Chemical Plant Security and Externalities

It’s not true that no one worries about terrorists attacking chemical plants, it’s just that our politics seem to leave us unable to deal with the threat.

Toxins such as ammonia, chlorine, propane and flammable mixtures are constantly being produced or stored in the United States as a result of legitimate industrial processes. Chlorine gas is particularly toxic; in addition to bombing a plant, someone could hijack a chlorine truck or blow up a railcar. Phosgene is even more dangerous. According to the Environmental Protection Agency, there are 7,728 chemical plants in the United States where an act of sabotage—or an accident—could threaten more than 1,000 people. Of those, 106 facilities could threaten more than a million people.

The problem of securing chemical plants against terrorism—or even accidents—is actually simple once you understand the underlying economics. Normally, we leave the security of something up to its owner. The basic idea is that the owner of each chemical plant 1) best understands the risks, and 2) is the one who loses out if security fails. Any outsider—i.e., regulatory agency—is just going to get it wrong. It’s the basic free-market argument, and in most instances it makes a lot of sense.

And chemical plants do have security. They have fences and guards (which might or might not be effective). They have fail-safe mechanisms built into their operations. For example, many large chemical companies use hazardous substances like phosgene, methyl isocyanate and ethylene oxide in their plants, but don’t ship them between locations. They minimize the amounts that are stored as process intermediates. In rare cases of extremely hazardous materials, no significant amounts are stored; instead they are only present in pipes connecting the reactors that make them with the reactors that consume them.

This is all good and right, and what free-market capitalism dictates. The problem is, that isn’t enough.

Any rational chemical plant owner will only secure the plant up to its value to him. That is, if the plant is worth $100 million, then it makes no sense to spend $200 million on securing it. If the odds of it being attacked are less than 1 percent, it doesn’t even make sense to spend $1 million on securing it. The math is more complicated than this, because you have to factor in such things as the reputational cost of having your name splashed all over the media after an incident, but that’s the basic idea.

But to society, the cost of an actual attack can be much, much greater. If a terrorist blows up a particularly toxic plant in the middle of a densely populated area, deaths could be in the tens of thousands and damage could be in the hundreds of millions. Indirect economic damage could be in the billions. The owner of the chlorine plant would pay none of these potential costs.

Sure, the owner could be sued. But he’s not at risk for more than the value of his company, and—in any case—he’d probably be smarter to take the chance. Expensive lawyers can work wonders, courts can be fickle, and the government could step in and bail him out (as it did with airlines after Sept. 11). And a smart company can often protect itself by spinning off the risky asset in a subsidiary company, or selling it off completely. The overall result is that our nation’s chemical plants are secured to a much smaller degree than the risk warrants.

In economics, this is called an externality: an effect of a decision not borne by the decision maker. The decision maker in this case, the chemical plant owner, makes a rational economic decision based on the risks and costs to him.

If we—whether we’re the community living near the chemical plant or the nation as a whole—expect the owner of that plant to spend money for increased security to account for those externalities, we’re going to have to pay for it. And we have three basic ways of doing that. One, we can do it ourselves, stationing government police or military or contractors around the chemical plants. Two, we can pay the owners to do it, subsidizing some sort of security standard.

Or three, we could regulate security and force the companies to pay for it themselves. There’s no free lunch, of course. “We,” as in society, still pay for it in increased prices for whatever the chemical plants are producing, but the cost is paid for by the product’s consumers rather than by taxpayers in general.

Personally, I don’t care very much which method is chosen: that’s politics, not security. But I do know we’ll have to pick one, or some combination of the three. Asking nicely just isn’t going to work. It can’t; not in a free-market economy.

We taxpayers pay for airport security, and not the airlines, because the overall effects of a terrorist attack against an airline are far greater than their effects to the particular airline targeted. We pay for port security because the effects of bringing a large weapon into the country are far greater than the concerns of the port’s owners. And we should pay for chemical plant, train and truck security for exactly the same reasons.

Thankfully, after years of hoping the chemical industry would do it on its own, this April the Department of Homeland Security started regulating chemical plant security. Some complain that the regulations don’t go far enough, but at least it’s a start.

This essay previously appeared on

Posted on October 18, 2007 at 7:26 AM59 Comments


Chuck October 18, 2007 7:40 AM

Is there not a 4th option—require firms that operate such hazardous facilities to carry insurance roughly equal to the expected external harms? This insurance would internalize the costs. If the firm could convince the insurance company that it had improved its safety practices—for example, that it had reduced the maximum chlorine on site from 2000 kg to 100 kg—it would get a reduction in its premiums. Similarly, a facility located in rural Colorado—say 50 miles east of Denver might have lower premiums than a facility in New Jersey.


jmr October 18, 2007 8:01 AM


The problem with that plan is several-fold:

  1. Insurance doesn’t bring people back to life.
  2. Insurance is almost always a losing proposition financially; it’s purpose is to protect against catastrophic financial loss by paying an amount greater than the potential loss * the probability of occurrence and collecting only in the event of loss. Spread over a population, insurance is a tax on economic activity. Instead, it would make better financial sense to reduce the risk and self-insure.

Here’s another way for it to play out, Bruce: We (the people) mandate security, with oversight (read: large fines for violations which go towards paying for security). Companies will want to reduce cost, so they change the plants and processes to keep even less hazardous materials around.

I really do care which way it plays out. #1 and #2 both require increasing my tax spending with no incentive to a plant owner for reducing the costs of that security. This is how bloated budgets come about.

