[House Hearing, 107 Congress]
[From the U.S. Government Publishing Office]
CREATING THE DEPARTMENT OF HOMELAND SECURITY: CONSIDERATION OF THE
ADMINISTRATION'S PROPOSAL
=======================================================================
HEARINGS
before the
SUBCOMMITTEE ON
OVERSIGHT AND INVESTIGATIONS
of the
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED SEVENTH CONGRESS
SECOND SESSION
__________
JUNE 25 and JULY 9, 2002
__________
Serial No. 107-113
__________
Printed for the use of the Committee on Energy and Commerce
Available via the World Wide Web: http://www.access.gpo.gov/congress/
house
__________
U.S. GOVERNMENT PRINTING OFFICE
80-680 WASHINGTON : 2002
___________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001
COMMITTEE ON ENERGY AND COMMERCE
W.J. ``BILLY'' TAUZIN, Louisiana, Chairman
MICHAEL BILIRAKIS, Florida JOHN D. DINGELL, Michigan
JOE BARTON, Texas HENRY A. WAXMAN, California
FRED UPTON, Michigan EDWARD J. MARKEY, Massachusetts
CLIFF STEARNS, Florida RALPH M. HALL, Texas
PAUL E. GILLMOR, Ohio RICK BOUCHER, Virginia
JAMES C. GREENWOOD, Pennsylvania EDOLPHUS TOWNS, New York
CHRISTOPHER COX, California FRANK PALLONE, Jr., New Jersey
NATHAN DEAL, Georgia SHERROD BROWN, Ohio
RICHARD BURR, North Carolina BART GORDON, Tennessee
ED WHITFIELD, Kentucky PETER DEUTSCH, Florida
GREG GANSKE, Iowa BOBBY L. RUSH, Illinois
CHARLIE NORWOOD, Georgia ANNA G. ESHOO, California
BARBARA CUBIN, Wyoming BART STUPAK, Michigan
JOHN SHIMKUS, Illinois ELIOT L. ENGEL, New York
HEATHER WILSON, New Mexico TOM SAWYER, Ohio
JOHN B. SHADEGG, Arizona ALBERT R. WYNN, Maryland
CHARLES ``CHIP'' PICKERING, GENE GREEN, Texas
Mississippi KAREN McCARTHY, Missouri
VITO FOSSELLA, New York TED STRICKLAND, Ohio
ROY BLUNT, Missouri DIANA DeGETTE, Colorado
TOM DAVIS, Virginia THOMAS M. BARRETT, Wisconsin
ED BRYANT, Tennessee BILL LUTHER, Minnesota
ROBERT L. EHRLICH, Jr., Maryland LOIS CAPPS, California
STEVE BUYER, Indiana MICHAEL F. DOYLE, Pennsylvania
GEORGE RADANOVICH, California CHRISTOPHER JOHN, Louisiana
CHARLES F. BASS, New Hampshire JANE HARMAN, California
JOSEPH R. PITTS, Pennsylvania
MARY BONO, California
GREG WALDEN, Oregon
LEE TERRY, Nebraska
ERNIE FLETCHER, Kentucky
David V. Marventano, Staff Director
James D. Barnette, General Counsel
Reid P.F. Stuntz, Minority Staff Director and Chief Counsel
______
Subcommittee on Oversight and Investigations
JAMES C. GREENWOOD, Pennsylvania, Chairman
MICHAEL BILIRAKIS, Florida PETER DEUTSCH, Florida
CLIFF STEARNS, Florida BART STUPAK, Michigan
PAUL E. GILLMOR, Ohio TED STRICKLAND, Ohio
RICHARD BURR, North Carolina DIANA DeGETTE, Colorado
ED WHITFIELD, Kentucky CHRISTOPHER JOHN, Louisiana
Vice Chairman BOBBY L. RUSH, Illinois
CHARLES F. BASS, New Hampshire JOHN D. DINGELL, Michigan,
ERNIE FLETCHER, Kentucky (Ex Officio)
W.J. ``BILLY'' TAUZIN, Louisiana
(Ex Officio)
(ii)
C O N T E N T S
__________
Page
Hearings held:
June 25, 2002................................................ 1
July 9, 2002................................................. 129
Testimony of:
Allen, Hon. Claude, Deputy Secretary, U.S. Department of
Health and Human Services.................................. 52
Anderson, Philip, Senior Fellow, Center for Strategic and
International Studies...................................... 107
Atlas, Ronald, President-Elect, American Society for
Microbiology............................................... 113
Baumann, Jeremiah D., Environmental Health Advocate, U.S.
Public Interest Research Group............................. 249
Cassell, Gail H., Vice President, Scientific Affairs,
Distinguished Lilly Research Scholar for Infectious
Diseases, Eli Lilly and Company............................ 158
Cobb, Donald D., Associate Director for Threat Reduction, Los
Alamos National Laboratory:
June 25, 2002............................................ 93
July 9, 2002............................................. 198
Copeland, Guy, Vice President, Information Infrastructure
Advisory Programs, Federal Sector, Computer Sciences
Corporation................................................ 223
Costantini, Lynn P., Director--Online Services, North
American Electric Reliability Council...................... 232
Dacey, Robert F., Director, Information Security Issues,
General Accounting Office.................................. 207
Gordon, General John A., Administrator, National Nuclear
Security Administration.................................... 57
Hamburg, Margaret A., Vice President, Biological Programs,
Nuclear Threat Initiative.................................. 166
Hauer, Jerome M., Director, Office of Public Health Emergency
Preparedness, Department of Health and Human Services...... 136
Heinrich, Janet, Director, Health Care and Public Health
Issues, General Accounting Office:
June 25, 2002............................................ 71
July 9, 2002............................................. 157
McDonnell, James F., Director, Energy Security and Assurance
Program, Department of Energy.............................. 187
Nokes, David, Director, Systems Assessment and Research
Center, Sandia National Laboratories....................... 83
O'Toole, Tara, Director, Center for Civilian Biodefense
Studies, Johns Hopkins University.......................... 118
Plaugher, Edward P., Chief, Arlington County Fire Department,
Executive Agent, Washington Area National Medical Response
Team....................................................... 101
Ridge, Hon. Tom, Director of Transition Planning for Proposed
Department of Homeland Security and Assistant to the
President for Homeland Security............................ 14
Smith, William, Executive Vice President, Network Operations,
BellSouth.................................................. 220
Sobel, David L., General Counsel, Electronic Privacy
Information Center......................................... 258
(iii)
Stringer, Lew, Medical Director, Division of Emergency
Management, North Carolina Department of Crime Control and
Public Safety.............................................. 97
Sullivan, John P., Jr., President and Chief Engineer, Boston
Water and Sewer Commission................................. 238
Tritak, John S., Director, Critical Infrastructure Assurance
Office, Department of Commerce............................. 182
Vantine, Harry C., Program Leader, Counterterrorism and
Incident Response, Lawrence Livermore National Laboratory.. 79
Varnado, Samuel G., Director, Infrastructure and Information
Systems Center, Sandia National Laboratories............... 191
Watson, Kenneth C., President, Partnership for Critical
Infrastructure Security, Cisco Systems, Inc................ 242
Additional material submitted for the record:
Ahern, Jason P., Assistant Commissioner, U.S. Customs
Service, prepared statement of............................. 267
Brooks, Linton F., Acting Administrator, National Nuclear
Security Administration, U.S. Department of Energy,
prepared statement of...................................... 269
Bryden, Robert A., Stff Vice President of Security, FedEx
Corporation, prepared statement of......................... 272
Holsen, Jim, Vice President, Engineering, United Parcel
Service, Inc., prepared statement of....................... 287
Howe, Barry, Vice President, Thermo Electron Corporation,
prepared statement of...................................... 284
Jones, Gary, Director, Natural Resources and Environmental
Issues, General Accounting Office, prepared statement of... 291
Martin, Steven W., Director, Homeland Security, Pacific
Northwest National Laboratory, prepared statement of....... 282
Nokes, David, Director, Systems Assessment and Research
Center, Sandia National Laboratories, prepared statement of 288
Panico, Frank, Manager, International Networks and
Transportation, U.S. Postal Service, prepared statement of. 272
Shotts, Wayne J., Associate Director for Nonproliferation,
Arms Comtrol and International Security, Lawrence Livermore
National Laboratory, prepared statement of................. 274
(iv)
CREATING THE DEPARTMENT OF HOMELAND SECURITY: CONSIDERATION OF THE
ADMINISTRATION'S PROPOSAL
----------
TUESDAY, JUNE 25, 2002
House of Representatives,
Committee on Energy and Commerce,
Subcommittee on Oversight and Investigations,
Washington, DC.
The subcommittee met, pursuant to notice, at 9:10 a.m., in
room 2123, Rayburn House Office Building, Hon. James C.
Greenwood (chairman) presiding.
Members present: Representatives Greenwood, Stearns,
Gillmor, Burr, Whitfield, Bass, Fletcher, Tauzin (ex officio),
Deutsch, Stupak, Strickland, and DeGette.
Also present: Representatives Deal, Cubin, Waxman, Markey,
Sawyer, Capps, and Harman.
Staff present: Tom DiLenge, majority counsel; Amit Sachdev,
majority counsel; Ray Shepherd, majority counsel; Nandan
Kenkeremath, majority counsel; Edith Holleman, minority
counsel; and Chris Knauer, minority investigator.
Mr. Greenwood. The subcommittee will come to order. The
Chair would announce before the commencement of opening
statements that, pursuant to the rules, the chairman of the
subcommittee and the ranking member and the chairman of the
full committee and the ranking member of the full committee
will be accorded 5 minutes for opening statements; other
members of the subcommittee shall be accorded 3 minutes apiece.
We welcome the participation of other members of the full
committee who are not members of the subcommittee, and should
they arrive and wish to make opening statements, we will grant
them time--yield them time, the amount of time being dependent
upon how many of them there are.
And the Chair welcomes Governor Ridge, my friend--good to
have you with us--and yields himself 5 minutes for the purpose
of an opening statement.
Good morning. Today the subcommittee will hold the first
day of a multipart hearing to examine how the Bush
Administration's proposal to establish a Department of Homeland
Security will affect the agencies and the operations over which
this committee now exercises principal jurisdiction. Our first
witness is the current Director of the Office of Homeland
Security and our former colleague, Governor Tom Ridge, who is
appearing today in his capacity as the chief of the transition
team for this new department.
The President could have made no finer choice in responding
to the disaster of September 11 than by appointing Tom Ridge to
be Director of the Office of Homeland Security. The challenge
before him is daunting, but those of us who know Tom also know
that he has always heeded his country's call.
In 1968, while still in law school, Tom Ridge was drafted
into the U.S. Army. He fought in Vietnam as an infantry
sergeant and was awarded the Bronze Star. He was the first
enlisted Vietnam veteran elected to Congress.
Now he has been enlisted in a new struggle. True to form,
he has labored tirelessly since last September to help improve
the security of our homeland and our fellow citizens.
The President's proposal is a bold one. It envisions a
department whose mission includes border and transportation
security; emergency preparedness and response; chemical,
biological, radiological, and nuclear countermeasures;
information analysis and infrastructure protection. If approved
as now proposed, only the Department of Defense and the
Department of Veterans' Affairs would have more employees than
the almost-170,000 workers proposed for the Department of
Homeland Defense.
Few would dispute the need for consolidation and
coordination of the nearly 100 agencies that now share
responsibility for these critical tasks. This subcommittee's
oversight over the past 2 years also has demonstrated the need
for a single agency to take charge of the responsibility to
enhance the protection of our Nation's critical infrastructure
and key terrorist targets, both in the public and private
sector. The latter includes several industry sectors over which
this committee has principal jurisdiction, including the
electricity and telecommunications grids and our Nation's
drinking water systems.
As our hearing last April demonstrated, precious little has
been done since 1997 when a Presidential blue ribbon panel
urged the establishment of a robust public-private partnership
to identify critical assets, assess their interdependencies and
vulnerabilities, and take steps to mitigate our risks.
Moreover, this subcommittee's oversight with respect to
Federal counterterrorism R&D programs has raised many of the
same concerns. As the General Accounting Office reported to
this subcommittee last September, just prior to the anthrax
attacks on this city, our Federal bioterrorism research
programs, scattered throughout a dozen or more agencies, are
poorly coordinated and lack a clear sense of priority and
focus. The same is true for the myriad of Federal programs
aimed at improving the preparedness of Federal, State and local
governments and emergency response providers to deal with major
disasters, terrorist attacks and other public health
emergencies. In fact, there were so many such programs within
the Department of Health and Human Services itself that in the
bioterrorism bill this committee recently shepherded through
the Congress, we created a new Assistant Secretary at HHS just
to coordinate all these emergency preparedness and response
functions.
And this is just one department. Can there be any doubt why
every serious study of this issue has ended in a call for some
form of centralization, or focal point of coordination in the
executive branch? The President's proposal moves us firmly in
that direction.
The focus of today's hearing is on the critical aspect of
emergency preparedness and response and how the President
proposes to improve our national efforts in this area. We
cannot move too soon. Yesterday, for example, CNN reported on
the new threats being made by a spokesman for al Qaeda who, in
a sickening and warped reference to September 11, told
Americans they should, quote, fasten their safety belts and
then spoke of the death of up to 4 million Americans including
1 million children through the use of chemical and biological
weapons.
Although Governor Ridge will testify today on all aspects
of the President's proposal, the remainder of our panels and
witnesses will focus on the emergency preparedness and response
issue, namely Title V of the administration's proposal. With
respect to those functions or programs that are proposed for
transfer from any agency to the new department, two questions
seem in order: First, how do these programs operate currently;
and second, what are the potential advantages or disadvantages
to the proposed transfer?
In our case, while the President's bill is a useful
blueprint, many important questions remain to be resolved. For
example, what is the scope of the new secretary's authority
over HHS's public health preparedness programs and how might it
alter the current focus on important dual-use programs? Why are
some of the agencies' preparedness and response programs
transferred completely, others transferred partially and others
left unchanged in their respective departments? And for those
assets or functions not fully transferred to the new Secretary,
but under his authority, how does the administration plan to
ensure a workable model with one Secretary directing the assets
or programs of another?
As I said at the outset, the task before the President, the
Congress and today's chief witness is daunting, but whatever
the challenge, we must meet it. In the midst of the battle of
Bunker Hill, Abigail Adams wrote these words to her husband in
Philadelphia:
``Dearest friend, the day, perhaps the decisive day, has
come on which the fate of America depends. Now the fate of
America rests with us, and of one thing I am certain. Unless a
spirit of cooperation and trust informs all of our efforts, we
are unlikely to succeed. And to be successful, we have a duty
to speak plainly to the American people about the clear and
present dangers that lead us to this enormous investment in
this massive undertaking.''
Again, I want to thank Governor Ridge and all of our
witnesses for agreeing to appear before us today, many on short
notice.
I will recognize the ranking member, the gentleman from
Florida, Mr. Deutsch, for an opening statement.
Mr. Deutsch. Thank you, Mr. Chairman. And thank you,
Governor Ridge.
This is an issue where I think it is accurately described
that there is no light between any of us in the Congress, the
435 Members of the House and the 100 Members of the Senate. And
I think that we stand completely with the President on the
creation of this department, which is an integral part of the
war on terrorism.
I think if we have learned anything post-September 11, it
is reminding us that the most fundamental thing we can do as a
government and as elected officials is the security of our
constituents. And, in fact, I think we understand that
unfortunately, prior to September 11, we were not looking at it
quite the way we should. And specifically, I think, we
acknowledge at this point that terrorists' or terrorist states'
particularly weapons of mass destruction are an existential
threat to the United States and to our people.
And, Governor Ridge, I have read your comments and I would
completely agree with basically all of them, but one I want to
focus on which I think is the--in a sense, the essence for the
creation of the department is that, at the present time, there
really is no one who is responsible or no agency that is
responsible, but--you are in your position, but no agency that
is responsible for homeland security.
And my experience in life--and I think for most of us if we
think about our experience in life--is, something never gets
done correctly unless someone is responsible and in charge. And
I think that is the essence of, the purpose of this agency
where I think the goal, the need, is absolutely imperative.
I also think the facts of, again, what you have put
together and what others have put together at this point
specifically show the sort of ad hoc dispersed nature of some
of these responsibilities. I think as we move forward--and I
think this is one of these issues where we really are working
hand-in-hand--in a very bipartisan tradition in this committee,
although we have many disagreements, we have many agreements as
well.
We will disagree, as we did last week on prescription
drugs, but on this, I think there are no disagreements. And I
think what we are really looking for is working with you,
working with each other, just really trying to make it as good
as possible.
And I think we are at the level of details. I don't think
that this is a case where the devil is in the details. I really
don't. I think it is the details of working with you to really
try to structure a department that will maximize the imperative
that we are successful.
One of the analogies that I have used in talking about
post-September 11 and I would add to this creation of this
department, I think there are several World War II analogies--
two, really, I think, at least for me, and when I have spoken
about this, they have been very on point.
One is clearly, obviously, Pearl Harbor where the United
States wasn't prepared; and if we look historically, the
Japanese might have seen it as a short-term victory. But I
think historically, obviously it was an incredible disaster for
them. Had the United States entered the war in the Pacific,
which is unclear whether we would not have--would have, and I
think it was overdetermined once we entered the war that we
would be successful.
The other analogy is the Manhattan Project. And when it was
started it was not overdetermined that we would be successful
in that effort. But if we were not successful, obviously
history would be a lot different.
Governor, I speak to you, and I know your commitment is
total on this; and I speak to ourselves about this, that I
think that just as we had no choice but to be successful with
the Manhattan Project, we have no choice but to be successful
with what we are doing to prevent weapons of mass destruction
attacking the United States. And I believe the creation of this
department is a critical component of that.
So I look forward to working with you and with my
colleagues on both sides of the aisle over the next, really,
hopefully, just several months. I think setting the date of
September 11 to try to get it resolved by is doable. As you
well know as a former Member, we can always argue about things.
We will have enough things to argue about between now and
January 20 if we want to. Hopefully, we won't.
Hopefully, we will put deadlines on ourselves and force us
with the minutia of details, with the minutia of jurisdiction.
Hopefully, we will get over that and understand that we are all
working together for one goal.
So I yield back the balance of my time.
Mr. Greenwood. The Chair thanks the gentleman and yields 5
minutes for an opening to the chairman of the full committee,
the gentleman, Mr. Tauzin.
Chairman Tauzin. Thank you, Chairman Greenwood, and I am
pleased to join you in welcoming Governor Ridge to testify on
President Bush's historic proposal for the creation of the new
Cabinet-level Department of Homeland Security.
Governor Ridge, I think you and we, too, understand that we
are going to play some important roles here. But the truth is
that bureaucrats and legislators and even Cabinet-level
officials really play a second-place role when it comes to
defending the country in this very important time. It is the
men and women of the military, the National Guard or the fire
and emergency response teams and the incredible heart and
courage of the people of America who are on the front line, the
eyes and ears of our country, the first responders who really
have this task at hand; and our job is to help arm them and
properly coordinate them.
And I, first of all, want to thank you because the other
side of that coin is that we have learned since September 11
that there can be a lot of finger-pointing in this country when
things go wrong, and there can be a lot of people trying to put
the blame on someone else for not sharing information or
coordinating properly.
You, however, left your job as Governor of the great State
of Pennsyvania at the summoning of our President, and you
decided to be the person where the buck stops in coordinating
and making sure this awful finger-pointing exercise doesn't
happen again. And this is the next, obviously, important step
in that process, to make sure there is someone at a Cabinet
level for whom the final responsibility rests in coordination.
That is an awesome responsibility, sir, and I commend you
for taking it on in this temporary position. And frankly, I
would hope that the President has the good sense, when we are
through with this work, to continue you in a permanent position
if you are willing to undertake it.
I wanted to talk briefly with you this morning about some
of our roles in connection with your role in the establishment
of this new department. First, our committee has jurisdiction,
and we will continue to have jurisdiction, obviously, over many
of the programs that the Department of Energy and the national
labs, the Department of Health and Human Services, all of which
serve vital roles in preparing and responding to chemical,
biological, radiological and nuclear attacks. All areas where--
if this spokesman for al Qaeda is real and his statements are
believable, all areas of vulnerability these people hope to
exploit in these programs, such as the nuclear emergency
support teams that identify and respond to radiological and
nuclear threats as well as public health programs; such as the
strategic national stockpile of drugs and vaccines that must be
stocked and rapidly deployed, this new department will now play
an important role.
Title V of the President's proposal contains a plan for
consolidating and coordinating these functions. Well, obviously
we have to help you make sure that that is done properly. It is
a critical function as we face new threats.
Second, our committee has jurisdiction and will continue to
have jurisdiction over research and development programs for
chemical, biological, radiological and nuclear countermeasures.
Programs that the Health and Human Services Department, DOE and
national labs in which the country's top scientists are
currently working on new methods for detecting and detecting
terrorist attacks. For example, there are improved sensors to
detect radiological devices, new scanners to screen luggage and
cargo, new technologies to detect and neutralize biological
hazards.
Title III of the President's plan would transfer many of
these programs, and it is important, I think, as we handle this
transfer, to see what we can do about somehow coordinating the
very diverse efforts that are going on in as many as four
different labs on the same subject, and to make sure we get the
best in new, innovative technologies out there to protect our
borders and to make travel in this country as safe as we can
make it.
And a third of the department's jurisdiction will continue
to have jurisdiction over the regulation of many of the
Nation's most critical infrastructure and assets, including
both publicly and privately owned assets in telecommunications
and energy and safe food and drinking water, as well as many
manufacturing facilities in the country that could be targets.
Governor Ridge, I want to thank you for something else: for
being accessible to this committee without subpoena,
voluntarily meeting with us, counseling with us, as we went
through the process post-9/11 of examining all the agencies
under our jurisdiction and all these critical assets, and where
the vulnerabilities might be and what we might do to encourage
the agency heads to begin developing protection and
countermeasures to make sure these assets are protected.
The key is to recognize that most of the critical,
important infrastructures are privately owned, privately
operated. And the only way to succeed is going to be creating
the strong public-private partnerships for national security.
It doesn't create new regulatory regimes in this country, new
bureaucracies that are going to make the economy worse off, but
literally relies upon the strength of those private-sector-
owned and -operated entities to work with us in a partnership
to make sure they are protected properly.
We want to point out one more thing, and I will be asking
you a couple of questions about it. In the meetings we had
post-9/11, we were shocked to find out how many of the
vulnerability assessments that exist in this country, how many
of the detailed plans and drawings and important critical
assets in this country are on the Internet, were available
under the Freedom of Information for anybody to obtain. And
this committee is vitally concerned, as we create this new
department, that there are some common standards for
vulnerability assessments and there are some real strong
amendments, the Freedom of Information Act and other acts that
would unfortunately allow some of this critical information to
be available to people who might use it as a road map for
terror in the future.
We have to cut a delicate balance here because we are a
free society, and we want people to know what our Government is
doing; but there is a line we have to draw when it comes to
providing free to anybody who wants it a road map of how to get
into a nuclear plant or how to find a critical
telecommunications infrastructure, and doing something with it.
Finally, Governor Ridge, we just passed the Bioterrorism
Act. This committee was primarily responsible for its
development, as you know. There are some conflicts now in the
new proposals. We are really beginning to assess, to coordinate
the act we just passed with the new proposal the President just
made. We are going to need your help in doing that. We don't
want to leave some of the good work we did on bioterrorism
undone because we are now changing the structure of things.
Finally, I want to thank the chairman for also calling
today Deputy Secretary Claude Allen and General Gordon, who are
also going to assist us in this inquiry.
Let me say, Mr. Chairman, yesterday I spent some time with
Leader Armey, and I want to inform the committee and the
Governor that we are sticking firmly to the July 12 timetable.
We are going to get this work done quickly. And we in the House
are going to finish the work on this critical national
proposal, and we are going to do it well; and I am going to
thank you for helping us do it right.
[The prepared statement of Hon. W.J. ``Billy'' Tauzin
follows:]
Prepared Statement of W.J. ``Billy'' Tauzin, Chairman, Committee on
Energy and Commerce
Thank you Chairman Greenwood, I am pleased to join you today in
welcoming Governor Tom Ridge to testify on behalf of President Bush's
historic proposal for the creation of a new Cabinet-level Department of
Homeland Security.
Governor Ridge, let me thank you for the job that you have been
doing--tirelessly and without complaint--to defend our borders and keep
the citizens of this great country safe and secure, in our cities, our
communities, and our homes. After the terrorist attacks last fall,
President Bush asked you to accept perhaps the single most important,
and certainly the most difficult, job in the Nation. And you have risen
to the challenge.
We in the Congress appreciate the job you are doing, and we will
continue to do our part for this cause--a cause that requires us to
make absolutely sure that the men and women who are fighting this war
against terrorism on our behalf, including our military, our
Reservists, the National Guard, and Federal, State, and local law
enforcement personnel, have the tools, the resources, and the support
they need to keep us safe from the harm our enemies seek to bring to
our shores.
With regard to the President's proposal, I support creating a
Cabinet-level department--one that will not only pick up the role of
homeland security coordinator, but a new Department with an empowered
Secretary who has the authority and resources needed to protect our
country from the threats of terrorism.
The Committee on Energy and Commerce has an important
responsibility to assist the Administration with this proposal. First,
we have jurisdiction--and will continue to have jurisdiction--over many
of the programs at the Department of Energy (DOE), the National Labs,
and the Department of Health and Human Services (HHS) that serve vital
roles in preparing for and responding to chemical, biological,
radiological and nuclear attacks. These include energy programs such as
the nuclear emergency support teams that identify and respond to
radiological and nuclear threats, as well as public health programs,
such as the Strategic National Stockpile of drugs and vaccines that
must be stocked and rapidly deployed in the event of a chemical or
biological attack. Title 5 of the President's proposal contains a plan
for consolidating and coordinating these functions in the new
Department of Homeland Security. We must ensure that this is done
properly and that these programs are integrated in a manner that allows
them to respond promptly in the event of a future attack.
Second, this Committee has jurisdiction--and will continue to have
jurisdiction--over research and development programs for chemical,
biological, radiological and nuclear countermeasures. These are
programs at HHS, DOE and the National Labs in which our country's top
scientists are working to develop new methods for detecting and
preventing terrorists attacks--such as improved sensors to detect
radiological devices, new scanners to screen luggage and cargo, and new
technologies to detect and neutralize biological hazards. Title 3 of
the President's proposal contains a plan for transferring many of these
programs to the new Department. It is important for us to remember that
new and improved technologies and American ingenuity and innovation are
among the greatest advantages we have in fighting terrorism, second
only to the heart and conviction of the people of this country.
Third, this Committee has jurisdiction--and will continue to have
jurisdiction--over the regulation of many of our Nation's most critical
infrastructures and assets, including both publicly and privately owned
assets that are integral to the delivery of telecommunications and
information technology services, the production and distribution of
energy, and the delivery of safe food and drinking water, as well as
manufacturing facilities that may be targets of potential terrorist
actions. Title 2 of the President's proposal would add to the mission
of the new Department the responsibility to analyze vulnerabilities and
improve protection for these critical assets and infrastructures. The
key to our success in this area is to recognize that many of the most
important critical infrastructures are privately owned and operated,
and the only way to succeed in assuring their protection is through a
strong and effective public-private partnership for national security.
After the September 11th attacks, I and other senior Members of
this Committee on a bipartisan basis met with high-ranking private
sector officials to encourage them to work together in a public-private
partnership to ensure that our critical infrastructures are adequately
protected against potential terrorist attacks. Not only must potential
targets of terrorism be adequately protected, but we also must ensure
that sensitive information about these assets, such as vulnerability
assessments, are never allowed to be used as roadmaps for terrorist
action. I believe that the new Department should develop a
comprehensive framework across the critical infrastructure sectors,
including common standards for vulnerability assessments, and that we
in Congress must provide additional legal protections to protect such
sensitive information from improper public disclosure.
Finally, it is worth noting that, just this month, the President
signed a sweeping $4.6 billion dollar bioterrorism preparedness bill
into law, which was shepherded through Congress by Members of this
Committee on a bipartisan basis. Many of the issues that we dealt with
in crafting that new law, and many of the proposals to combat
bioterrorism, will need to be evaluated in the context of the new
Department of Homeland Security. Sorting out roles and responsibilities
for the new Department and the other Federal agencies already tasked
with many of these functions will be a significant challenge that we
must complete quickly.
I commend the President for his proposal. It reflects a sound
framework to get this job done, and I believe credit is due not only to
the President for taking this bold step, but also to those, such as
former Senators Warren Rudman and Gary Hart, who have for sometime
recognized this need and whose foresight and ideas are undoubtedly
reflected here.
Again, I want to thank Governor Ridge, and each of our other
witnesses, including Deputy Secretary Claude Allen from the Department
of Health and Human Services, and General John Gordon, Administrator of
the National Nuclear Security Administration at the Department of
Energy, for coming here today. I look forward to today's testimony and
to working with the Administration and my colleagues on both sides of
the aisle to craft legislation that creates a Cabinet-level Department
of Homeland Security worthy of the people who work tirelessly everyday
to protect us. Mr. Chairman, I yield back the balance of my time.
Mr. Greenwood. The Chair thanks the chairman of the
committee, and recognizes the gentleman from Michigan, Mr.
Stupak, for 3 minutes for an opening statement.
Mr. Stupak. Thank you Mr. Chairman. I look forward to
today's hearing and welcome Governor Ridge.
We have spent a lot of time since September 11, and I am
sure we will do more in the future. Let me say right away that
I accept the principle that homeland security is so important
that it demands a Cabinet-level position. In fact, as one of
the early cosponsors of some of the proposals put forth by the
Democratic Caucus, it is not whether what caucus put it
forward, but the idea and the principle that we do need a
Cabinet-level position for homeland security.
As such, the Secretary serving as the head of this
department should have the information, the authority and
resources to carry out the task of protecting our citizens and
our domestic resources and infrastructure.
That said, however, I believe that Members of Congress of
both parties want to see a homeland security proposal from the
administration that is more than just a mere shuffling of the
chairs at the table. If the chain of command for organizations
like the Coast Guard and FEMA, the Federal Emergency Management
Agency, are reorganized, we want to be able to ask about the
missions and the staffing and the cost of the change.
If information-gathering is reorganized--if information-
gathering is reorganized, we want to know what intelligence
will be collected, how it will be distributed and whether the
net change puts information in fewer hands or more hands, and
whether it speeds distribution of intelligence, or does it
encumber it?
Reorganization will come, and the public needs to stay
involved; and it needs to make the President, the Republican
leadership in the House and the Democratic leadership in the
Senate aware of its concerns. And with the chairman putting
forth that July 12 deadline, it is even more important that
those concerns are expressed immediately. Whether
reorganization winds up being merely changed for the sake of
change or a real improvement in protection of our Nation will
depend on the questions that are asked, the debates that are
held and the attention paid to the details of the President's
proposal.
Again, welcome, Governor Ridge; and I look forward to
hearing from you and other witnesses today.
And, Mr. Chairman, with that, I will yield back the balance
of my time.
Mr. Greenwood. The Chair thanks the gentleman and
recognizes the gentleman from Kentucky, Mr. Whitfield, for 3
minutes for an opening statement.
Mr. Whitfield. Thank you, Mr. Chairman.
And, Governor Ridge, we welcome you to the committee today
and look forward to your testimony on what President Bush has
described as the biggest restructuring of the Federal
Government in 40 years. We also look forward to the testimony
of the witnesses on the other three panels.
I think all of us understand and recognize that this is a
complex piece of legislation, and it will be interesting to
determine exactly how the new Department of Homeland Security
will interact with the existing agencies in working out the
areas of responsibility, and who has direct authority.
So I am looking forward to the testimony today as we embark
on this very important legislation, and thank you for being
here.
Mr. Greenwood. Chair thanks the gentleman, and the Chair
notes the presence of the two gentleladies from California who
are members of the full committee, but not members of the
subcommittee. We welcome your participation.
The Chair recognizes the presence of the gentleman from
California. The Chair will grant each of you 3 minutes for an
opening statement, beginning with Mrs. Capps.
Mrs. Capps. Thank you, Mr. Chairman, and I thank you for
holding this hearing.
And welcome and thank you, Governor Ridge, for yet again
coming before us with information and insight into what is
happening to this restructuring effort.
I don't have formal remarks; I am very eager to get into
the conversation. I came to Congress after putting in a couple
decades' work in public health in my community. I am very eager
to hear how this legislation, which I helped craft--the
bioterrorism preparedness bill--to ensure those resources get
in the hands of the first responders.
Each time I go back to my district, the safety and health
people there are wondering and asking about this. And I am very
concerned that we do this with all haste. While this
restructuring is very preoccupying, and I can understand that,
we can't forget that our mission really is in the local
communities, because that is where this battle needs to be
waged.
So I will be yielding back my time and looking forward to
the hearing. Thank you very much.
Mr. Greenwood. The Chair thanks the gentlelady and yields 3
minutes to the other gentlelady from California, Ms. Harman.
Ms. Harman. Thank you, Mr. Chairman. I also would like to
thank the chairman of the full committee for personally
inviting me to participate.
Good morning, Governor Ridge. I would hope that once we set
up this Department of Homeland Security, you would not have to
spend the entire summer testifying before Congress ever again.
I think this concept is very important. As you know, many
pieces of it were borrowed from legislation some of us
introduced on a bipartisan basis up here. You have put them in
a different order, but I am proud to support your proposal and
am one of the original cosponsors of the Armey bill that was
introduced yesterday.
I think that we, up here, can contribute a few refinements
that would help the legislation be more successful. And I just
want to address one area right this minute in my remaining few
seconds, which is public-private partnerships.
You were nice enough to participate last week in a really
spectacular meeting that 12 members cohosted on a bipartisan
basis called Technology and Terrorism. We had 120 CEOs up here,
and they were talking about their frustration with connecting
their technologies into our homeland security effort.
The mechanism for doing this needs to be refined in this
new department. H.R. 4629, introduced by Congressman Tom Davis,
has some very good ideas in it, but I would hope, as we
proceed, that we do refine this procurement process.
Second, I said public-private partnerships. On the
partnership point, the government at the Federal, State and
local levels must work more closely with private entities to
ensure homeland security. The Government is responsible for
providing security for citizens, but the private sector shares
the responsibility to protect against attack or disruption, and
it controls many of the assets needed to do so.
When we have questions, I will ask you more about this, but
let us as a committee, especially one focused on commerce, lend
our expertise, working with your office to make the public-
private partnership piece of this legislation more effective.
I yield back the balance of my time.
Mr. Greenwood. Chair thanks the gentlelady and recognizes 3
minutes for purposes of an opening statement to the gentleman
from Florida, Mr. Stearns.
Mr. Stearns. Good morning and thank you, Mr. Chairman.
Governor Ridge, you are going to have a lot of patience in
life. Governor of Pennsylvania might look pretty good to you
after this process. They think you are doing a great job, and
we are here to support you in any way we can and we're just
glad, as a U.S. citizen, you're willing to tackle this.
Most of my speech, Mr. Chairman, I will make part of the
record by unanimous consent.
Mr. Greenwood. Without objection.
Mr. Stearns. I think it's already been pointed out, not
since--the creation of such an enormous department, like this,
encompassing a vast organization of Government resources has
not been attempted since the National Security Act of 1947.
I think one of the concerns some of us have, Governor
Ridge, is that while we take all this organization and move all
these departments together, what about the intelligence
failures and what are we doing to streamline within a
department--if you just take all these departments and put them
together and do nothing to change the individual departments
and streamline them and give them more high tech equipment and
make sure that these departments are talking to each other--you
know, that would be the question: Is the President's proposal
adequate in that respect?
Two FBI units, a national domestic preparedness office and
the National Infrastructure Protection Center would be
transferred to the department under the President's plan. What
about reform or transformation of the FBI, the CIA, related to
counterterrorism? You know, in light of what we learn and see
in time and U.S. News report, there has got to be something
done there, and I think it would be a false assumption for
Americans to think just making this new Homeland Security is
going to solve all the problems.
We on the Energy and Commerce Committee are very concerned
about some of our jurisdiction and how that is going to work,
because once we have a department getting its funds through
you, yet the department remains in one agency, how is that
going to work?
So you have a daunting task ahead of you, and I want to
commend you. And I assume you are part of the wellness
preparedness program the President has in running every day and
making sure you are not stressed out here. Godspeed to you and
thank you for testifying.
Mr. Greenwood. The Chair thanks the gentleman, and the
Chair recognizes for 3 minutes the gentleman from California,
Mr. Waxman.
Mr. Waxman. Thank you very much, Mr. Chairman. And welcome,
Governor Ridge, to this hearing. I am very glad to have this
opportunity to further examine the Bush Administration's
proposal for the Department of Homeland Security.
The proposal raises many questions of importance to this
committee as well as other committees. I am very concerned
about the proposed transfer of important public health
functions of the Department of Health and Human Services. I
believe that the transfer of these functions may undermine the
rebuilding of core public health capacities that is now under
way. If our public health system is structured and viewed
exclusively through the lens of fighting terrorism, it may
seriously weaken our ability to respond to other threats to the
health of the American people.
It appears that several HHS offices are to be transferred.
These include Office of Emergency Preparedness, the National
Disaster Medical System and the Metropolitan Medical Response
System. With these offices may go significant authority to
oversee our Nation's response to public health emergencies.
Such a transfer may also shift to the Department of
Homeland Security the power to make bioterrorism and emergency
preparedness grants to State and local public health systems.
These grants were the cornerstone of the recently enacted
Public Health Security and Bioterrorism Response Act. Their
purpose was not only to fund specific preparations for
bioterrorism. Just as critically, the grants were intended to
turn around decades of neglect of our Nation's public health
infrastructure.
It is beyond argument that our public health system is in
disrepair, and we cannot protect our citizens from bioterrorist
attacks if our public health system is not working. Detecting
and responding to a bioterrorist attack is just like detecting
and responding to other emerging epidemics. It requires fully
functioning and coordinated public health systems at the local,
State and Federal levels.
For this reason, the bioterrorism bill directed HHS to
coordinate the repair of Federal, State and local public health
systems as part of bioterrorism and emergency preparedness. The
expertise to establish priorities and coordinate this effort
lies with the public health experts and scientists at HHS and
CDC. If priority-setting, coordination and/or grant-making
functions are transferred to a new department, focused on
terrorism, I am very concerned that the necessary rebuilding
and upgrading of our public health response system will take a
back seat.
If we attempt to protect ourselves against terrorist
attacks at the expense of our Nation's public health system, we
may find that we have undermined rather than enhanced our
Nation's true security.
And I thank you for this opportunity for an opening
statement, and I look forward to working with you, Governor
Ridge, on this very important issue.
Mr. Greenwood. The Chair thanks the gentleman.
[Additional statements submitted for the record follow:]
Prepared Statement of Hon. Ted Strickland, a Representative in Congress
from the State of Ohio
Let me start by thanking Chairman Greenwood and Ranking Member
Deutsch for holding this hearing today. All Americans are aware of the
need to rethink how we defend our country, and so I thank Governor
Ridge, as well as the witnesses who will follow him, for being here to
answer our questions about the president's proposed Department of
Homeland Security. I am pleased that the Administration has attempted
to put together all the ideas for increased domestic security that have
been raised during the past eight months, many of which have been
discussed in hearings like this. Now Congress must fulfill its role to
balance the power of the Executive Branch and question the president's
proposal. It's our responsibility on this panel today to ask questions
of our witnesses that will allow us to flesh out the skeletal
suggestion put forth by the president as well as to create a new
department that will best serve the constituents whom we represent here
in Washington.
When we talk about protecting America, we should be thinking in
terms of what's proactive and preventative instead of only what's
reactive and responsive. While we all understand the need to formulate
``countermeasures'' and to devise plans for ``emergency preparedness
and response,'' I am concerned that the president's proposal may not
give the secretary of the new department enough authority to prevent
disaster. We have learned from the news media in recent weeks that we
might have averted the terrorist attacks on September 11th if our
federal agencies had been configured differently or had communicated
with each other more effectively. In other words, we might have been
able to prevent disaster.
