenses-in-depth (do not rely only on perimeter defenses or firewalls);
Use “circuit breakers” to isolate and stabilize failing system elements;
Build security into basic system designs where possible;
Build flexibility into systems so that they can be modified to address unforeseen threats;
Pay attention to the human factors in the design of all systems, particularly those used by first responders; and
Take advantage of dual-use strategies to reduce vulnerabilities of private-sector targets while enhancing productivity or providing new commercial capabilities.
These general strategies reflect concepts that appear repeatedly throughout this report, in recommendations aimed at different infrastructures and at different phases of prevention and response. In addition to sharing common themes, recommendations in various chapters also repeat some key solutions and programs. There are research and engineering opportunities in crosscutting areas, where new technologies and programs have the potential to mitigate multiple vulnerabilities in different areas. These technologies and programs are described in Chapter 11 and include the following:
Systems analysis, modeling, and simulation;
Integrated data management;
Sensors and sensor networks;
Autonomous mobile robotic technologies;
Supervisory control and data acquisition (SCADA) systems;
Controlling access to physical and information systems using technologies such as biometrics; and
Human and organizational factors.
Each of the chapters on society’s infrastructures or systems contains a number of recommendations that represent the committee’s highest priorities for actions in that area. In addition, in the executive summary, the three or four most important recommendations in each area are summarized, and a list of top short-term actions and long-term research opportunities cutting across all of the areas is provided. However, the final decisions about which measures should be taken first and which programs should be most vigorously pursued will depend on a variety of factors, including the relative likelihood of attacks in each area. The committee did not have access to all relevant information and hence does not claim to offer a definitive prioritization of counterterrorism actions.