#3 is actually a pretty good idea, if executed correctly. The key is that the security must be scaled to the potential loss; we must be able to reward plants that stop using hazardous materials or somehow demonstrate reduced operating risk in some other way. This permits free-market economics, a powerful force, to fix the problem.

For example, company A uses chemical X because it’s cheap. If X becomes expensive due to security concerns, suddenly company B using chemical Y or company C using chemical X but in smaller quantities has a financial advantage over company A, who will then either go out of business or change their methods to again compete in the marketplace.

Tom Welsh October 18, 2007 8:05 AM

Two reactions:

  1. Maybe chemical plant owners and managers should be required by law to live next to their plants.

  2. If the cost of securing a $100M plant is $200M or more – which is economically ridiculous – maybe it would make more sense to avoid pissing off people to the point where they are prepared to blow up your plants. In other words, “collateral damage” (at home as well as abroad) is an externality for politicians.

guvn'r October 18, 2007 8:23 AM

@chuck, insurance transfers risk, it does not reduce it. as jmr points out, the victims are still dead when their beneficiaries collect the insurance money.

@Tom Welsh problem with your point #1 and Bruce’s #3 is that the plant owners simply move the plants overseas where regulations are less stringent. Remember Bhopal? That leads to your point #2, the rest of the world sees us externalizing the risks we don’t want to live next to by putting the risky activity in their backyard instead. Applynig your point #1 globally would help, but when the owners are widows and orphans through their publicly traded equity investments and the managers plead fiduciary responsibility what’s a politician to do?

jmr October 18, 2007 8:37 AM


That is an interesting point about #3, but I do have a reaction that many people might find callous, but is the basis and origin of our system of government:

Governments rule by the consent of the governed.

If the people in Bhopal choose not to have a government that represents their interests, that is their responsibility. It is a government’s responsibility to protect its own citizens first, but it is their citizen’s responsibility to ensure that the government acts in a prudent manner.

In this context, the ability to “put it in someone else’s back yard” requires the consent of the country whose back yard it is put into. If that country feels they shouldn’t shoulder that sort of risk, then they don’t have to have the plant there, or they can regulate the plant the same way we would.

If the government where the plant is located puts the people at unacceptable risk, don’t those people have a responsibility to further their popular interests by creating a government that does meet their needs? It cost the lives of our citizens to create a form of government here that requires our continual consent to exist and therefore is required to protect our interests if it desires to stay in power. Why should we expect less of others?


Kees October 18, 2007 8:40 AM

The American Chemistry Council has a “Responsible Care Security Code” which
“… addresses facility, cyber and transportation security – requires companies to conduct comprehensive security vulnerability assessments (SVAs) of their facilities, implement security enhancements, and obtain independent verification that those enhancements have been made. The Security Code also requires companies to create security management systems, which are documented to provide quality control and assurances.”

Milan October 18, 2007 8:41 AM

A lot of this would seem to be relevant for nuclear facilities, as well.

Is one of these three options applied to them?

Amcguinn October 18, 2007 8:41 AM

I like Chuck’s suggestion.
The reason for it is not just so someone gets paid – as jmr says, it’s rather too late for that. The reason is that the only party which can really implement security is the operator of the plant, but, as Bruce observed, they have insufficient incentive because they can never be made to pay the full cost of damage. By making them buy liability insurance, the insurer becomes their “regulator”, with a direct financial incentive of exactly the right size to demand the appropriate level of security vs accident and malice.
It doesn’t solve the problem of bailouts, but it does help with Tom’s issue 2: if a particular foreign policy reflects in a rise in insurance premiums, then its cost becomes to some degree quantifiable.

guvn'r October 18, 2007 9:03 AM

@Milan, re nuke power plants, the US government exempted them from liability back in the 50s and extended the exemption within the past few years.

jmr October 18, 2007 9:11 AM


I agree with your financial sense, but I think you’ve somewhat trivialized the value of human life. I would rather not give a business owner a choice about whether people’s lives should be protected or paid for. Paying a beneficiary is no recompense to a person who is preventably dead.

For example, what if the insurers discover that the cost of insurance is less than the cost of security? Then no money will be spent on security, and our citizens’ lives are not protected.

If our goal is to merely reduce financial risk to society, your plan will work just fine. If our goal is to reduce risk to people’s lives as cheaply as possible, I think a plan that directly addresses the prevention of a catastrophe is more desirable.


BerensT October 18, 2007 9:12 AM

…well, that seems a rather rambling and uneven essay on chemical plant security — but I summarize it as follows:

  • Serious threats to U.S. chemical plants are possible.
  • Plant owners rationally will not self-protect against theoretically ‘possible’, worst-case terrorist attacks due to extreme costs {.. and currently low probability of such attacks}.
  • U.S. “security” trumps all other considerations.
  • Something must be done no matter what it costs, who pays for it, or how it’s done.

{This is something; therefore, it must be done}

  • American democratic politics & free-market economics seem to prevent implementation of my integrated 3-solution-matrix to chemical plant security.

  • Voluntary solutions will not work.

  • Government-force (thru wise & selfless Dept of Homeland Security bureaucrats) must be used against plant owners to make them totally secure their plants. Ultimately, American citizens should be forced to pay for this plant security… and security against all other imaginable terrorist threats.

  • Real security cannot be accomplished in a true free-market nation.

jmr October 18, 2007 9:20 AM


Interesting sentiment, but terrorists aren’t the only things that happen to chemical plants. How many chemical plants have been blown up by terrorists in the US? How many have exploded for other reasons?