In my view, we have two main strategies at our disposal: we can
deter future attacks with our brawn, or we can halt them with our
brain--with our intelligence capabilities. We can spend hundreds of
millions of dollars on star wars, or we can spend a couple hundred
dollars on language courses so that we have linguists who can translate
the mountains of raw intelligence data that we collect but never
analyze. But, even if all the data are analyzed and packaged in a form
that is presentable to the secretary of the new department, what
assurances do we have that one intelligence gathering agency, be it the
CIA, the NSA, or the FBI with its new powers, would share its reports
with the others? Will the new secretary have any authority to ensure
that information is shared and that our intelligence operations are
working together to prevent disaster? These questions are among many
that we will be seeking answers to in the coming weeks.
In particular, last Fall I wrote to Secretary Abraham to express my
concern for the safeguarding of our federal nuclear facilities and the
nuclear materials stored at these sites. Substantial quantities of
nuclear materials, including highly enriched uranium and plutonium, are
stored in chemically and physically unstable forms across the
Department of Energy complex. Some of these nuclear materials are
stored in outdated containers that often sit in deteriorated facilities
or even outside, exposed to the elements. In either case these storage
facilities were not built with the intention of protecting nuclear
materials from terrorist attacks. At the DOE facility in Piketon, Ohio,
for example, the majority of the 16,000 depleted uranium hexafluoride
canisters stored onsite are out in the open.
I think it is tremendously important that we have an understanding
of how the Department of Homeland Security will protect America and its
citizens from acts of malice against the physical structures and
containers holding special nuclear materials, by-products, and source
materials, especially in those cases where the physical structures may
be vulnerable to significant radiological and other consequences.
I anticipate hearing from the witnesses about how such drastic
governmental restructuring will affect--good or bad--the ability of the
different agencies to fulfill their objectives. I look forward to a
thoughtful and candid discussion of the proposals to protect our
nuclear assets, in addition to plans for safeguarding Americans if
terrorists were to strike at nuclear facilities. I thank the Chair and
yield back the remainder of my time.
______
Prepared Statement of Hon. John D. Dingell, a Representative in
Congress from the State of Michigan
Thank you, Mr. Chairman, for holding this initial hearing on the
President's proposed new cabinet agency for homeland security. I have
made no secret of my skepticism that mere reorganization can solve the
problems we face, or that reorganization would not create significant
new problems. That is why this hearing, and others like it across the
Congress, are so necessary. They cannot simply be ``check the box''
exercises.
The Committee on Energy and Commerce will need to address several
questions in the coming weeks about the proposed new structure. First,
I note we just passed, and the President just signed, a carefully
crafted comprehensive bioterrorism measure. It established programs to
rebuild our public health infrastructures at the state and local
levels, which are where responses to terrorism occur, as well as
strengthened the federal capacity to address possible threats. Will the
new Department actually increase fragmentation in the largely cohesive
federal effort against bioterrorism and other public health
emergencies? Will the new Department undermine the state and local
public health focus of the new law?
Second, will the Department's security activities undermine the
enforcement of existing environmental, health and safety protections,
or be otherwise detrimental to such safeguards developed over many
years after full and open consideration by the Congress? Will the
Department be given broad authority to override existing statutes and
regulations? Will the accelerated and superficial treatment accorded
thus far to this proposed reorganization provide an opportunity for
major mischief?
Third, and more broadly, will this reorganization result in more
confusion, more expense, more bureaucracy, more people, more harm to
the civil service, more harm to public employee unions--and less work?
Will the country actually be more vulnerable during what will likely be
a lengthy transition period? Will the Department remain fully
accountable to the people, and to the Congress, for its security
mission as well as for the non-security functions it may inherit?
Our constituents will expect us to know the answers to these and
many other questions before we act. Today's hearing is a small step
towards developing the kind of understanding we will need to address
this matter responsibly.
Mr. Greenwood. Governor, you are aware that the committee
is holding an investigative hearing and when doing so has had
the practice of taking testimony under oath. It is my
understanding that you have no objection to offering your
testimony under oath.
Mr. Ridge. None.
Mr. Greenwood. The Chair also advises you that under the
rules of the House and the committee, you are entitled to be
advised by counsel. My understanding is that you don't feel the
need to be advised by counsel.
Mr. Ridge. That's correct.
Mr. Greenwood. If you would stand and raise your right
hand.
[Witness sworn.]
Mr. Greenwood. Thank you Governor, you are under oath and
we look forward to your testimony and please begin.
TESTIMONY OF HON. TOM RIDGE, DIRECTOR OF TRANSITION PLANNING
FOR PROPOSED DEPARTMENT OF HOMELAND SECURITY AND ASSISTANT TO
THE PRESIDENT FOR HOMELAND SECURITY
Mr. Ridge. Chairman Greenwood, Ranking Member Deutsch and
subcommittee members, I certainly appreciate the opportunity to
testify--with the microphone on--in support of the President's
historic proposal to unify our homeland security efforts under
one Cabinet-level Department of Homeland Security.
Since the terrorist attacks of September 11, all of America
has risen to the challenge of improving the security of our
homeland. In partnership with Congress, with States and
localities, with law enforcement, with the private sector and
academia, America has made great progress in securing its
borders and preserving its way of life and the security of its
citizens.
The President believes our Nation must now take the next
critical step by unifying our efforts under a single Department
of Homeland Security. Only Congress can create such a
department, and I am here today to personally convey the
President's deep desire to work with Members to accomplish this
goal. The President believes that the creation of a single
department with a single, clear line of authority, as quite a
few of the members of the committee have discussed, would not
only improve our preparedness for future attack, but also
strengthen these partnerships, thereby helping to prevent a
future attack.
Earlier this month, the President signed an executive order
appointing me as Director of the Transition Planning Office for
the Department of Homeland Security, to be housed within the
Office of Management and Budget. While I will still retain the
title of Assistant to the President for Homeland Security, my
testimony today will be given as Director of this new entity.
This proposal was the result of a deliberative planning
process that really began with an effort led by Vice President
Cheney a year ago, in May of 2001, and continued as part of the
mission of the Office of Homeland Security when it was created
on October 8, 2001, as well.
My staff and I have met with thousands of Government
officials at the Federal, State and local levels, with hundreds
of experts and many, many more private citizens. Throughout
these discussions, we have constantly examined ways to organize
the Government better.
The President's proposal also draws from the conclusion of
many recent reports on terrorism, reports by blue ribbon
commissions such as Hart-Rudman, Bremmer and the Gillmore
Commissions, as well as a variety of reports from the many
think tanks who have really investigated the issues relating to
international terrorism and homeland security over the past
several years.
It also draws, admittedly--and proudly I might add--from
the legislative proposals of Congressmen and Congresswomen,
including Mac Thornberry and Jane Harman, Ellen Tauscher, Jim
Gibbons, Saxby Chambliss and others, along with Senators Joe
Lieberman and Arlen Specter and Bob Graham.
This historic proposal would be the most significant
transformation in the U.S. Government since 1947. The creation
of this department would transform the current, rather
confusing patchwork of Government activities related to
homeland security into a single department whose primary
mission--whose primary mission is to protect our homeland.
Responsibility for homeland security is currently dispersed
among more than 100 different Government organizations, and the
President believes--and I sense that it is a belief shared with
many Members of the Congress of the United States, both
Chambers, both parties--that we need a single department whose
primary mission is to protect our way of life and our citizens;
a single department to secure our borders, synthesize and
analyze intelligence, combat bioterrorism and direct Federal
emergency response activities.
The proposal to create a Department of Homeland Security is
one more key step in the President's national strategy for
homeland security. Like the national security strategy, ladies
and gentlemen, the national strategy for homeland security will
form the intellectual underpinnings to guide the decisionmaking
of planners, budgeters and policymakers for years to come.
From securing our borders to combatting bioterrorism to
protecting the food supply, most of the initiatives of the
Federal Government in pursuing--excuse me, the majority of the
initiatives the Federal Government is pursuing as part of our
strategy to secure the homeland have already been discussed
publicly. We will certainly refine them with the national
strategy. The strategy will pool together all of the major
ongoing activities and new initiatives that the President
believes are essential to our long-term effort to secure the
secure the homeland.
Now permit me, if you will, just a few comments with
regards to details of the President's plan.
Preventing future terrorist attacks must be our No. 1
priority. Because terrorism is a global threat, we must have
complete control over who and over what enters the United
States. We must prevent foreign terrorists from entering and
bringing in instruments of terror, while at the same time
facilitate the legal flow of people and goods upon which our
economy relies. Protecting our borders and controlling entry to
the United States has always been the responsibility of the
Federal Government. Yet this responsibility is currently
dispersed among more than five major Government organizations
in five different departments.
The new department would unify authority over the Coast
Guard, Customs Service, Immigration and Naturalization Service
and Border Patrol, the Animal and Plant Health Inspection
Service of the Department of Agriculture and the recently
created Transportation Security Administration. All aspects of
border control, including the issuing of visas, would be
informed by a central information-sharing clearinghouse and
compatible data bases. It will be greatly improved in that
process.
The new department would unify government's efforts to
secure our borders in the transportation system that move
people from our borders to anywhere in this country within just
a matter of hours.
Although our top priority is preventing future attacks, Mr.
Chairman, we cannot assume that we will always succeed. We
cannot assume--it would be perilous to assume we could create a
fail-safe system. Therefore, we must also prepare to recover as
quickly as possible from attacks that do occur.
The Department of Homeland Security will buildupon the
Federal Emergency Management Agency as one of its key
components in this effort. The new department would assume
authority over Federal grant programs for local and State first
responders, such as fire fighters, police and emergency medical
personnel, and manage such critical response assets as the
nuclear emergency search team and the national pharmaceutical
stockpile. It would build a comprehensive national management
system that would consolidate existing Federal Government
emergency response plans into one genuinely all-hazard plan.
The department would ensure that response personnel have
and use equipment and systems that allow them to communicate
with one another. As the President made clear in the State of
the Union address, the war against terrorism is also a war
against the most deadly weapons known to mankind--chemical,
biological, radiological and nuclear weapons. If our enemies
acquire these weapons, there is no doubt in anyone's mind, I
believe, that they will certainly use them. They will use them
with consequences potentially far more devastating than those
we suffered on September 11.
Currently, efforts to counter the threats of these weapons
are too few and too fragmented. The President believes we must
launch a systematic national effort against these weapons that
is equal in size to the threat that they pose, and the
President's proposal, we believe, does just that. The new
department would implement a national strategy to prepare for
and respond to the full range of terrorist threats involving
weapons of mass destruction.
The Department of Homeland Security would set national
policy and establish guidelines for State and local governments
to plan for the unthinkable, and direct exercises and drills
for Federal, State and local weapons of mass destruction
response teams. At the very heart of this particular feature of
the President's proposal is to develop even stronger
partnerships with the State and local first responders. The
homeland will be secure when the hometown is secure, and that
is why the President believes very strongly that we need to
have this relationship with the State and local governments and
build in that relationship as the Federal support for the kind
of equipment, drills and training essential to build a national
capacity to be able to respond to these threats.
The Department of Homeland Security would provide direction
and establish priorities for national research and development,
for related tests and evaluations and for the development and
procurement of new technology and equipment. Additionally, the
new department would incorporate and focus the intellectual
power of several important scientific institutions including
our national labs in this effort.
Finally, preventing future terrorist attacks requires good
information in advance. The President's proposal recognizes
this and would develop a new organization with the authority
and the capacity to generate and provide such critical
information. The new department would fuse intelligence,
integrate intelligence from multiple sources and other
information pertaining to threats to the homeland, including
information from the CIA and the FBI, as well as the NSA, INS,
Customs and the many other departments and agencies that have
an information-gathering, intelligence-sharing capability
within this country.
It would also comprehensively evaluate the vulnerabilities
of America's critical infrastructure to which many of the
Members alluded and note the pertinent intelligence against
those vulnerabilities for the purpose of identifying protective
priorities and supporting protective steps being taken either
by the department, other Federal departments and agencies,
State and local agencies and the private sector.
The individuals that work for the organizations tapped by
President Bush for the new department are among the most
talented and certainly the most capable patriots in our
Government. We are proud of what they are doing to secure our
homeland, and we call upon them to continue their crucial work
while the new department is created. This consolidation of the
government's homeland security efforts can achieve great
efficiencies and free up additional resources over time for the
fight against terrorism. They should rest assure that their
efforts will only be improved by the Government reorganization
proposal made by President Bush.
To achieve these efficiencies, the new Secretary will
require considerable flexibility in procurement, integration of
information technology systems and personnel issues.
Even with the creation of a new department, ladies and
gentlemen, there will remain a strong need for a White House
Office of Homeland Security. Homeland security will remain a
multidepartmental issue and will continue to require
interdepartmental collaboration and coordination. Additionally,
the President will continue to require the confidential advice
of a close assistant. Therefore the President's proposal
intends for the existing Office of Homeland Security to
maintain a strong role. The President believes this will be
critical for the future success for the new office itself.
During the transition period, Mr. Chairman, the Office of
Homeland Security will maintain vigilance and continue to
coordinate the other Federal agencies involved in homeland
security.
The President appreciates the enthusiastic, bipartisan
response from Congress and is gratified by the expressions of
optimism about how quickly this bill might be passed. Until the
Department of Homeland Security becomes fully operational, the
proposed department's designated components will continue their
mandate to help ensure the security of this country.
During his June 6 address to the Nation, the President
asked Congress to join him in establishing a single, permanent
department with an overriding and urgent mission, securing the
homeland of America and protecting the American people.
Extraordinary times call for extraordinary measures. We know
that the threats are real and the need is urgent. In working
together, we all know we must succeed in this mutual endeavor.
President Truman did not live to see the end of the cold
war, but the war did end, and historians agree that the
consolidation of Federal resources was critical to our ultimate
success.
Ladies and gentlemen, my colleagues in this effort, we,
too, have that opportunity for leadership and to create a
legacy that will benefit future generations as well. I thank
you for the attention you have given my remarks and your public
expressions of both desire and will to work together to achieve
our mutual goal that is reorganizing Government to enhance our
ability to protect our fellow citizens and our way of life; and
I thank you very much.
[The prepared statement of Hon. Tom Ridge follows:]
Prepared Statement of Hon. Tom Ridge
Introduction
Chairman Greenwood, Congressman Deutsch, Subcommittee Members, I
appreciate the opportunity to testify today in support of the
President's historic proposal to unify our homeland security efforts
under one Cabinet-level Department of Homeland Security.
Since the terrorist attacks of 9-11, all of America has risen to
the challenge of improving the security of our homeland. In partnership
with Congress, with states and localities, and with the private sector
and academia, we have worked to map and protect our critical
infrastructure, including nuclear power plants; to seal our borders
from terrorists and their deadly cargo; to strengthen enforcement of
our immigration laws; and to prepare for and prevent attacks involving
weapons of mass destruction.
The President believes our nation must now take the next critical
step by unifying our efforts under a single Department of Homeland
Security. Only Congress can create such a Department, and I am here
today to personally convey the President's deep desire to work with
Members to accomplish this goal. He believes the creation of a single
Department with a single, clear line of authority would not only
improve our preparedness for a future attack, but also strengthen these
partnerships, thereby helping to prevent a future attack.Earlier this
month, the President signed an Executive Order appointing me as
Director of the Transition Planning Office for the Department of
Homeland Security, to be housed within the Office of Management and
Budget. While I will still retain the title of Assistant to the
President and Homeland Security Advisor, my testimony today will be
given as the Director of this new entity. I look forward to responding
to your questions after providing a short statement on the proposed
legislation and how it would make Americans safer.
The President's Proposal
On June 6, 2002, President Bush addressed the nation and put forth
his vision to create a permanent Cabinet-level Department of Homeland
Security. Two days ago, on June 18, 2002, I delivered to the Congress
the President's proposed legislation for establishing the new
Department. This is an historic proposal. It would be the most
significant transformation of the U.S. government in over a half-
century. It would transform and largely realign the government's
confusing patchwork of homeland security activities into a single
department whose primary mission is to protect our homeland. The
proposal to create a Department of Homeland Security is one more key
step in the President's national strategy for homeland security.
It is crucial that we take this historic step. At the beginning of
the Cold War, President Truman recognized the need to reorganize our
national security institutions to meet the Soviet threat. We emerged
victorious from that dangerous period thanks in part to President
Truman's initiative. Today we are fighting a new war against a new
enemy. President Bush recognizes that the threat we face from terrorism
requires a reorganization of government similar in scale and urgency to
the unification of the Defense Department and creation of the CIA and
NSC.
Currently, no federal government department has homeland security
as its primary mission. In fact, responsibilities for homeland security
are dispersed among more than 100 different government organizations.
Creating a unified homeland security structure will align the efforts
of many of these organizations and ensure that this crucial mission--
protecting our homeland--is the top priority and responsibility of one
department and one Cabinet secretary.
Immediately after last fall's attack, the President took decisive
steps to protect America--from hardening cockpits and stockpiling
vaccines to tightening our borders. The President used his legal
authority to establish the White House Office of Homeland Security and
the Homeland Security Council to ensure that our federal response and
protection efforts were coordinated and effective. The President also
directed me, as Homeland Security Advisor, to study the federal
government as a whole to determine if the current structure allows us
to meet the threats of today while anticipating the unknown threats of
tomorrow. After careful study of the current structure--coupled with
the experience gained since September 11 and new information we have
learned about our enemies while fighting a war--the President concluded
that our nation needs a more unified homeland security structure.
The Department of Homeland Security
The creation of the Department of Homeland Security would empower a
single Cabinet official whose primary mission is to protect the
American homeland from terrorism. The mission of the Department would
be to:
Prevent terrorist attacks within the United States;
Reduce America's vulnerability to terrorism; and
Minimize the damage and recover from attacks that do occur.
The Department of Homeland Security would mobilize and focus the
resources of the federal government, state and local governments, the
private sector, and the American people to accomplish its mission. It
would have a clear, efficient organizational structure with four
divisions.
Information Analysis and Infrastructure Protection
Chemical, Biological, Radiological, and Nuclear
Countermeasures
Border and Transportation Security
Emergency Preparedness and Response
Information Analysis and Infrastructure Protection
The Information Analysis and Infrastructure Protection section of
the Department of Homeland Security would complement the reforms on
intelligence and information-sharing already underway at the FBI and
the CIA. The Department would analyze information and intelligence for
the purpose of understanding the terrorist threat to the American
homeland and foreseeing potential terrorist threats against the
homeland.
Furthermore, the Department would comprehensively assess the
vulnerability of America's key assets and critical infrastructures,
including food and water systems, agriculture, health systems and
emergency services, information and telecommunications, banking and
finance, energy (electrical, nuclear, gas and oil, dams),
transportation (air, road, rail, ports, waterways), the chemical and
defense industries, postal and shipping entities, and national
monuments and icons. Critically, the Department would integrate its own
and others' threat analyses with its comprehensive vulnerability
assessment for the purpose of identifying protective priorities and
supporting protective steps to be taken by the Department, other
federal departments and agencies, state and local agencies, and the
private sector. Working closely with state and local officials, other
federal agencies, and the private sector, the Department would help
ensure that proper steps are taken to protect high-risk potential
targets.
In short, the Department would for the first time merge under one
roof the capability to identify and assess threats to the homeland, map
those threats against our vulnerabilities, issue timely warnings, and
organize preventive or protective action to secure the homeland.
Chemical, Biological, Radiological and Nuclear Countermeasures
The war against terrorism is also a war against the most deadly
weapons known to mankind--chemical, biological, radiological and
nuclear weapons. If the terrorists acquire these weapons, they will use
them with consequences that could be far more devastating than those we
suffered on September 11th. Currently, our efforts to counter the
threat of these weapons to the homeland are too few and too fragmented.
We must launch a systematic national effort against these weapons that
is equal to the threat they pose.
The President's proposed legislation would accomplish this goal. It
would authorize the Department of Homeland Security to lead the federal
government's efforts in preparing for and responding to the full range
of terrorist threats involving weapons of mass destruction. To do this,
the Department would set national policy and establish guidelines for
state and local governments. It would direct exercises and drills for
federal, state, and local chemical, biological, radiological, and
nuclear (CBRN) attack response teams and plans. The result of this
effort would be to consolidate and synchronize the disparate efforts of
multiple federal agencies currently scattered across several
departments. This would create a single office whose primary mission is
the critical task of protecting the United States from catastrophic
terrorism.
The Department would serve as a focal point for America's premier
centers of excellence in the field. It would manage national efforts to
develop diagnostics, vaccines, antibodies, antidotes, and other
countermeasures. It would consolidate and prioritize the disparate
homeland security related research and development programs currently
scattered throughout the Executive Branch. It would also assist state
and local public safety agencies by evaluating equipment and setting
standards.
Border and Transportation Security
Our number one priority is preventing future terrorist attacks.
Because terrorism is a global threat, we must attain complete control
over whom and what enters the United States in order to achieve this
priority. We must prevent foreign terrorists from entering our country
and bringing in instruments of terror. At the same time, we must
expedite the legal flow of people and goods on which our economy
depends.
Protecting our borders and controlling entry to the United States
has always been the responsibility of the Federal government. Yet, this
responsibility is currently dispersed among more than five major
government organizations in five different departments. Therefore,
under the President's proposed legislation, the Department of Homeland
Security would for the first time unify authority over major federal
security operations related to our borders, territorial waters, and
transportation systems.
The Department would assume responsibility for operational assets
of the United States Coast Guard, the United States Customs Service,
the Immigration and Naturalization Service (including the Border
Patrol), the Animal and Plant Health Inspection Service, and the
Transportation Security Administration. The Secretary of Homeland
Security would have the authority to administer and enforce all
immigration and nationality laws, including, through the Secretary of
State, the visa issuance functions of consular officers. As a result,
the Department would have sole responsibility for managing entry into
the United States and protecting our transportation infrastructure. It
would ensure that all aspects of border control, including the issuing
of visas, are informed by a central information-sharing clearinghouse
and compatible databases.
Emergency Preparedness and Response
Although our top priority is preventing future attacks, we cannot
assume that we will always succeed. Therefore, we must also prepare to
minimize the damage and recover from attacks that do occur. The
President's proposed legislation would require the Department of
Homeland Security to ensure the preparedness of our nation's emergency
response professionals, provide the federal government's emergency
response to terrorist attacks and natural disasters, and aid America's
recovery.
To fulfill these missions, the Department would oversee federal
government assistance in the domestic disaster preparedness training of
first responders and would coordinate the government's disaster
response efforts. The Federal Emergency Management Agency (FEMA) would
become a central component of the Department of Homeland Security, and
the new Department would administer the grant programs for
firefighters, police, emergency personnel, and citizen volunteers
currently managed by FEMA, the Department of Justice, and the
Department of Health and Human Services. The Department would manage
certain crucial elements of the federal government's emergency response
assets, such as the Strategic National Stockpile. In the case of an
actual or threatened terrorist attack, major disaster, or other
emergency, the Secretary of Homeland Security would have the authority
to call on other response assets, including Energy's and the EPA's
Nuclear Incident Response teams, as organizational units of the
Department. Finally, the Department would integrate the federal
interagency emergency response plans into a single, comprehensive,
government-wide plan, and ensure that all response personnel have the
equipment and capability to communicate with each other as necessary.
State/Local Government & Private Sector Coordination
The Department of Homeland Security would consolidate and
streamline relations on homeland security issues with the federal
government for America's state and local governments, as well as the
private sector. It would contain an intergovernmental affairs office to
coordinate federal homeland security programs with state and local
officials. It would give state and local officials one primary contact
instead of many when it comes to matters related to training,
equipment, planning, and other critical needs such as emergency
response.
Secret Service
The Department of Homeland Security would incorporate the Secret
Service, which would report directly to the Secretary. The Secret
Service would remain intact and its primary mission will remain the
protection of the President and other government leaders. The Secret
Service would also continue to provide security for designated national
events, as it did for the recent Olympics and the Super Bowl.
Non-Homeland Security Functions
The Department of Homeland Security would have a number of
functions that are not directly related to securing the homeland
against terrorism. For instance, through FEMA, it would be responsible
for mitigating the effects of natural disasters. Through the Coast
Guard, it would be responsible for search and rescue, navigation, and
other maritime functions. Several other border functions, such as drug
interdiction operations and naturalization, and would also be performed
by the new Department.
White House Office of Homeland Security and Homeland Security Council
The President intends for the White House Office of Homeland
Security and the Homeland Security Council to continue to play a key
role, advising the President and coordinating a vastly simplified
interagency process.
Making Americans Safer
The Department of Homeland Security would make Americans safer
because our nation would have:
One department whose primary mission is to protect the
American homeland;
One department to secure our borders, transportation sector,
ports, and critical infrastructure;
One department to integrate threat analyses and vulnerability
assessments;
One department to coordinate communications with state and
local governments, private industry, and the American people
about threats and preparedness;
One department to coordinate our efforts to protect the
American people against bioterrorism and other weapons of mass
destruction;
One department to help train and equip for first responders;
One department to manage federal emergency response
activities; and
More security officers in the field working to stop terrorists
and fewer resources in Washington managing duplicative and
redundant activities that drain critical homeland security
resources.
The New Department Would Improve Security Without Growing Government
The Department of Homeland Security must be an agile, fast-paced,
and responsive organization that takes advantage of 21st-century
technology and management techniques to meet a 21st-century threat.
The creation of a Department of Homeland Security would not
``grow'' government. The new Department would be funded within the
total monies requested by the President in his FY 2003 budget already
before Congress for the existing components. In fact, the President's
FY 2003 budget will increase the resources for the component parts by
$14 billion over the FY 2002 budget. We expect that the cost of the new
elements (such as the threat analysis unit and the state, local, and
private sector coordination functions), as well as department-wide
management and administration units, can be funded from savings
achieved by eliminating redundancies inherent in the current structure.
In order to respond to rapidly changing conditions, the Secretary
would need to have great latitude in re-deploying resources, both human
and financial. The Secretary should have broad reorganizational
authority in order to enhance operational effectiveness, as needed.
Moreover, the President will request for the Department significant
flexibility in hiring processes, compensation systems and practices,
and performance management to recruit, retain, and develop a motivated,
high-performance and accountable workforce. Finally, the new Department
should have flexible procurement policies to encourage innovation and
rapid development and operation of critical technologies vital to
securing the homeland.
Working Together to Create the Department of Homeland Security
President Bush recognizes that only the Congress can create a new
department of government. During his June 6th address to the nation,
the President asked Congress to join him in establishing a single,
permanent department with an overriding and urgent mission: securing
the homeland of America, and protecting the American people. I am here
to ask, as the President did, that we move quickly. The need is urgent.
Therefore, the President has asked Congress to pass his proposal this
year, before the end of the congressional session.
Preliminary planning for the new Department has already begun. The
formal transition would begin once Congress acts on the President's
proposed legislation and the President signs it into law. Under the
President's plan, the new Department would be established by January 1,
2003, with integration of some components occurring over a longer
period of time. To avoid gaps in leadership coverage, the President's
proposal contemplates that appointees who have already been confirmed
by the Senate would be able to transfer to new positions without a
second confirmation process.
During this transition period, the Office of Homeland Security will
maintain vigilance and continue to coordinate the other federal
agencies involved in homeland security. Until the Department of
Homeland Security becomes fully operational, the proposed Department's
designated components will continue to operate under existing chains of
command.
Mr. Greenwood. Thank you, Governor; thank you very much.
The Chair recognizes himself for 5 minutes for purposes of
questions.
Governor, as you know, this committee worked hard to pass
the Public Health Security and Bioterrorism Preparedness and
Response Act of 2002; and the title of that act, Public Health
Security and Bioterrorism Preparedness and Response was meant
to underline the dual-use nature of the programs and the grants
that we wanted to create.
We directed the Secretary of Health and Human Services in
that statute to award grants to States, cities and hospitals
and other health care facilities and providers to enhance
education, training, supplies and equipment at the local level
for bioterrorist attacks and other public health care
emergencies, many of them naturally occurring.
The--we noticed in the bill, DOJ--we did that because we
know that DOJ and FEMA were geared toward more traditional
first responders, such as fire and police, and we wanted to get
these grants out to the health care providers.
In the President's homeland security proposal, these
bioterrorism programs would be continued to run through HHS,
but the Secretary of the Department of Homeland Security could
essentially control the HHS programs by establishing its
parameters and setting its priorities. The question is, how do
we make sure that these resources are there to prepare for an
assault by West Nile virus or a new strain of influenza, so we
have preparedness for the naturally occurring disasters and
still are prepared for possible terroristic--bioterroristic
attacks and how do you see the Secretary coordinating those
concerns?
Mr. Ridge. Mr. Chairman, first of all, you and your ranking
member on the committee need to be congratulated once again for
the extraordinary effort on the bioterrorism measure. It went a
long way in helping focus the departments and the Government
and on the critical need not only now, but in the future in
dealing with this issue.
You raise a very important issue that hopefully is dealt
with to your satisfaction within the legislation. You note very
appropriately that the public health system really is a dual
infrastructure. Whether the microbes of an infectious disease
are brought to us in an envelope from a terrorist or as a
result of Mother Nature, it is still problematic to citizens
and communities.
The Health and Human Services will continue to have an
independent funding stream to direct the resources to the dual
infrastructure, the CDC and NIH and other laboratories and
research facilities as well. But by specific legislative
language included in this proposal the President submits to
you, there is a direct responsibility for the new Cabinet
Secretary to cooperate and coordinate and establish priorities
in conjunction with the Secretary of Health and Human Services.
It, incidentally, is a partnership that predated the
legislative proposal. Secretary Thompson has worked very, very
closely with the Office of Homeland Security and the White
House, and in fact, Secretary Thompson and his people worked
closely with us on the language of this legislation.
So your interests are appropriate in ensuring that the
collaboration that preexisted, that this proposal continues to
exist; and we believe that the language in the President's
initiative ensures that.
Mr. Greenwood. Kind of a day-to-day basis, I mean, what
happens if the Secretary of Homeland Security calls up the
Secretary of HHS and says, I am concerned about some
intelligence that we are gathering about the potentiality of a
bioterrorist assault in a particular part of the country, and I
would like to marshal some CDC forces out there, and the
Secretary of Health and Human Services says, I don't think we
can spare that right now, I am worried about an outbreak of a
pathogen naturally occurring that the CDC has been monitoring
in another part of the country; and the two Secretaries become
less than congenial in their cooperation?
How do you see that being resolved?
Mr. Ridge. I think there probably would be a two-step
process. First of all, since the President seeks to retain the
Office of Homeland Security within the White House, we will
continue to have a coordination role. The matter may be
resolved by the intervention of the Assistant to the President,
bringing the parties together.
It is a process that we have used on several occasions
internally, and I suspect that would be used again. I believe
that is at the heart of the President's decision to keep that
Assistant to the President for Homeland Security operational
within the White House.
But, second, obviously if there is a disagreement between
Cabinet members or among Cabinet members, the ultimate tie
breaker is the President of the United States.
Mr. Greenwood. So it is your understanding that the
Secretary of Homeland Security would not be able to say to the
Secretary of Health and Human Services, I have listened to what
you have said, appreciate your concerns, now do what I tell
you--wouldn't have the power to override unilaterally?
Mr. Ridge. I believe the President preserves the autonomy
of both Cabinet Secretaries.
Clearly, the intelligence information that would be
available to the Secretary of Homeland Security would also be
available to the Secretary of Health and Human Services; and
based upon that information, based upon vulnerability
assessments that are available to both, it would hopefully
result in an agreement on joint action.
But in the possible event that a difference of opinion
would arise, there are tie breakers to move quickly.
Mr. Greenwood. The Chair recognizes the gentleman from
Florida, Mr. Deutsch, for 5 minutes.
Mr. Deutsch. Thank you, Mr. Chairman. And I guess my focus
is a follow-up on what the chairman mentioned.
We are getting into some of the details. I think there is a
concern, just trying to flesh out this issue, of how we
envision--because we actually think we have done a good job and
are doing a good job and continue to make strides in the public
health area that--you know, taking public health into--or what
would be left.
What is your vision of what would be left in HHS of public
health issues after the Department of Homeland Security takes
out the significant component?
Mr. Ridge. One of the most critical pieces, I believe, is
our public health infrastructure. NIH and CDC remain an
integral and robust part of the Health and Human Services
research effort, outreach effort and response effort.
So I think the point of the legislation is to create an
environment and a means by which the Secretary of Homeland
Security, working in collaboration with the Secretary of Health
and Human Services and understanding that the research
infrastructure preexisted the Department of Homeland Security
and has a longstanding relationship with Health and Human
Services, CDC, NIH and the other laboratories to which they may
refer research--that infrastructure continues to exist.
And Health and Human Services will obviously have the
opportunity to come up and work with Congress on public-health-
related issues specifically. But as they work on health-related
issues, bioterrorism issues, there will be that collaborative
relationship between the two.
And when it comes to local preparedness, that grant program
that heretofore had been in Health and Human Services, will be
shifted to the Department of Homeland Security. It will be in
everyone's best interest, however, recognizing the dual nature
of the infrastructure that exists out there in the public
health system, that the work is done in collaboration; and that
is the specific reason that the Secretary of Health and Human
Services is mentioned in this legislation--in Title III, I
believe.
Mr. Deutsch. Again, this is not really in any way a
critique, but the best result.
Mr. Ridge. We are trying to work to refine it.
Mr. Deutsch. Focusing on this issue specifically--and you
just mentioned it, and that is--our understanding is that the
public health funding mechanism that HHS does, the department
will take over all of that. And theoretically--again within
your mission, or not your person, but the mission of the new
department, this is again--I guess where the concern lies is
that in my opening statement, I talked about the fact that I
think people are doing a much better job. In fact, it is a
necessary condition that they have responsibility, that they
have goals and that they achieve those goals.
Unfortunately, a lot of the things related to public health
are not what we, I think, really envision as your goal as a new
department. And I guess the concern I have, and I think many of
the members of this subcommittee and committee share, is that,
if anything, we need to be pushing forward on all sorts of
public health issues that are really not a component of--as you
said in your answers previous to this, are not really a
component of bioterrorism or chemical, you know, potential
weapons of mass destruction against the United States.
So how do we--I mean, I understand what you are saying. But
as we are structuring an agency, how do we deal with this
concern, I think, is a very real question. And I know you
responded----
Mr. Ridge. I think you raised a very important point and
you have offered, as all the committee members have, to work
with us on refining the language so that it continues to meet
the goals of the President as well as the committee's goal of
continuing to buildup a public health infrastructure that has
been--that has deteriorated over the past decade or so for lack
of funding; and that refinement we'll just have to work with
you on as we go about moving this legislation forward.
But it is clear that the public health infrastructure, any
investment from--either directly from Health and Human Services
or Homeland Security will end up having dual value, one in
combating terrorism, another just making our public health
system more robust and, frankly, long-term, improving the
overall health of the country generally.
So working out that refinement with you in the language to
make sure that we meet both objectives is certainly something
we want to do.
Mr. Deutsch. I see my time is running out. I would like to
ask one much more general question, which is, what lessons have
we learned and going forward at this point in the creation?
Obviously we talked about what happened post-World War II and
the creation of the National Security apparatus. But really,
the more recent agencies, the Department of Energy, other
agencies in terms of their creation. And I've read a number of
press accounts of just historically your interviews with people
that the creation of a new department almost by definition has
inherent bureaucratic problems in terms of staffing issues, in
terms of other issues.
I mean, how are you approaching the just systemic problems
of, you know, creating that large of a bureaucracy, and what's
the apparatus that you have in place at this point in time to
deal with some of those acknowledged issues that you will face?
Mr. Ridge. Congressman, first of all, the legislation
provides from the effective date a year transition period,
because clearly your ability to aggregate all these people and
all these departments and the infrastructure is certainly going
to take some time. And so there is a year transition process.
And you and I can well imagine that it will probably take even
longer than that to get the kind of specific changes and
refinements we need to maximize the effectiveness of this
organization. But we have got a good period of time, a year
transition.
Second, the President has asked in his proposal that the
new Secretary be given more flexibility and greater agility in
order to deal with issues such as the information system
integration procurement and, for that matter, personnel. And
depending on the wish and will of the Congress of the United
States investing in the new Secretary the ability--the
flexibility to deal with some of these issues I think would
depend how quickly we can get the system operating to maximum
effectiveness.
Mr. Greenwood. The Chair thanks the gentleman, and
recognizes the Chairman of the full committee, Mr. Tauzin.
Chairman Tauzin. Thank you, Mr. Chairman.
Governor Ridge, I hope you will give me a minute just to
get something off my chest. There is a lot of work in this bill
and a lot of work that I know you are doing in terms of
securing our borders, and they need to be secured, but there's
three points I want to quickly make.
One is that the instruments for terrorists to use against
our people are here. The jet fuel that was exploded at the
World Trade Center and here at the Pentagon was made in
America. The airplanes were built in America. And the fuel
trucks and the ambulances that a couple of people in New Jersey
were trying to buy this week were made in America. And I
suspect that we haven't paid enough attention to that. We had
better, that someone with an evil intent against our people
doesn't have to bring a doggone thing in through our borders.
We have got a lot of stuff right here in America that they can
turn against us if they are evil enough and intentional enough
to do it.
Second, the terrorists are here. They are not in
Afghanistan. If anybody has not seen Jihad in America, pick it
up from PBS. The cells are operating not just in New York and
Washington, but in little communities all over this country, in
St. Louis, in New Orleans, in Kansas City and communities all
over this country. They are here, they are operating, and they
have come in under student visas. And in the 1990's, I started
an effort to try to do something about students, and could not
get any attraction to the issue. But we have let people in
under student visas and left it entirely up to the school to
track their movements. Some of them never registered to go to
school; if they did register in school in English, they could
switch to chemical engineering or nuclear engineering, for all
we know, and nobody ever notified the State Department. And if
they graduated or if they left, nobody notified the State
Department, and they have settled in in communities all over
this country. And we need to face that fact. We have let them
in and they are here, and they are waiting for new
instructions. And we had better face that fact. And the
information they need to do is harm is so readily available in
a free society. We really have to be careful.
In the 1960's, 1970's, in the State legislature in
Louisiana, I tried to require a--pass a bill to require the
desensitization of something as common as ammonium nitrate
fertilizer and make sure you wouldn't mix it with fuel oil and
make a bomb. Couldn't get any traction on it. This committee
held hearings on this issue. But a guy named McVeigh simply had
to go in an agriculture center and buy some fertilizer and go
to a hardware store and buy a few canisters of butane gas, and
he built a bomb that took down a Federal building.
We predicted that in the 1970's when we were debating
whether we should desensitize ammonium nitrate fertilizer
before it's sold in the markets. Information about how to do
that is on the Internet. Information about how to use thousands
of available chemicals and products we make in America to turn
them into weapons of destruction, here in America, not
imported, not bringing a doggone thing in through a ship or a
plane, but right in this country, the information on how to use
those things, readily available.
You have got an awesome task; we have an awesome task. But
we have to face the facts: We have let the enemy in; he resides
among us; and he is prepared to use the things, the common
things in our lives to turn them against us, to do us harm. And
a free society, a Nation that prides itself on freedom of
information and a free access to goods and supplies and
information suddenly is challenged about how to balance all
those incredibly important rights that make us special, make
this country special, against now the threat that lives at home
with us in our own neighborhoods. And, this department is going
to be critical.
And I want to ask you a couple of questions about it, but I
want to make that statement first, because I hope everyone
realizes just how serious this business is, and how creating a
department with the absolute buck-stops-here authority to
organize and coordinate and to do anything within our legal
system to stop these people from harming our citizens here in
America now, unlike any threat we have faced in the history of
our country, is going to be simply awesome, and we have got to
do this thing right.
I noticed in the President's proposal, for example, that
the Freedom of Information changes. The changes you recommend
being made about providing new protections against public
disclosure of some sensitive information is limited only to
information that's provided voluntarily, and is non--it is
provided by non-Federal entities with respect to critical
infrastructure activities. I wonder why that's limited. I
wonder why, when the government compels a private entity, such
as a safe water drinking facility or an electric generation
facility or a manufacturing plant that's manufacturing critical
components--when the government complies, they have to submit a
vulnerability assessment, and it's under government requirement
mandate to do so, why we couldn't protect that information as
much as we would protect information that's voluntarily
supplied. I hope you look at that.
