In the aftermath of the deadly July 7 London transit bombings, business leaders have a new nightmare to worry about: Islamic radicals linked to al Qaeda are increasingly hitting "soft targets" with high-powered explosives carried by local operatives. This new phase in the terror war is shining a spotlight on a burgeoning worldwide business: the homeland security experts. Armed with a background in law enforcement, intelligence, or technology, a growing crop of security consultants has sprung up to help major corporations increase their defenses.
Hawking services that range from providing total security audits to planning escape routes for workers in case of attack, the consultant corps is raking in millions in fees as companies gird for the worst. Estimates now put private spending for all forms of security at $50 billion annually, two or three times the pre-September 11 tally, with a sizable chunk going for consulting services. A March, 2005, Conference Board report found that more than half of companies surveyed had boosted their security spending, with the biggest hikes among large outfits in such high-risk industries as utilities and financial services, especially in the Northeast. Last year, for example, Goldman, Sachs & Co. spent $9 million installing dozens of metal posts and two 200-foot-long Italian granite planters to protect just one office building in Jersey City after a consultant recommended hardening against car bombs.
As the threats have evolved, so too have the consultants. After September 11, the field grew quickly as ex-cops printed up business cards and converted spare bedrooms into international headquarters. But nearly four years later the consulting ranks have seen a shakeout. The industry matured as companies began to demand real-world solutions. "The more sophisticated clients are now looking for someone to give them advice and then stay around for implementation, instead of just showing up with a big bag of toys to sell," says Richard A. Clarke, former top White House counterterrorism adviser and founder of Washington-based Good Harbor Consulting LLC.
Not surprisingly, as the government gears up for a generational war against global terror, Washington has become a fertile source of experts-for-hire. Marquee names from the Bush Cabinet are segueing into consulting, with former Attorney General John Ashcroft and former Homeland Security Secretary Tom Ridge each planning his own firm. Indeed, the three-year-old Department of Homeland Security has spun off at least three top consultants: former Deputy James Loy and former Under Secretaries Asa Hutchison, who headed border and transportation security, and Frank Libutti, chief of information analysis and infrastructure protection. Following the big names are legions of lower-ranking officials who have spent years reading top-secret cables.
The consulting game, though, extends well beyond the Beltway. Giuliani Partners LLC, founded by former New York City Mayor Rudolph W. Giuliani in January, 2002, has a hand in everything from straightforward security audits to a joint venture to provide biochemical cleanup. In one typical contract, Entergy Nuclear Northeast (ETR ) hired Giuliani's Security & Safety division to review and develop emergency plans for its five nuclear power plants. "There was some complacency starting to set in [among U.S. companies], but London brings to the forefront that we are still vulnerable," says Pasquale J. D'Amuro, a former top FBI official heading up Giuliani's security division. And New York-based Kroll Inc., which for 30 years has been conducting investigations for big companies, has lately made a lucrative business providing advice on avoiding kidnapping, handling ransom demands, and travel safety.
Traditional military hardware suppliers, too, are piling in. New York-based L-3 Communications Holdings Inc. (LLL ), for instance, is creating sophisticated video surveillance systems for large ports, and is designing sensors to detect chemical or nuclear radiation for use in shipping containers. Last year, the Transportation Security Administration hired L-3 to develop an explosive detection system for Amtrak trains. "We have to focus on large hub areas where you can have casualties that make September 11 look small," warns L-3 CEO Frank C. Lanza.
Government has been a crucial driver of the security business. Consultants got a lift when Congress passed the 2002 Terrorism Risk Insurance Act, which required insurers to offer terrorism coverage, forcing them to figure out risks for specific incidents. But worried executives are creating a growing market as well. Midland (Mich.)-based Dow Chemical Co. (DOW ), for instance, the nation's largest chemical business, won't supply specifics but reports that it has spent tens of millions over the past few years securing plants and seeking better monitoring of workers and visitors. It has switched from quaint picture ID cards to electronic badges linked to biometric detectors; old-style burglar alarms have given way to infrared monitors and high-definition digital cameras. "We're better now," says Timothy J. Scott, Dow's chief security officer. "Before, we focused mostly on what was going out of the gate; now the real focus is on who's coming in the gate."
No industry is more concerned than banking and financial services. Several major New York banks have hired New York-based Michael Stapleton Associates Ltd. to supply trained staff and equipment to X-ray and monitor every package that enters headquarters. That's just a start. One bank reluctant to be identified publicly has hired Stapleton and a slew of other consultants to find the most cost-effective ways of protecting against potential problems. Worried about evacuating workers from Manhattan should bridges and tunnels be cut off in an attack, Stapleton advised the bank to keep a rescue boat on permanent call. It also set up a system to sterilize all hand-written letters addressed to the bank's top executives as a check against anthrax. The bank has turned to other consultants for advice on everything from how to set up shower stalls in a makeshift decontamination center for employees, to figuring out an inexpensive system to scan for radiation.
HIDING SENSITIVE DATA
One bit of counsel consultants say applies to just about any business: Don't post sensitive information on the Internet. Says Intellibridge Corp. founder David J. Rothkopf: "We could show a company that one of their fuel trucks was scheduled to deliver to a particular site at a particular time, or show them on the Internet blueprints of their most sensitive areas." Utilities, transportation companies, and hazardous materials manufacturers quickly hid such information after audits.
Consultants have led clients down blind alleys, too. Just after September 11 advisers seized on technological solutions they didn't fully understand. Take facial recognition, once thought to be a quick fix for airport security, sports stadiums, and the like. The idea: Software containing the digitized photos of faces of known terrorists would monitor cameras placed in public areas to pick out the bad guys. But the mug shots scanned by the software lacked detail. "They got hundreds of false positives, and some lawsuits as well, and this impaired the whole implementation and reputation for the technology," says Roy N. Bordes, president and CEO of the Bordes Group in Orlando, which advises companies on security technology.
As the business evolves, there should be fewer missteps. But money will likely keep flowing from corporations willing to pay the price for a little peace of mind.
By Paul Magnusson and Spencer E. Ante, with Michael Arndt in Chicago, Stan Crock in Washington, and Emily Thornton in New York