I’ve been interpretting the word “security” here a little more broadly as “risk management”.


shoobe01 October 18, 2007 9:20 AM

I totally agree with the risk that the cost of regulation can rise high enough to simply force everyone overseas. Seen a US-flagged (non-military) ship lately? We have good regs, so its easier to just go to some flag-of-convenience nation with essentially no regs.

Back to factories: A buddy of mine works at a plant with a big tank of [something impossibly dangerous]. Their procedure requires it to be stored in tanks, as they don’t make it, just consume it. Their security plan (apparently approved by the government) is:
– Lots of paperwork to get in
– A fence
– An gate that is so un-sturdy it gets replaced several times a year after being destroyed by trucks not paying enough attention
– A random assortment of workers with rifles locked up in their offices, no communications, no identification, no armor, and frankly not much of a plan.

Oh, did I mention the tank-of-death is about 50 (unobstructed) yards from the front gate. You could pierce it with a handgun, or easily run the gate and bonk into it with a small car.

I feel that this is about middle of the road for plant security, sadly.

jmr October 18, 2007 9:39 AM


I think you’re being a little harsh with the following point:

  • Government-force (thru wise & selfless Dept of Homeland Security bureaucrats) must be used against plant owners to make them totally secure their plants. Ultimately, American citizens should be forced to pay for this plant security… and security against all other imaginable terrorist threats.

First, replace “terrorist” with “accident”. I think Bruce made a mistake by using the word “terrorist” in his essay the way he did.

Second, his essay says, “If we … expect the owner of that plant to spend money for increased security…”. Not “American citizens should” but “If”. That’s an option without advocacy.

Personally, I agree with you that spending a lot of money on terrorist threats is not rational. On the other hand, if “security” is interpretted to mean “protection against loss generally” rather than “protection against intruders”, then it’s possibly true that plant owners aren’t spending enough on “security”. Unfortunately, I don’t have the numbers regarding chemical plant accidents and sabotage handy, but we should be using those numbers to guide our policy decisions.

Part of that policy decision is how best to raise that money. The essay has a valid conclusion: the cost for any money that is spent, if any, will need to be mandated by law rather than volunteered by plant owners. Bruce then provides three possible sources of that money once mandated. I then argue against two of those sources simply because of the very sentiment you express.


Peter Pearson October 18, 2007 9:50 AM

Ever notice that when Bruce says “externality”, advocacy of expanded government power is not far behind?

Aidan A. O'Brien October 18, 2007 9:50 AM

Bruce you stated: “Personally, I don’t care very much which method is chosen: that’s politics, not security.”

Although the purpose of this statement may have been to focus on your primary point, it does so at the expense of the important fact that security nonetheless exists in a social context.

I would very much recommend that as we advocate proper security, we do so in a way that makes political sense. If we stay away from the politics of security, we are left out of the decision process. Democracy is more than just voting at elections.

Someone once said that politics is everything and everything is politics.

amcguinn October 18, 2007 10:01 AM


The question you ask is “what if the insurers discover that the cost of insurance is less than the cost of security?”

The answer is that there is some level of risk that is not worth protecting against. The only question is exactly how many millions of dollars it is worth to save a life. Someone has to make that decision and we leave that to the courts. (I believe typical answers are generally around the ten (million) mark).

We can bicker about the figure, but the fact is that there are many areas: road safety, healthcare, etc. where we can always save another life for a cost on the order of another ten millon dollars, and pretty much will be able to do so until we run out of dollars. That’s where the figure comes from.

If it costs much more than that to prevent loss of life by improving chemical plant safety, then the money should be spent somewhere else.

The operator and the insurer between them are agreeing to pay the money. If they judge it is cheaper for the two of them to pay the compensation than pay for the security, and if the courts can be expected to make the cost of compensation high enough, then that means the security is too expensive for society as a whole.

Andrew October 18, 2007 10:19 AM

As a security specialist who has guarded and put together security plans for nuclear and chemical facilities, let me share some insights:

1) Government regulation is a horrible thing to do to a security planner. You’re already hands-tied by the client’s budget. Now you get to deal with NRC / TSA / DHS regulations, too, which often have weird externalities having nothing to do with security.

Example: Peach Bottom’s ‘ready room,’ which was intended to provide a reaction force. NRC regulations require that all guards be attentive to duty at all times. Any combat commander knows that resting your people in shifts means that they’re alert when you need them. Incompetent local management forbade the guards to do anything but sit there for ten hour shifts. No books, computers, video game machines, etc. Inevitable result — napping. Later, videotaped. Now a big public scandal.

It ends up being so expensive meeting the government standards that you can’t justify one penny above that. Plus, the bad guys get a neat, easy to read copy of your entire security plan. If it’s not on the Internet, it’s in the nearest government repository library.

2) Chemical plants tend to be in bad neighborhoods with little or no political pull, who often have the least budget for fire department hazmat teams with equipment and training. There is a tendency to rely on the very nastiness of the contents of the plant to keep sane intruders out. (I recall one incident where intruders broke in, read warning placards, and immediately broke out at high speed without taking anything.) So much for externalities as influence on financial decision-making. The locals hate the chemical plant anyway, and it’s easier to change names than to build a good public relationship.

3) Spare budget at chemical plants is best spent on the site’s internal emergency response capability. Spill kits, respirators, training to use same. Any money spent on security is often taken straight out of the safety budget, meaning reduced ability to respond to routine spills. (Hey, forklift accidents happen.)