Mr. Ridge. We will.
Chairman Tauzin. I hope you look at whether or not the non-
Federal entity limitation is a good one, or whether there are
some Federal entities that may supply information to your--to
our new Department of Homeland Security that ought not be in
the public domain; that may be accessible by the right persons
in the government, but nevertheless protected from disclosure
on the Internet because it may open the door to some sort of
road map for destruction. We need to be careful, very careful
about that, as we go down the future.
I notice in the bill, Governor Ridge, that one of the R&D
programs, nuclear smuggling, is exempted from complete transfer
to the Homeland Security office, that it suggests instead that
the DOE jointly operates the program. I wonder if that isn't a
better model for a number of R&D programs. And I would--you
don't need to respond today, but I would love your office,
before we act on this proposal, to explain to us why that model
wouldn't work for a number of the other R&D programs which are
equally sensitive as nuclear smuggling might be in terms of
joint operation, rather than simple pure transfer out of the
department.
I want to emphasize the points that Mr. Waxman made about
our public health entities, and I believe Chairman Greenman
made it, too. When we debated the bioterrorism bill, we were
very, very careful not to create a special unit at the CDC that
strictly related to terrorist attacks to our public health,
because, frankly, when an outbreak of infectious disease hits
or something else happens in this country, we don't know at the
start how it happened, we just know we have got a problem on
our hands. CDC has to respond whether it's a terrorist or
whether it's a natural pathogen in our society. And we have to
be careful that we don't create a situation where bureaucrats
have to first debate where to send the issue before we can
respond. And I would hope that as we evolve this new
department, we are careful about that.
I would like to point out to the committee again in regards
to my opening statement, we discovered just last week that the
smallpox--rather, the anthrax bacteria that was sent in the
mail was probably cultured here in America, not brought in over
borders, again, but cultured here in America and may be
cultured again in America.
CDC needs to respond whether it's someone culturing it in a
lab and it accidentally gets out, or someone has got an evil
intent in sticking it in the mail trying to kill people. They
have got to have a clear capacity to respond and not wait for
some bureaucrat to say, ``Okay. We don't think it's a terrorist
attack, so you are in charge instead of us.'' that's a very,
very sensitive decision we have to make.
I want to also mention that in regard to--in regard to the
President's proposal, there is a proposal in here to give the
new Secretary authority to take, seek--or, seek to effect
protective measures to secure critical assets, including those
in the private sector. I mentioned this in the opening
statement, but I hope you pay an awful lot of attention. I want
to look at this very carefully before we complete action on
this bill.
The last thing we need is to create another bureaucracy
with regulatory authority in this area, and I would hope this
is not designed to do that. And we are going to be watching
very carefully that this truly represents an effort to
coordinate the public/private partnership rather than creating
new lines of authority that are going to contradict other
regulatory agencies of the government in some of these private
sector operations.
Finally, Governor Ridge, I think one of the best pieces of
information and advice that came to the President the other day
at our meeting with you came from John Dingell of Michigan, the
ranking member of our full committee, who pointed out to the
President and to you--and I wanted to emphasize his words
again--that we have seen in the past creation of Federal
agencies cobbled together out of pieces of different other--
different agencies, with other different cultures and with
other different organizational structures. We have seen the
creation of some big messes. He cited the Energy Department as
one. I want to second that.
The Energy Department represents one of the most difficult
organizations in the government to manage because it was
cobbled together, with all sorts of different pieces, some of
which contradict one another; there are fiefdoms all over that
department that don't cooperate with one another, that the
right hand doesn't know what the left hand is doing, and
wouldn't want to know if it was told.
The problems inside the Energy Department are not because
of the--of any particular leaders, and Mr. Abraham is doing his
best, as you know, to manage that department, as other
Secretaries have done before him. It was a problem inherent in
the way it was constructed.
I would urge you and the President to pay special attention
to Mr. Dingell's words here, as we cobble together a new
department, one that may be more critical than any we have ever
cobbled together in a long, long time. I would hope that you
pay special attention to the pieces you put together, and to
make sure we don't create another mess like we have created
with the Energy Department.
Thank you, Mr. Chairman.
Mr. Ridge. Thank you very much for your commentary, your
observations, and the recommendations and concerns you have
expressed. Let me just try to summarize a quick response,
noting the many interests and concerns you have with the
legislation: That a good organization isn't necessarily a
guarantee of success. A flawed organization is guarantee of
failure. And that's why we believe that working together with
Congress as we refine the ideas and address the concerns,
hopefully, we can avoid the pitfalls that have undermined
earlier reorganization efforts, and never really led to the
unity of command and the kind of effectiveness that I think
those who had organized it way back when had intended and had
hoped. We need to avoid all those pitfalls as we ramp up this
new organization.
Mr. Greenwood. The Chair thanks the gentleman, and
recognizes for 5 minutes for inquiry the gentleman from
Michigan, Mr. Stupak.
Mr. Stupak. Thank you, Mr. Chairman.
Governor Ridge, you said in your statement that homeland
security works when the hometown is secure. I want to talk a
little bit about IBETs and some of the intelligence-gathering
stuff that we have going on in this country. The IBETs, as you
know, are Intelligence Border Enforcement Teams, and there are
13 of them, and after September 11, I think Customs did a
pretty good job. But I want to point out where I think there is
a gaping hole. I want to see if this is still driven by
Customs, or will Homeland Security now take charge.
Thanks to my friend here, Mr. Strickland, here is Michigan.
It's just a map of Michigan. You have an IBET down here in the
Detroit area, right down here. And that comes right around
here, so that's pretty much covered here. But then you don't
have another IBET until you get way over here to Thunder Bay,
Canada. So all this area in here--and by the way the crow
flies, if you did a straight line, it's about 700 miles. But
where we have a lot of activity is here in Sault Sainte Marie,
Canada.
Mr. Ridge. Right.
Mr. Stupak. And that's about 700 miles. When you come over
here, the islands are right here by Drummond and then the
Channels. It's very easy, St. Mary's River, are very easy to
cross. It's a major hole in our IBETs. So my question is, if
you are going to do an IBET, who will make that determination
now? Customs? Or will Homeland Security?
Mr. Ridge. Customs will be an integral part of the
reorganization effort. Interestingly, you talk about this
rather unique alignment of multiple agencies led by Customs.
Because when I complete the hearing today, I am going to spend
a little time with some of the officials that are running one
down in Key West. It's a good model. It's been very effective
where it has been deployed. I see no reason why the new Cabinet
Secretary would do anything other than to try to continue to
enhance and empower its activity.
As you know, the President in his 2003 budget proposal also
calls for I think the largest increase in support for the Coast
Guard ever. We need additional people and boats and platforms
to buildup their capacity, because clearly now border security
and port security has taken on an enhanced dimension. So----
Mr. Stupak. But then who would do an IBET then? Coast Guard
or Homeland Security now?
Mr. Ridge. Well, by definition, if the Coast Guard's doing
it under the new department, Homeland Security would be doing
it. Again, it is a best practice that I would suspect that the
new Secretary would continue to try to deploy. It has proven to
be successful.
Mr. Stupak. Well, at these IBETs, and even--we don't have
an IBET here at Sault Sainte Marie, where I think we should. We
do have the Sault Area Intelligence Committee, and they are
working with the Canadians, and we have 12 Federal agencies
working out here trying to help secure the border here. But the
problem with that one--that's one of the problems we are
concerned about--is, while you have 12 agencies working well
with the Canadians and all the local and county law
enforcement, no is one is in charge. You have 12 agencies. They
are all working together cooperatively--and I don't mean to be
critical of what they do. I think they do a great job. But if
something happens or if someone has to call a shot, we are
going to do this, there is no one there who is in charge. And I
think that's one of the problems we have when we start talking
about security at our borders and elsewhere. And I would hope
the new Homeland Security would have, at least at these area
intelligence committees, someone to go to. Who is the go-to
person in that local area, is what we sort of need to do.
Mr. Ridge. You highlight a feature of border security that
became evident to me as we put together a team from Customs and
Coast Guard and INS and other agencies that deal with border
security to develop a 21st century smart border accord with our
friends in Canada.
Mr. Stupak. Sure.
Mr. Ridge. That's an ongoing process, where we look to
critical review of our infrastructure, protective
infrastructure, and how we facilitate the flow of people and
goods, at the same time enhancing security.
So under the new agency, the coordinating function to a
certain extent would be replaced by a command function, because
you have Customs in one department, you have INS in one
department, you have Border Patrol in another.
Mr. Stupak. FBI.
Mr. Ridge. Now, under the President's proposal, they would
be all aligned singularly under an under secretary. So I think
you will enhance the effectiveness of that kind of program,
because you now have a command structure that can direct that
it be done. And it is a good practice.
Mr. Stupak. But if it's the IBET or like the Sault Area
Intelligence Committee, I guess what I want to know, so we
aren't pointing fingers like we do after September 11, where
would I go to get full accountability on the issue? Who or what
department--and, as we say--does the buck stop here? And, will
the department order Customs to do it, the new department? Who
is going to have the accountability? Where does the buck really
stop with that new proposal?
Mr. Ridge. I think it's a very appropriate question that
you've asked, because you want the authority to get things
done, be aligned with the accountability. And, at the end of
the day, that will be determined by the new Cabinet Secretary.
But----
Mr. Stupak. So the Cabinet Secretary would be----
Mr. Ridge. Clearly, I think that's the primary reason
behind the President's reorganization effort aligning authority
with accountability.
In here, what you finally have is a consolidation of the
many agencies involved in IBET under one command structure. You
can do--you can go so far trying to coordinate activity among
organizations. I think you can go even further when you can
command activity among organizations. And now I think you have
a unitary command structure that will enhance the capacity of
those multiple agencies to do that kind of job.
Mr. Stupak. Well, when you see your Florida IBET, I would
be interested in seeing your reaction to it, and see if there
is one person in charge down there, or are we still all
cooperatively.
Mr. Greenwood. The time of the gentleman has expired.
Mr. Stupak. Thank you, Mr. Chairman.
Mr. Greenwood. The Chair recognizes the gentleman from
Kentucky, Mr. Whitfield, for 5 minutes.
Mr. Whitfield. Thank you, Mr. Chairman.
Governor Ridge, Chairman Tauzin touched on a matter that
I'm interested in and I'm sure other members of the committee
are also, and that was the FOIA protection in the President's
proposal being limited to voluntary information supplied by
non-Federal entities. And, as he has indicated, EPA and others
sometimes require entities to provide vulnerability
assessments, which, under the President's legislation, would be
subject to a FOIA request. Is that an issue that you all are
willing to revisit and determine whether or not his proposal
would be subject to change in that area, or not?
Mr. Ridge. Yes, it is, Congressman. I mean, the legislation
as drafted was directed specifically at a problem that has been
experienced by a lot of the Cabinet Secretaries, and even
during the work of the Office of Homeland Security, and that
is, getting an understanding that 80 to 90 percent of the
critical infrastructure in this country is owned by for-profit
entities. And they are anxious, just as all Americans are, to
help. They are anxious to participate. They want to let the
government know, for a variety of reasons, where they view
themselves as vulnerable. As--the companies are custodians of
not only the proprietary interests, but they're neighbors in
communities, they're corporate citizens, and have a
responsibility to all these different groups. But they are
not--our sense is that they would be a lot more forthcoming
voluntarily in sharing this kind of information with us if it
was part of a limited exemption to the Freedom of Information
Act.
So whether or not we expand it is certainly worth
consideration, not only in this bill but down the road in the
years ahead.
Mr. Whitfield. Okay. Well, thank you, Governor. And I
notice also that some of the transferred functions that would
be coming into the new department relate to DOE's non-
proliferation work with certain countries, and particularly
Russia. And this is a little bit parochial interest of mine,
narrowly focused, and maybe you don't know the answer to it,
but recently DOE entered into a new agreement with the United
States Enrichment Corporation to be the executive agent for
bringing in enriched uranium from Russia as a part of the non-
proliferation efforts in that country. Is that the type of an
agreement that would be transferred to the new agency, or would
that remain with the National Security Council? Or do we know?
Mr. Ridge. That kind of agreement as presently drafted, I
believe, with remains with the National Security----
Mr. Whitfield. Okay.
Mr. Ridge. [continuing] apparatus of this country.
Mr. Whitfield. Okay.
Mr. Ridge. You should know that the agencies and
departments and programs that we have drafted into the
Department of Homeland Security has been done with very close
collaboration with the Department of Energy and others. And
because of the complex nature of these programs--you just
alluded to one of them--there are international aspects to this
that involve issues that are related to homeland security, but
also involving the Department of State and the National
Security Advisory and the like. So, we have been very careful
in drafting these programs. But that would remain with the
national security apparatus of this country.
Mr. Whitfield. I notice that we have some private
companies, like FedEx and the Port of Virginia that are
actively testing and pursuing installation of radiation
detection devices throughout their systems right now. But there
are no Federal standards in this regard for radiation detection
devices, and there is no single Federal entity to which the
companies can look to guidance--for guidance and support. Will
this new Department of Homeland Security be able to assist in
providing leadership in that area for these private companies
that want to pursue this?
Mr. Ridge. Congressman, you've raised that question;
Congresswoman Harman has raised that question. Literally dozens
of your colleagues have done the same thing.
It is the purpose of the creation of the unit within
Homeland Security of weapons of mass destruction
countermeasures, and to involve a means by which we can
establish the kind of standards and the point of access so the
companies can work--know, one, the standards that we would like
their equipment to meet; and, two, a point of access to get
their equipment, their technology tested against those
standards.
So, again, this is a work in progress, but develop a center
of excellence around the Lawrence Livermore Lab, but using the
other national labs and the other research facilities in this
country, we would hope to, one, create a point of access for
testing and evaluation; and, two, as we develop national
strategy, to set national standards.
One of the big challenges we have in setting a--in
developing a national strategy over a Federal system is we
can't necessarily dictate to State and locals or Federal
agencies, for that matter, the kinds of equipment that they
must acquire or purchase. But by setting standards, we can go a
long way in making sure that the equipment, from whomever the
vendor might be, is interoperable with the other equipment that
may be needed at the time.
Mr. Whitfield. Thank you.
Mr. Greenwood. The time of the gentleman has expired. The
Chair recognizes the gentleman from Ohio, Mr. Strickland, for 5
minutes.
Mr. Strickland. Thank you. And my friend from Michigan has
a quick question here. I do have some questions, but I will
yield the time to him temporarily.
Mr. Stupak. Thanks.
Exactly on that point, on the radiation detection issue.
Customs said we are going to do it, and then Customs says we
know nothing about it, so they give it to DOE. DOE says we
don't know anything about it, so we give it to Lawrence
Livermore now. So now we have three ways down the scale. Who is
making the decision? Who is going to be ultimately responsible
and accountable? This has been going on for some time.
Mr. Ridge. It has.
Mr. Stupak. And someone has got to say enough is enough.
Let's get the decision done. Let's get it made. Here, you have
got Customs in saying, do this. Then they say, well, we really
don't know anything about it, so we will give it to DOE. They
contract to DOE; DOE says, yeah, good idea. We should do a
standard, but we don't know what it is. Let's contract to one
of our labs.
Now we are three ways down the ladder and three rungs down
the ladder. How is this ever going to get done? We need someone
to take the bull by the horns and say get it done.
Mr. Ridge. Congressman, I think you reflect a challenge not
only for Homeland Security in terms of how those three
departments operate, but overall the operation of the Federal
Government. You know, bringing some kind of a concerted effort
to resolve these issues and getting someone to make a decision
based upon a national strategy, national priorities, and
national vulnerabilities is what needs to be done, and that is
at the heart of the President's proposal.
One, the Department of Homeland Security, where this kind
of issue can be resolved once a strategy is developed,
priorities have been developed based on vulnerabilities and
threat assessments, and then targeting the research, the
appropriate research dollars to that end.
We have a fairly robust and fairly expansive and expensive
series of research and development activities within the
Federal Government. It's ad hoc, and at least under the
umbrella of the Department of Homeland Security, those kinds of
efforts relating to protecting our way of life and our citizens
would be given, I think, a strategic focus, long overdue, as
you pointed out in your question.
Mr. Stupak. Right. And in this whole thing, we have
entities willing to install the equipment, we have vendors
willing to sell the equipment. How do we bring it all together
is really sort of the crux. Going back to the accountability
issue, we have vendors, again, willing to sell, you have got
people willing to install. But what do we install? What's the
standard? How do we do it? That's--that's the part we have got
to get our hands on, and I'm just looking for more specific
proposals in the President's legislation that would put someone
in charge to get it done, to get that accountability.
Mr. Ridge. Well, I think if you take a look at the one unit
in there that deals with research and development and science
and technology, that is the President's intention, that the
centerpiece of the strategic--the strategic direction for
homeland security research and development would be here. It
would be through the Lawrence Livermore Laboratory. You would
have centers of excellence at some of the other laboratories.
We have got an extraordinary system of academic research
institutions around this country. I mean, we have got plenty of
people who are prepared intellectually with the laboratories
and the experience to direct their focus once the Federal
Government decides where that--where that research should be
directed. We have got plenty of people out there that can help
us do it, once we give them specific direction. We don't do it
now. We just do it on an ad hoc basis.
Mr. Strickland. Mr. Secretary, I just wanted to share some
information that was in the Youngstown Vindicator regarding the
possible location of the new department, and just to let you
know that Youngstown, Ohio would be more than happy to provide
a home for your new department. There has been some discussion.
Mr. Ridge. I thought maybe in Pennsylvania somewhere. But
apparently----
Mr. Strickland. That's exactly what I was thinking.
Mr. Ridge. We can get close to the river.
Mr. Strickland. Sir, so that we both can benefit. But I
have been thinking about this new department since the
President has made his proposal, and one of the things that has
concerned me is the fact that it appears that there was at
least some failure to analyze data and to communicate data and
so on. And I've been wondering how this new Secretary who is
going to be responsible for homeland security is going to be
able to do what they need to do--he or she needs to do if they
don't have some direct authority over the agencies that are
most responsible for intelligence in this country, specifically
the FBI. And I'm wondering, how will the new Secretary be able
to assure us and the Nation that the failures that have been
identified in terms of not only data collection but data
analysis and dispensation and the sharing of data and so on,
how will the Secretary be able to deal with that problem, if it
continues to exist, without having some direct authority over
that agency?
Mr. Ridge. Congressman, your question goes to the heart of
the ultimate desire of the President, the Congress of the
United States, and the people of this country, must do
everything we can to prevent the attacks from occurring in the
first place. And at the very heart of that effort is acting on
credible intelligence and information, interdicting and
preventing the attacks from occurring.
By specific legislative language, the Congress of the
United States will empower the new Secretary to secure the
reports and the assessments and the analytical work done by the
CIA and the FBI, but also be empowered to get the information
and intelligence that any other agency generates. This is an
historic new capacity within the intelligence community,
because within the Department of Homeland Security there will
be an integration and fusion function that heretofore has not
existed. It will be based upon whether or not that assessment--
there are credible assessments with regard to threats, because
in the same department you will match that up against potential
vulnerabilities. More often than not, private rather than
public. But if you have a credible threat targeted to a
specific sector, to a specific company, to an area, you will be
able to match and take a look at the vulnerabilities that may
exist there, and then, again, in the same department have a
recommendation of prescriptive or protective measures to be
taken in response to the threat based upon the vulnerability.
Let me just say, if I might, that the President believes
very, very strongly that the CIA, which obviously gathers from
time to time information that is relevant to domestic
terrorism, also secures information with regard to terrorism
around the world, also is involved on a daily basis with
securing information with regard to challenges from sovereign
states. Weapon systems, biochemical systems, and the like. So
the portfolio of responsibilities for the CIA far, far exceeds
just the targeting of domestic terrorist information.
The President also believes very strongly that there is a
direct line of authority, the DCI to one person in the
executive branch, and that's directly to the President of the
United States.
The President also believes that the FBI should remain an
integral part of the chief law enforcement agency of this
country, the Attorney General's Office.
But again, by specific legislative language, if the
Congress adopts the President's proposal, you will create a new
capacity of intelligence, integration, fusion, analysis, and
then application. Because the reports and the assessments--the
Phoenix memo would come to the new agency. Prior to this
legislation, the Phoenix memo might have been lost in the
department, in the FBI; but as the language is written with
regard to the President's new Department of Homeland Security,
the Phoenix memo would obviously be shared internally, but also
be a piece of the information, the gathering that the FBI has
done that would be shared with the new Department of Homeland
Security.
Mr. Greenwood. The time of the gentleman has expired.
Mr. Ridge. I'm sorry. It's a long-winded answer to a very
appropriate question.
Mr. Greenwood. That's what we are here for.
Mr. Ridge. All right.
Mr. Greenwood. The gentleman from Kentucky is recognized
for 5 minutes.
Mr. Fletcher. Thank you, Mr. Chairman.
And, Governor, I want to thank you. I know we all have some
questions how this new agency will operate. I think there is
very little question as to your capability of leadership and
the choice that the President has made in you. So I want to say
thank you for your leadership thus far.
As I look over your testimony, and of the three really
mission areas of this new agency, to prevent terrorist attacks,
reduce America's vulnerability, and minimize the damage and
recovery from attacks that do occur, I think I understand a
little more clearly the prevention portion and kind of the
reducing vulnerability. In the minimizing the damage and more
in the response, as I understand it, if there were a major
terrorist attack today, of whatever type it might be that the
roles and responsibilities of the various Federal agencies that
respond to such emergencies are currently well-defined in the
Federal response plan.
Mr. Ridge. Right.
Mr. Fletcher. The FBI would be the lead for the crisis
management portion; FEMA would lead for consequence management;
and, if the attack occurred overseas on foreign soil, then the
State Department would take the lead. And there are various
other scenarios as well where the lead Federal agency may
change.
I think we have all been assured that this seemingly
convoluted system would work and that everyone would understand
the chain of command in it. But under this new plan, let me ask
you, would the new Homeland Security Secretary be the lead
Federal agency for all events, whether criminal or whether of
natural origin, whether domestic or foreign? How would that be
sorted out?
Mr. Ridge. I believe it is the intent of the President that
the unit within the new department dealing with the emergency
preparedness and response become an all-hazard agency, and that
is the Federal Emergency Management Agency. Heretofore, it
would be responsible for the consequence management of acts of
nature and potentially even horrific accidentally caused acts,
such as the fires out in Arizona, but under the President's
proposal become the lead agency to respond to both terrorist
incidents and natural incidents as well.
Mr. Fletcher. Well, what--given that, and the FBI--say you
went back to an event like 9/11--of course, the Justice
Department, there is criminal investigations of the Department
of Defense.
Mr. Ridge. Right.
Mr. Fletcher. How would you see as far as the leadership
role of the Secretary of the agency in responding? What roles
would the FBI take? Would they still lead the criminal aspect
and FEMA the natural disaster, if it were a different
situation? And what would the new Secretary's responsibility--
and who would be the lead--who is going to be the boss in some
of these decisions?
Mr. Ridge. First of all, I would share with you that at the
time the disaster occurs, I think the lines are--between law
enforcement and FEMA are very much blurred, because the natural
impulse of the men and women who rush to the scene, whether
they are police, firefighters, emergency medical folks, or
civilian volunteer, are to save as many lives as possible. And
so I think you'll find that the first responders at the scene
as you go about trying to save lives as quickly as possible
will ultimately have the responsibility. That means as soon as
FEMA can get to the scene, they would oversee the response and
recovery effort. That is not to exclude, if the circumstances
warranted, the FBI from the very beginning trying to preserve
whatever evidence there might be at the scene. But as we have
discovered in the two horrific--in the multiple horrific events
around 9/11, the first impulse is to save lives. And that's
exactly what they did. And the information that the FBI has
gleaned isn't so much from the scene of the crime, it's from
other sources as they patch together the profile of the
terrorists and learned what they did and how they did it in
preparation of the 9/11 tragedies.
Again, the anthrax is a little bit different situation
where you really had to have a collaborative effort at the
scene.
So I think it's going to vary from incident to incident.
But at the end of the day, I believe you are going to have--you
need FEMA to be in charge of the response. Mr. Fletcher. Then
the FBI would still maintain control and the lead of the
criminal aspect of it?
Mr. Ridge. Correct.
Mr. Fletcher. FEMA, kind of the first response and the
humanitarian----
Mr. Ridge. Right.
Mr. Fletcher. To make sure to reduce the loss of life, and
recovery.
Mr. Ridge. Correct. Interestingly enough, when I visited
Fort McClellan in Alabama where they are preparing first
responders to get to the scene, they were training the firemen
and the emergency medical technicians and others to be
sensitive, depending on the scene and the kind of incident,
about the necessity of trying to preserve what might be viewed
later as evidence. And, at the same time, they were training
the police, the local police, the State police, the auxiliary
police, how to respond in a more traditional life-saving
capacity.
So there is a sensitivity within the first responder
community to protect each--to support each other in the long-
term--with regard to their long-term duties. But the first
response when people get to that scene is to save lives, not to
gather evidence. But then it sorts itself out down the road.
Mr. Fletcher. And I think, certainly, as this goes along I
think, at least in my mind, it would help to be a little more
clear of, you know, who is going to be in charge of what,
who's--because one of the problems you have in management is
always if you have two or more bosses, it makes it very
difficult where the responsibility lies in a lot of these
issues.
Mr. Ridge. Clearly, the law enforcement function related to
a terrorist incident, the investigation, the follow-on would
vest in the Federal Bureau of Investigation. I mean, hopefully,
there is no confusion there. Where there is confusion from time
to time is who is in charge as soon as the incident occurs. And
the experience that America witnessed and participated in on 9/
11, people didn't pay any attention to the authority given to
them by virtue of the badges, whether it was law enforcement or
first responder. The first impulse is, let's go in and save
lives. Then you have a very appropriate delineation of
responsibilities. But the investigative, the law enforcement
side of this still belongs to the FBI.
Mr. Fletcher. Thank you. I see my time has expired.
Mr. Greenwood. The Chair thanks the gentleman.
The gentlelady from California, Mrs. Capps, is recognized
for 5 minutes.
Mrs. Capps. Thank you, Mr. Chairman.
And, again, Governor Ridge, I want to pick up on a theme
you referred to earlier, that our homeland is secure when the
hometown is secure, going back to that local system and systems
in place.
I want to concentrate, if I could, on the Center for
Disease Control, the CDC, and how that affects our local
communities. In the third panel, a representative from the GAO,
Janet Heinrich, has made a couple of statements that I want to
bring into this and give you a chance to respond to her.
She is expressing ``concerns about the proposed transfer of
control from HHS, to the new Department for Public Health
Assistance programs that have both basic public health and
homeland security functions.'' And she says ``these dual-
purpose programs have important synergies that we believe
should be maintained.'' And she expresses concern ``that
transferring control over these programs, including priority
setting to the new department, has the potential to disrupt
some programs that are critical to basic public health
responsibilities. We do not believe''--these are her words--
``that the President's proposal is sufficiently clear on how
both the homeland security and public health objectives would
be accomplished.''
And, if I could, again, I was privileged to visit with
Congressman Deutsch the Center for Disease Control site not
long after 9/11, and to see that CDC was stretched beyond
capacity before that date and now have so many additional
responsibilities. And acknowledging that when I, in my years of
being a school nurse, relied on them very directly for help
with ongoing epidemics and issues of, for example ``is there
enough flu vaccine on hand?'' These are the questions that my
first responders are asking me. And so can you describe and
will you describe how these fears can be allayed?
Mr. Ridge. Well, first of all, again, you and your
colleagues have raised a very important question with regard to
the distinction between homeland security, related research and
activities of the CDC, and the traditional public health work
of the CDC. And we believe there is a very distinct care line
here where the Department of Homeland Security would be
involved in those issues that had primary--not necessarily
exclusive, but primary homeland security dimension. That's not
to say that the CDC would not continue to deal with public
health issues, maternity care, child care, immunizations. I
mean, are they going to continue to have the same programs they
have working with the States and the localities on a variety of
public health issues, continue to have the programs dealing
with the restoration of some of the public health
infrastructure, continue to have money for research-related
issues of cancer and smoking and things of that sort?
Mrs. Capps. Right.
Mr. Ridge. So I think--I think there is a distinguishable
line now. And if we need to further clarify that with language
in the legislation, we certainly want to entertain that. But
it's also, I think, very important to note that the legislation
specifically calls for the two Secretaries to establish the
kind of relationship so that both can take advantage of the
dual-use infrastructure that has been built up through the
extraordinary work of the Health and Human Services and the CDC
over the past decades.
Mrs. Capps. Let me thank you, and--but push this even
further.
Mr. Ridge. Sure.
Mrs. Capps. Because we can talk about charts and flow
charts, but it really becomes clear when you talk about
dollars. And CDC, many would say, including me, was underfunded
before 9/11. How will the dollars flow to do those basic
activities?
And let me add on to that an additional challenge that we
have faced here in our House subcommittee, what some would
say--at least from where I sit in California--a crisis of
health care delivery. And the upper payment limit cuts to the
State of California, for example, will take $300 million from
our public health safety net hospitals. That's going to be
difficult if there is no bioterrorism attack. That's going to
be a real hardship on a State like ours. And those institutions
are exactly where people go when they--when the flu epidemics
hit and when if, God forbid, there is a bioterrorist attack.
That's exactly where people will go.
If we continue to cut resources to these programs, these
hospitals, how can we add on another layer of preparedness?
Mr. Ridge. Well, I tell you, I think you raise a question
that under a new configuration of the executive branch would be
appropriately raised with both the new Secretary of Homeland
Security and the Secretary of Health and Human Services. The
point being is that there will be an identifiable money stream
with regard to specific programs that I think that can be
identified and can be identified today. Over the years,
obviously the Congress of the United States will have
opportunity to increase dollars, whether it's through homeland
security for those issues and that research relating more
particularly to weapons of mass destruction, bioterrorism,
chemical attacks and the like, but also work with the Secretary
of Health and Human Services to bolster and fund programs
related strictly to public health.
I mean, so many of these programs--and again, that will be
a balancing act that will require the best efforts of both the
executive branch, but working in collaboration with the
Congress of the United States that ultimately has the
constitutional responsibility and authority to appropriate the
monies. So you'll help create that balance.
Mrs. Capps. Well, I know my time is up. But, you know, the
President has said there are no additional dollars for this
effort; and we are saying there weren't enough in the
beginning. What shall we do now?
Mr. Ridge. Well, there are--for the--for 2003, as we ramp
up the new Department of Homeland Security, the President has
spoken, recognizing what he has in the 2003 budget, which
includes about a $14 billion increase for homeland security
initiatives over the 2002 budget. What happens in the 2004 and
beyond again will depend upon the interaction and the
priorities set collectively between the Congress of the United
States and the President.
Mr. Greenwood. The Chair thanks the gentlelady, and
recognizes for 5 minutes the gentleman from Ohio, Mr. Gillmor.
Mr. Gillmor. Thank you, Mr. Chairman.
And, Governor, one of the things I wanted to inquire about
was in the bioterrorism bill, which we just completed, we
provided for drinking water systems' vulnerability assessments
and recommendations for action be done by EPA. Now under the
proposed bill we have, it's my understanding that would take
that authority out of EPA and put it under the new department.
I guess the question is, does it make a lot of difference? Is
it something that you feel really is an improvement in homeland
security, or would it just as well be left with EPA where there
is at least some body of expertise?
Mr. Ridge. It would be our hope that the President's
initiative could be embraced to include pulling that into the
Department of Homeland Security because of the vulnerability
assessment requirements that will be imposed upon the new
department. If it's the congressional will to keep it at the
EPA and mandate that that information be shared and become part
of the infrastructure, the information infrastructure upon
which the Department of Homeland Security operates, so be it.
But it's just a feeling that we--in this new department, we
have got, remember, the threat assessment matched against the
vulnerabilities. And clearly, the water system, the energy
systems, telecommunications, utilities, financial systems and
the like are part of our critical infrastructure. So it was
consistent with the President's belief that we ought to have
that information-gathering capacity with regard to critical
infrastructure within this department.
Mr. Gillmor. I wasn't strongly suggesting that it stay with
EPA; I was just trying to feel you out on where you were coming
on that.
Mr. Ridge. We think it would be better to put all this
within this--this assessment within the new department.
Mr. Gillmor. In title 3, the President proposes to transfer
certain R&D programs from DOE to the new Secretary. And mostly
those are the ones dealing with development of detectors or
sensors for nuclear, bio, and chemical agencies.
Now, most of the research is done by DOE's laboratories,
which are public and private entities under control of DOE. The
labs conduct such research, however, not just for DOD; they do
similar research under the work for other programs where the
CIA, FBI, State, and the Secret Service can also request their
own work.
Now, while it seems to make sense to have a single agency
coordinating and prioritizing all the research, I'm not sure
that the proposal does that since it only transfers the DOE
programs and doesn't touch the rest of them.So why just
transfer the DOE programs? Why not also transfer the work for
other programs at the labs? Is that an oversight, or is there a
reason for that?
Mr. Ridge. I think we focused, Congressman, on the programs
within the Department of Energy because of the very specific
focus they have at the national labs and the expertise they
have developed. But particularly, the Chem-Bio National
Security Program where they have as their mission the
development, the demonstration, and delivery of technologies
and systems that will help this country prepare for, prevent,
and respond to a terrorist attack. And they have been--this is
work that they have been doing for years. It deals with bio and
chem detectors, it deals with modeling capabilities to predict
the effects of a chemical-bio attack. And again, in
consultation with the Department of Energy, as we try to pull
into the new Department of Homeland Security those programs, if
not exclusively, then at least primarily deal with securing the
homeland, this was very appropriate.
Mr. Greenwood. The time of the gentleman has expired. The
gentlelady from California, Ms. Harman, is recognized for 5
minutes.
Ms. Harman. Thank you, Governor Ridge, for your testimony.
I have been listening carefully, and agree with your testimony
and with your answers to questions.
I would like to associate myself with the comments of our
Chairman about the urgency of the threat and the fact that it
is among us right now. And that prompts me to talk about the
urgency I believe there is, not just to pass this legislation,
but to implement certain changes which we could do this minute
and not even wait for the legislation. One of them is
information-sharing across the Federal Government and between
the Federal Government and local first responders.
As you know, Governor, H.R. 4598, a bill that Saxby
Chambliss and I introduced some months back, has now been
reported by the House Judiciary Committee, and also has the
unanimous support of the House Intelligence Committee, and is
ripe for action on the House floor. I would like to thank you
for your help in fashioning this legislation, and just mention
to my colleagues that this is a way to share information now,
stripping out sources and methods so that those without
security clearances can receive it. It would cover the FBI, the
CIA, and all those agencies not in this new department, and
would get their information down to first responders who
desperately need to understand better what our threats are. So,
thank you for your help with this. That's one thing we can do
now.
The other thing we can do now, I think, relates to
interoperability. When Saxby Chambliss and I visited your
excellent emergency facilities some weeks back, at your
invitation, we saw state-of-the-art technology that you have
been putting together. There is still an enormous amount of
work down the road, and we all agree about hooking in private
sector, cutting-edge technology into this new department. But
meanwhile, there exists now integrating devices that can bring
together the different frequencies and different handheld
communication devices in an emergency. This would create
interoperability, which we absolutely need for first responders
from different police and fire and EMT agencies to come
together at the scene of a terrorist attack in somebody's
hometown. As you point out, all terrorist attacks are local.
There is a device called the ACU-1000, which is built in
North Carolina, and which many communities are using. Its
problem is that it is too small to handle the requirements of
large metropolitan areas like Los Angeles County. Yesterday, in
front of this building I saw in a van a technology developed by
a large aerospace company that wraps this ACU-1000, a technical
term meaning adds to it, and can connect five or more vans to
cover the frequencies that an entire metropolitan area might
need to use in an emergency.
Example: L.A. County has 88 cities, 55 police departments,
33 fire departments. It could, they allege, cover L.A. County.
My question to you is, how do we get to these bridging
technologies--they may not be the perfect answer, but they sure
are better than where we are--now? How do we make things like
this happen right now, even before this department is up and
running? Because, as our Chairman points out, these terrorists
are among us and could attack us in 20 minutes from now.
Mr. Ridge. First of all, Congresswoman, I think your point
about bridging technologies and systems integration now, as we
develop even more robust technologies and better systems down
the road, is very appropriate, because I think it will take
us--once we determine what our mission is and how we are going
to achieve our goals, I think we can have the technology
overlay, but we still have to work out some of these--some of
these matters before we take advantage of the entrepreneurial
nature of this country and our extraordinary technology sector.
I would suggest that there are a couple of things that we
have done and we can do. One, our Office of Homeland Security
has been working with the President's Office of Science and
Technology Policy. And my recommendation would be that we take
a look at the technology application that you have just
discussed, make it available to this--to these groups, and have
them give us an assessment as to the impact on particularly
urban communication systems where there remains a huge gap.
Obviously, we need interoperable communications, we need a
bridging system now. Down the road, we hope to have a unified
system not only within urban America, but within the country.
The second thing I would recommend, and I say this with
enormous respect, the $3.5 billion first responder money is
sitting in the 2003 budget. So, as Congress sets its priorities
in dealing with the budget proposal in 2003, if we could make
the homeland security portion, or many of those portions,
available to local communities as quickly as possible, once
there is a stamp of approval, once there is an imprimatur on
pieces of equipment like this that it does the job it claims it
can do, then we'll be in a position to buy these technologies
immediately.
Ms. Harman. Thank you. My time is up.
Mr. Chairman, I just want to note--it is going to 10
seconds--that at our Conference on Technology and Terrorism
last week, Dr. Marburger was there from the Office of Science
and Technology Policy. He was talking in terms of this whole
effort coming on line in 2004.
I think this effort is on line this minute, and bridging
technologies, as you have just said, are the answer; and I
would hope you would encourage him to be thinking with a little
more urgency of the need to tap these various technologies in
our country to confront the various terrorists in our country
now. Thank you, Mr. Chairman.
Thank you, Governor Ridge.
Mr. Burr [presiding]. The gentlelady's time has expired.
The Chair will recognize himself at this time. Let me welcome
you and apologize--I was not here for opening statements--but
also say that I am supportive of the President's proposal.
There are a number of areas of the bioterrorism bill that we
took a tremendous amount of time in trying to integrate. Where
we knew there were strengths in agencies, we tried to beef up
those strengths; where there were weaknesses, we tried to
compensate, through the legislation, to make sure that the
tools and resources were there for that in fact to be a
success.
And I think that many of those areas, as we anticipated,
would be encompassed in the new homeland security agency; and I
think, in most cases, we are very supportive of that. My
questions are going to deal more with the areas where not 100
percent of the responsibility of that area that we saw, where
it might have been weak to start with, is shifting over and
whether we thought through exactly the consequences of stealing
half the responsibility and leaving the other half.
The new department is a security entity first and foremost.
Tasking it with the disaster mitigation and response and to a
certain extent research and development might distract from the
security responsibilities that homeland security has.
Do you have any reservations about the pieces that you pick
up that deal with research and development and mitigation of
disaster response?
Mr. Ridge. I believe the President's proposal tries to
encompass the broadest range of homeland security matters under
one agency, and that is from prevention and detection through
preparation and response. And it is for that reason that you
see the--this is a multitasked agency, and it covers the full
spectrum of activities that would be appropriately associated
with securing our homeland.
And I think, in time, the integration of these different
responsibilities--the establishment of a strategic plan dealing
with research and development clearly has implications for the
new analytical unit potentially, for the border aggregation
clearly, and for the preparedness and response. So I think you
can see that if you take a look at the different units, they
are not really stovepiped. At the end of time, there is really
a relationship among all of them.
Mr. Burr. We looked very closely at things like that, the
national medical response teams that we had. We tried to
explore why they weren't more effective, that they are very
crucial to our entity today; and I think through our efforts on
bioterrorism, we felt there was a need to create an assistant
secretary at HHS to sort of shepherd those areas. Now we sort
of shift those responsibilities.
I guess my question is, do you still think there are enough
areas at HHS that we need that assistant secretary there, or
can you envision the need, whether it is HHS or other agencies,
where you have pulled in jurisdiction and responsibilities, do
you need an assistant secretary there as a liaison for homeland
security?
