Homeland Security’s Tom Ridge

The first secretary of Homeland Security tells CFO what companies should fear most.
Lori CalabroDecember 1, 2007

As the first secretary of Homeland Security, Tom Ridge instituted tough new border controls and airport-security measures, and executed the famous color-coded alert system. Now the former governor of Pennsylvania has formed his own consulting firm, Ridge Global LLC, specializing in security and economic-development issues. And he is working closely with one client — Discover America Partnership — to seek a better balance between current security measures and the need to connect efficiently to the outside world. Lack of balance, he says, has hurt both the country’s image abroad and Corporate America’s ability to operate globally. Still, the 62-year-old Ridge insists that dusting off “our welcome mat” doesn’t entail lowering our guard on terrorism — not at all.

What should companies fear most these days?

The business world’s exposure grows as the global market grows and companies become more interdependent. The more you spread out your franchise, the greater the vulnerability. Terrorism is just one [potential threat]. There are also criminal acts, accidents, weather events, geopolitical situations, work stoppages, energy availability — you name it. Increased vulnerability means that priorities need to be set, such as whether to go to a redundant IT system or look at your supply chain more carefully.

In our most recent global confidence survey, CFOs rated their concern over terrorism a 16 on a scale of 1 to 100. Does that surprise you?

No. The randomness of terrorism should be of grave concern to everybody, but most people still think it will happen somewhere else. So the fact that the corporate world minimizes the risk of terrorist attack is understandable. What won’t be understandable — to shareholders, employees, or the market — is if companies fail to do some basic things to manage that risk.

Why should companies invest in security when shareholders want business reinvestment?

When you’re dealing specifically with an investment to reduce the risk of a potential terrorist attack, most CFOs view it as an expense rather than an investment, and I understand that. But the business case for at least an honest assessment of security needs, particularly throughout the supply chain, cannot be overstated. The business community understands better than the political community that it is a risk-managed world. But they can’t be so cavalier as to say we are not exposed to any risk or minimal risk and we’re just going to ignore it until it happens.

How much should corporations spend on security measures, versus the government?

I’m not going to quantify it. Frankly, I have a view that corporationsÂ…at the end of the day, have assets that are primarily theirs to protect.

How has security impeded global business?

I’m waiting for CFO or someone else to poll its readers about how difficult it is, in a post-9/11 world, to get people into this country to do business. I have talked to corporations that no longer bring people into the United States to train; these people now train overseasÂ…. I can only guess that there have been businesses lost, networks diminished, and opportunities not realized because it is difficult to get into America to do business.

How do you balance the idea of an open-door policy with the current need for security?

That’s the point. We have ramped up security. Still, it is conceivable that some terrorist unknown to any intelligence community, law-enforcement community, or database might slip through the cracks or might already be in the United States. But this big, powerful, wonderful country called the United States of America can succeed in the future only if it stays connected to the rest of the world. We are at a critical juncture where we have the reality of a substantially enhanced security, but we haven’t changed our policy about getting people into the United States and encouraging the best talent to stay here.

Is there a technology solution?

One [solution] is to expedite visa applications; to use technology like videoconferencing to meet the congressional requirement that everybody getting a visa has to be interviewed. I’m a strong proponent of letting the American Chambers of Commerce Abroad do some of the screening. [Beyond that] there are cosmetic things that would help — like how international visitors are treated at airports.

At Homeland Security you had a $35 billion budget. Was that enough to do the job?

No. But the first couple of years we didn’t necessarily need more money. It would have been nice to have had more time to prepare for the merging of 180,000 people from 20-plus different units of governmentÂ…. One of these days, though, the procurement budget is going to be a heck of a lot bigger, I hopeÂ…. I’m waiting for the day when somebody goes to the Hill and says, “Because of the research we’ve [conducted], the following technology applications can make our airports safer, our airlines safer, and we want x billions of dollars to purchase them.” Just like we say we want x billions to distribute these planes or this equipment to the Air Force or the Navy or the Army.

Originally, Homeland Security didn’t fall under the CFO Act, and it’s still failing audits. Can it get its financial house in order?

It will get its financial house in order. It would be helpful if Congress would get its house in order, too. Homeland Security is micromanaged by nearly 100 committees and subcommittees. And when my business friends ask why government can’t be run like a business, I ask, “How would you like to run a department with 180,000 people and a board of directors of 535, each one of whom thinks you should spend your money differently? More important, unlike the corporate world, the political board of directors is also responsible for your funding.” It’s a complicated culture, and many executives don’t understand it. That’s probably just as well, because if they did they’d throw their hands up in exasperation.