4) The basic principles and practices of physical security seem to be completely lost on the average plant engineer. My favorite line, “Why do I need two fences when I have only one perimeter?” What we consider good security, they consider redundant inefficiency.

As for Bruce’s proposed funding plans:

One, we can do it ourselves, stationing government police or military or contractors around the chemical plants.

Please, PLEASE not police. You haven’t lived until you’ve woken up DOD cops sleeping inside their perimeter checkpoint, or caught local deputies “looking at” porn on duty. Civilian police, even under Federal supervision, feel entitled to whatever perks they can get — especially if they’re already on OT. They are also remarkably resistant to actually getting out of their checkpoints / cars and doing their patrols.

As for military, they’re an incredibly expensive asset and at least the commanders know good security practices, but you won’t get to keep them for more than a few weeks.

Well managed and paid contract security is by far the best solution, combining cost-effectiveness and competence. However this requires intense attention by contract security management and by the customer. Cutting corners on contract security is disastrous, but we’ve already established that this is a security environment in which cost-cutting will occur. Fire the “expensive” guards and put in “cheaper” guards, and you’ll discover why the most expensive guarding is the ‘cheapest.’

Two, we can pay the owners to do it, subsidizing some sort of security standard.

With taxpayer money, and under weird externalities such as NRC? This is basically the nuclear power industry situation, and it clearly is not optimal.

Or three, we could regulate security and force the companies to pay for it themselves. There’s no free lunch, of course. “We,” as in society, still pay for it in increased prices for whatever the chemical plants are producing, but the cost is paid for by the product’s consumers rather than by taxpayers in general.

Your last point is worst. Many chemical plants “produce” not only products, but environmental safety through recycling and attention to process efficiency. Increasing costs of operation doesn’t guarantee pass-through to customers. The environment is another potential recipient of costs.

I personally feel that the insurance carriers as well as government regulators should get into the security audit business with a vengeance. The government to hold a minimum standard; the insurers to make sure their investment is protected with the most cost-effective security available.

it works for fire insurance.

Having nuclear power plants effectively insured by the Feds was a step backward, not a step forward.

Yes, external regulation is desirable, but why should it be from the government? Industry associations, peer groups, national standards bodies, insurance carriers, specialized security audit firms — pick several.

derf October 18, 2007 10:27 AM

How many successful terrorist incidents have we had at chemical plants here in the USA?
(Answer: 0)

Is this number of successful terrorist events at chemical plants more or less than we’ve had at airports?
(Answer: less)

We continually criticize the TSA, DHS, and the airlines for their security theater response to a miniscule threat, yet here we’re blowing out of proportion an even smaller threat. What happened to “refuse to be terrorized”?

If you just have to be worried about something, I suggest nerve gas:

Chris October 18, 2007 10:39 AM

As some of the other comments have pointed out, government regulated security is unlikely to be very good (and will probably be monetarily inefficient). We’re more likely to end up with security theater than with real security. Government subsidized security is more likely to provide an actual increase in security, but since the company will be spending the government’s money, they have little incentive to spend it wisely, so it’s probably not going to be economically efficient. Making the government responsible for security (either directly or by hiring outside contractors) is probably the least bad option, but the government isn’t exactly known as a paragon of efficiency either.

Over the long term, the best way to handle this may be to locate chemical plants in areas where the effects of an accident or terrorist attacks will be less harmful. Releasing dangerous chemicals from a plant in the middle of nowhere is going to kill a lot less people than one in the middle of a major city. Not only will this mitigate the consequences in the event of a release, it also makes a terrorist less likely to attack it in the first place. Paying the extra transportation costs to ship chemicals to and from the middle of nowhere is probably less than maintaining a sufficient level of security. Unfortunately, even if we started doing this today, we’ve still got a huge legacy infrastructure of chemical plants in places where the consequences of an attack or accident will be severe, so will be dealing with this problem for a long time to come.

Jack C Lipton October 18, 2007 10:41 AM

“Externalities”… this is just a way of claiming that there’s a way around TANSTAAFL (see ) even though, in the wider purview, the costs will be paid, either in currency or in lives.

It could be argued that a chemical plant’s security costs would be more bearable for the owners/managers if they were required (somehow) to live down-wind of it.

No matter how good a price you got for something, you will pay in full for it– though the full cost is not always in dollars and cents.

Andrew October 18, 2007 11:13 AM

“We taxpayers pay for airport security, and not the airlines,….”

Actually, a better way to express this would be “We consumers pay for airport security, through higher user fees…..”

The TSA people and the individual security devices (magnetometers, trace detection, etc) you see are provided by the gov’t, but the costs of those pale in comparison to the massive airport infrastructure and behind the scene costs, only a small portion of which are provided by taxes. It’s an unfunded (or at least underfunded) mandate that reinforces to the whole ‘security theatre’ result.

Andy October 18, 2007 12:07 PM

Twisted thought: Since this will greatly raise the cost to us of using these materials, the terrorists have won without taking any further action.

Perhaps this will provide added incentive to reduce the use of this stuff, where it can be. But I’m also afraid of the endless parade of bureaucratic loopholes.

DBH October 18, 2007 12:39 PM

We have to make a societal decision. We can drive all our chemical production overseas by regulating, or we can include chemical plants in a federal program, and spread the costs out among all the beneficiaries (employees and other companies in the value chain).