Mr. Ridge. I know the committee was very concerned about
creating that capacity within Health and Human Services, and I
would leave it to your good judgment to determine whether or
not you would want to create another one to work as a liaison.
Clearly, given the dual nature of the infrastructure that both
a Department of Homeland Security and HHS would be using;
clearly, given the benefit of many of the research dollars and
the need for communication and coordination, I am going to
leave that to your best judgment as to whether or not you think
it would enhance that collaborative effort to create a similar
position now in HHS as we bring this position over to the
Department of Homeland Security.
Mr. Burr. Clearly, there are areas--I think section 905 of
the President's proposal, and 906, deal with pharmaceutical
stockpiles and select agent registration. Select agent
registration was something that in the last administration was
by default handed over to CDC because we found we didn't have a
successful means to keep up with it.
I am a little bit concerned. We all believe there needs to
be a list that is kept, one that the appropriate people have
access to, one that we don't question its accuracy.
The difficulty that exists is that CDC seems to still be
responsible for allowing these agents out for the purposes of
research, but there is the problem of making sure that, in
fact, that information gets from CDC to Homeland Security
where, in fact, the registration of where that product has gone
would have to be.
Do you have any concerns about that?
Mr. Ridge. I think, for security reasons, the select agent
list must be--should be part of the Homeland Security function
and any regulations attendant to the preservation and
maintenance of that list. But CDC continues to have that public
health responsibility and would continue to do the research on
these pathogens and continue to oversee the work done, whether
it is done at CDC or elsewhere in conjunction with the
Department of Homeland Security.
Mr. Burr. I truly do not raise it as a criticism, but there
is a link where we are almost relying on the system we had 5
years ago of somebody making a notification to another agency
when the decision is made to let one of the pathogens go out
for research purposes. And I know we were all faced with a
shocking reality when the anthrax scare came, and we tried to
track down how many places might have had anthrax under
research.
Mr. Ridge. And we weren't sure.
Mr. Burr. Title VII of the bill deals with the coordination
with non-Federal entities, the IG and the Secret Service. My
only concern in section 701, which requires the secretary to
direct and supervise grant programs of the Federal Government
for State and local emergency response providers. And it is not
a lack of confidence in Homeland Security to make those grants.
I guess the question that I would have, how much input will
the agencies that currently have that responsibility have,
since a lot of the grant, a lot of the research, a lot of the
programs that the grant money will be for might still be the
responsibility of the other agency.
Mr. Ridge. If I might, Congressman, give you a good
example, the folks at the local level generally would like to
go to one Federal agency to get emergency preparedness and
response grants. They also recognize that they take many forms.
There is a bioterrorism response initiative that HHS has. There
is an Office of Domestic Preparedness that actually has even
more dimensions, but that is in the Department of Justice. And
then, obviously, FEMA.
What I think is proposed under this legislation is, one,
that we have by statute continued the collaboration with Health
and Human Services so when these dollars go out they do go out
in collaboration with Health and Human Services as it relates
to the bioterrorism prevention and public health prevention.
Two, the Office of Domestic Preparedness and the Department
of Justice where it is envisioned that that entire operation
would become a more robust and more muscular agency that FEMA
becomes when they have responsibility for in excess of $3
billion under the President's 2003 budget. And then clearly
FEMA has been reaching out over the past several months working
with States and local communities trying to work with them to
set up a framework through which these multiple grants can be
issued. So FEMA has also undertaken as part of its longer term
goal the establishment of the kind of relationship they need
with the States and the local communities to help frame the
issuance of these grants.
The goal here is to buildup a national capacity of some
sort around the country. Obviously, it will not be done in a
year. Congresswoman Harman pointed out the need for
interoperability of communications. My sense, in talking to
FEMA and a lot of other people is, that may be the No. 1
priority. If you're going to save lives, it is predicated on
time. The best way you minimize time is better communication;
and unfortunately, we don't have integrated communications
systems in too many places in this country.
Having said that, FEMA is working with State and local
governments to develop these plans. And what we are, what the
President is hopeful of as it relates to the 2003 budget--and I
know I am going off just a bit, but I say this to members who
will be appropriating the dollars--is that the moneys that
would be issued, not just in 2003, but in future years as we
buildup a capacity to respond to terrorist activity, that we
build it up consistent with plans that begin at the local level
and then take it to the regional level and move up to the
State, that we begin to develop a capacity around mutual aid
packs, a capacity built on standards that are designed after
consultation within the departments and agencies that are also
designed based on threat assessments and vulnerabilities.
So we still have a lot of work to do. And the purpose of
the President's integration of all these agencies is to give
some strategic focus not only to the efforts of the men and
women that have been providing homeland security services for
this country for a long time, but also give strategic focus to
the dollars and technology and the kinds of equipment that we
provide to this country to prepare for a potential response to
a terrorist act.
Mr. Burr. Governor, thank you. My time has expired.
One more time I want to commend you personally for the job
that you have done. You were asked to step in at a--I can't
think of a more difficult time to take on a task that was then
undefined and not understood. You were asked to do it with a
limited group of people, and I think that you have done an
extraordinary job. My hope is that as we take up this
legislation and, hopefully, pass it in an expedited way that
you, like we, remember that we can do things of this magnitude
without growing bureaucracies that are bigger than the last
one.
And I know that the President's legislation chooses a
secretary and a deputy and five under secretaries and no more
than six assistant secretaries, but there is room for an
additional 10 assistant secretaries. My hope is you will always
think smaller from the standpoint of the internal structure up
here and, in fact, remember what I think you learned very early
on, that most of the intelligent folks and the best ideas
happen in the localities around the country that are ultimately
the ones that we need to communicate with in real time, so less
emphasis is spent up here and more around the country.
The Chair would recognize the gentleman from Massachusetts,
Mr. Markey, for questions.
Mr. Markey. Thank you, Mr. Chairman, very much.
Governor Ridge, the Nuclear Regulatory Commission and the
Departments of Energy and Defense have historically had
jurisdiction over nuclear facilities whether they be civilian
or government. And they have had the responsibility for
constructing the design basis threat against which each of
these facilities has to be protected, and they also have
responsibility for conducting the force-on-force test against
those facilities.
Now, in the overriding--in the legislation you have sent up
it says that this new department will have primary
responsibility for infrastructure protection. And so the
question is, what does that mean in terms of the agency, yours
or the NRC or the Department of Energy or Defense that will
have primary responsibility over the security around nuclear
facilities once the legislation is passed?
Mr. Ridge. Congressman, I believe that your question
highlights a characteristic of homeland security that can't be
underscored enough, and that is the continuing need for
intergovernmental and interdepartmental communication and
coordination. It is a point you make very effectively. DOD and
DOE and the Nuclear Regulatory Commission have multiple
responsibilities with regard to the security of our nuclear
facilities whether they be power plants or storage systems for
nuclear weapons. That will continue to be the case.
However, this new department, working particularly with the
Nuclear Regulatory Commission on the design threat assessment
as it relates to the potential vulnerabilities that exist, will
play a very important role as we go about matching threats
against vulnerabilities and taking prescriptive actions.
Mr. Markey. So, for example, the Nuclear Regulatory
Commission 9 months after September 11 have refused to begin a
new design basis threat rulemaking, even though we know it
moved from nonsuicidal, nontechnically sophisticated handfuls
of terrorists that had to be protected against before September
11 to something which is suicidal, technically sophisticated,
heavily armed and large numbers.
Would, under the new system, the Office of Homeland
Security have responsibility for ordering the design basis
threat regulation to be upgraded, or would that still remain
with the Nuclear Regulatory Commission? Who would have the
ultimate authority, the NRC or the Office of Homeland Security?
Mr. Ridge. Ultimately, Congressman, if the Department of
Homeland Security felt that the Nuclear Regulatory Commission
hadn't moved either quickly enough or effectively enough vis-a-
vis the threat you are talking about, one would hope that the
new Cabinet Secretary, in conjunction with the chairman of the
Nuclear Regulatory Commission, can resolve that.
Clearly, the President has said that he seeks to retain as
part of the White House apparatus the Assistant to the
President for Homeland Security that has been tasked with
coordinating that activity and resolving differences of
opinion. But if there is a difference of opinion finally, you
get one tie breaker, and that is the President of the United
States.
Mr. Markey. The tie breaker is the President. The tie
breaker is not whoever heads up the Office of Homeland
Security?
Mr. Ridge. I think the new Secretary of Homeland Security
is going to be empowered with enormous authority and
responsibility to deal with vulnerability assessments.
Mr. Markey. I guess all I am saying is, if you identify a
flaw in the security at Livermore or at Diablo Canyon and you
go to the NRC or the Department of Energy and you say, upgrade,
they say, no, we are not going to upgrade, we are not going to
go to a new system, you are saying that the head of the Office
of Homeland Security can't say, upgrade.
Then it goes to the President to resolve the dispute
between the two offices?
Mr. Ridge. Well, first of all, I think it is important that
we always play out the worst case scenario. And my judgment,
Congressman, is that if the vulnerability assessment is
significant, we won't have any difficulty getting the
cooperation.
But if you want to go to the worst case scenario----
Mr. Markey. Yes.
Mr. Ridge. [continuing] the matter would--since the assets
themselves--none of the national labs are part of the
infrastructure of the Department of Homeland Security.
You talked about having problems at--the national lab at
Livermore or Los Alamos does not have direct command and
control over those entities. The first responsibility is to
identify the vulnerability, convince them of the vulnerability
and get them to do something about the vulnerability. If there
remains a conflict, it would be resolved presumably within
the--by the Assistant to the President for Homeland Security.
There is a coordinating function, and that function remains
within the White House.
Mr. Markey. That would be someone on the President's staff
that would resolve it?
Mr. Ridge. Assistant to the President.
Mr. Markey. That is the job to get then.
Mr. Ridge. It's a pretty good job. It is the one I have
right now. You are addressed with a great deal of authority.
Mr. Markey. When you----
Mr. Greenwood. The time of the gentleman has expired.
Mr. Markey. Could I have 1 more minute?
Mr. Greenwood. Unanimous consent, the gentleman is granted
an additional minute.
Mr. Markey. When you say, presumably the person on the
President staff will then break the tie between the Office of
Homeland Security and the NRC or the DOE, is that going to be
written into the statute?
Mr. Ridge. It is a function of the executive order signed
by the President of the United States creating the office on
October 8.
I am going to say the other leverage that you have on any
department or agency changing its direction or focus is also,
the Congress of the United States would have to be--could be a
potential partner in that enterprise as well. But if we are--as
we've said before, this is an enterprise within which we are
all engaged, and I guess I can imagine a worst case scenario,
and I guess we have to plan for it, but I think it is very
unlikely.
Mr. Markey. Thank you very much. We appreciate your being
here.
Mr. Greenwood. The Chair thanks the gentleman and
recognizes the gentleman from New Hampshire, Mr. Bass, for 5
minutes.
Mr. Bass. Thank you very much, Mr. Chairman. And thank you,
Governor, for coming here. This must be a very interesting time
in your life and certainly one of the most important issues
that this Congress will deal with.
I have a question having to deal with DOE's nuclear
emergency support teams, the NEST teams. I served on the
Intelligence Committee, and we had some involvement with this
issue in prior years.
Now, it is my understanding that the President's proposal
transfers the control of DOE's nuclear response teams to the
new Secretary in the event of an attack or emergency, and also
gives the new Secretary the authority to set standards for
DOE's group, as well as conduct training and exercises for
these teams. But as I understand it, these DOE teams also
always--almost always work in concert with DOD, and usually
conduct joint exercises with DOD, FBI, State and other
agencies, and that is because of their responsibility to deal
with more than just a nuclear issue.
Will the new Secretary coordinate the exercises and
training of all of these interagency components or just the
DOE, Department of Energy, portion?
Mr. Ridge. I believe it is envisioned from time to time
that we would want to deploy all of these agencies in a
realistic drill or exercise. So depending on the circumstances
and the nature of the drill, Congressman, it could very well
oversee an exercise involving all those agencies and serving in
a coordinating function.
Mr. Bass. Okay. That is good.
I also understand that DOE's radiological assistance teams,
which are spread out regionally throughout the country, are
currently authorized to respond to requests from State and
local officials for assistance and need not wait until the
Secretary of Energy formally calls them into action.
Will the President's proposal change that requiring action
by the new Secretary before these teams can be deployed for any
reason?
Mr. Ridge. Congressman, in that change in the--I cannot
give you a specific answer to the change in the historical
relationship. I will get back to you on that. That is the way
they used to be deployed. I think there is a lot to be said for
maintaining that kind of a relationship, but I will have to get
back to you for a specific answer.
Mr. Bass. I appreciate that and I yield back to the
chairman.
Mr. Greenwood. The Chair recognizes for 5 minutes the
gentleman from California, Mr. Waxman.
Mr. Waxman. Thank you very much, Mr. Chairman.
Mr. Ridge, in your own home State of Pennsylvania, a
newspaper reporter for the Pittsburgh Tribune-Review conducted
an investigation to determine how vulnerable chemical
facilities were to terrorists after September 11; and I don't
know if this article came to your attention, but it is pretty
shocking. According to that article, which was published on
April 7, the security was so lax at 30 sites that in broad
daylight a Trib reporter wearing a press pass and carrying a
camera could walk or drive right up to tanks, pipes and control
rooms considered key targets for terrorists. And I want to read
to you specifically what they found.
``Absent dilapidated or unfinished fence lines or
carelessly opened gates allowed access to 18 sites. Inside the
sites no one stopped the reporter from going wherever he
wanted, even into control rooms and up to tanks and train
switching and derailing levers. No security at the potentially
deadliest plants of the 123 plants nationwide that individually
could endanger more than a million people; two are in western
Pennsylvania. The reporter spent more than an hour walking
through each without encountering a guard or an employee.''
Now, I wrote to the President on this issue on September
26, 2001, asking him to use just $7 million out of the $40
billion of the Emergency Supplemental Appropriations Act for
recovery and response to terrorist attacks to examine the
vulnerability of these facilities to attack. Congress required
these vulnerability assessments to be completed by this August,
yet apparently the administration has not even begun them.
I am also concerned the administration has failed to make
any proposal to address these significant risks. Does the
administration support Congress, requiring decisive action to
address these risks, and if so, why isn't it in your proposal?
Mr. Ridge. Congressman, your reference to that--the
critical infrastructure and the potentially devastating
consequences associated with the terrorist attack on chemical
facilities is something that the Office of Homeland Security
has been focused on and clearly will become a priority of the
new Department of Homeland Security. And I think, clearly, that
not only this President, but previous Presidents have called
on, and I believe the Congress of the United States has called
on, the private sector and others to do a--perform critical
infrastructure assessments and then take action to deal with
the vulnerabilities.
Obviously, the pace of the change within some sectors of
the economy and within some companies hasn't been what you or I
or most Americans would like.
At the end of the day, when you have a Department of
Homeland Security, Congressman, whose responsibility is to
match threats with vulnerabilities and to work with other
agencies within the Federal Government to harden these targets
that are owned by the private sector, I think that will
certainly accelerate the changes that are needed. And until
such time, we continue to--the administration continues to work
with all industry sectors to identify vulnerabilities and get
them committed to taking action.
I refer to a conversation that I had with some folks with
regard to these vulnerabilities across the board in various
sectors. And I think one of the ways, Congressman, that we can
make sure that those chemical facilities or some of these other
facilities in your neighborhood and my neighborhood, your State
or mine, everybody else's, is up to the standard that we seek
is to have our first responders in those communities visit and
work with those companies to make sure that the standards are
met, because these are the men and women who are going to have
to show up if these facilities are attacked.
Mr. Waxman. With all due respect, you just said we want
this new department to be sure to do this job, we want the
cooperation in the private sector to run these plants to be
sure they're doing the job, and then we want the first
responders to be doing the job. But you have been head of the
Office of Homeland Security, and one of the mandates from
Congress was to look at these vulnerabilities and do something
about them.
So does it strike you that maybe I am hearing you just
point your finger at everybody else, but not taking
responsibility for getting this done?
Mr. Ridge. Oh, no. I wouldn't want you to interpret it that
way. I suspect that there has been sufficient follow-up by
Congress, and I would assure you there has been sufficient
follow-up within the Office of Homeland Security.
As part of the President's directive to our office, we were
to--in the designing of a national strategy, we were to work
with both the public and the private sector to do a critical
infrastructure vulnerability assessment. That process is an
ongoing process. It is something that needed to be done for a
long, long time, and we are in the process of doing that, and
that will be part of the national strategy that we will present
to the President and to the Congress and to the public in the
next several weeks.
Mr. Waxman. Just one last short question. Was I incorrect
when I said this was required to have been completed by August,
but the administration has not even begun the assessment of the
risk at these facilities?
Mr. Ridge. The administration began that some time ago. It
has been a work in progress within the Office of Homeland
Security; and my recollection of the executive order creating
our office, there was no specific timetable. We created our
internal timetable and are trying to get most of it done before
we submit the strategy to the President, to the Congress and
the people sometime in July. But you can----
Mr. Waxman. What is your own internal deadline?
Mr. Ridge. We have said we are going to get the strategy to
the President for his eyes by the 1st of July, mid-July. We are
working on it.
Mr. Waxman. That is a strategy, but there is a
vulnerability.
Mr. Ridge. Congressman, the enormity of that task, we don't
shy away from it in any manner, shape or form. But this is a
process that I believe Congress has been and probably will be
working on years and years as well. We have taken advantage of
some of the work that Congress has done, but our own internal
work started several months ago. It will need a few more months
to be completed to give you the kind of specificity that I
think you are looking for.
But we are doing our job, and when Congress completes its
work and when the other agencies complete that work, I think we
are going to have a pretty good system of determining where the
vulnerabilities are and working together to come up with the
means to harden those targets and reduce the vulnerability.
Mr. Greenwood. The time of the gentleman has expired.
Mr. Waxman. But assessments required by Congress are to be
completed by August 2002?
Mr. Greenwood. The time of the gentleman has expired. The
Chair would note that the mandate from Congress to do the
vulnerability assessment of the chemical facilities was passed
in 1999, and it was the Clinton Administration that did nothing
subsequent to that.
The Chair thanks the Governor for your presence with us and
for your testimony and for your guidance.
Mr. Waxman. That is a little cheap, Mr. Chairman.
Mr. Greenwood. The Chair has the floor and the gentleman
may or may not be recognized in the future.
The Chair notes, Governor, that you are thanked for your
service many times a day for good reason because you have given
us such a sense of confidence.
But I would like to take the opportunity, as your friend,
to thank your wife, Michelle, to thank your daughter, Leslie,
and your son, Tommy. I know that after 10 years or so in the
Congress, 8 years as Governor of Pennsylvania, they were
probably and you were probably expecting to take off the mantle
of responsibility and hang it up in the home cabinet for
awhile. And I know it is only because of the dire circumstances
that we faced and your sense of duty to your country that you
put that mantle--and a large mantle it is--back on your broad
shoulders, and we thank you for that. And we want to thank your
family for the sacrifices they make every day in letting you do
this job. Thank you. Thank you very much.
The Chair then calls forward the second panel consisting of
the Honorable Claude Allen, Deputy Secretary of the Department
of Health and Human Services, as well as General John Gordon,
Administrator of the National Nuclear Security Administration.
Gentlemen, welcome. We thank you for being with us this
morning. Thank you for your forbearance. Let me begin by saying
that I believe you are aware that the committee is holding an
investigative hearing and, when doing so, has had the practice
of taking testimony under oath.
Do either of you have any objection of giving testimony
under oath?
Chair then advises, under the Rules of the House and the
rules of the committee, you are entitled to be advised by
counsel. Do either of you care to be advised by counsel?
Seeing negative responses, the Chair would ask that you
rise and raise your right hand, and I will swear you in.
[Witnesses sworn.]
Mr. Greenwood. Thank you; you are under oath. And, Mr.
Allen, I believe we will begin with your testimony.
TESTIMONY OF HON. CLAUDE A. ALLEN, DEPUTY SECRETARY, U.S.
DEPARTMENT OF HEALTH AND HUMAN SERVICES; AND JOHN A. GORDON,
ADMINISTRATOR, NATIONAL NUCLEAR SECURITY ADMINISTRATION
Mr. Allen. Thank you, Mr. Chairman, and members of the
committee for the opportunity to appear before you to discuss
the proposed Department of Homeland Security and how it will
interface with the Department of Health and Human Services.
Secretary Thompson and I support strongly the initiative that
the President announced earlier this month and feel that this
is the best direction for the Nation to move in order to ensure
our homeland security.
The threat of terrorism has become a part of our daily
lives since September 11, and this new Department of Homeland
Security will enable us to make significant advances in
protecting the American public from terrorism. We are pleased
that the Congress is giving the President's proposal such
prompt and thorough review and attention. And Secretary
Thompson and I look forward to working with you to ensure the
passage of this important legislation.
The President's proposal will transfer several terrorism-
related activities that are housed currently within HHS to the
new Department of Homeland Security. Homeland security will
assume responsibility also for setting goals and providing
strategic direction for other relevant public health and
medical activities, but will rely upon HHS to implement and
operate them on a day-to-day basis. First, I want to talk with
you about the activities that will go to homeland security.
Those areas include the Select Agent registration enforcement
program, the Office of the Assistant Secretary for Public
Health Emergency Preparedness and the Strategic National
Stockpile.
Right now, the Centers for Disease Control and Prevention
regulates the transfer of certain dangerous pathogens and
toxins commonly referred to as ``Select Agents'' from one
registered facility to another. These agents, such as the
bacterium that caused anthrax, the bacterium that causes
Plague, and the viruses that causes Ebola are used widely in
the research laboratories across America. These Select Agents
are prime examples and candidates for use by would-be
bioterrorists, so when they are used in research, they must be
kept under constantly safe and secure conditions.
The Public Health Security and Bioterrorism Preparedness
and Response Act of 2002 authorized HHS to promulgate and to
enforce regulations concerning the possession and use of Select
Agents as well as their transfer. While CDC has done its best
to manage the Select Agent program, CDC is a public health
agency and not a regulatory body. Therefore, we believe that
the new department is better suited to prevent Select Agents
from falling into the wrong hands.
HHS will be prepared to provide homeland security with
whatever scientific expertise and other technical expertise
they may need to manage the program. In fact, under the
administration bill, the Secretary of Homeland Security would
administer the Select Agents program in consultation with the
HHS Secretary, and HHS would continue to make key medical and
scientific decisions, such as which biological agents should be
included in the Select Agent list.
Let me talk about the Office of the Assistant Secretary for
Public Health and Emergency Preparedness. The Public Health
Security and Bioterrorism Preparedness and Response Act of 2002
also created the HHS Office of the Assistant Secretary for
Public Health Emergency Preparedness. The responsibilities of
this new office include the supervision of the Office of
Emergency Preparedness, the National Disaster Medical System
and the Metropolitan Medical Response Systems, as well as
related HHS emergency management functions. By having this
office within the Department of Homeland Security, we will have
a seamless integration of our national public health and
medical emergency management assets with the Nation's new
preparedness and response infrastructure.
Third, the National Pharmaceutical Stockpile, which
currently CDC manages: The stockpile consists of 12 ``push
packages'' of pharmaceuticals and medical supplies and
equipment which are located strategically across the United
States, and additional lots of pharmaceuticals and caches of
medical materiel are maintained also by manufacturers under
special contractual arrangements.
The Secretary and I are proud of the job that CDC has done
in managing our Strategic National Stockpile, which was
evidenced in our ability to get a push package into New York
City on September 11. This fine work has set the stage for
smooth integration of the stockpile with our other national
emergency preparedness and response assets within Homeland
Security.
The Secretary of Homeland Security will assume
responsibility for continued development, maintenance and
deployment of the National Stockpile, while the HHS Secretary
will continue to determine its contents. This arrangement will
ensure effective blending of our public health expertise with
the logistical and emergency management expertise of Homeland
Security.
With the strong integration and cooperation that exists
between HHS and Homeland Security, two functions of the new
department will be carried out by HHS unless otherwise directed
by the President. The first is Homeland Security's civilian
human health-related biological, biomedical and infectious
disease defense research and development work.
We recognize the expertise, successful track record and
unique capabilities of the National Institutes of Health and
the Centers for Disease Control and Prevention. The Secretary
of Homeland Security, in consultation with the HHS Secretary,
shall have the authority to establish the research and
development program that will be implemented through HHS. This
means that Homeland Security will provide strategic direction
regarding the Nation's biological and biomedical countermeasure
research priorities.
Certain public health-related activities will also be
directed by Homeland Security and carried out through HHS. This
would include activities like enhancing the bioterrorism
preparedness of State and local governments and non-Federal
public and private health care facilities and providers. The
object of this provision is to continue the important role that
CDC plays, that the Health Resources and Service Administration
plays and other elements of HHS play in assisting States and
local governments and the hospitals and public health community
in preparing for and responding to large-scale public health
emergencies.
As with the research program, the Secretary of Homeland
Security, in consultation with HHS Secretary, will have the
authority to establish the Nation's antiterrorism preparedness
and response program. But the implementation of the public
health components of that program will be carried out largely
through HHS.
Mr. Chairman, members of the committee, our Nation needs a
Department of Homeland Security. The Secretary and I strongly
support the President's proposal and look forward to doing
whatever is necessary to effect a smooth and swift transition
of responsibilities and operations. We believe that the
President's proposal strikes the right balance by playing to
the strength of HHS and recognizing this agency's core mission
that is the protection of the Nation's public health, while
capitalizing on the strategic and logistical strength of the
new Homeland Security. We will ensure that HHS fulfills its
obligation to the new department and provides that whatever
public health, medical and scientific expertise it may require.
At this time, I would be happy to answer any questions that
the committee may have.
[The prepared statement of Hon. Claude A. Allen follows:]
Prepared Statement of Hon. Claude A. Allen, Deputy Secretary,
Department of Health and Human Services
Thank you, Mr Chairman and members of the Committee for giving me
the opportunity to appear before you today to discuss the proposed
Department of Homeland Security. Secretary Thompson and I strongly
support the reorganization initiative that the President announced
earlier this month.
The threat of terrorism in its myriad forms has become an ever-
present part of our daily lives. The new Department will enable us to
make further significant advances in protecting the American people
from those who are bent upon inflicting death, destruction, and social
disorder to achieve their ideological ends. We are pleased that the
Congress is giving the President's proposal prompt and thorough
attention. Secretary Thompson and I look forward to working with this
and other Committees to ensure passage of the legislation for the new
Department.
The President's proposal deals with certain terrorism-related
activities that currently are the responsibility of the Department of
Health and Human Services (HHS). Some of these HHS activities would be
transferred to the Department of Homeland Security (DHS). For other
relevant public health and medical activities, DHS would assume
responsibility for setting goals and providing strategic direction but
would rely upon HHS to implement and operate the activities on a day-
to-day basis.
I will discuss examples from each group of activities in turn.
examples of activities proposed for transfer from hhs to dhs
HHS functions conveyed to the new Department in the President's
proposal include:
The Select Agent registration enforcement program;
The Office of the Assistant Secretary for Public Health
Emergency Preparedness; and
The Strategic National Stockpile.
Select Agent Registration Program
Within HHS, the Centers for Disease Control and Prevention (CDC)
currently regulates the transfer of certain dangerous pathogens and
toxins--commonly referred to as ``Select Agents''--from one registered
facility to another. These agents are widely used in research
laboratories across America. Examples are the bacterium that causes
anthrax, the bacterium that causes Plague, and the virus that causes
Ebola, a lethal hemorrhagic fever. Select Agents are prime candidates
for use by would-be bioterrorists and thus, when used in research, must
be kept constantly under safe and secure conditions.
The recently enacted Public Health Security and Bioterrorism
Preparedness and Response Act of 2002 authorized HHS to promulgate and
enforce regulations concerning the possession and use of Select Agents,
as well as their transfer. While CDC has done its best to manage the
Select Agent program, CDC is a public health agency and not a
regulatory body. We believe that the new department, with its strong
multi-purpose security and regulatory infrastructure, will be well-
suited to prevent nefarious or other irresponsible uses of Select
Agents. HHS will be prepared to provide DHS with whatever scientific
expertise and other technical assistance it may seek to help it manage
the program. Under the Administration bill, the Secretary of Homeland
Security would administer the select agents program in consultation
with the HHS Secretary, and HHS would continue to make key medical and
scientific decisions, such as which biological agents should be
included in the select agents list.
Office of the Assistant Secretary for Public Health Emergency
Preparedness
The Public Health Security and Bioterrorism Preparedness and
Response Act of 2002 created the HHS Office of the Assistant Secretary
for Public Health Emergency Preparedness. The responsibilities of this
new office include the supervision of the Office of Emergency
Preparedness, the National Disaster Medical System, the Metropolitan
Medical Response Systems, and related HHS emergency management
functions. This cluster of activities is a logical and proper candidate
for transfer to DHS--thereby enabling seamless integration of national
public health and medical emergency management assets with the Nation's
new preparedness and response infrastructure at DHS. The Public Health
Service Officers and other HHS employees who have faithfully performed
disaster relief work over the years have done a wonderful service for
our Nation. They are a credit to HHS as they surely will be to the new
Department.
National Pharmaceutical Stockpile
CDC currently manages 12 ``push packages'' of pharmaceutical and
medical supplies and equipment strategically located around the United
States; additional lots of pharmaceuticals and caches of medical
materiel are maintained by manufacturers under special contractual
arrangements with CDC. You may recall that one of the push packages was
dispatched to New York City on September 11th and that elements of the
stockpile were used to respond to the anthrax attacks. The Secretary
and I strongly believe that CDC has done an exemplary job managing what
is now called the Strategic National Stockpile and this fine work has
set the stage for integration of the Stockpile with other national
emergency preparedness and response assets at DHS.
The President's proposal is designed to achieve this integration by
tapping the strengths of DHS and HHS in a precisely coordinated way.
Thus, the Secretary of Homeland Security will assume responsibility for
continued development, maintenance, and deployment of the Stockpile--
making it an integral part of the larger suite of federal response
assets managed by FEMA and other future DHS components--while the
Secretary of Health and Human Services will continue to determine its
contents. The arrangement will ensure effective blending of the public
health expertise of HHS with the logistical and emergency management
expertise of DHS.
dhs functions to be carried out through hhs
Certain specific program level details and administrative choices
are still being studied in order to ensure the most seamless
transition, and to give the greatest possible levels of efficiency and
effectiveness to our fight against the threat of biological warfare and
to protect the public health. However, the President's proposal clearly
designates the following two activity areas that the Secretary of
Homeland Security will carry out through the Department of Health and
Human Services:
1. Civilian Human Health-Related Biological, Biomedical and Infectious
Disease Defense Research and Development
The President's proposal provides that the new Department's
civilian human health-related biological, biomedical, and infectious
disease defense research and development work shall--unless the
President otherwise directs--be carried out through HHS. Under the
President's proposal, the Secretary of Homeland Security, in
consultation with the Secretary of Health and Human Services, shall
have the authority to establish the research and development program
that will be implemented through HHS. Thus, as the agency responsible
for assessing threats to the homeland, DHS, in consultation with the
HHS Secretary, will provide strategic direction regarding the Nation's
biological and biomedical countermeasure research priorities.
2. Certain Public Health-Related Activities
The President's proposal provides that the new Department shall--
unless otherwise directed by the President--carry out through HHS
certain public health related activities (such as programs to enhance
the bioterrorism preparedness of state and local governments and non-
federal public and private health care facilities and providers). The
object of this provision is to continue the important role that HHS
plays in assisting state and local governments and the hospital and
public health community in preparing for and responding to large scale
public health emergencies. As with the research program, the Secretary
of Homeland Security, in consultation with the Secretary of Health and
Human Services, will establish the Nation's anti-terrorism preparedness
and response program and priorities, but the implementation of the
public health components of that program will be carried out largely
through HHS.
conclusion
Mr. Chairman and members of the Committee, our Nation needs a
Department of Homeland Security. The Secretary and I strongly support
the President's proposal and look forward to doing whatever is
necessary to effect a smooth and swift transition of responsibilities
and operations. The Secretary and I believe that the President's
proposal strikes the right balance: it plays to the strengths of HHS
and recognizes this agency's core mission--the protection of our
Nation's public health--while capitalizing on the strategic and
logistical strengths of the new Department of Homeland Security. We
will ensure that HHS fulfills its obligations to the new Department and
provides it with whatever public health, medical, and scientific
expertise it may require.
At this time, I would be happy to answer your questions.
Mr. Greenwood. Thank you very much, Mr. Secretary.
General Gordon you are recognized for your opening
statement
TESTIMONY OF JOHN A. GORDON
Mr. Gordon. Thank you, Mr. Chairman. Again, on behalf of
Secretary Abraham, we offer full support for the Homeland
Security Act. My remarks this morning will focus primarily on
what is Title V. We can go beyond that in the questions if you
like.
The President's proposal to organize the Department of
Homeland Security is really quite visionary and enjoys the full
support of the Secretary and I. It will significantly improve
the way the government responds to threats.
And the President's plan makes good sense. Centralizing the
responsibility for our response to weapons of mass destruction
can leverage resources currently spread across the government
and allow us to operate more effectively and more efficiently.
At the same time, leaving the nuclear response assets home-
based in DOE and the National Nuclear Security Administration
will allow us to maintain their considerable expertise and make
them available for other potential responses.
We at NNSA are proud of the role we have had so far in the
fight against terrorism, especially WMD terrorism, and look
forward to working with the Congress and the administration to
make a smooth transition to this new department. NNSA has
really attracted over the years the world's premier nuclear
scientists, technicians, engineers and designers, and they
manage the national nuclear weapons program. These capabilities
and these assets and the training have been applied toward
Homeland Security and counterterrorism before 9/11, as well.
In short, we have the responsibility to operate and
maintain a strong technical capability to respond quickly to
discrete, specific nuclear and radiological emergencies. People
and equipment are trained and they're standing alert, along
with unique transportation assets, ready to respond now.
These capabilities were designed for short-term events, not
24-7-365 operations. With that said, they responded remarkably
well to 9/11 and to specific taskings following that, such as
the Salt Lake Olympics. And, importantly, we are seeking to
make them more responsive than they have been in the past by
moving assets forward and realigning them to coincide better
with the Federal districts.
There are seven organizations that make up this capability.
The first and most widely known is, in fact, the Nuclear
Emergency Support Team, NEST. They do the search, the
identification of nuclear materials, diagnostics, suspect
devices, technical operations to render them safe and packaging
for transport. We have an aerial measurement system with
helicopters and fixed-wing aircraft to provide a rapid response
to detect and measure radioactive material.
There's an Accident Response Group that provides scientific
and technical expertise to a U.S. nuclear accident or an
incident. The real-time assessments of the consequences of
potential radiation releases made by the Atmospherical Release
Advisory Capability. The Radiological Assistance Program was
established in the late 1950's and it comprises some 26 teams
across the United States that are DOE and NNSA first responders
to provide for the search, detection, and identification and
advice to State, local, tribal, industry and even private
citizens. They're actually called out about 24 times a year.
The Radiation Emergency Assistance Center really works with
the medical diagnostics and provides the basis for
understanding the radiological and physiological response to
radiation. And, finally, the Federal Government maintains an
extensive response capability for radiological response,
assessment and monitoring. This organization assures the hand-
off from crisis response to longer-term consequence management
and monitoring and that that hand-off is accomplished smoothly
and effectively.
Through these tailored and responsive teams, NNSA is able
to marshal highly trained, unique scientific and technical
expertise drawn across the NNSA nuclear weapons complex and the
DOE as a whole. More than 900 individuals are on call to
respond in the event of a nuclear or radiological emergency.
Only about 70 of these are full-time.
The ability to call upon professionals from across the
complex brings the depth of the nuclear/radiological response
into this program and the full depth and breadth of the
weapon's complex expertise and staffing can be brought to bear.
Response teams are staffed with nuclear professionals who
undertake this work as additional duty. Day-to-day, these
individuals ensure the safety and reliability of our nuclear
weapons stockpile, and with few exceptions, these individuals
work other full-time jobs at DOE and NNSA, but they are on call
as a response team when one is needed anywhere in the country.
In that sense, nuclear incident response teams are analogous
perhaps to the National Guard.
The capabilities of the program are maintained and improved
because of their cutting edge knowledge and because of their
intimate relationship. These are the people who design and work
on the weapons and the systems every day, and they are the ones
we also bring into the fight, to the problem, in an incident.
They have unique capabilities, but they are quite limited. Many
years of hands-on work in some cases, going back to the
Manhattan Project provides the knowledge and the insight and
the background to draw upon.
How will these teams work with the Department of Homeland
Security? We believe that they will work very much as they do
now. The team members will work at their regular jobs at DOE
and NNSA unless they're activated. Under the Atomic Energy Act,
the FBI is responsible to the United States for investigating
illegal activities involving nuclear materials, including
terrorist threats involving special nuclear materials.
Executive Order 12656 provides the authority for DOE to assist
in conducting, directing, and coordinating search and recovery
operations for materials, weapons or devices in assisting and
identifying and deactivating what we would call an improvised
nuclear device or Radiological Dispersal Device. The State
Department, Mr. Chairman, plays a similar role for overseas
international events and has the authority to reach back to our
teams for assistance. So when requested, NNSA-DOE response
teams are activated and deployed in support or resolution of
the crisis.
Under the bill to establish Homeland Security, the new
Secretary would coordinate responses to WMD incidents,
including nuclear or radiological functions. We do not
anticipate that the NNSA capabilities as a response to a
nuclear or radiological accident or incident will be
compromised in any way by this transfer of responsibility. What
Homeland Security can add in addition to a centralized response
to terrorism is a new and focused effort to set stronger
standards for the capabilities of our teams, to strengthen
training standards to ensure their inoperability, and to
conduct joint exercises. There would be a single agency
responsible for ensuring that we have the right assets
available by setting nationally understood requirements and
priorities.
In summary, DOE and NNSA nuclear radiological response
capabilities are critical in any domestic response to a nuclear
radiological incident. But they are also vital to the DOE and
to NNSA's capability to respond to an accident or incident
within the weapons complex or the nuclear energy sector. With
the teams organized essentially as they are now, subject to the
call of the Secretary of Homeland Security, they can continue
to function to support DOE and NNSA, the State Department and
Homeland Security professionally, effectively and in a cost-
efficient manner.
Mr. Chairman, I will be pleased to turn to your questions.
[The prepared statement of John A. Gordon follows:]
Prepared Statement of John A. Gordon, Under Secretary of Energy and
Administrator for Nuclear Security, National Nuclear Security
Administration, U.S. Department of Energy
Thank you, Mr. Chairman. It's a pleasure to be here today to
discuss Title V of the Homeland Security Act as it applies to the
National Nuclear Security Administration (NNSA) at the Department of
Energy (DOE).
The President's proposal to organize the Department of Homeland
Security (DHS) is at once visionary and down-to-earth. It will
significantly improve the way the government responds to threats
against the United States. Centralizing responsibility for our response
to weapons of mass destruction will leverage resources currently spread
across the government. The President's plan simply makes good sense. We
at NNSA are proud of our role in the fight against terrorism, and we
look forward to working with Congress and the Administration to make a
smooth transition to a new department.
The Department of Energy (DOE)/National Nuclear Security
Administration (NNSA) develops and attracts the world's premiere
nuclear scientists, technicians, and nuclear weapon designers as a
result of over 50 years of managing the nation's nuclear weapons
program. Many of these capabilities and assets have been applied toward
homeland security and counter terrorism challenges long before 9/11, as
well as since then.
Under the Atomic Energy Act of 1954, as amended, the Federal Bureau
of Investigation (FBI) is responsible, within the United States, for
investigating illegal activities involving the use of nuclear
materials, including terrorist threats involving the use of special
nuclear materials. Executive Order 12656 provides authority for DOE to
assist the FBI in conducting, directing, and coordinating search and
recovery operations for nuclear materials, weapons, or devices, and
assisting in identifying and deactivating an Improvised Nuclear Device
(IND) or a Radiological Dispersal Device (RDD). Today's operations have
been updated to address the threat of terrorists using weapons of mass
destruction (WMD). When requested DOE/NNSA response teams are activated
and deploy to support resolution of the WMD crisis.
