(FORTUNE Magazine) – The island is called Vozrozhdeniye. Lodged between Kazakhstan and Uzbekistan in the Aral Sea, it is among the most godforsaken outposts of the Cold War. And for precisely that reason it became, earlier this year, a critical, if unheralded, front in the war on terror. There were no al Qaeda cells, no American "boots on the ground." Not a shot was fired. But what happened there, about 5,000 miles from New York's ground zero, needs to be repeated in many other places a long way from home if most of us are to survive the 21st century.

Voz Island, as it's known, was the primary testing ground for the Soviet Union's biological weapons program, and as such was a burial site for the stuff of our post-Sept. 11 nightmares, the garbage dump from hell: live anthrax spores, smallpox, you name it. If it could kill you, it was there. Lying just 800 miles northwest of Afghanistan, it represented a rich, obvious target for the folks who gave us those charming videos this summer of forlorn dogs sitting in glass boxes being gassed.

This past April, under a program funded by the U.S. government and intended to secure the vast amounts of nuclear, chemical, and biological weapons in the former Soviet Union, teams from the U.S. and Uzbekistan spent four weeks ridding Voz Island, once and forever, of the raw material for what the military blandly calls asymmetric warfare. It was, says Sonia Ben-Ouagrham of the Monterey Institute's Center for Nonproliferation Studies, "one very important, if not obvious, step forward in the pursuit of homeland security."

It has been a year since Sept. 11, and ten months since the death of the last victim of the subsequent, and still unsolved, anthrax attacks. And nothing has happened since. For all the warnings, for all the rumors of imminent dirty nukes, arrests of shoe bombers, and suspected sleeper cells, there has not, remarkably, been another attack. Not many people one year ago would have predicted that.

It would be nice, therefore, to think that nothing like what happened then could happen now. That the merciful quiet at home in the year since the 11th has been because we have taken the war to the enemy abroad and become vigilant and smart at home. And it is true that, as the Voz Island cleanup shows, there has been some progress. Money has finally begun to flow; countless man-hours have been put in, and security systems throughout virtually the entire country's economic infrastructure are being rethought and (slowly--very, very slowly) upgraded.

But if the question is "Are we safe yet?" the answer is "No." First off, that's because safety--sure-fire, you-can-count-on-it safety--is unattainable. There are too many targets, too many points of vulnerability, and, alas, too many determined enemies willing to die for a cause. No open, democratic country has struggled more to achieve "homeland security" than Israel. And yet over the past year we have witnessed, with numbing frequency, unimaginable carnage in Israel's major cities.

But it is also undeniably true that one year on, for a lot of reasons (some reasonable, some risible), the hard work of enhancing homeland security has really only just begun. Democracy, even in the wake of a stunning blow like that inflicted on the 11th, is messy. It took a lot of handwringing, and a lot of hearings to move off the dime on homeland security. Three critical areas, all of which fall under the homeland security rubric, provide a reasonable gauge of where we stand and how far we still need to go: First is aviation security, which in the eyes of some experts (not to mention millions of travelers) remains woefully deficient from a security standpoint. Next are our ports and waterways, vital nodes in the global economy that prior to Sept. 11 had never been seriously considered in a security context. And finally (and most important) is our ability to deter and if necessary respond to a weapons-of-mass-destruction, or WMD, attack. Creating a sense of real security in each of these areas is going to take a long time not because nothing has happened in the past year, but rather because, relatively speaking, so little had been done long before that fateful day one year ago.

Few know that better than former Coast Guard officer Stephen Flynn. His was the proverbial cry in the night that went unheard before Sept. 11. A homeland-security obsessive, he helped produce the largely ignored 2001 Hart-Rudman report, which was bitterly critical of U.S. vulnerability to a terrorist attack and flatly predicted a devastating assault. These days, when Flynn, a senior fellow at the Council on Foreign Relations, speaks, people listen. And even now he wakes up every morning, turns on the news, and waits to hear if the bad guys have inflicted more damage here at home. When he hears that they haven't, he says, "I just think to myself, Another lucky day."

A serious homeland-security policy, Flynn and others argue, is like triage. Even in a world of expanded resources--the government is throwing billions at homeland security--priorities have to be set ruthlessly. And since Sept. 11, they have been. While places like the Mall of America in Bloomington, Minn., have remained blessedly free of the suicide bombers that plague Israel, many law enforcement agents view their arrival as all but inevitable. It will be shocking should it happen, but as one former FBI official puts it, shock is relative. "If it's just a bomb, a regular bomb, then life goes on. WMD is the ball game here. It gets the time; it gets the resources."

As the unfurling debate about whether to depose Saddam Hussein indicates, the Bush administration is very much focused on WMD. That's as it should be, even if it did take Sept. 11 to get the administration there. In his first year in office, Bush actually wanted to cut funds going to programs whose goals are straightforward and smart: first, to identify, account for, and help secure stockpiles of nuclear, biological, and chemical weapons throughout the former Soviet Union; and second, to design and fund projects that keep scientists and engineers in each of those areas gainfully employed in their home countries, lest they sell their services to Iran, Iraq, or al Qaeda.

The Clinton administration enjoyed some real successes, particularly in the so-called loose-nukes area, by upgrading security at sites where plutonium and highly enriched uranium were stored in Russia and other former Soviet Republics. And the Bush administration's initial opposition to expanding such programs crumbled along with the World Trade Center. This year the administration has asked for a $200 million increase, to $1 billion, for Voz Island-like efforts across the WMD spectrum, a level "that shows a real buy-in," says Leonard Spector, a WMD nonproliferation expert who ran the loose-nukes program in Clinton's Department of Energy.