I think a more interesting problem is those 1m person plants. WTF! Those are just a huge risk and I suspect moving is better than securing…

I’m reminded of the gulf coast refineries. They have banded together to put together crack firefighting and chemical reponse teams. They’ve spread the risk out across a geographic area, maybe this model could work in security too.

Petréa Mitchell October 18, 2007 12:58 PM

Here is how the externalities are handled in my neighborhood. I work in an industrial area, right across the road from a chemical plant that does something involving gigantic tanks of anhydrous ammonia.

The chemical company has distributed a phone number to everyone nearby to call to report if they smell ammonia. A couple years ago when they were doing a periodic cleaning of the main ammonia tank, they made sure to let everyone know what was happening and when, and that it would be okay to not panic if we smelled ammonia during that time.

My workplace has several rooms designated for “shelter-in-place”, equipped with kits containing plastic, duct tape, etc. for sealing off all possible routes of entry for airborne chemicals. As part of our standard safety training, everyone learns where the closest shelter-in-place location is and what to do in the event we need to use them. (If this sounds excessive for dealing with one potential hazard coming from a completely different company, remember this is an industrial setting already, with plenty of existing ways to get killed or injured. Shelter-in-place is a pretty small part of our safety program.)

We went through the security issues several years ago, when the local meth manufacturers apparently took an interest in this potential source of ammonia for their operations. First the chemical plant beefed up its security after there were attempts at direct break-ins. (I don’t know how successful any of them were, other than they never got to the ammonia.) Then its neighbors noticed people prowling around their property, figured it was the meth people trying to reach the chemical plant in a roundabout way, and increased their security, and so on down the street.

The police were consulted at this time, and they said sure, they could send patrols by more often, but pointed out it wouldn’t do much good without 24/7 coverage, which they couldn’t provide.

Nomen Publicus October 18, 2007 1:03 PM

Thankfully, the threat to life from accidental or deliberate disruption of chemical works is very low.

Take for example the US road system. Roughly 40,000 people die on US roads every year. That’s about 110 per day.

If you are going to spend money on some theoretical threat, surely much more money should be spend on the actual causes of avoidable death?

Genghis October 18, 2007 1:33 PM

Simply put, if you increase the cost to the company, you increase the incentive for the company to move the operation to another country. This erodes our industrial base and eliminates yet more good-paying American jobs. Both are “win” situations for our enemies. If we the people want security at levels beyond “normal,” we the people should pay for that security. This means figuring out which government programs should be sacrificed to pay for it. If we cannot decide which programs should get the axe, then we are effectively deciding that the risk is not worth the additional cost and must live – and die – with that decision.

guvn'r October 18, 2007 1:42 PM

@jmr, consent of the governed is fleeting and short sighted. Those in power sell out to economic development interests for immediate benefit despite long term costs and help convince the citizens risks are acceptable, then the future shows it was all wishful thinking and who’s left holding the bag?

All your suggestion does is externalize the problem, which causes other problems downstream (think Bhopal nurturing 9/11) as a ripple effect.

Pushing problems off to others doesn’t solve them, any more than pushing the cost of our benefits onto others makes it go away.

Think of the planet as a zero sum game, what goes around comes around, and each of us owns a share in the entire cycle, not just the parts we like.

Bruce Schneier October 18, 2007 2:22 PM

“Is there not a 4th option—require firms that operate such hazardous facilities to carry insurance roughly equal to the expected external harms? This insurance would internalize the costs.”

Yes, that would be a good option. I think of this as a subset of the “regulation” option: regulating companies to require enough insurance.

But yes, as long as it internalizes the costs it works from a security perspective. The politics: that’s someone else’s department.

Bruce Schneier October 18, 2007 2:32 PM

“Real security cannot be accomplished in a true free-market nation.”

Of course that’s not true. Real security is accomplished in a free-market system all the time. The problem arises when the security risks are outside the market considerations; that’s what externality means. In those instances, the market can’t possibly mitigate the risks.

Bruce Schneier October 18, 2007 2:34 PM

“First, replace ‘terrorist’ with ‘accident’. I think Bruce made a mistake by using the word “terrorist” in his essay the way he did.”

You’re right. I should have generalized more: the externalities apply just as much to accidents as they do to malicious actions.

John R Campbell October 18, 2007 2:35 PM


Nerve gas?

Realize that it’s a little hard for a “terrorist” to scale things up enough to be a “credible” threat unless they go for a force multiplier.

The WTC was less than a flea-bite– economically and in lives lost, especially compared to the highways– but the nation damn near died of anaphylactic shock! (Actually, given the PATRIOT act, it is possible that the soul of the USA has been sold.)

Terror isn’t about destruction, it’s about scaring people enough to put them on the defensive; It’s all a matter of WHO has the initiative.

So, yeah, a chemical plant spill of the “right” materials IN THE RIGHT PLACE and with enough news coverage will have a lot of rabbits and sheep looking around them.

Heck, look at the damage done when a cargo train de-rails…

Bruce has commented before that readiness to deal with a natural disaster would be most useful in an un-natural disaster, simply because accidents are, for the most part, far more likely than “enemy action”… even if the drumhead trials do their best to find scapegoats.

Never forget that this is all about money, not lives.

I like the idea of insurance against collateral damage being necessary to roll the externality back into an internality, simply by reflecting the costs back.

Sadly, this will drive business off-shore… unless the import tariffs took things like plant safety (which includes a security component, but a safe plant is a more-secure plant) into account.

Everything is a trade-off.

But, remember… economic efficiency works AGAINST resiliency, safety and security.