Under the Bill to establish the Department of Homeland Security,
the new Secretary would coordinate responses to WMD incidents,
including nuclear and/or radiological support function. We do not
anticipate that the DOE/NNSA capabilities or response to a nuclear/
radiological accident or incident will be compromised in any way by
this transfer of responsibility.
Through tailored and responsive teams, DOE/NNSA is able to marshal
highly trained and unique scientific and technical expertise in support
of the Lead Federal Agency (LFA). This expertise is made up of 70 full
time and 870 part time personal that draws from across the nuclear
weapons complex and is composed of 29 full time and 118 part time
Federal officials; 29 full time and 320 part time National Laboratory
staff; and, 11 full time and 450 part time contractor staff.
Although nearly 900 individuals are involved with the nuclear/
radiological incident response teams, through extensive matrixing and
leveraging of resources, the cost to the government is only equivalent
to 212 full time employees. This matrixing makes the response programs
stronger and keeps the costs very low. The response teams are staffed
with volunteers who, for the most part, work on ensuring the safety and
reliability of the Nation's nuclear stockpile day in and day out. These
professionals respond to staff a response team when called, much like a
volunteer firefighter, or a National Guard member.
Individuals from fifteen various DOE/NNSA sites/facilities or
National Laboratories across the nation are on call to respond in the
event of a nuclear/radiological incident or emergency. The ability to
call upon professionals from across the weapons complex brings depth to
the nuclear/radiological response programs. The full depth and breadth
of the weapons complex experience and staffing are brought to bear in
the event of a significant incident or an emergency.
The capabilities of the response programs are improved because of
the cutting edge knowledge of the stockpile stewardship program that
these scientists bring with them when they respond to a call. This
knowledge is gained over years of working with the stockpile
stewardship program on a daily basis and cannot be duplicated--neither
to replace the scientists on the response teams nor on the stockpile
stewardship program. These very unique scientific/technical resources
are extremely limited. Only the fundamental concepts of the stockpile
stewardship programs are taught in a university. Many years of hands on
work, in some cases going back to the Manhattan Project, provides
knowledge, insights and background to draw upon that are invaluable.
the nuclear/radiological incident response programs
As the steward of the nation's nuclear weapons program, DOE/NNSA
brings the knowledge and expertise of the world's leading nuclear
scientists, technicians, and nuclear weapon designers in response to a
significant nuclear/radiological incident or emergency. When the need
arises, DOE/NNSA is prepared to respond immediately anywhere in the
world with seven unique response capabilities.
The response capability most widely known of is the Nuclear
Emergency Support Team (NEST). The NEST program was initiated in 1974
as a means to provide technical assistance to the Lead Federal Agency
(LFA). NEST is our program for preparing and equipping specialized
response teams to deal with the technical aspects of nuclear or
radiological terrorism. NEST capabilities include search for and
identification of nuclear materials, diagnostics and assessment of
suspected nuclear devices, technical operations in support of render
safe procedures, and packaging for transport to final disposition. NEST
response team members are drawn from throughout the nation's nuclear
weapons complex. Response teams vary in size from a five person
technical advisory team to a tailored deployment of dozens of searchers
and scientists who can locate and then conduct or support technical
operations on a suspected nuclear device. NEST personnel and equipment
are ready to deploy worldwide at all times.
A Nuclear/Radiological Advisory Team deploys as part of an FBI-led
Domestic Emergency Support Team (DEST) or as part of a State
Department-led Foreign Emergency Support Team (FEST) is an incident
occurs overseas to provide nuclear scientific and technical advice to
the LFA.
If the location of a suspected nuclear or radiological device is
not known, search operations may be required. NEST search teams are
routinely configured to detect and locate a radiological source using a
variety of methods ranging from hand-carried to vehicle-mounted search
equipment. The basic building block for NEST search operations is the
Search Response Team (SRT). The Search Response Team is prepared to
deploy on either civilian or military aircraft. Upon arrival on-scene,
the Search Response Team can begin searching immediately or can equip
and train local responders, who are already familiar with the search
area.
When a device is located, the specific resolution is dependent upon
the political, technical, and tactical situation. The ultimate goal in
resolving a nuclear terrorism crisis is to keep the terrorist device
from producing a nuclear yield. This involves special explosive
ordnance disposal (EOD) procedures conducted by highly-trained
technical personnel. DOE/NNSA Joint Technical Operations Teams have
been designated to work with military EOD teams during all phases of
the crisis response. This approach also draws upon the personnel and
equipment resources of the Accident Response Group (ARG).
The Accident Response Group (ARG) mission is to manage the
resolution of accidents or significant incidents involving nuclear
weapons that are in DOE's custody at the time of the accident or
incident. ARG will also provide timely, worldwide support to the
Department of Defense in resolving accidents or significant incidents
involving nuclear weapons in DoD's custody. Scientists, engineers,
technicians, health physics and safety professionals from the National
Laboratories and production facilities make up the ARG team. These
skilled professionals from 30 different areas of technical expertise
are ready to respond immediately. ARG members deploy with highly
specialized, state-of-the-art equipment is used for monitoring,
assessing or removing nuclear weapons, components or debris. Once the
weapon leaves the site, the ARG mission is complete. Monitoring and
assessment activities would most likely continue using other DOE/NNSA
assets such as the Aerial Measuring System (AMS), the Atmospherical
Release Advisory Capability (ARAC), the Federal Radiological Monitoring
and Assessment Center (FRMAC), the Radiological Assistance Program
(RAP), and the Radiation Emergency Assistance Center/Training Site
(REAC/TS).
The Aerial Measuring System (AMS) aircraft carry radiation
detection systems, which provide real-time measurements of ground and
airborne contamination--even very low radiation levels. AMS can also
provide detailed aerial photographs and multi-spectral imagery and
analysis of an accident site. AMS provides a rapid response to
radiological emergencies with helicopters and fixed-wing aircraft
equipped to detect and measure radioactive material deposited on the
ground and to sample and track airborne radiation. The AMS uses a team
of DOE/NNSA scientists, technicians, pilots and ground support
personnel. Maps of the airborne and ground hazards are developed very
rapidly which enables the scientists to determine ground deposition of
radiological materials and project the radiation doses to which people
and the environment are exposed. This information gives the decision-
making officials, e.g., the Federal Emergency Management Agency (FEMA),
the Environmental Protection Agency (EPA), and state, local, or Tribal
emergency management officials, information they need to effectively
respond to the emergency. The AMS capability can also be used to locate
lost or stolen radiological materials.
The Atmospheric Release Advisory Capability (ARAC) role in an
emergency begins when a nuclear, chemical, or hazardous material is
released into the atmosphere. ARAC's main function is to provide near
real-time assessments of the consequences of actual or potential
radiation releases by modeling the movement of hazardous plumes to
provide emergency response officials with the vital immediate
information they need to rapidly evaluate airborne and ground
contamination projections and thus effectively protect people and the
environment. ARAC staff have vast databases available for a variety of
data, including: a worldwide library of potential accident sites such
as nuclear power plants and fuel-cycle facilities and a terrain
database covering most of the world at a resolution of one-half
kilometer.
Upon receiving a request for support, ARAC's specialists begin
downloading the most recent regional and site weather data for input
into the model calculations. On-scene emergency response officials
provide critical information such as the time and exact location of the
release and the type of accident or incident causing the emergency.
After ARAC team members have downloaded the regional weather
information and received site input, computer codes simulate the
release from the explosion, fire, vent or spill with dispersion models,
which show the spread of the material. These dispersion models take
into consideration the effects from the local terrain or topography and
complex meteorology. ARAC staff scientists prepare graphic contour
plots of the contamination overlaid on the local maps. These plots are
distributed to emergency response officials and also provided to DOE/
NNSA response teams such as: AMS, ARG, FRMAC, RAP, REAC/TS, and NEST.
In addition to accidental radiological releases, ARAC has assessed
natural disasters such as volcanic ash cloud and earthquake-induced
hazardous spills, manmade disasters such as the Kuwaiti oil fires, and
toxic chemical releases from a wide spectrum of accidents.
The Federal government maintains an extensive response capability
for radiological monitoring and assessment. In the unlikely event of a
major radiological incident, the full resources of the U.S. government
can support state, local and Tribal governments. The FBI, as the Lead
Federal Agency for domestic incidents, is responsible for leading and
coordinating all aspects of the Federal response. DOE/NNSA may respond
to a state or LFA request for assistance by deploying a RAP team. If
the situation requires more assistance than RAP can provide, DOE/NNSA
will alert or activate a Federal Radiological Monitoring and Assessment
Center (FRMAC). FRMAC activities include: coordinating Federal offsite
radiological environmental monitoring and assessment activities;
maintaining technical liaison with state, local and Tribal governments;
maintaining a common set of all offsite radiological monitoring data;
and providing monitoring data and interpretations to the LFA, state,
local and Tribal governments. The main DOE/NNSA emergency response
assets that supplement and are integrated into FRMAC capabilities are:
RAP, ARAC, AMS, and REAC/TS. These assets are employed to detect and
monitor radiation, measure the concentration of radiation in the air
and on the ground, and to evaluate current weather conditions and
forecasts, which may affect the radiation impacts. Other Federal
agencies provide key professionals specializing in technical areas of
importance to the Federal monitoring assessment activities.
The Radiological Assistance Program (RAP), established in the late
1950's, is composed of 26 teams spread across the United States, RAP is
often the first-responding DOE/NNSA resource in assessing an emergency
situation and advising decision-making officials. A RAP response is
tailored based on the scale of the event. Specific areas of expertise
include: assessment, area monitoring, and air sampling, exposure and
contamination control. RAP team members are trained in the hazards of
radiation and radioactive materials to provide initial assistance to
minimize immediate radiation risks to people, property, and the
environment. Their equipment includes the most advanced radiation
detection and protection equipment available.
Since 1980, the Radiation Emergency Assistance Center/Training Site
(REAC/TS) has been a World Health Organization Collaboration Center for
Radiation Emergency Assistance. REAC/TS focuses on providing rapid
medical attention to people involved in radiation accidents and is a
resource to doctors around the world. DOE/NNSA's REAC/TS radiation
experts are on call 24 hours a day for consultation to give direct
medical and radiological advice to health care professionals at the
REAC/TS treatment facility or an accident site. If needed, additional
REAC/TS physicians and other team members can be deployed to the
accident scene. This highly trained and qualified team can provide
advice regarding assessment and treatment of contamination, conduct
radiation dose estimates, diagnose and provide prognosis of radiation-
induced injuries, conduct medical and radiological triage, perform
decontamination procedures and therapies for external and internal
contamination, and calculate internal radiation doses from medially
induced procedures.
REAC/TS is also the recognized center for training national and
foreign medical, nursing, paramedical, and health physics professionals
for the treatment of radiation exposure. As a World Heath Organization
Collaborating Center, REAC/TS is prepared to serve as a central point
for advice and possible medical care in cases of radiation injuries;
set up a network of available equipment and staff specializing in
radiopathology; develop medical emergency plans in the event of a
large-scale radiation accident; develop and carry out coordinated
studies on radiopathology; prepare radiation documents and guidelines;
and provide consultation or direct medical assistance to foreign
governments if an actual radiation accident occurs.
In summary, the DOE/NNSA nuclear/radiological response capabilities
are critical in any domestic response to a nuclear/radiological
incident, but they are also vital to the DOE and NNSA's ability to
respond to an accident or incident within the weapons complex or
nuclear energy sector. With the teams organized as they are now,
subject to the call of the Secretary of Homeland Security, they can
continue to function to support DOE and NNSA and Homeland Security in
an efficient, cost-effective manner.
The DOE/NNSA has more than 50 years of nuclear weapons experience
that continue to provide the nation with an extensive base for science
& technology, systems engineering, and manufacturing that has
application across a broad set of national security missions, including
homeland security and counter terrorism. Creation of a cabinet level
Homeland Security agency holds promise for dramatic acceleration of
improved capabilities against domestic threats. We in the DOE/NNSA are
committed to the success of this new Department, and will work to
facilitate it.
I would be pleased to answer any questions.
Mr. Greenwood. Thank you for your testimony, General.
The Chair recognizes himself for 5 minutes for inquiry. Let
me start with you, Secretary Allen.
In order to speed the development of priority
countermeasures, such as new vaccines and drugs, the Secretary
of HHS is going to have to expedite approvals under the Federal
Food, Drug, and Cosmetic Act. Moreover, some research efforts
will be important both to counterterrorism and to advance
public health research generally. We need to make sure that
general research priorities are not diminished.
How will HHS assure proper priority and coordination on the
regulatory front with the new department?
Mr. Allen. Mr. Chairman, the question is a very important
one. It really goes to the heart of the mission of HHS, and in
terms of time in dealing with bioterrorism.
We don't believe the mission will change significantly at
all in that regard for the very mere fact that HHS right now
prioritizes the research, prioritizes how we are going to be
addressing the need for getting new products to market. So we
don't anticipate there will be much change at all, if any, in
regards to how the FDA will move in terms of getting products
approved for their use whether that be for a bioterrorism
response or whether it is for a general civilian response in
terms of the use.
And to give you a good example, Congress just passed and
the President has signed--as part of the bioterrorism
legislation was included the passage of legislation that
included the user fees for pharmaceutical products that would
go to market. We believe that that will continue to be a part
of that. But recognize that those products, those
pharmaceutical products, while they serve a general purpose,
using Cipro as an example--in terms of just an infection, they
were used specifically in response to the anthrax outbreak
which was a bioterrorism agent. So we don't anticipate there
will be a significant change in how we were.
The question we will have is that the department will need
to coordinate with the Department of Homeland Security as we
are looking at products that will be coming to market, that FDA
will need to approve and review for approval; and that is going
to be a function that will have to be conducted again at a very
senior level within the department. But FDA will continue to be
involved in that process, and we will just need to create a
liaison to work with Homeland Security to ensure the speed and
accuracy of getting that information between the departments
and getting the products to market.
Mr. Greenwood. The MDMS is being transferred from HHS to
the new department, but as I understand it, these teams often
have to be coordinated with other HHS elements, such as the
Public Health Service.
Will the separation of the MDMS from the Public Health
Service present problems in your opinion, and if not, how will
continued coordination be assured?
Mr. Allen. We don't anticipate it will create problems in
terms of the ultimate function of the MDMS system. While indeed
the legislation under section 502 transfers that function to
the new department, we do believe that as it currently exists
in HHS, it was transferred from under the Assistant Secretary
of Health to the Office of Public Health Preparedness, what
would be the Assistant Secretary for Public Health Emergency
Preparedness, and there had to be coordination even within the
department of those assets and resources.
So we would anticipate that there would be an ongoing
coordination with, now, the Department of Homeland Security
that had already existed between HHS, VA, the Veterans'
Administration, FEMA, DOD and other agencies that were involved
in the MDMS system.
So we don't anticipate much change, but we would work
through agreements, working with the Department of Homeland
Security to ensure a smooth transition to ensure that those
responses continue.
Mr. Greenwood. Just a question or two to you, General
Gordon.
With respect to the NEST, the President's proposal leaves
these teams under DOE authority generally, except for emergency
situations when they would be under the new Secretary's
authority. In our discussions with those who make up these
teams at the labs, there is some sense of confusion as to the
exact dividing line.
Can you shed some additional light on that question, based
on your understanding of the administration's views?
Mr. Gordon. Mr. Chairman, now, today, if a team were to
deploy to a situation under Federal control--a nuclear
incident, a suspected weapon--that team would ``chop,'' in the
military term, would ``deploy'' under the control and command
of the lead Federal agency, which in most circumstances would
be the FBI.
Under this act, I think there is still a bit of a sorting
out to be done on exactly how that relationship between the
Secretary and the FBI works out. But the NEST teams will chop
to the lead Federal agency.
Mr. Greenwood. Sorting out requires some fine tuning of the
legislative language.
Mr. Gordon. I think it is just a decision. Whether it is
legislation or within the administration, I think it is a
decision.
My sense is it's not going to have any measurable effect on
the operation or the effectiveness of the teams. They are going
to work for someone who is in charge of the overall action.
Mr. Greenwood. Will this new bill require that the new
Secretary authorize any deployments of these teams, or
components of these teams, which I understand is not all that
uncommon? Or will the DOE Secretary or the regional commanders
of these teams remain authorized to deploy assets when deemed
necessary or upon request of State or local officials?
Mr. Gordon. We view these very much as dual-use assets in
that regard. If there's a national incident that requires the
team, the teams will provide it then. However, these are
individuals with qualities and capabilities that we need to be
able to deploy to an energy or national lab incident that we
can deploy ourselves. There are not a huge number of teams, but
certainly enough to handle more than one incident at a time.
Mr. Greenwood. My time has expired, but before I yield to
the ranking member, I would just ask that both Secretary Allen
and General Gordon commit to us that your staffs will work
diligently with us in the short, truncated period that we have
to get this legislation prepared for the House floor.
Mr. Gordon. Absolutely.
Mr. Allen. Absolutely.
Mr. Deutsch. Thank you, Mr. Chairman.
Secretary Allen, I believe you were here throughout the
entire comments by the Governor and the questions. And I really
wanted to follow up a little bit about that. Besides myself, a
number of other members, I think, are just really trying to
inquire and really enter into a dialog into the changes of some
of these responsibilities from HHS to this new department.
Under this proposed governmental structure, what public
health responsibilities are left in HHS?
Mr. Allen. Actually, Congressman Deutsch, the vast majority
of the public health responses are left in HHS. It does not
dramatically impact the Public Health Service Act that exists
right now to focus on HHS' public health responsibilities. What
it does do is set some particular areas that will be dual use.
What is transferred from HHS under the proposal are, one,
the national pharmaceutical stockpile, which includes the
procurement, the maintenance, and deployment of the stockpile;
second, the transfer of the Office of the Assistant Secretary
for Public Health Emergency Preparedness, which includes the
National Disaster Medical System, includes the Metropolitan
Medical Response teams, includes our Disaster Medical
Assistance teams. Those assets which would also be part of our
Office of Emergency Preparedness will transfer. And then last,
the select agent regulations will transfer.
So the vast majority of the functions of HHS will continue
and will not be fully transferred over to the new department.
Mr. Deutsch. Could you specifically respond to, I guess one
of the questions I also asked Governor Ridge, regarding the
grant program, the billion dollar grant program for public
health preparedness established by Secretary Thompson and
authorized by the 2002 Public Health Security and Bioterrorism
Preparedness Act? How will that change in terms of the
proposals?
Mr. Allen. Under the proposals, the Department of Homeland
Security will have the responsibility for those State and local
programs; however, they will do that through contracting with
HHS to run those programs. Certainly, the Administration did
not want to disrupt what was accomplished in the public health,
the act, the bioterrorism act, to disrupt what has already been
taking place, and that is, is getting resources to State and
local communities. We will still be in essence the grant
managers in that sense actually working with State and local
governments. It's simply that the strategic decisionmaking will
be primarily the responsibility of the Department of Homeland
Security, and they will consult with and contract with
through--and through memorandums of understanding with the
Department in carrying out of those functions.
Mr. Deutsch. Now, our understanding is--my understanding as
well is that for budgeting purposes, these two infrastructures
that we are just describing cannot cost more than the single
one. How is that possible? And is that correct?
Mr. Allen. It's possible, because, for example, in terms of
what we are already doing, the functions will--the functions,
the personnel will remain at the Health Resources Services
Administration, which is working on the possible preparedness
issues, and will remain at the Center for Disease Control which
is working with State and local health departments in terms of
the functions there.
So, in essence, the money is going to be funded through the
Department of--the Department of Homeland Security, and they
will contract with HHS to carry out those functions.
Mr. Deutsch. In your testimony, you stated that HHS would
continue to decide what agents would be on the select agent
list. Could you cite the legislation or the provision for that?
Mr. Allen. Actually, under the legislation, the scientific
work that is being done, the medical expertise that is
necessary right now to determine what the select agents are
would be accomplished by working with the scientists who
currently exist at H HS. Under the section 502, it transfers--
subsection 5, it transfers the work of the Office of Assistant
Secretary for Public Health Emergency Preparedness, but also
transfers--and all their functions in the strategic and
national stockpile is also transferred.
With regards to the select agent rule, I have to find the
specific records.
Mr. Deutsch. You can provide that to us, if you can.
Mr. Allen. Sure. I will be glad to do that.
Mr. Deutsch. Again, I just see my time is running out, so
let me go through two other questions very quickly.
What percentage of public health service officers are
actually supposed to go over to the new agency?
Mr. Allen. We don't have a number of actual individuals. I
can give you the number of individuals who are supposed to
transfer over.
With regards to--if you will hold on for a second. Under
the select agent rule, for example, we will be transferring
seven FTEs. Those are the individuals who actually worked at
CDC who worked on the select agent transfer program. We also--
under the Office of the Assistant Secretary for Public Health
Preparedness, that would include approximately 116 staff and
detailees who are currently on board, including 87 individuals
who are at the Office of Emergency Preparedness. And for the
functions in terms of the national, the national pharmaceutical
stockpile would include currently about 28 individuals.
Mr. Deutsch. Thank you.
Mr. Allen. And your cite for the select agent rule, I do
have that for you. It's under section 502. 302, I'm sorry.
Section 302, subsection 1. It says that the select agent
registration enforcement programs and activities of the
Department of Health and Human Services, including the
functions of the Secretary of HHS relating thereto, will
transfer over.
Mr. Whitfield. General Gordon, one of the laboratories in
their written testimony asked a very good question about how
NEST's effectiveness depends in large part on the continued R&D
and technology improvement efforts under way at DOE. If you
divide--if the NEST teams are divorced in some way from the R&D
component, whether by transfer of NEST or transfer of those R&D
components to Homeland Security, in your opinion, what would
the impact of that be? And does that concern you?
Mr. Gordon. Mr. Chairman, it's not our intent to break that
link at all. The labs have a huge capacity to do this R&D. It's
very important to us. And they are, of course, the ones who
provide the experts for NEST.
As we discussed in the statement, the NEST will continue to
operate and live as an organic unit within the National Nuclear
Security Administration and DOE, and be available as a national
asset, as the demand requires. We intend to keep them linked
tightly together.
Mr. Whitfield. Okay. On these NEST teams, is it--many
people devote time voluntarily to this. Is that correct? Or----
Mr. Gordon. Of the 900 or so people that are identifiable
on the full range of nuclear incident response teams, which
goes beyond NEST, there is probably only about 70 full-time
employees. The others, I'm not sure I would call them
volunteers so much as additional duty. They accept this duty,
they accept this responsibility. They train to it and exercise
to it.
But the point being, from my perspective, Mr. Chairman, the
point being that's one of the reasons you just can't pick this
thing up lock, stock, and barrel, and move it elsewhere. Their
expertise, their currency is actually from the jobs they do day
to day.
Mr. Whitfield. You know, some people have described this
situation as following the National Guard model in which
equipment and supplies are centrally managed--in this case, by
the new Secretary--while the personnel remain under the general
authority of the respective departments--in this case DOE--
except when called to duty. Is that your understanding of the
approach embodied in this bill?
Mr. Gordon. I might use a different analogy but toward the
same end. Military service today, their responsibility is to
organize, train, and equip.
Mr. Whitfield. Right.
Mr. Gordon. And then they are then fought by a commander in
chief. I think that there is an analogy here pretty strong to
that point, that we would organize, train, and equip to
standards that I would hope that the new department would help
sharpen, help strengthen, and work the interoperability perhaps
better than we do today.
Mr. Whitfield. I was wondering if you would elaborate just
a little bit on these joint tactical operations teams.
Actually, what is their mission?
Mr. Gordon. What they would be doing is we would be
augmenting the individuals who were hands-on attempting to deal
with or dismantle a weapon. So, basically, in those instances,
Mr. Chairman, what we do is we bring in the technical expertise
that sits behind the bomb squad.
Mr. Whitfield. Okay.
Now, Secretary Allen, if we move some of the key functions
of the new Assistant HHS Secretary for Public Health
Preparedness--and maybe you all touched on this earlier. But if
we moved that to the new department, does that eliminate the
need for that assistant secretary entirely, or would there be
remaining functions, such as coordination, that would need to
be done?
Mr. Allen. Clearly, the need for coordination within the
Department of HHS of these activities will not be eliminated.
Whether that is the requirement of having an assistant
secretary level function, that is something that remains to be
addressed. Clearly, the department under Secretary Thompson
following 9/11, he created the Office of Public Health
Preparedness, and had a director of that office to coordinate
those functions. But it was certainly the wisdom of Congress to
create an office of an assistant secretary. So we would be
flexible to work with it, but there will need to have very
senior leadership coordinating the activities of the department
to work with Homeland Security to ensure the continuity of
those programs.
Mr. Whitfield. Thank you very much. I see my time has
expired. We will recognize the gentleman from Michigan for 5
minutes.
Mr. Stupak. Thank you, Mr. Chairman.
General Gordon, I think in your opening statement you
commented, or maybe it was in response to a question, about
Salt Lake City Olympics. Did you--or, not you. But were there
radiation detection devices at the Salt Lake Olympics?
Mr. Gordon. We didn't set up specifically. The emphasis on
the Salt Lake Olympics was more in the area of some biological
response, which I would prefer to discuss in a different
session.
Mr. Stupak. Sure. But in answer to my question, so there
wasn't any radiation detection devices at Salt Lake that you
know of?
Mr. Gordon. We did not set up specific portals.
Mr. Stupak. Right. My question is, do you know if there
were any radiation detection devices? I know you didn't set
them up, but were there?
Mr. Gordon. I just don't know the answer to your question.
Mr. Stupak. Okay.
Mr. Gordon. I will provide you a response.
[The following was received for the record:]
At the request of the U.S. Secret Service and the Federal Bureau of
Investigation, and in support of the Utah Olympic Public Safety
Command, the Department of Energy deployed the Nuclear/Radiological
Advisory Team (NRAT) and members of the Radiological Assistance Program
(RAP) team from Region 6 (Idaho) with portable radiation detection
equipment to the Salt Lake City 2002 Winter Olympic Games. The
equipment deployed included small pager-sized radiation detectors,
detectors carried in briefcases and backpacks, and vehicle-mounted
detectors. Identification units, which are used to identify the
specific type of radiological material, were also sent. No radiation
portal monitoring was conducted at any time.
Prior to the arrival of the athletes, NRAT and RAP conducted
radiological surveys around Salt Lake City and the high security areas.
Surveys of this type are useful in cataloging the radiological
signature of the surrounding areas, saving critical response time in
the event of an actual incident. During the survey process several
locations revealed an elevated radiation signature. In each instance,
the NRAT scientists deployed with identification units and determined
that the readings were due to natural background radiation, a normal
occurrence. Once the Olympics began, the radiological surveying stopped
and the teams assumed a response posture. There were no incidents
requiring the use of NRAT or RAP personnel or equipment during the
Olympics.
Mr. Stupak. Okay. But the only point I was driving at--it
wasn't a trick question--is my impression is that there were
radiation detection devices we used at Salt Lake City. In the
earlier panel with Governor Ridge here, we were talking a lot
about radiation detection devices. If they were set up and used
in Salt Lake City and if there is concerns we should have them
elsewhere in this country, why aren't we using them? That's all
I'm trying to get at.
Mr. Gordon. Again, I would really like to discuss this in a
different session.
Mr. Stupak. Sure. Let me put it this way. When I was
asking--we were talking about it before, myself and Governor
Ridge, we talked about how Customs wanted these devices, and
then contractors gave them to DOE, and DOE has now gone to one
of the labs to try to get some standards and get some
development going, and we are already down the three levels.
And in response to the question, it was like, ``Well,
Congressman, that's sort of the way the Federal bureaucracy
works.'' I didn't get a warm, fuzzy feeling when I got that
answer.
I guess if we are going to do this new Homeland Security,
Department of Homeland Security, how are things going to be
different?
Mr. Gordon. I want to sign up to exactly what I think you
are getting at, sir. We had proposed and suggested at the
beginning that there be developed in effect a lead technical
agency that could bring together the disparate variety of
activities that are under way in this with some national
standards, with some national priorities that are set up for
where we are going. That is, in my understanding, what is to be
incorporated into this new department. Because what we have
now, even in our own areas for the Department of Energy and
NNSA, is some very specific capabilities that were put together
for some very specific and somewhat narrow uses. We have now
expanded those, I think, with considerable expertise and a
little bit of alacrity in response to 9/11. The pagers, the
sort of small radiation detection pagers that are used at
airports have been made available to the extent that we could
get them fast enough or cause them to be produced fast enough,
deployed in a number of locations with a number of different
forces.
I think there is a good effort across the board in where we
are using and deploying some systems, which I would be glad to
talk with you in a smaller group, but it is time to pull it
together in an aggressive program.
Mr. Stupak. Okay. Again, maybe it would be appropriate in a
closed session, and, again, just a little bit. But I'm still
trying to get at if we create this new department how is it
going to be different? How are we going to have accountability,
responsibility, and make sure the job is getting done, and we
don't have finger-pointing after an incident? That's what I'm
driving at.
Mr. Gordon. We bring it together in one place with
individuals who are charged to look at it nationally----
Mr. Stupak. Okay.
Mr. Gordon. [continuing] who are designed to set up what
are the priorities that you want us to spend our research
dollars and our production dollars on, and take that in an
aggressive step and just work right down a strategic plan.
Mr. Stupak. I'm sure, Mr. Chairman, when we get into the
radiation detection, I would suggest that might be a place we
want to go in closed session. I know I have some more
questions, but I am going to leave that issue right now and go
to another spot.
Well, let's take the NEST teams. I don't know of any
significant problems that have been evident by the way these
teams have been presently structured or how their command and
control has worked in the past. So if you move NEST teams over
to the new department, how is that going to improve them or
improve their functionality?
Mr. Gordon. I think the point, sir, is that they don't move
over; that they become part of the coordinated units that are
available to respond to a crisis upon the direction of the
Secretary.
Mr. Stupak. So the teams wouldn't move over to Homeland
Security?
Mr. Gordon. The teams do not move as a unit. They stay
where they are because--they need, in fact, to stay inside the
organization because they are not full-time personnel that
deploy. These are actually the experts that are working on our
stockpile stewardship program, working on our weapons, working
the intelligence side. So we bring them together, as the
Chairman had suggested, in a National Guard way or in a
military service way to respond to individual crisis.
Mr. Stupak. Okay. All right. I was under the impression,
and maybe wrongly so, that NEST teams are going to be moved to
Homeland Security.
Mr. Gordon. No, sir. They would be available under the
command of the Secretary of Energy upon call for national
issues. They also would be available to the Secretary or myself
for an DOE-NNSA incident where they had to respond. And we need
them to stay tied in to their current work, because they are
not full-time NEST employees, on the whole.
Mr. Stupak. Okay. They stay where they are, but additional
people can employ them, if need be.
Mr. Gordon. And that's effectively the way it is today. If
there were an incident this moment that involved a nuclear
weapons or terrorist attack, the FBI would be responsible for
commanding that incident, and we would deploy our forces to the
FBI for their use.
Mr. Greenwood. The time of the gentleman has expired.
Thank you, Secretary Allen, thank you, General Gordon, for
your testimony, for responding to our questions, to your
pledges of cooperation as we work through this legislation.
Thank you again, and you are excused.
Mr. Gordon. Thank you, Mr. Chairman.
Mr. Greenwood. The Chair then calls forward our third panel
for this hearing. We have Ms. Jan Heinrich, who is the Director
of Health Care and Public Health Issues at the U.S. General
Accounting Office; Dr. Harry C. Vantine, Program Leader,
Counterterrorism and Incident Response at the Lawrence
Livermore National Laboratory; Dr.--or Mr. David Nokes,
Director, Systems Assessment and Research Center, Sandia
National Laboratories; Dr. Donald D. Cobb, Associate Director
for Threat Reduction, Los Alamos National Laboratory; Dr. Lew
Stringer, Medical Director, Division of Emergency Management,
the North Carolina Department of Crime Control and Public
Safety; and Mr. Edward P. Plaugher, Chief of the Arlington
County Fire Department, and also Executive Agent, Washington
Area, National Medical Response Team.
Lady and gentlemen, we welcome you, and thank you for
joining us this morning. And I would--you are aware that this
committee is holding an investigative hearing, and when doing
so, it is our practice to take testimony under oath. Do any of
you have any objections to giving your testimony under oath?
No? You are also, under the rules of this committee and the
House, entitled to be represented by counsel. Do any of you
wish to be represented by counsel this morning? Okay.
Is Dr. Stringer not here? Doctor, take your time and hurry
on up to the table.
Welcome, Dr. Stringer. As I indicated to the other
witnesses, sir, you are aware that this committee is holding an
investigative hearing, and you are aware that, pursuant to our
practices, we take testimony under oath. And I should ask you,
do you have any objection to giving your testimony under oath?
Mr. Stringer. No, sir.
Mr. Greenwood. Then for all of you, you are entitled under
the rules of the House and the committee to be represented by
counsel. Do any of you wish to be represented by counsel? Okay.
In that case, if you would each stand, and all stand and raise
your right hands, I will swear you in.
[Witnesses sworn.]
Mr. Greenwood. Okay. You are all the under oath. And Ms.
Heinrich, you are recognized for 5 minutes for your opening
statement. Thank you for being with us.
TESTIMONY OF JANET HEINRICH, DIRECTOR, HEALTH CARE AND PUBLIC
HEALTH ISSUES, U.S. GENERAL ACCOUNTING OFFICE; HARRY C.
VANTINE, PROGRAM LEADER, COUNTERTERRORISM AND INCIDENT
RESPONSE, LAWRENCE LIVERMORE NATIONAL LABORATORY; K. DAVID
NOKES, DIRECTOR, SYSTEMS ASSESSMENT AND RESEARCH CENTER, SANDIA
NATIONAL LABORATORIES; DONALD D. COBB, ASSOCIATE DIRECTOR FOR
THREAT REDUCTION, LOS ALAMOS NATIONAL LABORATORY; LLEWELLYN W.
STRINGER, JR., MEDICAL DIRECTOR, DIVISION OF EMERGENCY
MANAGEMENT, NORTH CAROLINA DEPARTMENT OF CRIME CONTROL AND
PUBLIC SAFETY; AND EDWARD P. PLAUGHER, CHIEF, ARLINGTON COUNTY
FIRE DEPARTMENT, EXECUTIVE AGENT, WASHINGTON AREA NATIONAL
MEDICAL RESPONSE TEAM
Ms. Heinrich. Mr. Chairman and members of the subcommittee,
I appreciate the opportunity to be here today to discuss the
proposed creation of the Department of Homeland Security. Since
the terrorist attacks of September 11 and the subsequent
anthrax incidents, there has been concern about the ability of
the Federal Government to prepare and coordinate an effective
public health response to such events. Our earlier work found
that more than 20 Federal departments and agencies carry some
responsibility for bioterrorism preparedness and response, and
that their efforts are fragmented.
Emergency response is further complicated by the need to
coordinate actions with agencies at the State and local level
where much of the response activity would occur. My remarks
will focus on the aspects of the proposal concerned with public
health preparedness and response, and the two primary changes
to the current system found in title 5 of the proposed bill.
First, the proposal would transfer certain emergency
preparedness and response programs, as we have already heard.
Second, it would transfer the control over but not the
operation of other public health preparedness assistance
programs, such as providing emergency preparedness planning
assistance to State and local governments from HHS to the new
department.
The consolidation of Federal agencies and resources for
medical response to an emergency as outlined in the proposed
legislation has the potential to improve efficiency and
accountability for these activities at the Federal level, as
well as the State and local levels. The programs to be
consolidated have already been identified for you. As Governor
Ridge has stated, issues of coordination will remain, however.
The proposed transfer of the Metropolitan Medical Response
System does not address the need for enhanced regional
communication and coordination, for example. The National
Disaster Medical System functions as a partnership among HHS,
the Department of Defense, the Department of Veterans Affairs,
FEMA, State and local governments, and the private sector.
Thus, coordination across departments will still be required.
Similarly, the Strategic National Stockpile will involve
the VA for purchase and storage, and HHS, in regards to the
medical contents.
Although the proposed department has the potential to
improve emergency response functions, its success is contingent
on merging the perspectives of the various programs that would
be integrated under the proposal. We are concerned that the
lines of authority of the different parties in the event of
emergency still need to be clarified.
As an example, in the recent anthrax events, local
officials complained about differing priorities between the FBI
and public health officials handling suspicious specimens. The
FBI viewed the specimens as evidence in a criminal case, while
public health officials' first priority was contacting
physicians to ensure effective treatment was begun promptly.
The President's proposal to shift the authority, funding,
and priority-setting for all programs assisting State and local
agencies and public health emprgency Preparedness from HHS to
the new department raises concerns because of the dual purpose
nature of these activities. These programs include, as we have
heard, the CDC's bioterrorism and preparedness programs and the
HRSA Bioterrorism Hospital Preparedness Program. Functions
funded through these programs are central to investigations of
naturally occurring infectious disease outbreaks and to regular
public health communications, as well as to identifying and
responding to a bioterrorism event. Just as with the West Nile
virus outbreak in New York City, which initially was feared to
be the result of bioterrorism, when an unusual case of disease
occurs, public health officials must investigate. Although the
origin of the disease may not be clear at the outset, the same
public health resources are needed, regardless of the source.
The recently enacted Public Health Security and
Bioterrorism Preparedness and Response Act of 2002 recognized
that these dual purpose programs are needed in State and local
communities. Now States are beginning to plan to expand
laboratory capacity, enhance their ability to conduct
infectious disease surveillance and epidemiological
investigations, and develop plans for communicating with the
public. While under the proposal, the Secretary of Homeland
Security would be given control over these assistance programs,
their implementation would continue to be carried out by H HS.
The proposal also authorizes the President to direct that
these programs no longer be carried out in that manner without
addressing the circumstances under which such authority would
be exercised.
We are concerned that this approach may disrupt the synergy
that exists in these dual purpose programs. We are also
concerned that the separation of control over the programs from
their operations would lead to difficulty in balancing
priorities. Although the HHS programs are important for
homeland security, they are just as important to the day-to-day
needs of public health agencies and hospitals, such as
reporting on meningitis outbreaks and providing alerts to the
medical community on influenza. The current proposal does not
clearly provide a structure that ensures that both the goals of
homeland security and public health will be met.
In summary, many aspects of the proposal are in line with
our previous recommendations to consolidate programs,
coordinate functions, and provide a statutory basis for
leadership of homeland security. However, we do have concerns,
as we have noted.
Mr. Chairman, this completes my prepared statement. I am
happy to respond to any questions you or other members may
have.
[The prepared statement of Janet Heinrich follows:]
Prepared Statement of Janet Heinrich, Director, Health Care and Public
Health Issues, U.S. General Accounting Office
Mr. Chairman and Members of the Committee: I appreciate the
opportunity to be here today to discuss the proposed creation of the
Department of Homeland Security. Since the terrorist attacks of
September 11, 2001, and the subsequent anthrax incidents, there has
been concern about the ability of the federal government to prepare for
and coordinate an effective public health response to such events,
given the broad distribution of responsibility for that task at the
federal level. Our earlier work found, for example, that more than 20
federal departments and agencies carry some responsibility for
bioterrorism preparedness and response and that these efforts are
fragmented. 1 Emergency response is further complicated by
the need to coordinate actions with agencies at the state and local
level, where much of the response activity would occur.
---------------------------------------------------------------------------
\1\ U.S. General Accounting Office, Bioterrorism: Federal Research
and Preparedness Activities, GAO-01-915, (Washington, D.C.: Sept. 28,
2001).
---------------------------------------------------------------------------
The President's proposed Homeland Security Act of 2002 would bring
many of these federal entities with homeland security
responsibilities--including public health preparedness and response--
into one department, in an effort to mobilize and focus assets and
resources at all levels of government. The aspects of the proposal
concerned with public health preparedness and response would involve
two primary changes to the current system, which are found in Title V
of the proposed bill. First, the proposal would transfer certain
emergency preparedness and response programs from multiple agencies to
the new department. Second, it would transfer the control over, but not
the operation of, other public health preparedness assistance programs,
such as providing emergency preparedness planning assistance to state
and local governments, from the Department of Health and Human Services
(HHS) to the new department. 2
---------------------------------------------------------------------------
\2\ These changes are primarily covered by Sections 502 and 505,
respectively, in Title V of the President's proposed legislation.