Throwing money at this problem is not the worst thing we can do. Several years ago Congress limited funding intended to keep biological and chemical weapons experts in the former Soviet Union employed in less lethal fields. That has to change. Most of the material needed to make biological weapons is available commercially, and as Saddam has shown, it doesn't take a giant, highly visible lab to produce it. But it does take know-how to manufacture biological weapons and deploy them, and there are, unfortunately, lots of scientists in the former Soviet Union who have it. Keeping them employed would seem a prudent use of taxpayer money, but it's going to take a push from the administration to get Congress to move.

The point, obviously, is to help avoid disaster at home. And that would seem to be doubly urgent because while our level of preparedness for dealing with a serious WMD attack is better than it was a year ago, it's still not anywhere close to where it needs to be. The government has ordered a sharp increase in smallpox vaccine production. And local and state public health agencies have begun training programs in how to deal with possible biological or chemical attacks and the inevitable panic that would ensue. But a critical problem remains a lack of what D.A. Henderson, the Johns Hopkins physician now advising the Office of Homeland Security, calls "surge capacity." The health-care system in the U.S. for the past decade has been focused on one thing: cutting costs. In congressional testimony just after the 11th, Henderson said, "Hospitals have struggled to become more efficient, but in their struggle to do so they have basically wiped out their surge capacity." Even a mild flu epidemic in 1999, he noted, strained capacity at many hospitals. Not much has changed since, and fixing that "is one of the central challenges going forward," says Elin Gursky, a colleague of Henderson's at John Hopkins.

How might a loose nuke, or a biological or chemical weapons stockpile, get here? Here's a hint: In late August, when Robert Bonner, the head of the U.S. Customs Service, gave a talk at a think tank in Washington, a place where they are more used to debating missile defense or the wisdom of offing Saddam, he packed them in. His topic? The "container-security initiative."

That's container, as in shipping container. Maersk Sealand, the giant shipping company, has one million of them. Says Flynn: "It would be nice if they knew where they were." Maersk knows where most of them are, but not all. As Flynn wrote in a withering critique of U.S. homeland security earlier this year, the agency tasked with maintaining port security (the Coast Guard) "had been cut to its lowest levels since 1964. While debates over the merits of missile-intercept technologies made headlines, the fact that America's terrestrial and maritime front doors were wide open did not even rate a mention."

As Bonner's audience in Washington last month shows, that at least has changed. And some of the steps Customs has taken since Sept. 11 make sense. One is particularly important. Bonner himself has conceded that if a "nuke in the box," as he puts it, arrives in a U.S. port, we have failed. A key component of his agency's "container-security initiative" is making sure the key data on any shipment--contents, scheduled arrival date, background on the crew--are known well in advance. That requires a lot more communication and information swapping than has occurred before between Customs and its counterpart agencies at megaports around the world, as well as among all the commercial players involved--producers, shippers, brokers, importers, trucking companies. The impulse is the right one: a recognition that our homeland security often begins in someone else's backyard.

But this is an area where there was nowhere to go but up. The fact is, the U.S. government has no real idea of just how vulnerable our ports are--either as a target of terrorism or as a point of entry for bad guys bearing a WMD. Why? Mainly because the last assessment of port security was done during World War II. Six months ago the Coast Guard hired TRW Systems to do a new one. It will take five years to complete, and by then we may be wondering what the point was: Unless the rules governing the dissemination of classified information change in those five years, many of the people who would be most interested in the results--the agencies and companies that run and use America's major ports--will not be allowed to read them. Because the report, you understand, will be classified.

No American is going to be surprised to hear that some of the ways in which we seek homeland security seem deeply flawed. Anyone who has been to an airport in the past year knows that. There is no question, of course, that it would be much harder for a Sept. 11-like assault to be executed today, given the security levels at airports. But most of the time that security is ham-handed and hardly foolproof.

The problems are myriad. The computer-aided profiling system (CAPS)--which seems to require gate attendants to pull your 3-year-old son out of line for one final strip search just before boarding--is an unmitigated disaster and about to be junked, allegedly for a more sophisticated system. Meanwhile, most airports are struggling to comply with rules that require new baggage X-ray systems to be in place by year-end. Too many have waited for the newly formed Transportation Security Agency to tell them what to do and how to do it. To meet the deadline, many will end up using explosive trace detectors (ETDs), small machines that are used before a passenger checks in. What that means, says Rafi Ron, who was once the head of security at Tel Aviv's Ben Gurion Airport and now consults at Logan International in Boston, is even longer lines in lobbies and even more public invasions of privacy.

Logan, the point of origin for those doomed flights on Sept. 11, is at least showing it doesn't have to be like this. The airport has installed a new, state-of-the-art baggage-screening system behind the check-in counters, so it avoids the ETD machines. It has also been demonstrating how technology can be brought to bear to both enhance security and speed the flow of customers. Logan is testing a document verification system made by Imaging Automation, a tiny company in Bedford, N.H. Its purpose is to make sure IDs--passports or driver's licenses--are authentic. It can also be used to verify the ID badges of airport employees. Finally, consultant Ron is implementing a behavioral-recognition system that will help the new federal security agents at the gate to pull out of line people who are more suspicious than your 3-year-old.

What is true at LogAn is true throughout the U.S.: More security--smart security--is possible, but it is going to take time. The cliche has it that if you combine American technology with the country's traditional can-do spirit, the job will get done. The question is, in the era of weapons of mass destruction and enemies who, in the name of Allah, dearly want to use them against us, Do we have the time?

FEEDBACK bpowell@fortunemail.com