Remember… not even “customer service” improves share-holder value this quarter, so, d’you think that safety and security will ever get onto the radar?

Bruce Schneier October 18, 2007 2:39 PM

“Ever notice that when Bruce says ‘externality’, advocacy of expanded government power is not far behind?”

I’m willing to accept other solutions for dealing with the externality. A market solution is the most efficient way to mitigate the risks, once the entity in the best position to mitigate the risk becomes responsible for the risk.

Bruce Schneier October 18, 2007 2:43 PM

“Yes, external regulation is desirable, but why should it be from the government? Industry associations, peer groups, national standards bodies, insurance carriers, specialized security audit firms — pick several.”

But those other groups have the same externality.

Regulation within industry groups is possible; the Visa/MasterCard PCI standards is a great example of that. The credit card companies imposed a higher security standard on merchants than they would otherwise implement themselves to deal with an externality: poor merchant security hurts the credit cards’ brands.

But I don’t see any similar dynamic with any of the entities you list above. How are the externalities to the chemical plant owners not externalities to those groups?

Bruce Schneier October 18, 2007 2:45 PM

“Over the long term, the best way to handle this may be to locate chemical plants in areas where the effects of an accident or terrorist attacks will be less harmful.”

Definitely. Doesn’t do us much good today, but it’s certainly a good long-term strategy. (As long as the net effect of such a policy isn’t “poor neighborhoods.”)

Bruce Schneier October 18, 2007 2:46 PM

“‘We taxpayers pay for airport security, and not the airlines,….’ Actually, a better way to express this would be ‘We consumers pay for airport security, through higher user fees…..'”

I might be wrong, but I believe that most of the TSA’s budget comes from the government, and not from airport use fees. Although airport use feels pays for some airport security, the majority is paid by the taxpayers.

If someone has any actual data, I’m interested.

George Larson October 18, 2007 3:40 PM

I recall reading Union Carbide’s (minority owner) analysis of the Bhopal incident long ago. They beleived it was an act of internal saboatge. The Indian government did not agree. But I think internal controls are at least as important as controlling external risks and are cheaper to implement.

Anonymous October 18, 2007 4:09 PM

It is also possible to up the ante by holding the people for the plant personally responsible. This wouldn’t go over too well in the US, but China seems to do this sometimes.

Filias Cupio October 18, 2007 5:27 PM

derf writes: We continually criticize the TSA, DHS, and the airlines for their security theater response to a miniscule threat, yet here we’re blowing out of proportion an even smaller threat. What happened to “refuse to be terrorized”?

You need to demonstrate the “out of proportion” part of this assertion.

There is no inconsistency in criticising TSA over airliner security overspending while also advocating an increase in chemical plant security. For example, chemical plants might represent 10% as much risk as airliners but be receiving 0.1% as much security.

ilcylic October 18, 2007 7:20 PM

Most Recent Anonymous has it right: some portion of this externality is brought about via the mechanism of the LLC. I think a restructuring of the rules of incorporation might assist in properly motivating plant owners.

And your airline analogy is terrible. The costs of a hijacked airliner are something of an externality to the airline, but there is no externalizing the cost for the passengers! The TSA isn’t neccesary. Letting passengers defend themselves is neccesary.

Andrew October 18, 2007 8:12 PM

Bruce says: But I don’t see any similar dynamic with any of the entities you list above. How are the externalities to the chemical plant owners not externalities to those groups?

Industry associations, peer groups, national standards bodies, insurance carriers, specialized security audit firms

Audit firms are free to say what’s unpalatable as long as they convince the customer that they got their money’s worth. Insurance carriers are interested in protecting their money, often through exclusions to coverage but sometimes by walking away from risks that are too high. National standards bodies and industry associations have their own reputations to protect, and won’t sully said reputations to cover for a particular business entity. Peer groups vary by composition; an internal audit might well whitewash, and external audits are problematic where they involve allowing one’s competition on-site access. In any case, none of them have to worry about actually making a profit . . . they can narrowly focus on security vulnerabilities, safety concerns, emergency response, etc.

I’m a firm believer that the more (qualified) eyeballs on the problem, the more likely reasonable action will be taken. The issue is still often one of “Whose budget is this going to come out of?”

I like the idea of public sector grants for improving critical security, if it didn’t smack of corporate welfare. Regulations on the other hand are an unfunded mandate, often inspiring the cheapest solution and not the best. Keep in mind however that the NRC is publicly funded and that the money spent on NRC investigators, reports, etc. is taxpayer money on one side, and passed on to customers on the other. More paperwork does not always equal more physical security.

I don’t have a good answer, except perhaps holding corporate executives personally accountable in the event of calamity. They are personally rewarded with stock options and bonuses, after all, so why shouldn’t they be hit with massive personal fines and even prison time if someone is seriously hurt or killed?

Jess October 18, 2007 8:15 PM

@Peter Pearson: “Ever notice that when Bruce says ‘externality’, advocacy of expanded government power is not far behind?”

Bruce has already responded directly, but I’ll get theoretical. What legitimate purpose does any government serve that is not some form of externality management? Any sphere of action that has no externalities, or only those that may be dealt with among individuals, is one in which government has no business.

That doesn’t necessarily argue for expanded government, however. It is surely better for industry to regulate itself to a first approximation, with government agents stepping in to correct failures in self-regulation. The various professional organizations have functioned this way for a very long time (indeed self-regulation is one of the characteristics of a “profession”). I’ll grant that the power relationship between a physician and the AMA is probably different than that between a chemical manufacturer and any relevant chemical industry association. These differences can be handled by motivated, conscientious, and capable regulators. The chances of our government hiring such people seem slim when one contemplates the current executive and legislative officeholders, but this has worked in the past.