---------------------------------------------------------------------------
In order to assist the committee in its consideration of this
extensive reorganization of our government, my remarks today will focus
on Title V of the President's proposal and the implications of (1) the
proposed transfer of specific public health preparedness and response
programs currently housed in HHS into the new department and (2) the
proposed transfer of control over certain other public health
preparedness assistance programs from HHS to the new department. My
testimony today is based largely on our previous and ongoing work on
federal, state, and local preparedness in responding to bioterrorist
threats, 3 as well as a review of the proposed legislation.
---------------------------------------------------------------------------
\3\ See ``Related GAO Products'' at the end of this testimony.
---------------------------------------------------------------------------
In summary, we believe that the proposed reorganization has the
potential to repair the fragmentation we have noted in the coordination
of public health preparedness and response programs at the federal,
state, and local levels. As we have recommended, the proposal would
institutionalize the responsibility for homeland security in federal
statute. We expect that, in addition to improving overall coordination,
the transfer of programs from multiple agencies to the new department
could reduce overlap among programs and facilitate response in times of
disaster. However, we have concerns about the proposed transfer of
control from HHS to the new department for public health assistance
programs that have both basic public health and homeland security
functions. These dual-purpose programs have important synergies that we
believe should be maintained. We are concerned that transferring
control over these programs, including priority setting, to the new
department has the potential to disrupt some programs that are critical
to basic public health responsibilities. We do not believe that the
President's proposal is sufficiently clear on how both the homeland
security and the public health objectives would be accomplished.
background
Federal, state, and local government agencies have differing roles
with regard to public health emergency preparedness and response. The
federal government conducts a variety of activities, including
developing interagency response plans, increasing state and local
response capabilities, developing and deploying federal response teams,
increasing the availability of medical treatments, participating in and
sponsoring exercises, planning for victim aid, and providing support in
times of disaster and during special events such as the Olympic games.
One of its main functions is to provide support for the primary
responders at the state and local level, including emergency medical
service personnel, public health officials, doctors, and nurses. This
support is critical because the burden of response falls initially on
state and local emergency response agencies.
The President's proposal transfers control over many of the
programs that provide preparedness and response support for the state
and local governments to a new Department of Homeland Security. Among
other changes, the proposed bill transfers HHS's Office of the
Assistant Secretary for Public Health Emergency Preparedness to the new
department. Included in this transfer is the Office of Emergency
Preparedness (OEP), which currently leads the National Disaster Medical
System (NDMS) 4 in conjunction with several other agencies
and the Metropolitan Medical Response System (MMRS). 5 The
Strategic National Stockpile, 6 currently administered by
the Centers for Disease Control and Prevention (CDC), would also be
transferred, although the Secretary of Health and Human Services would
still manage the stockpile and continue to determine its contents.
---------------------------------------------------------------------------
\4\ In the event of an emergency, the National Disaster Medical
System has response teams that can provide support at the site of a
disaster. These include specialized teams for burn victims, mental
health teams, teams for incidents involving weapons of mass
destruction, and mortuary teams that can be deployed as needed. About
2,000 civilian hospitals have pledged resources that could be marshaled
in any domestic emergency under the system.
\5\ The Metropolitan Medical Response System is a program that
provides support for local community planning and response capabilities
for mass casualty and terrorist incidents in metropolitan areas.
\6\ The stockpile, previously called the National Pharmaceutical
Stockpile, consists of two major components. The first component is the
12-Hour Push Packages, which contain pharmaceuticals, antidotes, and
medical supplies and can be delivered to any site in the United States
within 12 hours of a federal decision to deploy assets. The second
component is the Vendor Managed Inventory.
---------------------------------------------------------------------------
Under the President's proposal, the new department would also be
responsible for all current HHS public health emergency preparedness
activities carried out to assist state and local governments or private
organizations to plan, prepare for, prevent, identify, and respond to
biological, chemical, radiological, and nuclear events and public
health emergencies. Although not specifically named in the proposal,
this would include CDC's Bioterrorism Preparedness and Response program
and the Health Resources and Services Administration's (HRSA)
Bioterrorism Hospital Preparedness Program. These programs provide
grants to states and cities to develop plans and build capacity for
communication, disease surveillance, epidemiology, hospital planning,
laboratory analysis, and other basic public health functions. Except as
directed by the President, the Secretary of Homeland Security would
carry out these activities through HHS under agreements to be
negotiated with the Secretary of HHS. Further, the Secretary of
Homeland Security would be authorized to set the priorities for these
preparedness and response activities.
reorganization has potential to improve coordination
The consolidation of federal assets and resources in the
President's proposed legislation has the potential to improve
coordination of public health preparedness and response activities at
the federal, state, and local levels. Our past work has detailed a lack
of coordination in the programs that house these activities, which are
currently dispersed across numerous federal agencies. In addition, we
have discussed the need for an institutionalized responsibility for
homeland security in federal statute. 7 The proposal
provides the potential to consolidate programs, thereby reducing the
number of points of contact with which state and local officials have
to contend, but coordination would still be required with multiple
agencies across departments. Many of the agencies involved in these
programs have differing perspectives and priorities, and the proposal
does not sufficiently clarify the lines of authority of different
parties in the event of an emergency, such as between the Federal
Bureau of Investigation (FBI) and public health officials investigating
a suspected bioterrorist incident. Let me provide you more details.
---------------------------------------------------------------------------
\7\ U.S. General Accounting Office, Homeland Security:
Responsibility and Accountability for Achieving National Goals, GAO-02-
627T (Washington, D.C.: Apr. 11, 2002).
---------------------------------------------------------------------------
We have reported that many state and local officials have expressed
concerns about the coordination of federal public health preparedness
and response efforts. 8 Officials from state public health
agencies and state emergency management agencies have told us that
federal programs for improving state and local preparedness are not
carefully coordinated or well organized. For example, federal programs
managed by the Federal Emergency Management Agency (FEMA), Department
of Justice (DOJ), and OEP and CDC all currently provide funds to assist
state and local governments. Each program conditions the receipt of
funds on the completion of a plan, but officials have told us that the
preparation of multiple, generally overlapping plans can be an
inefficient process. 9 In addition, state and local
officials told us that having so many federal entities involved in
preparedness and response has led to confusion, making it difficult for
them to identify available federal preparedness resources and
effectively partner with the federal government.
---------------------------------------------------------------------------
\8\ U.S. General Accounting Office, Bioterrorism: Federal Research
and Preparedness Activities, GAO-01-915, (Washington, D.C.: Sept. 28,
2001).
\9\ U.S. General Accounting Office, Combating Terrorism:
Intergovernmental Partnership in a National Strategy to Enhance State
and Local Preparedness, GAO-02-547T (Washington, D.C.: Mar. 22, 2002).
---------------------------------------------------------------------------
The proposed transfer of numerous federal response teams and assets
to the new department would enhance efficiency and accountability for
these activities. This would involve a number of separate federal
programs for emergency preparedness and response, including FEMA;
certain units of DOJ; and HHS's Office of the Assistant Secretary for
Public Health Emergency Preparedness, including OEP and its NDMS and
MMRS programs, along with the Strategic National Stockpile. In our
previous work, we found that in spite of numerous efforts to improve
coordination of the separate federal programs, problems remained, and
we recommended consolidating the FEMA and DOJ programs to improve the
coordination. 10 The proposal places these programs under
the control of one person, the Under Secretary for Emergency
Preparedness and Response, who could potentially reduce overlap and
improve coordination. This change would make one individual accountable
for these programs and would provide a central source for federal
assistance.
---------------------------------------------------------------------------
\10\ U.S. General Accounting Office, Combating Terrorism: Selected
Challenges and Related Recommendations, GAO-01-822 (Washington, D.C.,
Sept. 20, 2001).
---------------------------------------------------------------------------
The proposed transfer of MMRS, a collection of local response
systems funded by HHS in metropolitan areas, has the potential to
enhance its communication and coordination. Officials from one state
told us that their state has MMRSs in multiple cities but there is no
mechanism in place to allow communication and coordination among them.
Although the proposed department has the potential to facilitate the
coordination of this program, this example highlights the need for
greater regional coordination, an issue on which the proposal is
silent.
Because the new department would not include all agencies having
public health responsibilities related to homeland security,
coordination across departments would still be required for some
programs. For example, NDMS functions as a partnership among HHS, the
Department of Defense (DOD), the Department of Veterans Affairs (VA),
FEMA, state and local governments, and the private sector. However, as
the DOD and VA programs are not included in the proposal, only some of
these federal organizations would be brought under the umbrella of the
Department of Homeland Security. Similarly, the Strategic National
Stockpile currently involves multiple agencies. It is administered by
CDC, which contracts with VA to purchase and store pharmaceutical and
medical supplies that could be used in the event of a terrorist
incident. Recently expanded and reorganized, the program will now
include management of the nation's inventory of smallpox vaccine. Under
the President's proposal, CDC's responsibilities for the stockpile
would be transferred to the new department, but VA and HHS involvement
would be retained, including continuing review by experts of the
contents of the stockpile to ensure that emerging threats, advanced
technologies, and new countermeasures are adequately considered.
Although the proposed department has the potential to improve
emergency response functions, its success is contingent on several
factors. In addition to facilitating coordination and maintaining key
relationships with other departments, these include merging the
perspectives of the various programs that would be integrated under the
proposal, and clarifying the lines of authority of different parties in
the event of an emergency. As an example, in the recent anthrax events,
local officials complained about differing priorities between the FBI
and the public health officials in handling suspicious specimens.
According to the public health officials, FBI officials insisted on
first informing FBI managers of any test results, which delayed getting
test results to treating physicians. The public health officials viewed
contacting physicians as the first priority in order to ensure that
effective treatment could begin as quickly as possible.
new department's control of essential public health capacities raises
concern
The President's proposal to shift the responsibility for all
programs assisting state and local agencies in public health emergency
preparedness and response from HHS to the new department raises concern
because of the dual-purpose nature of these activities. These programs
include essential public health functions that, while important for
homeland security, are critical to basic public health core capacities.
11 Therefore, we are concerned about the transfer of control
over the programs, including priority setting, that the proposal would
give to the new department. We recognize the need for coordination of
these activities with other homeland security functions, but the
President's proposal is not clear on how the public health and homeland
security objectives would be balanced.
---------------------------------------------------------------------------
\11\ The recently enacted Public Health Security and Bioterrorism
Preparedness and Response Act of 2002 (P.L.107-188) cited core public
health capacities that state and local governments need, including
effective public health surveillance and reporting mechanisms,
appropriate laboratory capacity, properly trained and equipped public
health and medical personnel, and communications networks that can
effectively disseminate relevant information in a timely and secure
manner.
---------------------------------------------------------------------------
Under the President's proposal, responsibility for programs with
dual homeland security and public health purposes would be transferred
to the new department. These include such current HHS assistance
programs as CDC's Bioterrorism Preparedness and Response program and
HRSA's Bioterrorism Hospital Preparedness Program. Functions funded
through these programs are central to investigations of naturally
occurring infectious disease outbreaks and to regular public health
communications, as well as to identifying and responding to a
bioterrorist event. For example, CDC has used funds from these programs
to help state and local health agencies build an electronic
infrastructure for public health communications to improve the
collection and transmission of information related to both bioterrorist
incidents and other public health events. 12 Just as with
the West Nile virus outbreak in New York City, which initially was
feared to be the result of bioterrorism, 13 when an unusual
case of disease occurs public health officials must investigate to
determine whether it is naturally occurring or intentionally caused.
Although the origin of the disease may not be clear at the outset, the
same public health resources are needed to investigate, regardless of
the source.
---------------------------------------------------------------------------
\12\ These include the Health Alert Network (HAN), a nationwide
system that facilitates the distribution of health alerts,
dissemination of prevention guidelines and other information, distance
learning, national disease surveillance, and electronic laboratory
reporting, and Epi-X, a secure Web-based disease surveillance network
for federal, state, and local epidemiologists that provides tools for
searching, tracking, discussing, and reporting on diseases and is
therefore a key element in any disease investigation.
\13\ U.S. General Accounting Office, West Nile Virus Outbreak:
Lessons for Public Health Preparedness, GAO/HEHS-00-180 (Washington,
D.C.: Sept. 11, 2000).
---------------------------------------------------------------------------
States are planning to use funds from these assistance programs to
build the dual-purpose public health infrastructure and core capacities
that the recently enacted Public Health Security and Bioterrorism
Preparedness and Response Act of 2002 14 stated are needed.
States plan to expand laboratory capacity, enhance their ability to
conduct infectious disease surveillance and epidemiological
investigations, improve communication among public health agencies, and
develop plans for communicating with the public. States also plan to
use these funds to hire and train additional staff in many of these
areas, including epidemiology.
---------------------------------------------------------------------------
\14\ P.L. 107-188.
---------------------------------------------------------------------------
Our concern regarding these dual-purpose programs relates to the
structure provided for in the President's proposal. The Secretary of
Homeland Security would be given control over programs to be carried
out by another department. The proposal also authorizes the President
to direct that these programs no longer be carried out in this manner,
without addressing the circumstances under which such authority would
be exercised. We are concerned that this approach may disrupt the
synergy that exists in these dual-purpose programs. We are also
concerned that the separation of control over the programs from their
operations could lead to difficulty in balancing priorities. Although
the HHS programs are important for homeland security, they are just as
important to the day-to-day needs of public health agencies and
hospitals, such as reporting on disease outbreaks and providing alerts
to the medical community. The current proposal does not clearly provide
a structure that ensures that both the goals of homeland security and
public health will be met.
concluding observations
Many aspects of the proposed consolidation of response activities
are in line with our previous recommendations to consolidate programs,
coordinate functions, and provide a statutory basis for leadership of
homeland security. The transfer of the HHS medical response programs
has the potential to reduce overlap among programs and facilitate
response in times of disaster. However, we are concerned that the
proposal does not provide the clear delineation of roles and
responsibilities that we have stated is needed. We are also concerned
about the broad control the proposal grants to the new department for
public health preparedness programs. Although there is a need to
coordinate these activities with the other homeland security
preparedness and response programs that would be brought into the new
department, there is also a need to maintain the priorities for basic
public health capacities that are currently funded through these dual-
purpose programs. We do not believe that the President's proposal
adequately addresses how to accomplish both objectives.
Mr. Chairman, this completes my prepared statement. I would be
happy to respond to any questions you or other Members of the Committee
may have at this time.
For further information about this testimony, please contact me at
(202) 512-7118. Marcia Crosse, Greg Ferrante, Deborah Miller, and
Roseanne Price also made key contributions to this statement.
related gao products
Homeland Security
Homeland Security: Key Elements to Unify Efforts Are Underway but
Uncertainty Remains. GAO-02-610. Washington, D.C.: June 7, 2002.
Homeland Security: Responsibility and Accountability for Achieving
National Goals. GAO-02-627T. Washington, D.C.: April 11, 2002.
Homeland Security: Progress Made; More Direction and Partnership
Sought. GAO-02-490T. Washington, D.C.: March 12, 2002.
Homeland Security: Challenges and Strategies in Addressing Short-
and Long-Term National Needs. GAO-02-160T. Washington, D.C.: November
7, 2001.
Homeland Security: A Risk Management Approach Can Guide
Preparedness Efforts. GAO-02-208T. Washington, D.C.: October 31, 2001.
Homeland Security: Need to Consider VA's Role in Strengthening
Federal Preparedness. GAO-02-145T. Washington, D.C.: October 15, 2001.
Homeland Security: Key Elements of a Risk Management Approach. GAO-
02-150T. Washington, D.C.: October 12, 2001.
Homeland Security: A Framework for Addressing the Nation's Efforts.
GAO-01-1158T. Washington, D.C.: September 21, 2001.
Public Health
Bioterrorism: The Centers for Disease Control and Prevention's Role
in Public Health Protection. GAO-02-235T. Washington, D.C.: November
15, 2001.
Bioterrorism: Review of Public Health Preparedness Programs. GAO-
02-149T. Washington, D.C.: October 10, 2001.
Bioterrorism: Public Health and Medical Preparedness. GAO-02-141T.
Washington, D.C.: October 9, 2001.
Bioterrorism: Coordination and Preparedness. GAO-02-129T.
Washington, D.C.: October 5, 2001.
Bioterrorism: Federal Research and Preparedness Activities. GAO-01-
915. Washington, D.C.: September 28, 2001.
Chemical and Biological Defense: Improved Risk Assessment and
Inventory Management Are Needed. GAO-01-667. Washington, D.C.:
September 28, 2001.
Combating Terrorism: Need for Comprehensive Threat and Risk
Assessments of Chemical and Biological Attacks. GAO/NSIAD-99-163.
Washington, D.C.: September 14, 1999.
West Nile Virus Outbreak: Lessons for Public Health Preparedness.
GAO/HEHS-00-180. Washington, D.C.: September 11, 2000.
Chemical and Biological Defense: Program Planning and Evaluation
Should Follow Results Act Framework. GAO/NSIAD-99-159. Washington,
D.C.: August 16, 1999.
Combating Terrorism: Observations on Biological Terrorism and
Public Health Initiatives. GAO/T-NSIAD-99-112. Washington, D.C.: March
16, 1999.
Combating Terrorism
National Preparedness: Technologies to Secure Federal Buildings.
GAO-02-687T. Washington, D.C.: April 25, 2002.
National Preparedness: Integration of Federal, State, Local, and
Private Sector Efforts Is Critical to an Effective National Strategy
for Homeland Security. GAO-02-621T. Washington, D.C.: April 11, 2002.
Combating Terrorism: Intergovernmental Cooperation in the
Development of a National Strategy to Enhance State and Local
Preparedness. GAO-02-550T. Washington, D.C.: April 2, 2002.
Combating Terrorism: Enhancing Partnerships Through a National
Preparedness Strategy. GAO-02-549T. Washington, D.C.: March 28, 2002.
Combating Terrorism: Critical Components of a National Strategy to
Enhance State and Local Preparedness. GAO-02-548T. Washington, D.C.:
March 25, 2002.
Combating Terrorism: Intergovernmental Partnership in a National
Strategy to Enhance State and Local Preparedness. GAO-02-547T.
Washington, D.C.: March 22, 2002.
Combating Terrorism: Key Aspects of a National Strategy to Enhance
State and Local Preparedness. GAO-02-473T. Washington, D.C.: March 1,
2002.
Chemical and Biological Defense: DOD Should Clarify Expectations
for Medical Readiness. GAO-02-219T. Washington, D.C.: November 7, 2001.
Anthrax Vaccine: Changes to the Manufacturing Process. GAO-02-181T.
Washington, D.C.: October 23, 2001.
Chemical and Biological Defense: DOD Needs to Clarify Expectations
for Medical Readiness. GAO-02-38. Washington, D.C.: October 19, 2001.
Combating Terrorism: Considerations for Investing Resources in
Chemical and Biological Preparedness. GAO-02-162T. Washington, D.C.:
October 17, 2001.
Combating Terrorism: Selected Challenges and Related
Recommendations. GAO-01-822. Washington, D.C.: September 20, 2001.
Combating Terrorism: Actions Needed to Improve DOD Antiterrorism
Program Implementation and Management. GAO-01-909. Washington, D.C.:
September 19, 2001.
Combating Terrorism: Comments on H.R. 525 to Create a President's
Council on Domestic Terrorism Preparedness. GAO-01-555T. Washington,
D.C.: May 9, 2001.
Combating Terrorism: Accountability Over Medical Supplies Needs
Further Improvement. GAO-01-666T. Washington, D.C.: May 1, 2001.
Combating Terrorism: Observations on Options to Improve the Federal
Response. GAO-01-660T. Washington, DC: April 24, 2001.
Combating Terrorism: Accountability Over Medical Supplies Needs
Further Improvement. GAO-01-463. Washington, D.C.: March 30, 2001.
Combating Terrorism: Comments on Counterterrorism Leadership and
National Strategy. GAO-01-556T. Washington, D.C.: March 27, 2001.
Combating Terrorism: FEMA Continues to Make Progress in
Coordinating Preparedness and Response. GAO-01-15. Washington, D.C.:
March 20, 2001.
Combating Terrorism: Federal Response Teams Provide Varied
Capabilities; Opportunities Remain to Improve Coordination. GAO-01-14.
Washington, D.C.: November 30, 2000.
Combating Terrorism: Need to Eliminate Duplicate Federal Weapons of
Mass Destruction Training. GAO/NSIAD-00-64. Washington, D.C.: March 21,
2000.
Combating Terrorism: Chemical and Biological Medical Supplies Are
Poorly Managed. GAO/T-HEHS/AIMD-00-59. Washington, D.C.: March 8, 2000.
Combating Terrorism: Chemical and Biological Medical Supplies Are
Poorly Managed. GAO/HEHS/AIMD-00-36. Washington, D.C.: October 29,
1999.
Combating Terrorism: Observations on the Threat of Chemical and
Biological Terrorism. GAO/T-NSIAD-00-50. Washington, D.C.: October 20,
1999.
Combating Terrorism: Need for Comprehensive Threat and Risk
Assessments of Chemical and Biological Attacks. GAO/NSIAD-99-163.
Washington, D.C.: September 14, 1999
Combating Terrorism: Use of National Guard Response Teams Is
Unclear. GAO/T-NSIAD-99-184. Washington, D.C.: June 23, 1999.
Combating Terrorism: Observations on Growth in Federal Programs.
GAO/T-NSIAD-99-181. Washington, D.C.: June 9, 1999.
Combating Terrorism: Analysis of Potential Emergency Response
Equipment and Sustainment Costs. GAO/NSIAD-99-151. Washington, D.C.:
June 9, 1999.
Combating Terrorism: Use of National Guard Response Teams Is
Unclear. GAO/NSIAD-99-110. Washington, D.C.: May 21, 1999.
Combating Terrorism: Observations on Federal Spending to Combat
Terrorism. GAO/T-NSIAD/GGD-99-107. Washington, D.C.: March 11, 1999.
Combating Terrorism: Opportunities to Improve Domestic Preparedness
Program Focus and Efficiency. GAO/NSIAD-99-3. Washington, D.C.:
November 12, 1998.
Combating Terrorism: Observations on the Nunn-Lugar-Domenici
Domestic Preparedness Program. GAO/T-NSIAD-99-16. Washington, D.C.:
October 2, 1998.
Combating Terrorism: Observations on Crosscutting Issues. GAO/T-
NSIAD-98-164. Washington, D.C.: April 23, 1998.
Combating Terrorism: Threat and Risk Assessments Can Help
Prioritize and Target Program Investments. GAO/NSIAD-98-74. Washington,
D.C.: April 9, 1998.
Combating Terrorism: Spending on Governmentwide Programs Requires
Better Management and Coordination. GAO/NSIAD-98-39. Washington, D.C.:
December 1, 1997.
Disaster Assistance
Disaster Assistance: Improvement Needed in Disaster Declaration
Criteria and Eligibility Assurance Procedures. GAO-01-837. Washington,
D.C.: August 31, 2001.
Chemical Weapons: FEMA and Army Must Be Proactive in Preparing
States for Emergencies. GAO-01-850. Washington, D.C.: August 13, 2001.
Federal Emergency Management Agency: Status of Achieving Key
Outcomes and Addressing Major Management Challenges. GAO-01-832.
Washington, D.C.: July 9, 2001.
Budget and Management
Budget Issues: Long-Term Fiscal Challenges. GAO-02-467T.
Washington, D.C.: February 27, 2002.
Results-Oriented Budget Practices in Federal Agencies. GAO-01-
1084SP. Washington, D.C.: August 2001.
Managing for Results: Federal Managers' Views on Key Management
Issues Vary Widely Across Agencies. GAO-01-592. Washington, D.C.: May
25, 2001.
Determining Performance and Accountability Challenges and High
Risks. GAO-01-159SP. Washington, D.C.: November 2000.
Managing for Results: Using the Results Act to Address Mission
Fragmentation and Program Overlap. GAO-AIMD-97-146. Washington, D.C.:
August 29, 1997.
Government Restructuring: Identifying Potential Duplication in
Federal Missions and Approaches. GAO/T-AIMD-95-161. Washington, D.C.:
June 7, 1995.
Government Reorganization: Issues and Principles. GAO/T-GGD/AIMD-
95-166. Washington, D.C.: May 17, 1995.
Grant DesignGrant Programs: Design Features Shape Flexibility,
Accountability, and Performance Information. GAO/GGD-98-137.
Washington, D.C.: June 22, 1998.
Federal Grants: Design Improvements Could Help Federal Resources Go
Further. GAO/AIMD-97-7. Washington, D.C.: December 18, 1996.
Block Grants: Issues in Designing Accountability Provisions. GAO/
AIMD-95-226. Washington, D.C.: September 1, 1995.
Mr. Greenwood. Thank you very much.
Dr. Vantine, you are recognized for 5 minutes.
TESTIMONY OF HARRY C. VANTINE
Mr. Vantine. Well, thank you, Mr. Chairman, and members of
the committee, for asking me to speak before you today. It's a
pleasure to be here. My name is Harry Vantine. I head the
Counterterrorism and Incident Response Program at Lawrence
Livermore National Laboratory. Our program at Livermore covers
the waterfront, chemical, biological, nuclear, radiological.
Today, my remarks are going to concentrate on nuclear and
radiological, but I think similar remarks could be made for the
chem-bio program.
Let me start by saying that my overall reaction to this
legislation was that it is very broad, it's very inclusive. I
think that's a very good thing. It's clear to me that as we go
into the establishment of this Homeland Security Department, we
are going to learn by doing, we are going to have to be able to
change and adapt, and I think the legislation allows us to do
that.
What I would like to do is stress this morning some of the
elements that I think are really important in countering
terrorism. There are several elements that I see. One is that
we need a layered approach to counterterrorism. There is no one
silver bullet that is going to solve this problem. So, a
layered approach. I mean, we've got to look at beginning--we've
got to look at indications and warnings. We have got to try and
see the threats. We have got to protect the materials, the
nuclear materials that--or the weapons that might be diverted
for terrorist use. We need to have response teams that search,
that disable. We need to have consequence management teams. We
need to do the whole spectrum, and that's what I call a layered
approach. Any one of them won't work. It's a big problem. It's
a huge problem.
And so, you know, the second point I want to get to is
because it's such a large problem, how do we solve that? We are
going to need new and innovative approaches. And the way that--
coming from a technology laboratory like Livermore, the way I
see new technologies, new approaches being developed is through
R&D technology. I think we are going to have to rely very
heavily on R&D to find those new solutions.
Next, I would like to come to the issue of funding. When I
look at R&D funding in industries, if I look at
pharmaceuticals, biotechnologies, those type of industries,
it's not unusual in some of the pharmaceutical industries to
invest 20 percent of your revenues in R&D. We are going to have
to have a very aggressive investment strategy and new
approaches. Other companies invest 10 to 20 percent--10 to 15
percent. DOD is in that category. DOD invests in RDT&E
something like 10 percent. So I think that's another approach
going forward.
The fourth point I want to make is that I think we need
clear lines of authority in this department. One of the
drawbacks in the current system is that the current response
system is somewhat a response that's clues together from
different agencies. I think with this new department we have
the ability to have people really dedicated to this mission,
they know it's their job, and they're going to do it, and
they're going to know what they have to do. They have clear
authority.
The final general--the general attribute I think this
homeland security strategy needs is strategic planning. We
really have to do planning on big systems. We have to take a
big systems approach to how we do this. The planning has got to
be based on risk assessment to protect entire infrastructures.
At the laboratories, we've put together these big ideas in the
past, we've put together ideas such as model city protection,
the basis program for biological detection, protection system
for protecting metros, detection and tracking system for
looking at nuclear materials, a national test bid for cargo
inspection. These are the kind of ideas that we need,
overreaching ideas that really cover the waterfront.
Information synthesis, I think, is also an important area.
We are going to have to pull together the different
intelligence functions from the different agencies. I think the
new Office of Homeland--the Department of Homeland Security is
going to have to have access to the intelligence data, the raw
intelligence data it needs to process that information, to put
it together, and understand the threats.
And another program that's been brought over from the
existing programs is the nuclear assessment program. It's an
NNSA program that has actually run--operated all three of the
national weapons laboratories, headed by Livermore, though,
that--and these people have been real heroes since September
11, working hard to look and assess nuclear threats.
Let me say in summary that I really think we are going to
have to make a sustained investment in science and technology
to win the war on terrorism. It's an enormous task. It's a task
that the laboratories are eager to do, and with your help and
with your planning, we think we can do it.
[The prepared statement of Harry C. Vantine follows:]
Prepared Statement of Harry C. Vantine, Program Leader for
Counterterrorism and Incident Response, Lawrence Livermore National
Laboratory
Mr. Chairman and members of the committee, thank you for the
opportunity to appear before you today. I lead the program in
Counterterrorism and Incident Response at the Lawrence Livermore
National Laboratory (LLNL). However, the opinions that I present today
represent my views and not necessarily those of the Laboratory or the
National Nuclear Security Administration. Today I would like to focus
on nuclear and radiological response activities proposed for transfer
to the Department of Homeland Security. There are analogies for
chemical and biological response.
importance of the cbrni (chem/bio/radiological/nuclear/information)
mission
The threat of covert/terrorist delivery of weapons of mass
destruction (WMDs) is a concern of the utmost gravity. There are many
important government missions, but there is none more important than
the Homeland Security mission. Witnessing the changes in the past 20
years, the bio-technology revolution, the breakup of the Soviet Union,
the information explosion on the web, my conviction has only gotten
stronger that Homeland Security is an enduring national security
mission.
essential elements of a response strategy
What can we do to protect the U.S. against terrorist acquisition
and use of WMDs? As with every other aspect of the terrorism problem,
there is no silver bullet.
We see the following as essential elements.
A layered strategy is required, addressing the various stages
on this threat.
This strategy will rely heavily on R&D. Only new solutions
will offer adequate level of protection and be affordable.
Adequate funding is needed. Industries, such as information
technologies, biotechnologies, and pharmaceuticals, invest
heavily in R&D: 10 to 15% of their budget. DOD has a similar
profile of RDT&E investment.
Clear lines of authority. This will shorten the time to get
new capabilities to the field. Multi-group, multi-level
approvals and negotiations will be curtailed.
Strategic planning. Planning, based on risk assessment, is
needed to protect entire infrastructures. Included in this
planning are ideas such as Model City Protection, Detection and
Tracking Systems, and the National Testbed for cargo
inspection.
nuclear incident response
The Nuclear Incident Response Program has a broad charter to train
for and respond to nuclear threats at the local, regional, and national
level. The program is multi-agency. In the DHS legislation, it appears
that there are three Under Secretaries who deal with various aspects of
nuclear counterterrorism: Sec.301 is Nuclear Countermeasures, Sec. 401
is Border and Transportation Security, and Sec 501 is Emergency
Preparedness and Response. The activities of there three need to be
closely tied together so that there is one coordinated operational
mission.
The advent of monitoring systems, first responder reach back
(``Triage''), expanded regional response (RAP or Radiation Assistance
Program) capability will require more robust communication systems and
a robust fusion cell manned by technical experts. We will need to
respond rapidly to assess the level of threat while waiting for the
arrival of advanced technical assets. To maximize this capability it is
critical that the proper equipment be with the first responders, who
need to be practiced in their interactions with the fusion cell. The
Nuclear Laboratories have the capability of making rapid and detailed
analyses if sufficient information is transmitted to them. Thus it is
critical that the equipment for the first response assets be carefully
screened to maximize its capability. At the same time the capability
and technical personnel at LLNL and LANL need to be expanded to provide
the proper coverage and response capability to any scenario which
occurs.
recommendations for nuclear incident response
1. Training should be realistic, with preparation and training aids
that challenge the responder. Results of training exercises
should be used to improve system response.
2. Training should mimic actual response operations. ``Practice like
you play.''
3. The operational architecture should include all levels of response
from the first responder, to the regional and national
responders.
4. A strategy to transition new technology into capable, prototype
operational systems is essential. Technology developers must be
included in the operational planning process.
5. Technical aspects of Nuclear Counter Terrorism should be managed by
the laboratories with technical capabilities in this area, i.e.
LLNL, LANL, SNL, and RSL. One laboratory should be in charge of
coordinating and managing these technical activities among all
the labs.
nuclear assessment program
The Department of Homeland Security will have responsibilities for
receiving and analyzing all source information in order to understand
the nature and scope of the terrorist threat to the American homeland.
This must involve access to both law enforcement and intelligence
information at the most sensitive levels if the Department is to be
successful in developing a strategic national plan for securing key
resources and critical infrastructures, as well as responding to
pending threats and attacks as they are detected. The terrorist threat
is dynamic and global in nature. Understanding it and anticipating its
countermoves will be an ongoing process that would benefit from
interaction with other existing government programs analyzing and
tracking a number of ``classic'' nuclear, chemical and biological
threats and proliferation concerns. Essential intelligence information
needed to support the Department's roles and missions must be quickly
obtained, distributed, and analyzed so that protective priorities can
be adjusted and/or warnings issued.
The Department faces major information analysis challenges. The
number and diversity of these suggest that it would be appropriate to
generously size and support the Department's strategic law enforcement
and intelligence analysis programs including the nuclear assessment
program. It will certainly require some ``fully cleared'' people,
direct intelligence oversight and specific infrastructure to comply
with DCID policies and guidance. New protocols for sharing and
integrating law enforcement information with intelligence data may have
to be developed. Furthermore, it seems highly likely that, sooner or
later, it will require some additional supporting communication
infrastructure.
information analysis
The rapid advances in computer and information technology have
enabled our society to generate massive amounts of data and
information, but frequently we end up drowning in this sea of data
because we lack the ability to select out the information or the
relationships between information that is relevant. It is possible to
develop computing tools and architectures that will enable us to
progress beyond information overload to credible insights that can be
used by decision-makers. The need for this ``Information-to-Insight
(I2I)'' capability spans many national security areas and most of the
Laboratory's programs. I2I will create a fundamental shift in the way
that we relate critical information. The impact will be especially
great for combating threats to our national security where anticipating
and characterizing specific threats based upon detailed data from many
varied sources are prerequisites for taking preventative action before
it is too late.
We envision addressing questions and problems that require the
ability to rapidly access massive amounts of data from disparate
sources in such a way that one can uncover the critical linkages and
insights hidden therein. Effectively linking the vast number of
disparate and complex data sources that government decision makers and
analysts must use to address U. S. national security issues is a major
R&D challenge. Because our goal is to provide timely insights, the
knowledge management system also needs to be able to constantly update
itself.
other specific recommendations
The new agency needs to have access to Restricted Data as defined
in the Atomic Energy Act of 1954. This category of information has its
own unique requirements compared to National Security Information and
Law Enforcement Sensitive information. It would be reasonable to
include within Sec. 203 (Access to Information) that any Restricted
Data shared under that section is transmitted, retained, and
disseminated consistent with the authority of the Secretary of Energy
to protect Restricted Data. (This is similar to the approach taken for
both intelligence information and law enforcement sensitive
information.)
The new agency needs to have access to radioactive materials for
purposes of testing and evaluating equipment. This includes Special
Nuclear Materials (SNM) in various forms (e.g., oxides and metals) and
test objects that are in nuclear explosive-like configurations
containing SNM. The new department should be given the authority to
specify and order such sources from DOE, own the sources (transfer them
from DOE), and determine where the sources will be used. The new agency
should be required to conform to security requirements comparable to
those of the Department of Energy for these types and quantities of
material.
The new agency needs to have the authority to work with the
Director of Central Intelligence in setting priorities for intelligence
gathering activities that may be critical to the security of the United
States' homeland. In this way the new agency will not only be able to
assess gathered information, but influence the type and priorities of
information gathered by other agencies to make it more useful to the
homeland security mission.
scope of the problem
We must make a sustained investment in the science and technology
to win the war on terrorism. It is an enormous task.
In closing, let me assure you that we at Lawrence Livermore
National Laboratory have long been concerned about the terrorist WMD
threat. We have built on our historical nuclear weapons mission and
developed unique expertise, capabilities, and technologies to meet
these emerging threats. LLNL is already providing critical elements of
the nation's defense against nuclear, chemical, and biological
terrorism, many of which were called into action post-September 11. We
are committed to using our world-class scientific and technological
resources--people, equipment, and facilities--to meet the nation's
national security needs today and in the future.
Mr. Greenwood. Thank you, Dr. Vantine.
Mr. Nokes for 5 minutes.
TESTIMONY OF K. DAVID NOKES
Mr. Nokes. Mr. Chairman, distinguished members of the
committee, thank you for allowing me to----
Mr. Greenwood. I think your microphone is not on, sir.
There we go.
Mr. Nokes. Mr. Chairman and distinguished members of the
committee, thank you for the opportunity to testify today. I am
David Nokes. I am Sandia's director for our Systems Assessment
and Research Center, and coordinator for our Homeland Security
and Combating Terrorism Activities. I would like to briefly
highlight some of the points I have made in my written
testimony today.
Sandia, as well as the other NNSA labs, were able to
respond to the events of September 11 very quickly, with good
technology. And the reason they did that is because of the
investments that have been made by the NNSA nuclear weapons
program, the Armed Control and Treaty Verification Programs,
and the sponsorship of many other government agencies to our
work or other's program. And that is the technology that has
been harvested by the Nation from the laboratories to address
the problems of homeland security.
Perhaps you were aware that the decontamination foam that
Sandia developed and licensed was used here on Capitol Hill to
decontaminate or help decontaminate the anthrax. That was work
that was done under our laboratory directed research and
development program several years ago. And there are many other
examples of work that was applicable directly to the events
immediately post 9/11.
Let me turn now to the challenging problems of chemical and
nuclear and biological detection and the weapons of mass
destruction. One of the specialties that we have are nuclear
sensors that rely on spectral analysis. That's important
because those sensors reduce the nuisance alarms, the false
alarms, and have an excellent record of detecting malevolent
nuclear devices. We believe that there are sensor technologies
that we have that are ready now for commercialization that
could be transferred to industry and could be produced in
quantities at this time.
We have also developed portable chemical and biological
sensors, sensors that detect biotoxins, chemical agents, and
recently we prototyped a system that would detect anthrax and
identify anthrax in about a 5-minute timeframe. These are also
in prototype stage, but they could join the suite of sensors
that's available to first responders.
An area that we have developed almost unique technology is
in the system of tools that are used to dismantle and disable
explosive devices, and these are devices that could be used as
the foundation for a weapon of mass destruction. Sandia's tools
have been deployed widely. We run schools and we have trained
over 750 first responders in the use of these high-tech tools
that are useful in dismantling explosive devices. We are a full
participant in the emergency response, the NEST teams of the
Department of Energy. At Sandia, we have about 90 folks who are
members of the response teams, in addition to the normal job.
These are additional duties that they have elected to take on.
They have been the very core of our design activities, and
that's why they are useful as they go out and try to assess and
render safe the various nuclear incidents.
We think it's going to be important for the Office of
Homeland Security--the Department of Homeland Security to have
a full portfolio of research activities, and it has to serve
two parts. One is, we must provide the technology that's in
hand to solve the current and emergent problems. And that's a
transfer into industry so they can make these technologies
available to the folks who need them.
Second, an equally important part is a longer range vision
of what we can do in research and development to make great
security affordable and sustainable, because otherwise you will
end up with a system that is unsustainable and unaffordable,
and that's a challenge for the new department to establish that
research agenda.
I think that there is some bureaucratic problems that might
harm the way the laboratories can be constructively engaged in
the problems of the Office of--or the Department of Homeland
Security. One that would be useful, if the NNSA were explicitly
given the mission of developing technologies around homeland
security, that would allow them to bring the force of the
laboratories together, and it would be very useful if the
Department of Homeland Security were able to task the
laboratories directly as the agencies within the Department of
Energy do. That would eliminate much of the bureaucratic
problems that we have working with the government agencies.
On behalf of the folks at Sandia, I applaud your efforts. I
think this is going to be a very important step in actual
national and homeland security. I thank you, and I would be
happy to respond to your questions.
[The prepared statement of K. David Nokes follows:]
Prepared Statement of K. David Nokes, Sandia National Laboratories
introduction
Mr. Chairman and distinguished members of the committee, thank you
for the opportunity to testify on the Administration's proposal to
create a Department of Homeland Security, and specifically, the
radiological, chemical, and biological response activities that may be
of value to the new department. I am David Nokes, Director of Sandia
National Laboratorie' Systems Assessment and Research Center. I have
more than forty years experience in the nuclear weapons program, and
currently head Sandia's activities that support our nation's
intelligence community as well as the laboratory's activities in
homeland security and the war against terrorism. I will shortly assume
responsibility for all of Sandia's arms control, threat assessment,
security technology, nonproliferation, and international cooperative
programs as Vice President of Sandia's National Security and Arms
Control Division.
Sandia National Laboratories is managed and operated for the
National Nuclear Security Administration (NNSA) of the U.S. Department
of Energy (DOE) by Sandia Corporation, a subsidiary of the Lockheed
Martin Corporation. Sandia's unique role in the nation's nuclear
weapons program is the design, development, qualification, and
certification of nearly all of the nonnuclear subsystems of nuclear
warheads. We perform substantial work in programs closely related to
nuclear weapons, including intelligence, nonproliferation, and treaty
verification technologies. As a multiprogram national laboratory,
Sandia also conducts research and development for other national
security agencies when our special capabilities can make significant
contributions.
At Sandia National Laboratories, we perform scientific and
engineering work with a mission in mind--never solely for its own sake.
Even the fundamental scientific work that we do (and we do a great deal
of it) is strategic for the mission needs of our sponsors. Sandia's
management philosophy has always stressed the ultimate linkage of
research to application. When someone refers to Sandia as ``the
nation's premier engineering laboratory,'' that statement does not tell
the whole story: We are a science and engineering laboratory with a
focus on developing technical solutions to the most challenging
problems that threaten peace and freedom.
My statement will describe Sandia National Laboratories'
contributions and capabilities in homeland security and discuss our
technologies for radiological, chemical, and biological sensing. I will
also describe our role in nuclear incident response and comment on the
proposed relationship of that function to the Department of Homeland
Security. Finally, I will offer suggestions for how the new department
can efficiently access and manage the scientific and technology
development resources it will require to support its mission.
sandia's contributions to homeland security and the war against
terrorism
Like most Americans, the people of Sandia National Laboratories
responded to the atrocities of September 11, 2001, with newfound
resolve on both a personal and professional level. As a result of our
own strategic planning and the foresight of sponsors to invest
resources toward emerging threats, Sandia was in a position to
immediately address some urgent needs.
For example, by September 15, a small Sandia team had instrumented
the K9 rescue units at the World Trade Center site to allow the dogs to
enter spaces inaccessible to humans while transmitting live video and
audio to their handlers. This relatively low-tech but timely adaptation
was possible because of previous work we had done for the National
Institute of Justice on instrumenting K9 units for SWAT situations.
You may perhaps be aware that a formulation developed by Sandia
chemists was one of the processes used to help eliminate anthrax in the
Hart, Dirksen, and Ford buildings on Capitol Hill and at contaminated
sites in New York and in the Postal Service. Sandia had developed the
non-toxic formulation as a foam several years ago and licensed it to
two firms for industrial production in 2000. The formulation
neutralizes both chemical and biological agents in minutes.
An array of devices invented by explosives experts at Sandia have
proved to be effective for safely disarming several types of terrorist
bombs. For the past several years, our experts have conducted training
for police bomb squads around the country in the techniques for using
these devices for safe bomb disablement. The shoe bombs that Richard
Reid allegedly tried to detonate onboard a trans-Atlantic flight from
Paris to Miami were surgically disabled with an advanced bomb-squad
tool originally developed at Sandia. That device, which we licensed to
industry, has become the primary tool used by bomb squads nationwide to
remotely disable handmade terrorist bombs while preserving them for
forensic analysis.
Sandia is a partner with Argonne National Laboratory in the PROTECT
program (Program for Response Options and Technology Enhancements for
Chemical/Biological Terrorism), jointly funded by DOE and the
Department of Justice. PROTECT's goal is to demonstrate systems to
protect against chemical attacks in public facilities, such as subways
and airports. For more than a year, a Sandia-designed chemical detector
test bed has been operating in the Washington D.C. Metro. The system
can rapidly detect the presence of a chemical agent and transmit
readings to an emergency management information system. We successfully
completed a demonstration of the PROTECT system at a single station on
the Washington Metro. The program has since been funded to accelerate
deployment in multiple Metro stations. DOE has also been requested to
implement a PROTECT system for the Metropolitan Boston Transit
Authority.
Another major worry for homeland security is the potential for acts
of sabotage against municipal water supplies. In cooperation with the
American Water Works Association Research Foundation and the
Environmental Protection Agency, Sandia developed a security risk
assessment methodology for city water utilities. This tool has been
employed to evaluate security and mitigate risks at several large water
utilities. We have used similar methodologies to evaluate risks for
other critical infrastructures such as nuclear power-generation plants,
chemical storage sites, and dams.
These and other contributions to homeland security and the war
against terror are possible because of strategic planning we had
conducted years ago and early investment in the capabilities that were
needed to respond to emerging threats. The outstanding technology base
supported by NNSA for its core missions is the primary source of this
capability. We also made strategic decisions to invest laboratory-
directed research and development funds (LDRD) in the very things that
we knew were urgent needs: items to the Afghanistan theater, the
decontamination foam, the sensors we have deployed, and special-purpose
robotics that we have developed. In recent months, requests for
Sandia's services from federal agencies other than DOE for work in
emerging areas of need have increased. Approximately twenty-eight
percent of our total laboratory operating budget is now provided by
federal agencies other than DOE.
sandia capabilities for homeland security
Sandia National Laboratories and the other nuclear weapon
laboratories constitute a broad, multidisciplinary technology base in
nearly all the physical sciences and engineering disciplines. We seek
to leverage those capabilities to support other national security needs
germane to our missions, including homeland security, when our
capabilities can make significant contributions.
Nuclear Sensing
A terrorist with a nuclear weapon and the knowledge and skill to
use it, will use it if he is not stopped. The Department of Homeland
Security will be responsible for preventing an attack on the United
States by a terrorist with a nuclear weapon of mass destruction (WMD).
The Department must prepare for this type of attack by reducing the
vulnerability of the United States to nuclear terrorism through
detection, identification, and interdiction of the nuclear materials
that could be used in such an attack.
Nuclear weapons that could be used by a terrorist organization can
be divided into three categories:
A stolen or purchased functional nuclear warhead. Such a
device has a high level of sophistication and the probability
that it would detonate is high. The damage it would cause would
be great, with large-scale loss of life, environmental
devastation, and economic ruin.
A weapon indigenously crafted, by a terrorist organization,
from stolen or purchased plutonium or uranium. This device
would have a moderate level of sophistication and a lower
probability that it would detonate. However, if it did
detonate, the damage could be great, perhaps similar to that
caused by a stolen or purchased weapon.
A radiation dispersal device (RDD) often referred to as a
``dirty bomb.'' This is not a nuclear weapon, but consists of
radioactive material (of any type) packaged with conventional
explosives. It is designed simply to disperse radioactive
material over a target area. The level of sophistication may be
very low, but the probability that it would work is high,
although the results desired by the perpetrator may be
difficult to achieve. The actual damage a weapon of this type
would cause is relatively small, compared to a nuclear
detonation; however, it would result in radioactive
contamination and could cause public panic and fear.
A nuclear bomb is a product of science and technology, and it is
this same technology that must be used to protect against its use by
terrorists. Scientists and engineers at the nation's nuclear weapon
laboratories understand nuclear weapons--how they work, how to build
them, what they can do. More importantly for homeland security, they
know how to detect them, what characteristics to look for, how to sense
their emissions, how to interpret what the sensors detect, and how to
disable them.
Sandia National Laboratories has more than fifty years of
experience in the nuclear weapons arena and an extensive knowledge of
nuclear weapon science and technology. In addition to our mission of
nuclear weapons stewardship, we have long been committed to
safeguarding the nuclear weapons stockpile and actively supporting
nonproliferation. The terrorist attack at the 1972 Munich Olympics
focused our awareness on our nation's vulnerability to terrorist
attacks abroad and, in particular, on the need to protect our stored
nuclear weapons. This led to our work in access delay and denial at
weapons storage sites and improving the security of weapon storage
vaults. More recently, we have turned our physical protection expertise
to protection and control of nuclear materials in Russia and the former
Soviet Union.
If a terrorist intends to detonate a nuclear or radiological device
in the United States, then he must deliver that device to his target.
The device will emit radiation that can be detected with a radiation
sensor. If his nuclear device was acquired or built outside the United
States and smuggled into the country, we must find it before it enters
or as it crosses into the country. If it originates in the United
States, then we must detect it when it is being transported to the
target site.
There are many different types of radiation detectors. The one that
usually comes to mind is the Geiger counter, a simple device that can
detect the presence or absence of some types of radiation. But it can't
tell you very much about what type of material is emitting the
radiation. Because there are many naturally occurring, medical, and
industrial radioactive materials, knowing what type of material is
emitting the radiation is crucial in order to avoid false and nuisance
alarms and to zero-in on only those objects that pose a threat. For
this purpose you need a spectral sensor.
Sandia National Laboratories produces radiation sensors for a
variety of government customers. One of our specialties is spectral
sensor systems that provide automatic radioactive material
identification using special algorithms developed by Sandia. These
systems detect and analyze nuclear materials quickly, in real time, in
indoor or outdoor environments, and with a high degree of precision
that provides a high level of confidence. We have produced a wide
variety of sensor systems, from very large, fixed installations to
small, rugged, portable battery-powered units.
Sandia's Radiation Assessment Identification and Detection (RAID)
System was originally conceived, built, and tested before the tragic
events of September 11, 2001. However, it meets the post-9/11 need to
help safeguard our nation from nuclear terrorism. This system is
designed to detect and identify radioactive materials transported
through portals at passenger and package terminals at international
ports of entry. RAID uses a commercial sodium iodide scintillation
spectrometer and associated electronics, along with Sandia-developed
analysis algorithms, to detect and identify radioactive materials
passing within several meters of the sensor. A video image of the
detection event scene is displayed on a base-station computer. The
system automatically and continuously updates and recalibrates for
background phenomena and can identify a radioactive source even if the
source is shielded.
Based on our experience with RAID and other more advanced nuclear
sensing systems, we believe the state of development of our nuclear
sensors is such that the technology could be quickly transferred to
commercial producers and widely and rapidly deployed at a cost of less
than $50,000 per unit. These deployed systems would have a very high
probability of detecting a smuggled nuclear weapon or an RDD if
properly deployed. Nuclear sensing systems could be placed at ports of
entry, around likely targets, or even scattered throughout a city to
scan people, packages, and vehicles. Since these sensors are passive
devices, they don't emit a signal and, consequently, are very difficult
to detect. In other words, a terrorist can't use a radar detector to
determine if one of these sensors is present. Unbeknownst to a
terrorist, an alarm from one of these sensors could alert law
enforcement personnel to the presence or movement of a weapon that
employs radioactive material.
Of course, challenges exist in transitioning any technology from
the laboratory to mass-produced industrial products. However, as we
have demonstrated many times with technologies that we have transferred
to industry in the past, Sandia works closely with industrial partners
to work through the design challenges associated with manufacturing
engineering and commercialization.
Another important tool in the war against nuclear terrorism is the
Department of Energy's Second Line of Defense (SLD) program. Its
purpose is to minimize the risk of nuclear proliferation and terrorism
through cooperative efforts with foreign governments to strengthen
their overall capability to detect and deter illicit trafficking of
nuclear material across their borders. Here too, the nation's nuclear
weapons laboratories have brought to bear their technical expertise in
nuclear physics and engineering. Short-term, the Second Line of Defense
program has adapted commercially available radiation detection
equipment, security systems, and communications equipment to work
comprehensively with Russian Customs and other foreign agencies to stop
nuclear smuggling now. It is effective in detecting both weapons
material and radiological dispersal devices.
Long-term, the Second Line of Defense program will deploy radiation
detection equipment optimized for border use, integrate it with local,
regional, and national-level communication systems geared for quick
response, and cooperatively train foreign officials in use of the
systems. Long-term sustainability is planned into every level of the
program to ensure continued training and equipment maintenance.
Chemical and Biological Agent Sensing
Sandia is developing a variety of technical solutions to counter
the threat posed by chemical and biological agents. This activity is
supported by the DOE Chemical/Biological Nonproliferation Program
(CBNP) and includes threat and response analysis, environmental sensing
and monitoring, facility protection and biosecurity, advance chem/bio-
terror warning systems, reagent design, and decontamination technology.
Sandia has developed a portable bio-sensor to put into the hands of
first responders. Configured to detect toxins such as ricin and
botulinum, the device uses micro-fabricated ``chips'' as a miniature
chemical analysis lab to isolate and identify biological agents. This
system has been demonstrated to also reliably and rapidly detect a
variety of chemical weapon agents in realistic situations where
obscurants to mask the signature are present. The system is being
modified to analyze viruses and bacteria. We have identified commercial
partners to produce and market the unit.
A prototype handheld detector under development at Sandia can
identify anthrax in less than five minutes. The instrument analyzes
fatty acid esters vaporized from the cell walls of bacteria and
compares them with cataloged signatures indicative of anthrax or other
pathogens. This technique has been used to identify pathogens at the
genus level and often at the species level. Identifying the bacillus in
minutes, rather than the hours currently necessary, is a crucial step
toward developing bio-attack warning systems and defenses such as foam
dispersal systems in public facilities similar to the PROTECT system
that is being deployed in the Washington Metro and other locations. We
have applied for a patent on this detector and expect to license the
technology to industry for commercial development and manufacture.
Sandia's Laboratory-Directed Research and Development program supported
this work.
Sandia is engaged in an accelerated development effort for a
standoff biological weapons detection system to provide advance warning
of a biological weapon threat. The system will employ ultraviolet
laser-induced fluorescence to scan for and to discriminate clouds of
biological agents over a broad field of view. Prototypes of this system
have been demonstrated on various mobile and fixed platforms and have
demonstrated excellent standoff range and sensitivity. Under NNSA
sponsorship, we are moving toward the demonstration phase of the system
development in the next several months.
Explosives Detection
Today, a commercially produced, walk-through portal for detecting
trace amounts of explosive compounds on a person is available for
purchase and installation at airports and other public facilities. The
technology for this device was developed, prototyped, and demonstrated
by Sandia National Laboratories over a period of several years and
licensed to Barringer Instruments of Warren, New Jersey, for
commercialization and manufacture. The instrument is so sensitive that
microscopic quantities of explosive compounds are detected in a few
seconds.
Using similar technology, we have developed and successfully tested
a prototype vehicle portal that detects minute amounts of common
explosives in cars and trucks. Detecting explosives in vehicles is a
major concern at airports, military bases, government facilities, and
border crossings. The system uses Sandia's patented sample collection
and preconcentrator technology that has previously been licensed to
Barringer for use in screening airline passengers. The same technology
has been incorporated into Sandia's line of ``Hound TM''
portable and hand-held sensors, capable of detecting parts-per-trillion
explosives and other compounds. These devices can be of great value to
customs and border agents at ports of entry.
Bomb Disablement Technology and Training
As first responders, American firefighters, police, and emergency
personnel will be called upon to be America's first line of defense
against terrorist attacks. These men and women must be prepared for the
full range of terrorist threats, from improvised explosive devices to
chemical, biological, radiological, and nuclear weapons of mass
destruction. It will be the responsibility of the Department of
Homeland Security to ensure their preparedness by providing them with
the training and tools they need to do their jobs.
Sandia National Laboratories began holding advanced bomb-
disablement technology workshops for bomb squad technicians in 1994.
Since then, Sandia has transferred advanced bomb-disablement technology
to more than 750 workshop participants through Operation America and
its predecessors, Operation Riverside and Operation Albuquerque.
Operation America is a series of ongoing regional workshops hosted by a
local police department in the state where the event is held and
supported by regional FBI offices. Participants come from bomb squads,
police and fire departments, and emergency response organizations
throughout the United States, including most of our major metropolitan
cities and the U.S. Capitol Police. They also come from other
government agencies, all branches of the U.S. military, and,
internationally, from our allies in some of the world's terrorism
hotspots. Participants come to learn applied explosives technology and
advanced bomb-disablement logic, tools, and techniques. Technical
classroom presentations, live-range demonstrations, hands-on training,
and special high-risk scenarios give them the knowledge and technology
they need to respond to terrorist threats involving explosives.
Most of the bomb-disablement technologies demonstrated in Operation
America were developed by Sandia National Laboratories as part of the
DOE Laboratory-Directed Research and Development program and our work
for other federal agencies. These tools include the Percussion-Actuated
Nonelectric (PAN) Disrupter used to dismantle suspected explosive
devices and preserve forensic evidence. The device was used at the
Unabomber's cabin in Montana and was available at the 1996 Summer and
2002 Winter Olympic Games. More recently, Massachusetts State Police,
with the assistance of the FBI, used the Sandia-developed PAN Disrupter
to disable the alleged shoe bombs removed from an American Airlines
flight from Paris to Miami.
The PAN disrupter, as well as other advanced disablement tools
developed by Sandia, are currently in use by local bomb squads and
could be used against terrorist threats such as radiological dispersal
devices (RDDs) and other weapons of mass destruction. Most of these
bomb-disablement tools are relatively simple to assemble in the field,
can be used safely from a distance, and are affordable, and they are
currently in use throughout the bomb-disablement community. These tools
disrupt and ``render-safe'' explosive packages without initiating the
explosives or destroying forensic evidence.
Once Sandia has researched, developed, and tested a bomb-
disablement tool, it begins the process of transferring the technology
to the first-responders community, putting the technology in the hands
of the men and women who need it. Operation America sponsors include
Sandia National Laboratories, the National Institute of Justice, and
DOE.
Critical Infrastructure Protection
National security and the quality of life in the United States rely
on the continuous, reliable operation of a complex set of
interdependent infrastructures consisting of electric power, oil and
gas, transportation, water, communications, banking and finance,
emergency services, law enforcement, government continuity,
agriculture, health services, and others. Today, they are heavily
dependent on one another and becoming more so. Disruptions in any one
of them could jeopardize the continued operation of the entire
infrastructure system. Many of these systems are known to be vulnerable
to physical and cyber threats and to failures induced by system
complexity.
In the past, the nation's critical infrastructures operated fairly
independently. Today, however, they are increasingly linked, automated,
and interdependent. What previously would have been an isolated
failure, today could cascade into a widespread, crippling, multi-
infrastructure disruption. As the documented cases of attacks on vital
portions of the nation's infrastructure grow, there is a sense of
urgency within industry and government to understand the
vulnerabilities.
The National Infrastructure Simulation and Analysis Center
(NISAC)--which would be transferred to the Department of Homeland
Security under the Administration's bill--is a comprehensive capability
to assess the nation's system of infrastructures and their
interdependencies. NISAC's partners are Sandia National Laboratories
and Los Alamos National Laboratory, both of which possess extensive
supercomputer resources and software expertise. NISAC will provide
reliable decision support analysis for policy makers, government
leaders, and infrastructure operators. It will perform modeling,
simulation, and analysis of the nation's infrastructures, with emphasis
on the interdependencies.
Sandia pioneered probabilistic risk assessment (PRA) as a tool for
evaluating the risks associated with high-consequence systems such as
nuclear weapons and nuclear power generation plants. We apply this tool
to risk assessments for critical infrastructures such as dams, water
utilities, chemical plants, and power plants. Combined with our
expertise in security systems for nuclear facilities, we have helped
utilities and industrial associations create security assessment
methodologies that can guide owners and operators through the
assessment process to determine vulnerabilities and identify mitigation
options. Methodologies have been developed for water utilities,
chemical storage facilities, dams, power plants, and electrical power
transmission systems.
Cyber Sciences
Computer systems and networks are attractive targets of attack by
terrorists, foreign governments, or high-tech criminals. Government
functions, commerce, and the military increasingly rely on cyber
networks in their operations. Computerized supervisory control and data
acquisition (SCADA) systems often control the operations of critical
infrastructures such as power utilities and distribution networks and
municipal water supplies.
Sandia has significant activities in the technologies intended to
protect cyber and network resources and the information that resides on
such systems. Programs that assess the vulnerabilities associated with
these systems are in place for our own resources as well as for those
at other federal government agencies. Sandia operates a SCADA
laboratory to study such cyber control systems and to determine
effective protection strategies. We conduct red-teaming to challenge
cyber and information systems and identify and remove vulnerabilities.
Our objectives are to enhance the robustness of cyber systems and
critical information systems and develop solutions for survivability
and response options for systems under attack. Our understanding of the
issues associated with computer and network vulnerabilities is enhanced
by the microelectronic design and fabrication capability resident at
Sandia as well as the state-of-the-art work performed as part of NNSA's
Advanced Simulation and Computing (ASC) campaign.
nuclear incident response
The President's bill to establish a Department of Homeland Security
defines a Nuclear Incident Response Team that includes entities of the
Department of Energy and the Environmental Protection Agency that
perform nuclear and/or radiological emergency support functions
(Section 504).
NNSA plays a vital support role in combating acts of nuclear
terrorism through its Nuclear Emergency Support Team (NEST). NEST
provides the FBI and other federal and state agencies with technical
assistance in response to terrorist use or threat of use of a nuclear
or radiological device in the United States. NEST also supports the
Department of State in a similar role for incidents overseas. Another
NNSA team, the Accident Response Group (ARG), has the different mission
of providing technical support in response to accidents involving U.S.
nuclear weapons while they are either in the custody of DOE or the
military services. The ARG and NEST teams draw from the same pool of
experts at the NNSA laboratories, all of whom are volunteers.
NEST maintains a fast-response capability for a radiological
emergency involving dispersal of radioactive debris--for example, from
the detonation of a so-called ``dirty bomb'' or radiological dispersal
device (RDD). The NNSA's Radiological Assistance Program (RAP) provides
initial responders who can be on the scene in a matter of hours. Their
support role is to characterize the radiological environment, provide
technical advice to the FBI, FEMA, and other emergency response
agencies, and to assist with decontamination and material recovery.
NNSA is in the process of enhancing the Radiological Assistance Program
to perform radiological weapons detection and device characterization
missions on a regional basis consistent with the FEMA response regions.
The Joint Technical Operations Teams (JTOTs) are major operational
elements of NEST that directly assist military units and crisis
response operations. These teams are trained and equipped to support
render-safe operations and advise on stabilization, packaging, and
disposition procedures.
In addition to the NEST and ARG capabilities, NNSA maintains
Consequence Management Teams that are available to provide assistance
to federal and state agencies that require radiological emergency
assistance after an event has occurred. The teams are trained and
equipped to support incident assessment, monitoring and sampling
activities, laboratory analysis, and health and safety support to
incident responders.
Sandia National Laboratories contributes approximately ninety team
members to the various elements of NEST, ARG, RAP, and Consequence
Management. Sandia's role focuses largely on RAP incident response,
device characterization, render-safe techniques, assessment and
prediction of consequences from radiological incidents and accidents,
and methods for containment of radiological materials. Sandia is the
only NNSA laboratory that maintains the capability for containment of
particulates that would be released in an RDD explosion.
The President's bill would place the Nuclear Incident Response Team
under the author-ity and control of the Secretary of Homeland Security
during an actual or threatened terrorist attack or other emergency.
During such a time, it would operate as an organizational unit of the
Department of Homeland Security. At all other times, DOE/NNSA would be
responsible for organizing, training, equipping, and exercising
authority and control over NEST, ARG, and the Consequence Management
Teams. This arrangement is not ideal, but it makes sense in this case
because the volunteer NEST and ARG experts are integrated with the
nuclear design activities of the DOE/NNSA laboratories. It would not be
possible, for example, to transfer the NEST/ARG functions to the
Homeland Security Department on a permanent basis because the personnel
who constitute those teams are full-time weapon scientists, engineers,
and technicians.
Consequently, it will be important to establish and exercise a
clearly understood process for deploying the Nuclear Incident Response
Team elements to avoid interagency conflicts over roles and
authorities. The process should be designed to minimize the layers of
federal offices involved in both management and deployment.
science and technology development for homeland security missions
The national laboratories of the NNSA are widely regarded as the
premier science and technology laboratories in the federal government.
These institutions have a long history of excellence in research and
development in nuclear weapons and other national security
applications. They are uniquely able to deploy multidisciplinary teams
on complex problems in a way that integrates science, engineering, and
design with product.
In a world where threats are increasingly insidious--with worrisome
developments in chemical and biological weapons, cyber warfare, and
proliferation--it is important that the NNSA laboratories be major
contributors in the national effort to address these threats. These
national laboratories can provide enormous value to homeland security
challenges. They are also the logical entities to perform technology
evaluation on the many products and proposals that will inevitably be
advocated to the Department of Homeland Security from countless
vendors.
Unfortunately, established bureaucratic structures and regulations
that insulate agencies from one another will stand in the way of
effective utilization of the NNSA laboratories for homeland security
unless legislative action is taken to remove the barriers. As a first
step, it would be helpful to explicitly authorize NNSA to carry out
research and development for homeland security by adding that activity
to the NNSA's authorized missions listed at Title 42, Section 2121 of
the United States Code. Next, the Homeland Security Act should give the
Department of Homeland Security the power to task the NNSA laboratories
directly, just as the Science, Energy, Environmental, and other non-
NNSA offices of DOE are able to do. That authority would eliminate the
bureaucratic red tape and additional costs associated with the Work-
for-Others (WFO) process that inhibits access and utilization of the
laboratories by non-DOE sponsors.
It will be important for the Homeland Security Department to have
the authority to determine for itself how and where to make its
research and development investments to support its mission goals.
There will be some laboratories and institutions that will seek to be
designated as homeland security laboratories or as centers of
excellence for this or that homeland security mission area. The
Department will need to look beyond labels to demonstrated capabilities
and a track record of deliverables. Its research and development
program should encourage a competition of ideas among many performers,
including industrial firms, universities, and federal laboratories, and
then fund the development of the best ideas based on considerations of
technical merit and not on who the performer is. The Defense Advanced
Research Projects Agency (DARPA) uses such an approach, and it may be
an effective model for the Homeland Security Department to emulate.
Under the President's bill, the research and development program
for the entire Department would be directed by the Under Secretary for
Chemical, Biological, Radiological, and Nuclear Countermeasures.
Certainly that official will have formidable R&D challenges, but he or
she must also be cognizant of the science and technology needs for the
other mission areas of homeland security, including information
analysis and infrastructure protection, borders and transportation
security, and emergency preparedness and response. As an alternative,
it may be useful to consider a chief scientist position reporting to
the Secretary with authority for coordinating and directing the
Department's overall research and development program. Each Under
Secretary may benefit from a dedicated R&D element focused on the
challenges peculiar to his mission.
summary and conclusion
Sandia National Laboratories and the other NNSA laboratories
constitute a broad, multidisciplinary technology base in nearly all the
physical sciences and engineering disciplines. We are eager to leverage
those capabilities to support the science and technology needs of the
Department of Homeland Security when our capabilities can make
significant contributions.
Sandia possesses strong competencies in nuclear, chemical, and
biological sensors and engineered systems suitable for transfer to
industry and deployment in homeland security applications. We have been
proactive in supporting our nation's first responders and addressing
the challenges of infrastructure protection. We have a track record of
anticipating emerging homeland security threats and investing in
technology development to counter them through our Laboratory-Directed
Research and Development program and sponsor-directed programs. We are
one of the premier laboratories for working with industry to transition
laboratory technologies into deployable commercial applications.
Bureaucratic and regulatory roadblocks exist that limit access to
the DOE/NNSA national laboratories by other federal agencies, and those
obstacles should be removed by the homeland security legislation in
order to facilitate direct access to those resources. The Homeland
Security Department needs the authority to manage a research and
development program that encourages competition of ideas among many
performers--including industrial firms, universities, and federal
laboratories--and then fund the development of the best ideas based on
technical merit and applicability to mission needs.
On behalf of the dedicated and talented people who constitute
Sandia National Laboratories, I want to emphasize our commitment to
strengthening United States security and combating the threat to our
homeland from terrorism and weapons of mass destruction. It is our
highest goal to be a national laboratory that delivers technology
solutions to the most challenging problems that threaten peace and
freedom.
Thank you, Mr. Chairman. I would be pleased to respond to any
questions you may have.
Mr. Greenwood. Thank you, Mr. Nokes.
Dr. Cobb for 5 minutes.
TESTIMONY OF DON COBB
Mr. Cobb. Thank you, Mr. Chairman and members of the
committee. It is a pleasure for me to be here and talk about a
very important part of the establishment of the new Department
of Homeland Security, namely, the part that's associated with
the ability to respond to threats of weapons of mass
destruction, terrorism against our own country.
My name is Don Cobb. I'm the Associate Director for Threat
Reduction at Los Alamos. I have about 30 years experience in
dealing with various kinds of threats, working in arms control,
nonproliferation, and counterterrorism. Over that period of
time I have had experience in developing technologies, from
radiation technologies to satellite-based technologies.
Los Alamos, about one quarter of the laboratory, something
over 20 percent of the laboratory, is involved in these kind of
threat reduction activities across the board. As you know, Los
Alamos is operated by the University of California for the
Department of Energy; has been for the last 60 years. So we are
uniquely, along with our brethren at the other labs, operated
for the country to do major missions that are broad S&T-based,
like the homeland security issue is today.
What I want to do is confine my remarks to the Nuclear
Emergency Research Team and try to elucidate some of the issues
that I think are most important in the setting up of this new
department to preserve the capability and hopefully enhance our
nuclear response capabilities.
First, let me say Los Alamos is involved in virtually every
aspect of nuclear emergency response, from threat analysis,
analyzing all source information to understand what the threat
is, to fielding detection diagnostics, radiation sensors, and
so forth, to neutralizing the threat, to making recommendations
how to--how to safe the device, whatever it may be. This is a
shared responsibility that I have primarily with the other two
NNSA laboratories.
The main point that I want to make, and I think General
Gordon made it earlier, is--made it for me, is that the NEST
tech base is not something that you can isolate as a piece and
transfer it to the new department. It does not stand alone.
It's the synergy of that tech base with the nuclear weapons and
threat reduction program at the laboratories.
For example, to give you the idea, there are over 100
people at Los Alamos that work at the Nuclear Emergency Support
Team. Only about seven of these are full-time people. The rest
of them are nuclear weapon designers, they're nuclear weapon
engineers, they're people who do radiological detection
development for sensors and systems. And it's those skills, and
also the specialized facilities that we have where you can
actually make measurements and utilize nuclear materials, that
make this a unique support capability. We need to keep that
synergy in the transition.
Let me talk to three specific issues that I think are
important to us that will matter but that can be resolved, I
think--or, perhaps not through legislation, but through just
negotiating the right roles and responsibilities between the
existing DOE, the laboratories, and the new Department of
Homeland Security.
First, about command and control relating to NEST. It has
to be clear, when NEST is under the authority of the new
Department of Homeland Security, under what conditions it
remains under the authority of the DOE. For example, under a
heightened threat condition, we may be deploying people or
looking at threats as part of our NEST responsibilities; we
will call people in to work on that. Under that condition, we
need to understand whether we are reporting to the DOE or
whether we are reporting to the Department of Homeland
Security.
Similarly, the RAP program, the Radiation Assistance
Program, has similar kinds of response to maybe State and local
responders. We need to understand whether they continue to do
that under the DOE.
So the roles and responsibilities, and to clarify under
what conditions these various responsibilities will occur
between the departments has to be worked out. And then we need
to jointly do exercises and drills and practices so we can
understand how this actually plays together in case and when
these assets are needed and they are called upon. So that's
one. The command and control structure needs to be clarified.
The second one has also been previously mentioned, but I
want to raise it again because it is very important. The R&D
that generates the technology that goes into the NEST programs
quite often comes from other programs, not necessarily directly
through the NEST program. It relies on and leverages other
investments that are being made in parallel that develop
related technology. Heretofore the DOE has accepted that
responsibility and understands that kind of relationship.
If the NEST R&D is rolled over to the Department of
Homeland Security as part of a total R&D package, it will sever
some of that leveraging, and it would have to be done very
carefully. I would argue in favor of keeping the R&D and the
technology integration as part of the NEST package and keep
that as part of the current DOE structure.
Then the third one I want to mention is legal issues. We
currently, working for the University of California, have clear
indemnification and liability protection for our people and our
institution in participating and supporting NEST activities.
That's because of our M&O contractual relationship that's
spelled out very clearly. If we move that over to the
Department of Homeland Security, again, we would have to
examine all those legal issues again, and at least they would
have to be redone, preserved in another way.
So my final comment is we currently work--when we are
called out, we have a DOE lead person in the field who leads
our NEST teams. That lead person for the DOE interacts with the
lead Federal agency. It might be the FBI, depending on what
kind of incident it is. So there is a clear mechanism for doing
this. The Department of Homeland Security could easily be the--
could be the lead Federal agency in certain emergency
situations, and we'd still have our DOE NEST team responding in
similar fashion. If we do that, if that's the nature of the
relationship that's set up, then I think all of the issues that
I've raised here are pretty straightforward in terms of being
able to handle them. If we don't, it's going to be much more
complicated.
So thank you. And I would be happy to answer questions.
[The prepared statement of Don Cobb follows:]
Prepared Statement of Don Cobb, Associate Director, Threat Reduction,
Los Alamos National Laboratory
introduction
Thank you Mr. Chairman and distinguished members of the House
Energy and Commerce Subcommittee on Oversight and Investigations, for
inviting me here today to discuss the important issue of the creation
of the Department of Homeland Security and what its proposed role will
be in terms of dealing with chemical, biological, radiological and
nuclear emergency response activities.
I am Don Cobb, Associate Director for Threat Reduction at the
Department of Energy National Nuclear Security Administration's Los
Alamos National Laboratory. Los Alamos is one of the three NNSA
laboratories responsible for maintaining the nation's nuclear
stockpile. At Los Alamos, I am responsible for all programs directed at
reducing threats associated with weapons of mass destruction. I
personally have more than 30 years experience working to reduce these
threats.
Today, I would like to discuss with you the emergency response
activities at Los Alamos National Laboratory, focusing on our
involvement and work with nuclear emergency response efforts, primarily
the Department of Energy's Nuclear Emergency Support Team (NEST). In
addition to NEST, I also will discuss Los Alamos' efforts in responding
to biological threats and incidents, in particular the Biological
Aerosol Sentry and Information System (BASIS). Responding to the
biological threat is an area in which our national capability is not as
mature as the capabilities that we have in dealing with the nuclear
threat.
nuclear emergency support team (nest)
Los Alamos plays an important role within the area of nuclear
emergency response. The largest and the most well-known team in this
area is the DOE-managed NEST team. NEST was created in 1975 in response
to concerns over nuclear terrorism activity. Its effectiveness is due
to well-established interagency relationships including significant
Department of Defense and FBI collaboration. NEST is focused on
responding to a threatened act involving radiological or nuclear
materials or devices. Among the range of potential terrorist threats
involving weapons of mass destruction, the nuclear response
infrastructure and capabilities are the most mature and capable of
addressing the threat. NEST includes the capabilities to search for,
diagnose, and disable an improvised nuclear device.
NEST depends on a team of highly dedicated individuals at the
national laboratories and facilities throughout the DOE-complex who
volunteer their expertise to this program. Los Alamos' NEST and related
activities are funded at approximately $10 million in fiscal year 2002.
More than 100 Los Alamos scientists and engineers are involved in
various aspects of the NEST program. Nearly all are involved in other
parts of the Laboratory's research in nuclear weapons or threat
reduction. Many of the employees who work part-time on NEST are
involved with more than one team within the NEST program.
It is important to note that NEST is more than a group of
scientists who stand at the ready with pagers on their belts, waiting
to be contacted to respond to a crisis. NEST team members at the DOE
and NNSA laboratories, including Los Alamos, are involved in a wide
range of related activities including research and development into
diagnostic tools, disablement techniques, and computer simulations and
modeling; working with the intelligence and law enforcement communities
on the analysis of threats and the development of analytical tools;
training of employees from other government agencies in environments
that allow hands-on work with the actual nuclear materials that they
might encounter in the field; and providing subject-matter experts when
required. Los Alamos has the lead within NEST for development of
nuclear diagnostic tools to help determine the nature of the suspected
threat device and for maintenance of what is called the ``home team,''
a group of experts parallel to those that would be deployed in the
field who can provide analysis, advice and technical support.
Los Alamos is involved to varying degrees in all aspects of the
national NEST program. The activities of the national team, and Los
Alamos' role, are as follows:
Search activities--Los Alamos is primarily involved in
research and evaluation of detectors used for search.
Joint Tactical Operations Team (JTOT)--JTOT is a partnering of
DOE and DoD expertise that provides advice or direct assistance
to render safe a suspect malevolent employment of a nuclear
device by terrorists or others and to perform a nuclear safety
assessment for the eventual safe disposition of the device. Los
Alamos plays a major role in the JTOT mission and is involved
in maintaining management oversight, render-safe capability,
diagnostics capability, emergency response home team
capability, a watchbill (a group of experts who are on call 24
hours a day, seven days a week, year-round), communications
support and deployable equipment, and contingency planning.
Accident Response Group (ARG)--ARG is responsible for dealing
with incidents involving a U.S. weapon, commonly referred to as
a ``Broken Arrow.'' Los Alamos has experts on the ARG roster
who may be called upon if their particular set of knowledge is
necessary to deal with the given situation.
Disposition--These assets support both the JTOT and the ARG
team, making decisions about the ultimate disassembly and
disposition of a device after it has been made safe to move and
ship to a remote location.
Consequence Management--Following an incident, this team is
involved in the immediate monitoring of any potential
radiological dispersal and in monitoring and forecasting that
can advise responders on issues of evacuation and treatment.
Attribution--This area involves drawing upon capabilities from
the U.S. weapons testing program to analyze samples and draw
forensic inferences about a threat device.
Radiological Assistance Program (RAP)--Related to but separate
from NEST, DOE and Los Alamos maintain response plans and
resources to provide radiological assistance to other federal
agencies; state local, and tribal governments; and private
groups requesting such assistance in the event of a real or
potential radiological emergency. The Los Alamos RAP
organization provides trained personnel and equipment to
evaluate, assess, advise, and assist in the mitigation of
actual or perceived radiological hazards or risks to workers,
the public, and the environment. This Los Alamos capability
supports associated activities throughout RAP Region Four:
Kansas, Oklahoma, Texas, Arizona, and New Mexico.
biological emergency response
The biological science and medical communities responded to the
challenge posed by the fall 2001 anthrax attacks. Los Alamos has been
involved in responding to the attacks from the beginning, providing DNA
forensics expertise to assist federal law enforcement agencies in the
anthrax investigation. Our bioscience experts played an advisory role
in the decontamination of the Senate Hart Office Building after the
attacks, providing a strategy and advice for decontaminating the
building so it could be restored to its regular function.
Although more work and attention is needed in terms of biological
emergency response, significant progress has been made through research
efforts, many of which reside in DOE NNSA's Chemical and Biological
National Security Program (CBNP). For instance, Los Alamos and Lawrence
Livermore National Laboratory have been involved in research and
development of bio-detection systems as part of CBNP. One such system
to detect a biowarfare attack was demonstrated by Los Alamos and
Livermore at the Winter Olympics in Salt Lake City. The system, called
the Biological Aerosol Sentry and Information System (BASIS), provides
public health officials with early warning of a potential bioterrorist
attack.
emergency response issues
The following issues related to transferring emergency response
authority and responsibility to DHS should be addressed.
NEST command and control--It must be clear when NEST is under
the authority of DHS and when it is under the authority of DOE.
For example, continuous monitoring and surveillance looking for
threats could be under either department. Once authorities
under various options are clear, it will be important to
establish joint training to exercise the various options.
NEST research and development and technology integration--
Heretofore, DOE has fulfilled the responsibility for NEST R&D
and technology integration. It is important to determine
whether this responsibility will continue in DOE or be
transferred to DHS. This is the underpinning for the continued
and improved effectiveness of NEST. Similarly, the ability to
respond to future biological threats depends on synergy with
the biological and health sciences.
NEST legal issues--Legal issues related to liability and
indemnification for those that respond to emergency incidents
need to be sorted out and resolved. Individuals and contracting
entities responding to these incidents at the direction of the
federal government need clear legal protections.