Some might protest that an industry might get it wrong, and then, “think of the children!” Well, life is risky, and government regulators are capable of error as well. We will never handle industrial risk perfectly. As long as we see industry error as guaranteed while government error is only possible when we have an evil President (or whatever), we will handle it very far from perfectly indeed.

averros October 19, 2007 5:04 AM

Oh, cute. Bruce is calling to secure chemical plants by imposing DHS-style regulation and “protection” on them.

This, undoubltly, will make the plants safe. By putting them out of business. Unlike airlines, they have no captive audience, so the production will go over to the places where people are less economically illiterate.

The real problem with extrernalities is called “limited liability” – or a government-granted protection from downside of risky operations. Remove this protection, and these “externalities” will suddenly figure prominently on the board of directors’ agendas.

What we need is not more regulation and government meddling – but less.

Quercus October 19, 2007 8:46 AM

I’m no insurance expert, but it seems like an insurance system doesn’t solve the problem: First, you need to find someone willing to write a policy (ask any homeowner in a flood zone how easy that will be).
Then the insurer needs to really have the resources to pay the largest possible settlement and keep going –otherwise they’re just like the plant owner, willing to let the worst case happen because they’ll just declare bankruptcy and walk away.
Finally, the insurance company needs to be active in reducing risk; in my admittedly limited experience most seem to be more interested in gauging risk (and avoiding it) than in reducing it.

anonymous October 19, 2007 9:56 AM

This essay reminds me of an article the Washington Post did, “In War on Terror, Md. Farmer One of Many Skeptical Recruits”, which basically pokes fun at the notion that regulation needs to be passed for propane tanks on rural farms in the Maryland/Delaware area.

The farmer was quoted: “…if it blows, you’ve got barbecued chicken!”

Is this really where we need to spend our legislation time/power/money? What about alcohol-related crashes?!

Jess October 19, 2007 3:11 PM


It’s actually a good thing that homes in flood zones can’t get insurance – they don’t belong there in the first place. The same dynamic could encourage chemical plants not to locate in densely populated areas, given the right incentives. That is, you have to regulate to the extent that neither the plant owner nor the insurer is ever tempted to walk away. I think insurance regulation and the myriad layers of reinsurance have pretty much solved the problem on that end. I’m not so sure about the chemical industry.

Oleg October 19, 2007 8:47 PM

Cost of a factory blowing up is not just the cost of damaged equipment but also includes the costs of lawsuits that will surely follow. In US these can easily run into billions of dollars.

Bakersfield October 20, 2007 5:53 PM

IMHO Bruce is earnestly trying to tackle the issue of chem plant security in a brief posting, but he quickly strayed from his area of expertise into uninformed opinions and huge personal assumptions about politics & economics.

The focus on economic “externality” adds nothing to the discussion. Every economic action has externalities that are ultimately subjective. Bruce quite subjectively assessed chem plant security costs versus benefits — and decided his view should rule.

Bruce wants a lot more, very-very expensive chem plant security. But he doesn’t say how he determined the true risk level to chem plants, nor even a ballpark dollar estimate of his improved security. Instead, he says “securing chemical plants against terrorism… is simple once you understand the underlying economics”. Not simple nor persuasive at all.

He’s understandably concerned that others might not want to divert large amounts of their money to his security plans, coyly saying “I don’t care very much which method is chosen: that’s politics, not security”. But quickly exposes his political philosophy by firmly stating “Asking nicely just isn’t going to work”.

That was a strong political posting, not the intended security discussion.

Bruce Schneier October 20, 2007 10:08 PM

“The focus on economic ‘externality’ adds nothing to the discussion. Every economic action has externalities that are ultimately subjective. Bruce quite subjectively assessed chem plant security costs versus benefits — and decided his view should rule.”

I think you’re confusing two things. Every action — and every security action — has subjective aspects to the trade-off. Your feeling of security, for example, might mean that you buy a burglar alarm system and I don’t. That’s subjective.

But externalities are not necessarily subjective; they’re externalities. The cost of a burglar alarm system is a non-subjective consideration of my decision to buy one or not. But if I can bury the cost in some expense report so that my employer pays for it, then the cost is no longer a consideration of my decision. It’s an externality. It’s an effect of my decision that is not borne by me.

Don’t confuse “subjective” and “externality.” They’re not the same.

“Bruce wants a lot more, very-very expensive chem plant security.”

Do I? I didn’t mean to imply that. What I wanted to say is that if we expect chemical plants to be secure to the point of the true risk — whatever that happens to be — we can’t expect market mechanisms to get us there.

Bruce Schneier October 20, 2007 10:09 PM

“Cost of a factory blowing up is not just the cost of damaged equipment but also includes the costs of lawsuits that will surely follow. In US these can easily run into billions of dollars.”

Of course.

But remember, the maximum cost to a corporation is the total value of that corporation. Any costs above that are irrelevent to the corporation, and hence are externalities to any decisions it makes.

Otherwise, the officers of that corporation are idiots and should be fired.

DougC October 22, 2007 8:16 PM

The comments about “put the thing in the middle of nowhere” and “flood plain” tie it all in nicely. If I locate in the middle of nowhere, where do my workers come from? Why do people live near plants or on flood plains? It’s cheaper, especially if they can make us all pay when the floods come. This gives you New Orleans in a nutshell, and the next large chemical accident later is predictably the same, though hopefully far smaller in scale. People WILL move in close to danger to save money, and might even be the plant workers saving commute time. Heck that’s good, as they’ll be extra careful not to immolate their own families.

I don’t see an easy out on this one.

Adam Stasiniewicz October 23, 2007 2:19 PM

If the chemical plants were (by law) forced to be accountable for all damages caused by their plant, they would be far more motivated to improve security and operated in less populated areas. This would allow the plant operators to make solid business decisions on appropriate security levels; instead of leaving security decisions to some Washington committee.

There are countless examples of companies that when faced with regulation, will either find ways around the regulation or will do the absolute minimum to comply. While if the company has an incentive to operate in a certain manner (i.e. the risk of massive fine if the screw up), they would be more likely to create real and innovative solutions to problems.

Anonymous November 3, 2007 7:10 AM

I realise this post is late enough that few will read it, but I work at a chemical plant, and I live pretty close to it, and I have a couple of comments I’d like to make.

First, about people who say plants should be sited away from populations. Ours was, when it was built decades ago. The population has since increased greatly — many of them are plant workers, others are supported by the service industries that have grown around them. (Still others are tourism operators; the plant was built in a beautiful wilderness area, and despite the stereotypes about chemical plants it is so clean that it has not spoiled the area at all.) And as for plant management living nearby: most do. In fact one of the plant’s senior chemical engineers lives within a couple of hundred metres of the fence. I guess he has confidence in his work.

Some comments about Andrew’s points:
Point 1 about regulation is spot on. There is so much we already have to do where there is the crazy version required by regulations, on top of which we also apply the common sense thing required to make stuff actually work. (For example there a complex “wet chemistry” tests we are required to do on certain products. The results are highly unreliable, and we actually base our data off modern scanning equipment. But we still have to do the old tests anyway.)

Point 2 about bad neighborhoods and attitudes of the local population however is completely wrong, at least at this plant. Average income in the area is above national average, crime is almost non-existent, the town is clean, pretty, and growing along with rising real estate prices. And the inhabitants love their plant, and are in fact quite proud of it.

Point 3 about security taking money from the safety system is also totally wrong at our plant. Safety is absolutely sacred. Despite the zillions of man hours worked here, and the very dangerous materials handled, it is twenty years since an accident resulted in a death and the local safety culture is that it will never happen again. A LOT of money and time is spent on safety and there is absolutely no way it could be diverted to another program. If it did, all operations would cease until the diversion was reversed and the manager responsible was fired.

However point 4 about plant engineers not understanding physical security is absolutely true. It is such a totally alien concept that it is not only impossible to explain the simplest thing, but they think you are insulting their safety credentials when you try. (I have had one otherwise quite brilliant guy seriously insist that a certain ground floor room was “highly secure” because it had special locks and was regularly patrolled. Too bad it was patrolled only twice per night and its window wouldn’t close!!) There is a plant security officer, but his sole remit seems to be processing government paperwork, and preventing pilferage by employees (there’s quite a bit of pilferage among maintenance staff, who have access to stocks of very high grade stainless steel.) Some security guards are a bit more concerned but totally impotent to fix anything.

Moist von Lipwig November 15, 2007 5:14 PM

Bruce wrote (via email):

I don’t agree with you, and — as evidence — a colleague from the
Cato Institute agreed with my analysis.  This is indeed a market failure.


Your appeal to authority is not evidence. It is a logical fallacy.

Whenever free markets lead to suboptimal allocation of resources, then any fix by regulation will be even more suboptimal, in all cases that do not regulate actual physical force.

Every rational individual can best assess his own risk/reward of moving next to a chemical plant.

Stick to analyzing security in gaggets. You are on the right track of becoming an economist when you analyze incentives, but you need to also understand how markets work and why.

Free markets are a mechanism for evolving better incentives via competition.

We have regions competing for companies to build their production facilities there (less regulation of the industry better), but we also have individuals that are free to choose their habitat (more regulation of the industry better).

Finding a good set of regulations (read: finding people capable of creating regionally optimal regulations) is not as simple as you and the dunces at the Department of Homeland Security think.

Rupert Moss-Eccardt November 16, 2007 1:03 AM

If the regulation gets too cumbersome or the risks scare the
insurers, then production will move and then you get the problem of large quantities of pre-cursors, intermediates or product crossing the oceans and perhaps going around in road tankers. The less-regulated countries are likely to be wayyy-less regulated and so we may just shunt a risk and enhance it.

That’s the general point. There is a USA-specific one. Health and Safety legislation tends to be prescriptive “if you have this device, protect it in this way”. Other countries (such as the UK, where I am) are more about “assess the risk and devise and implement mitigations”. The latter sort of regulation seems better than the former and deals with the original issue.

Mike L November 16, 2007 3:02 AM

I’m not sure that I understand your train of thought on the “Chemical Plant Security and Externalities” article but this is how I read it – the affect of an attack on a chemical plant on the local area / nation is so great that it warrants intervention from the wider community to increase the existing security beyond that currently employed – through subsidised protection, legislation etc.

Could you elaborate on how this additional funding could be potentially allocated to increase security beyond that already employed by the industry? I assume this protection is focused on preventing unauthorised physical and electronic access to the site and the security of potentially hazardous chemicals.

As it is no-one’s interest for a plant to be attacked, the security allocated would be adequate given the likelihood and seriousness of a potential threat – to move beyond this would result in diminishing returns to scale.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.