Biological Emergency Support Team (BEST)--The establishment of
a national BEST, perhaps modeled after NEST, should be
considered. Just as NEST relies on nuclear weapons and threat
reduction experts, a BEST will need to maintain close contact
with the biological and medical sciences communities.
conclusion
At Los Alamos, we will continue to work with DOE NNSA and the other
national laboratories to support the nation's ability to respond to
emergencies involving weapons of mass destruction. We will work with
the new DHS to ensure the continued effective function of these
emergency response capabilities.
Mr. Greenwood. Thank you, Dr. Cobb.
Dr. Stringer, for 5 minutes.
TESTIMONY OF LLEWELLYN W. STRINGER, JR.
Mr. Stringer. Mr. Chairman, members of the committee, thank
you for inviting me here today. I was here in October talking
about how emergency responders at local, State, and Federal
Governments were affected and what we needed. Well, I'm back
again today. I'm going to talk about how the homeland----
Mr. Greenwood. You did such a good job in October, we
wanted a repeat performance.
Mr. Stringer. Thank you, sir.
I'm going to talk about how this could affect local and
State governments, and how it could affect the national medical
response system and OEP.
In talking to my local, Federal and State cohorts, I really
think we could put all of this together and call it the need
for interoperability on a day-to-day basis.
It's part of my job with the State looking at grants, how
do we apply for them, trying to get the local and States to
understand the stakeholders, what we are going to need to do to
get them, and then all the many pots of money that are sort of
dangled at us at the State level for locals and State from CDC,
OEP, FEMA and many more. They all have different rules. They
all have different time tables, they all have different things
that we have got to try to understand and then explain to
others in the State to be successful in getting the grant and
using it. That's a real problem.
In North Carolina, we are trying to develop a single
unified terrorist plan, bringing the local and the State
entities together to develop strategies for equipping,
planning, training and exercising, so we have one plan,
wherever it may be in the State, whatever city it may be in.
This is very important. The planners in emergency management
need one standard set of grant guidelines provided by one
unified department for all WMD grants.
I want to compliment the Department of Health and Human
Services for the recent bio-state grant program. That was
something that was--we could live with and it was really
enjoyable to work with, believe it or not. I would recommend
that other agencies copy this.
We need funding assigned for program management and
equipment maintenance allowances. Most State agencies, local
emergency management, and public health agencies are bare-
boned. We have limited funds for planning and managing our
daily activities, much less new initiatives. I would suggest
that 10 to 20 percent of the grant funding be assigned for
program management and equipment maintenance. Unfortunately,
Federal programs have provided funds for training, planning,
and purchasing, but it stops there. If the Department of
Homeland Security doesn't follow through with a program that
assists the locals and the States with this managing and
planning, I'm afraid several years from now it will be like the
old civil defense disaster package hospitals, sitting somewhere
rotting, unable to be used.
Unfortunately, terrorism is not going to go away, and we
need to have continued support to organize a program and to
manage it. We need grants that are awarded at 100 percent, not
matching funds. I've heard rumors that FEMA's 2003 grants for
WMD are going to be on a 75/25 basis. I can tell you that in
North Carolina, and I suspect many other States, we can't
support this. We are having troubles on a day-to-day basis.
For the National Disaster Medical System and the Public
Health Service Office of Emergency Preparedness, it's finally
been recognized by Congress in the bioterrorist bill, and I
really want to thank you all for that support. It really was
greatly needed.
Until recently, NDMS has had little funding, has inadequate
staffing and accountability and minimum recognition from DHHS
on a regular basis. In years past, some snidely referred to
NDMS as the No Damned Medical System. This is no longer true,
sir. NDMS responds to help local and State governments when
they are overwhelmed with many crises, natural and man-made.
Hurricanes, floods, earthquakes, air crashes, animal events,
the recent avian influenza, and terrorism. The network of
volunteers who step up to the plate and become part-time
employees of the U.S. Public Health Service in a crisis has
really been helpful.
I have a problem right now, an example with the Federal
Team, a WMD issue, which is my team, which is the National
Medical Response Team-East, housed in North Carolina, just
received one-sixth of our operating budget for 2001/2002. It--
to actually get the money appropriated by Congress, I had to
get assistance from my Congressman to get HHS to turn the money
loose. We were borrowing the money from a non-profit
organization to support a Federal team for basic operating
expenses. Eight months into the Federal fiscal year, I
considered canceling planned training activities because we
just could not afford to continue supporting a counterterrorist
type team. And if it's not important after 9/11, when will it
be?
In closing, you have got to have support for planning and
training and maintenance. We need to consider natural and man-
made disasters that overwhelm a State or local government. We
need not to reinvent a wheel. The FEMA's Federal response plan
has been around a while, and it's taken a good while for
everybody, including the Federal Government, to fully
understand it. It's got a counterterrorist or a terrorist annex
since PDD 39 came about, and I believe everybody started going
along with it now. Now, if we start something totally new and
try to reinvent a wheel, it's going to be another 3 or 4 years
at best before it's understood, and we will again have the same
problem on a day-to-day basis with interoperability not
present; and then in a crisis, whether it be by electronic or
face-to-face, we will have a problem.
This needs to be fixed. And I want to thank you for paying
attention to it.
[The prepared statement of Llewellyn W. Stringer, Jr.
follows:]
Prepared Statement of Llewellyn W. Stringer, Jr., Medical Director,
North Carolina Division of Emergency Management, Department of Crime
Prevention and Public Safety
Mr. Chairman and Members of the Committee, thank you for inviting
me here today to discuss the issue of the establishment of a Department
of Homeland Security. I am Dr. Lew Stringer, Medical Director of the
North Carolina Division of Emergency Management, Department of Crime
Prevention and Public Safety. I have a long history of emergency
management experience that ranges from services as a local EMS Medical
Director for 28 years, Director of the Special Operations Response
Team-a disaster organization in North Carolina and involvement with the
National Disaster Medical System through the Office of Emergency
Preparedness, USPHS since 1990. In October, 2001 I spoke to this
committee on WMD issues as it affected the local, state and federal
response community.
I am back today to address the issue of how a single homeland
security department could affect local and state governments and the
Office of Emergency Preparedness/ National Disaster Medical System.
During the preparation of my statement and in discussions with my
local, state and federal cohorts, this focus become the issues of
``interoperability''.
I have focused on chemical, biological and radiological response
activities, as I know them to be, and have chosen 3 areas of focus: 1.
Grants and funding; 2. Preparedness and planning at all levels; and 3.
Response efforts.
In my position in North Carolina, I have been involved for several
years in the ``Grant Process'' which includes: applying for grants,
explaining the grant requirements to state and local stake-holders, and
trying to manage the many different ``pots of money'' dangled in front
of my state by CDC, FEMA, OJP, DHHS and others. (They) all have
different requirements, different time tables, different folks to meet
with, and different ways to figure out how to be successful. In North
Carolina, we are striving to develop a SINGLE, UNIFIED terrorist plan
that must bring all the varied state and local agencies together by
developing, planning, equipping, training, and exercising strategies
into a single unified plan.
Planners in emergency management need a standard set of guidelines,
provided by one unified department, for all WMD grants. I want to
compliment the DHHS on the presentation of requirements for the recent
Bioterrorism state grants--others may wish to adopt their guidelines.
We need funding assigned for program management and equipment
maintenance allowances. MOST state agencies--local emergency management
and public health agencies--are ``bare boned''. We have limited funds
to plan or manage our day-to-day activities; much less manage new
entities. I would suggest that 10-20 % of the grant funding be assigned
for program management and equipment maintenance. Unfortunately,
federal programs have provided money for terrorist planning/training
and purchase of equipment but have stops there. Otherwise, Homeland
Security planning will follow the same path as the old Civil Defense
Packaged Disaster Hospital Program--nonfunctional, and useless--if
needed in several years. Unfortunately, the need for terrorist
preparedness will not go away and support for preparedness must be on
going.
We need grants awarded at 100% and not require matched funding. I
have heard rumors that the 2003 FEMA Domestic Preparedness grants will
be at awarded at matching 75/25%. I can tell you that in North
Carolina, and I suspect many other states, we can not afford that type
of ``support''.
The National Disaster Medical System (NDMS) and the Public Health
Office of Emergency Preparedness (OEP) have recently been officially
recognized by Congress in the Bioterrorism bill signed on June 12th. I
want to thank you on this committee for your efforts. Until recently,
NDSM had little funding, inadequate staffing and accountability, and
minimal recognition from DHHS. Some snidely referred to NDMS as No Damn
Medical System. This is no longer the case. NDMS responds to help state
and local governments when the locals become overwhelmed by natural or
man-made disasters--hurricanes, floods, earthquakes, air crashes,
animal events such as the avian influenza outbreak and terrorist
events. The network of volunteer personnel who become temporary
employees of the USPHS and respond has been gratifying, especially
since September 11.
Let me give you an example of my funding distribution problems:
My Federal WMD team, Nation Medical Response Team-East, housed in
North Carolina, has just now received the first \1/6\ of our operating
budget for 2001-2002. To actually get the money, appropriated by
Congress for OEP, I had to request assistance from my Congressman to
get the DHHS moving. My Federal team had to use the monies of a non-
profit organization, Special Operations Response Team's emergency
contingently funds, for a federal team's basic operating expenses.
Eight months into the federal physical year, I considered canceling
planned training because of the lack of released funding. Since 9/11
certainly, this type of team has never been more needed.
Now that you (Congress) have officially recognized OEP/NDMS and
created an Assistant Secretary for Public Health Preparedness, who will
direct OEP/NDMS, I am hopeful that such funding distribution issues
will be resolved. Moving Public Health Preparedness, OEP and NDMS into
the Department of Homeland Security should improve these funding
distribution issues.
I suspect that others, involved in response, are also looking
forward to 100% coordination of efforts--for planning, funding and
direction from individuals who are tasked by Congress and our
President--to be 100% sure that services are 100% ready to make secure
our homeland.
We, in state government, need be confident in knowing that a
coordinated, unified Federal response to natural or man-made disasters
will continue under the Department of Homeland Security. The ground
work was begun years ago by FEMA with what is called the Federal
Response Plan, (FRP). Federal departments, offices and other Federal
entities come under, or are responsible for various emergency support
functions, when the Stafford Act is declared. As you know, the Federal
Response Plan has a Terrorist Annex since PDD 39, which further defines
the functions of crisis and consequence management roles. This plan is
fairly well understood by states and is followed by federal, state and
local governments.
If the primary consequence offices and agencies, as well as some of
the law enforcement entities, are moved from the departments where they
now function and are placed under the steadfast management of the
Department of Homeland Security, this should improve efficiency,
simplify the annual budget process, and reduce redundancies and
interagency competition.
A downside for a Department of Homeland Security could be a failure
of a service formally provided by the old agency plan not to be honored
under the new department plan. For example, when OEP requests from DHHS
the temporary assignment of USPHS Commissioned Corp personnel, will
that request be honored by DHHS when OEP is no longer under DHHS?
It is critical that in the new department, there must be a
prominent health care focus. Many of the critical services needed in
man-made or natural disaster are health care issues. There needs to be
an adequate physician presence-not just a health care administrative
presence ``to guide the Secretary in health care issues at all levels
of department operation.
In closing, I would like to speak about the critical need for
communication ``interoperability'', which has become a ``buss word'' in
Washington and in the state governments. In any emergency, first
responders need to be able to communicate with other first responders,
i.e. fire with medical, ambulance with police, and all with other
agencies who become involved. Mutual aid and the federal response
compounds the communication problem by brings more folks who need to
talk with each other together. Communications issues have been
mentioned in every disaster after-action report I have seen for years.
These communication issues involve cost for locals. This will be a huge
planning and funding issue that the Department of Homeland Security
must address.
I sincerely hope the new Department of Homeland Security will
resolve or, at best, improve many ``interoperability'' issues existing
today. The task will be daunting. In these difficult times, the aim
should be to make all of us successful.
Mr. Greenwood. We thank you, Dr. Stringer, for your
testimony again.
Mr. Plaugher.
TESTIMONY OF EDWARD P. PLAUGHER
Mr. Plaugher. Good afternoon, Mr. Chairman, and members of
the committee. I am Edward Plaugher, chief of the Arlington
County Fire Department in Virginia. I appear today on behalf of
the Washington, DC Area National Medical Response Team, of
which I am its executive agent.
I would like to begin by thanking the committee for having
me here today. Issues related to terrorism and related
preparedness efforts have taken on a new meaning in our Nation.
Our region has been engaged for the previous 5 years prior to
the events of September 11 in educating Federal policymakers as
to the role of fire and emergency services in mitigating acts
of terrorism. The men and women of my fire department were
joined by thousands of others from the Washington, DC and New
York metropolitan areas in demonstrating that role last fall. I
believe we owe it to them and to the public safety good to move
forward as quickly as possible in fashioning the most rational
and workable national terrorism preparedness policy as soon as
possible. The public safety and the memory of 343 fallen
firefighter colleagues in New York City demand no less.
Since its inception, the Office of Emergency Preparedness,
U.S. Public Health Service, Department of Health and Human
Services, has provided an invaluable contribution to the first
responder community within our Nation. Creating and supporting
the Disaster Medical Assistance Teams, DMATs, the Metropolitan
Medical Response System, and the National Medical Response
Teams, has provided not only financial support, but leadership
and direction in the most critical aspects of disaster
response, that is, the aspect of emergency medical care. It
goes without saying that without this program, our Nation would
not be as prepared as we are today to deal with both man-made
and natural disasters.
Long-range relation ships have been developed, and they are
vital to the success of the program. As we found on September
11, it is the upfront work that pays dividends during the
emergency event.
In addition, the last 6 years has seen the development of
both public and local assets under the direction of OEP. These
local assets, the Metropolitan Medical Response System, are
designed to deal with the consequence of weapons of mass
destruction incidents. Each NMRS has an order to get OEP
funding that's been required to develop these very critical
pre-incident relationships, bringing to the table disciplines
who routinely do not work together, but during a disaster or
terrorist event must not only work together, but they must do
so in a seamless manner. Sacrificing any part of this long-term
relationship building and seamless response to medical
emergency management must not be allowed to vanish.
Hence, my position on moving OEP to the new Department of
Homeland Security is somewhat tied to building upon a well-laid
foundation and not allowing this foundation to erode.
I have seen the vast matrix of Federal programs, that is,
the good, the bad, and the ugly. Direct relationship-building
and financial support for local asset-building has produced
outstanding results for emergency medical preparedness. OEP's
and NMRS' system has provided this focus and is good.
I have also seen the Department of Defense via the Weapons
of Mass Destruction Act of 1996 provide training and exercises
but fail to develop lasting relationships within a community or
a city. That is bad. And it continues to miss the mark now as a
Department of Justice program.
The ugly that I am referring to is the State and local
assistance program currently under way at the Department of
Justice. Even though well intended by Congress and meaningful
in amounts, over $100 million a year since Federal fiscal 1999,
almost none of the support has reached the first responder
community. Utilizing the States as a funding mechanism has not,
and I believe will not, work as intended. As the police chief,
my colleague in Arlington County, Edward Flynn, relates,
terrorism is a global act with local response.
Back to the concept of transferring OEP to homeland
defense. If the transition of the relationship-building
cornerstone crumbles, the transition is a giant step backwards.
Local response is built on managing a wide array of assets,
which is best accomplished in an atmosphere of trust.
On the other hand, if more direct assistance is provided to
local first responders with the State in the loop to provide
uniformity between States and within States but not as a
controlling element or as a barrier to assistance, then
homeland defense and OEP could benefit from a single
departmental alignment.
Again, I want to thank the committee for giving me this
opportunity to testify, and I look forward to your questions.
[The prepared statement of Edward P. Plaugher follows:]
Prepared Statement of Edward P. Plaugher, Fire Chief, Arlington County,
Virginia
Good Morning/afternoon, Mr. Chairman and members of the Committee,
I am Edward Plaugher, Chief of the Arlington County Fire Department. I
appear today on behalf of the Washington, D.C. area National Medial
Response Team (NMRT).
I would like to begin by thanking the Committee for having me
today. Issues related to terrorism and related preparedness efforts
have taken on new meaning in our nation. Our region was engaged for
five years prior to the events of last September in educating federal
policy makers as to the role of the fire and emergency services in
mitigating acts of terrorism. The men and women of my fire department
were joined by thousands of others from the Washington, DC, and New
York metropolitan areas in demonstrating that role last fall. I believe
we owe it to them and to the public safety to move forward as quickly
as possible in fashioning the most rational and workable national
terrorism preparedness policy as is possible. The public safety and the
memory of 343 fallen firefighters in New York demand no less.
Since its inception, the Office of Emergency Preparedness, U.S.
Public Health, Department of Health and Human Services has provided an
invaluable contribution to the first responder community within our
nation. Creating and supporting the Disaster Medical Assistance Teams
(DMATS) and the National Medical Response Teams (NMRTs) has provided
not only the financial support but the leadership and direction in the
most critical aspect of disaster response emergency medical care. It
goes without saying that without this program our nation would not be
as prepared as we are to deal with both man-made and natural disasters.
Long range relationships have been developed and are vital to the
success of the program. As we found on September 11th it is the up
front work that pays dividends during an emergency event.
In addition the last six years has seen the development of public
and local assets under the direction of OEP. These local assets, the
Metropolitan Medical Response Systems are designed to deal with the
consequences of weapons of mass destruction incidents. Each MMRS has,
in order to get OED funding, been required to develop these very
critical pre-incident relationships. Bringing to the table discipline
who routinely to not work together but during a disaster of
``terrorist'' event must not only work together but must do so in a
seamless manner. Sacrificing any part of this long-term relationship
building and seamless response to medical emergency management must not
be allowed to vanish. Hence my position on moving OEP to the new
department of Homeland Security is somewhat tied to building upon a
well-laid foundation and not allowing this foundation to erode. I have
seen with the vast matrix of federal programs ``the good, the bad and
the ugly''. Direct relationship building and direct financial support
for local relationship building has produced outstanding results for
national medical preparedness without this the ability of the first
responder community is greatly diminished. I have also seen the
Department of Defense via the ``Weapons of Mass Destruction Act of
1996'' provide training exercise and expertise but fail to develop
lasting relationships within a community or city. That is bad and it
continues to miss the mark now as a Department of Justice program. The
ugly I am referring to is the State & local assistance program
currently under way in the Department of Justice. Even though well
intended by Congress and meaningful in amounts, over 100 million a
year, almost none of the support has reached the first responder
community. Utilizing the states as the funding mechanism has not, and I
believe will not, work as intended. As the police chief in Arlington
County, Edward Flynn relates ``Terrorism is a global act with local
response''.
Back to the concept of transferring OEP to Homeland Defense; if in
the transition the relationship building cornerstone crumbles, the
transition is a giant step backwards. Local response is built on
managing a wide array of assets, which is best accomplished in an
atmosphere of trust. On the other hand, if more direct assistance is
provided to local first responders, with states in the loop to provide
uniformity between states and within states, but not as a controlling
element or as a barrier to assistance, then Homeland Defense and OEP
could benefit with a departmental alignment.
I want to thank the committee for giving me the opportunity to
testify and look forward to your questions.
Mr. Greenwood. The Chair thanks the gentleman. And, for
your information, that is not a national alert; that is an
indication that we have a series of votes on the floor. For the
benefit of the members of the committee, what we will try to do
is in the next 15 minutes allow each of the three of us to ask
questions, and then we will be able to excuse this panel; and
then we will take a brief recess until the next panel comes up.
And let me ask a question, and I would ask, starting with
Mr. Plaugher and going to my left, with the exception of Ms.
Heinrich, because I have another question for her, this
question:
How ready do you think the labs and NDMS teams are today,
and the other Federal response assets are, to respond to a true
radiological or nuclear incident such as a dirty bomb? Are we
sufficiently prepared and adequately organized to handle the
threat now? And will the new proposal help improve such
preparedness? So if somebody detonated a dirty bomb in
Arlington, Virginia tomorrow morning and you had dead bodies
and you had people wounded and you had people potentially
exposed to radiological materials, how ready are we today, Mr.
Plaugher, and how do you see that improving with this
legislation?
Mr. Plaugher. I think we are very far off the mark as far
as for preparedness for a dirty bomb. I think we have focused
most of our energy on chemical, and we are now starting to
focus on biological. We have yet to begin the preparedness of
the nuclear program, and it's just been a matter of assets and
resources. We had to start somewhere. I personally chose to
focus on chemical attack because of the incident in Tokyo,
Japan, and the similarities between our system and their system
and what we thought was the likelihood of event.
We have also done a great deal of preparedness for
conventional weaponry. So if it's dirty bomb with conventional
weaponry, we will have some resources and capability to manage
that piece of it. But as far as for the other levels of
preparedness, we still have a long way to go.
Mr. Greenwood. Does this bill help us get there?
Mr. Plaugher. I think this bill will provide us with more
focus, which I think is much needed. Coalescing these long-term
relation ships, I've heard wonderful testimony today about the
NEST teams and about their ability. I do have a relationship
with a NEST team in the area, the one out of Andrews Air Force
Base.
So there is some capacity and some response capability.
But, remember, I'm in the 4-minute business. I've got to make
changes in the first 4 to 10 minutes of that incident scene, so
I need that equipment and training and capability there
immediately.
We just received recently some new radiological monitoring
from the Commonwealth of Virginia. So, I mean, we are working
in that direction, but we still have a ways to go.
Mr. Greenwood. Briefly, Dr. Stringer.
Mr. Stringer. From a local and State standpoint, we've got
a long way to go. As far as the NMRTA is concerned, I think
being under the Homeland Security will allow some
interopability and get to know the folks better, and I think
that should help us in any type of response, bringing in
Federal assets to assist a local government.
Mr. Greenwood. Dr. Cobb.
Mr. Cobb. Two quick comments. One, NEST has been focused
since its inception on prior information, and also focused more
on the higher-end threat, namely, a stolen or improvised
nuclear device. That's one point.
The second point is that while it's recognized that the
bolt-out-of-the-blue could happen, and we are moving in that
direction, something called the Triage program, I think
discussing that capability would be better in a different
environment.
Mr. Greenwood. Very well.
Mr. Nokes?
Mr. Nokes. Let's see. One answer is the Operation America
that Sandia conducted in Portsmouth, Virginia last month, where
we had about 100 first responders, including many from the
Washington, DC area, teaching them advanced bomb dismantlement
techniques. So if the device had not exploded, perhaps the
folks who had that training would have an advantage trying to
render it safe. If it had already detonated, the effects are
variable. They go from almost nothing to very tragic. And so it
depends a lot on what the effects were. But, as Don said, the
labs have been practicing for the very serious end of that
experience, a nuclear weapon, and mostly radiation devices are
within that envelope of practice.
Mr. Greenwood. Dr. Vantine.
Mr. Vantine. Mr. Chairman, if an RDD went off in Arlington
yesterday, we've already failed. I think the new department can
help in two ways: It can help regulate the materials at the
source, and it can help detect the materials before this event
ever happens.
Mr. Greenwood. Ms. Heinrich, very quickly. Do you think we
need better coordination between bio, the HHS and this new
department in order to be prepared for this kind of an event?
Ms. Heinrich. I think that the proposal for the most part
is broadly stated, and I think that we have to have
clarification on, as we have heard here before, the roles and
responsibilities. It's not always clear what the control
command relationships are. So, I think we need more
information.
Mr. Greenwood. Thank you. The gentleman from Florida, for 5
minutes.
Mr. Deutsch. Thank you, Mr. Chairman. And I'm going to just
ask one question, and yield to my colleague from Colorado just
not to have to keep you around for about another 45 minutes.
Chief, you seem quite satisfied with your relationships
with HHS and FEMA. Except for the possibility of getting more
money, is there any reason to move these emergency response
activities into a new department?
Mr. Plaugher. Well, one of the things that the fire
services has said repeatedly to Congress is that we need a
national strategy, we need a national focus. And the coalescing
of that--and that is all of its subparts--into a single agency
has tremendous benefit to first responders in the development
of a national strategy. I'd just ask, as this goes forward,
that you allow the first responders to have some opportunities
for dialog and input into that national strategy. I mean, we
are the folks that are going to be there, we are the folks that
are going to have to manage the incidents.
So I think it does have some solid purpose and benefit,
because we have seen the absence of a national strategy because
of the splintered approach to date from the Federal agencies.
Mr. Deutsch. Thank you. I'd yield to Ms. DeGette.
Ms. DeGette. Thank you very much for yielding.
Mr. Plaugher, let me just comment on what you are saying,
because I had a meeting in my district, which is Denver, with
the local first responders and the representatives of the
State, and they even have a difficult time figuring out who
should be giving them directions between the State and the
local first responders, much less coordination in urban areas
like my district between all the counties that are involved.
And I think you are right, there needs to be some kind of
directions, so long as it's not, you know, just another
bureaucratic layer. I really appreciate what you are saying.
I just have a couple quick questions for Mr. Nokes and Drs.
Cobb and Vantine about the labs. First of all, how will the new
Department of Homeland Security make the deployment of the
technologies that the labs are developing easier to deploy in
the field?
Mr. Vantine. I think what happens is that when DHS starts
funding the program and putting it together, they are going to
work the whole issue of the systems issue. And so when the
technology goes to field, it's going to be already coordinated
with local response, regional response, and national response.
It's going to be an integrative package. It's going to be
vetted at the national laboratories to make sure that it works.
It's going to have the best technology. So it will be a package
that we put out in the field rather than pieces.
Ms. DeGette. And you think under the current structure of
the Department of Homeland--or, of what's happening now, it's
just in pieces? It's not coordinated?
Mr. Vantine. I think right now we rely on largesse of other
programs. They do R&D in their areas, we take that and try to
apply it to this problem, but we don't have the resources to
put the technology that we really need on the problem.
Ms. DeGette. So you envision that what this department
would do, then, would be to take that technology and bring it
all together?
Mr. Vantine. Exactly. That's exactly right.
Ms. DeGette. The other two, any additions?
Mr. Nokes. I would make one comment, and that is, right
now, as you well know, no one owns the problem and so everybody
has a piece of it, and so we have a very tactical fragmented
approach of applying technology to the issues. And I would hope
that the new department is able to pull together the
requirements across the--what are now different agencies and
put together a coherent program, so you have good security that
is uniform across the country and that would be the best thing.
Ms. DeGette. We haven't achieved that yet, have we?
Mr. Nokes. No.
Mr. Cobb. Just a quick answer, over the past several months
we have been working with NNSA anticipating the possibility
that they'd be the lead Federal agency, or they'd have a major
role in integrating the technologies. I think much of that is
being transferred to the new department, that concept. We now
have a lead Federal agency to develop the R&D, so that focus
will help.
Ms. DeGette. Has this coordination that you all think is so
essential, and so do I, and is that part of a specific proposal
that you have seen or is that just your hope for what the new
agency would show?
Mr. Cobb. There has been discussion, but I don't think it
is in the framework of a specific proposal. Obviously, the
legislation is very broad so the details still have to be
worked.
Ms. DeGette. Right, and I think that is all of our issues
here today. And without, you know--without asking you specific
details of how this would work, do you expect you will be
consulted on how this coordination can be implemented in a
plan?
Mr. Vantine. I guess I would answer that I think we are in
a negotiation stage right now as to how that is going to work.
We are trying to talk to Congress and to the different agencies
in trying to put together the package of how it is going to
work. As you have issues with it, I think we have issues with
it too. We don't see the details and I think they will be
worked out over time.
Ms. DeGette. That is always true when you're talking about
a big bureaucracy, the devil is in the details.
Mr. Nokes. I think, one more comment, as I look at the
legislation, I see that science and technology is in the
infrastructure under the Secretary's office, and the other
Under Secretaries don't appear to have a science or technology
advocate. So I think you might want to have a chief scientist,
or somebody at the top that looks down at all of the technology
requirements and makes resource allocation and priority
judgments.
Ms. DeGette. That was very helpful and now we have to go
vote.
Mr. Greenwood. The Chair thanks the gentlelady and the
Chair thanks each of our witnesses for lending your expertise
to this most vital effort and thank you again. You are excused.
The Chair would note that we do have series of votes and the
committee will recess until 1:35 and then we will bring forward
the fourth panel.
[Brief recess.]
Mr. Greenwood. The committee will come to order, and we
thank our witnesses, and they are Mr. Philip Anderson, Senior
Fellow at the Center for Strategic and International Studies,
Dr. Ronald Atlas, President-elect of the American Society for
Microbiology and Dr. Tara O'Toole, Director of the Center for
Civilian Biodefense Studies at Johns Hopkins University and
thank each of you for being with us this morning and for your
forbearance in waiting for us. You are aware that this is an
investigative hearing and that when holding an investigative
hearing, it is the practice of this committee to take testimony
under oath. Do any of you have objection to giving your
testimony under oath? The Chair would also then advise you that
pursuant to the rules of this committee and the House, you are
entitled to be represented by counsel. Do any of you require or
ask to be represented by counsel. In that case if each of you
would stand and raise your right hand.
[Witnesses sworn.]
Mr. Greenwood. Thank you. You are under oath, and Mr.
Anderson we will start with you, and you're recognized for 5
minutes to give your opening statement.
TESTIMONY OF PHILIP ANDERSON, SENIOR FELLOW, CENTER FOR
STRATEGIC AND INTERNATIONAL STUDIES; RONALD M. ATLAS,
PRESIDENT-ELECT, AMERICAN SOCIETY FOR MICROBIOLOGY; AND TARA
O'TOOLE, DIRECTOR, CENTER FOR CIVILIAN BIODEFENSE STUDIES,
JOHNS HOPKINS UNIVERSITY
Mr. Anderson. Good afternoon, Mr. Chairman, and members of
the committee. It is an honor to be with you today to provide
my views on vulnerabilities and response capability at the
Federal, State and local levels for consideration in addressing
the President's proposal to establish a Department of Homeland
Security. The slide behind me depicts an area of contamination
in the District of Columbia resulting from a detonation of a
radiological dispersion device, an RDD, a dirty bomb, detonated
on the National Capital Mall area in the area of the Air and
Space Museum.
CSIS conducted in-depth research and developed this
realistic cross-jurisdictional crisis scenario with the purpose
of helping to frame the planning requirement for the
Metropolitan Washington Council of Governments, led crisis
planning effort by identifying some of the key issues and
friction points that needed to be addressed. The exercise
portrayed the complexity associated with command control and
communications between Federal, State and local government and
the private sector and the general public.
The exercise participants included mid to upper level
decisionmakers and regional planners from the District of
Columbia and other local jurisdictions as well as
representatives from FEMA and the FBI. The results of this
research effort and the scenario were also presented to the
senior leadership of the New York City Police Department. The
scenario that was employed involved an explosive dispersal
device laced with radioactive Cesium 137. The scenario included
expected casualty rates, critical infrastructure damage
assessments, and effects across critical key infrastructure.
The addition of a radiological event pushed the recovery
portion of the scenario well beyond the scope of the exercise,
but it did generate additional thought with respect to future
planning. It's important to note that nowhere else in America
do the people charged with addressing emergency response and
recovery face a more daunting challenge than in the District of
Columbia. Nonetheless, the presence of radioactivity was an
issue that the participants were clearly not prepared to deal
with. This would seem to indicate that the greater Washington
region could be prepared for unconventional terrorist attacks
involving materials that have the potential of contaminating
large areas.
In the absence of well-developed plans and given the
complex multi-layer jurisdictions within the greater Washington
area, the actions of the Federal, State and local governments
could combine to reduce the efficiency and effectiveness of
emergency preparedness and response, particularly for
unconventional attacks. If you were to ask most Americans to
describe their greatest terrorism fears, chances are that they
would suggest cataclysmic scenarios involving weapons of mass
destruction, nuclear biological or chemical devices.
These views have been reinforced by the media and by the
administration's recent spate of gloomy warnings. However, at
present, there are significant financial and technical
obstacles to terrorists obtaining and deploying effective
weapons of mass destruction. There is, however, another
category of attack that deserves at least equal attention from
government, the private sector and public alike. Not just the
high consequence, but very low probability weapons of mass
destruction-type attacks or attacks on the opposite end of the
spectrum involving a much higher probability, perhaps, a lone
shooter or suicide bomber, but yet another category involving
attacks that fall somewhere in the middle.
In retrospect, this mid-level space is where September 11
belonged and it is the space in which future terrorists will
likely operate. Terrorist attack scenarios in this category
typically involve unconventional tactics or weapons that
include dirty bombs like that in the scenario we developed.
From the terrorist perspective they assume widespread death and
destruction is an unattainable goal. So they seek long-term
disruption similar to that realized by the September 11
attacks.
Other examples include a well-coordinated attack involving
multiple near simultaneous suicide bombings nationwide or
targeting unsecured highly visible, nonnuclear aspects of
energy infrastructure, very soft targets like oil refineries,
petroleum or liquid natural gas terminals or perhaps tanker
trunks. These types of unconventional attacks are achievable
now and indeed well developed plans along these lines are
probably already on the shelf.
Most importantly, although they represent real
possibilities, their impact in many cases is far more
psychological than real, real in terms of loss of life and
injury. Facing up to these threats must not mean giving into
fear. Even as a Nation develops defensive technologies from
radiation and chemical and biological sensors to bomb sniffing
devices, citizens must be equipped with the tools to protect
themselves psychologically. An intensive program to create
public awareness can help avert the panic and paralysis attacks
like these aim to inspire. With the arrest last week of
Abdullah al Muhajir, Jose Padilla, the would-be dirty bomber,
the importance of educating our first responders and the public
in general about the new dangers we face is more apparent than
ever.
The response clean-up and recovery effort that would be
required following a radiological attack for example,
synchronized decisions at the Federal, State and local levels,
as well as in the private sector must be fully thought through
and incorporated in the comprehensive contingency plans. It is
also important that long-term economic recovery plans be
developed considering the implications of unconventional attack
scenarios. The means to develop greater public awareness and
acceptance of risks should be considered. As such scenarios
that can be employed in table-top exercises and simulations
should be designed and incorporated into the development and
testing of plans to address the possibility of unconventional
attacks.
While we would all like to believe that the dirty bomb
scenario represents a remote possibility, the evidence points
to the contrary. How real a possibility that a terrible event
like this could happen remains to be seen, but it is clear that
adequate preparation for unconventional attack is essential.
Addressing all the possible terrorist attacks is a daunting
challenge, but it is important to keep in mind that from a
terrorist perspective, the challenges are far greater. To kill
large numbers of Americans and destroy significant portions of
critical infrastructure is extremely difficult. The terrorist
must depend on psychological impact to achieve his objectives,
disrupting the economy, breaking our spirit and reducing our
confidence in our government.
By focusing on the most likely threats, increasing
situational awareness and empowering first responders in the
public with the knowledge they need, we weaken the terrorist
arsenal as we strengthen our own.
Mr. Chairman, over the long term, considering this new and
very dangerous environment, the President's proposal must be
acted upon to ensure unity of effort and clear lines of
authority, responsibility and accountability at every level to
effectively address the enormous complexity of securing the
homeland. The road ahead remains fraught with challenges yet to
be addressed, and we at the Center for Strategic and
International Studies are ready and willing to help. Organizing
effectively to ensure the security of American homeland is
essential to the safety of our country's citizens and to our
prosperity as a Nation. We appreciate the committee's
leadership on this issue and we look forward to helping in any
way we can. Thank you very much.
[The prepared statement of Philip Anderson follows:]
Prepared Statement of Philip Anderson, Senior Fellow and Director,
Homeland Security Initiative, Center for Strategic and International
Studies
i. introduction.
Good morning Mr. Chairman--Members of the Committee. It's an honor
to be with you today, to present my views on ``Creating the Department
of Homeland Security: Consideration of the Administration's Proposal .
. . focusing on chemical, biological, and radiological response
activities proposed for transfer to the Department of Homeland
Security.'' Let me begin by saying that the statement I am about to
give represents my views and in no way should be taken as the
institutional view of CSIS. Before beginning though, let me provide you
with some background on the work we are doing at CSIS.
CSIS has completed a number of homeland security projects both
prior to--and since the tragic events of September 11. In January 2001,
CSIS released a report on the results of an eighteen-month study,
Homeland Defense: A Strategic Approach. In June 2001, CSIS co-directed
Dark Winter, a high-level simulation of a smallpox attack originating
in Oklahoma City. In the immediate aftermath of September 11, CSIS
convened an internal task force on terrorism, the results of which were
published in To Prevail: An American Strategy for the Campaign against
Terrorism. In March 2002, CSIS completed extensive research on the
impact of a ``dirty bomb'' detonated on the National Capitol Mall. This
in-depth research led to the development of a crisis-planning scenario
which served as the basis for the Council of Governments led ``Greater
Washington Crisis Planning Workshop'' which was held on March 21, 2002.
The results of this research effort and the scenario were also
presented to the senior leadership of the New York City Police
Department on May 1, 2002.
Currently CSIS is completing a White Paper on the challenges
associated with the creation of a Department of Homeland Security that
will provide actionable recommendations for decision makers for
consideration in this critically important debate. CSIS is also working
on a simulation exercise, patterned after our Dark Winter effort, to
focus on the vulnerability of U.S. energy infrastructure. Rather than
consequence management, this simulation exercise will focus on the less
understood--and explored--scenarios in which policymakers must decide
on whether and how to act in the case of a credible threat against
critical energy infrastructure.
ii. overview.
With the President's proposal to establish a Department of Homeland
Security, there seems to be a renewed sense of urgency in Washington.
When considering the number of threats we face from terrorists intent
on doing us harm, this would certainly seem appropriate. The Nation is
at war--a war that is occurring in many ways beyond the public's view.
There can be no greater public recognition of this fact than the
President's proposal to establish a Department of Homeland Security.
I was asked to address response capability at the federal, state
and local levels for consideration in addressing the President's
proposal. In this new and very dangerous environment, it appears that
if enacted, the President's proposal would greatly simplify management
processes and unify the efforts of the 46 federal agencies that, to
varying degrees, have responsibility for Homeland Security. In
addition, the President's proposal would seem to represent an effective
starting point to ensuring the means to effective communication and
coordination between the federal, state and local governments to ensure
unity of effort and clear lines of authority, responsibility and most
importantly, accountability.
iii. the challenges.
CSIS conducted in-depth research and developed a realistic crisis
scenario to address a plausible--large--cross-jurisdictional crisis in
Washington, DC. The overall purpose was to help frame the planning
requirement for the Metropolitan Washington Council of Governments
(COG) led crisis-planning effort by identifying some of the key issues
and friction points to be addressed. The exercise portrayed the
complexity associated with command, control and communications between
federal, state and local government and the private sector/general
public. CSIS facilitated discussions focused on how to resolve lines of
communication, authority, and responsibility in an unconventional
crisis environment.
The exercise was designed to present participants with a large-
scale terrorist attack on downtown Washington, D.C. in order to
facilitate discussion and identify questions to be addressed by a
coordinated response plan. The exercise participants included mid to
upper level decision-makers and regional planners from the COG task
force working groups as well as from the District of Columbia and other
local governments and from relevant agencies of the federal government
to include FEMA and the FBI.
The participant's role was to assimilate the events unfolding and
operate within their own committee framework to discuss and determine
the actions/recommendations they would take forward to superiors in
addressing the regional response to mitigate near term and long-term
risks. The exercise was not designed to be a decision driven war game
where actions/decisions were analyzed or critiqued against some ideal
or textbook solution.
The comprehensive scenario that was employed involved an explosive
dispersal device laced with radioactive Cesium 137. The scenario
included expected casualty rates, critical infrastructure damage
assessments, and effects across key critical infrastructure. The
addition of a radiological event pushed the recovery portion of the
scenario well beyond the scope of the exercise, but did generate
additional thought with respect to future planning. The scenario was
presented in three segments with the following questions providing the
framework for discussion: What are the key decisions that have to be
made? Who will make those decisions? What additional information do you
need? Where do you propose to get this information? What are the
critical interdependencies? Who will be the authoritative voice for the
public? How will you communicate risk to the public?
During the first segment, the participants were not made aware of
the radiation associated with the scenario and appeared to be
comfortable with near-term response procedures for dealing with a
conventional explosion and the resulting crisis. Overall, emergency
response procedures and coordination requirements were familiar at this
level, due in part to the events of September 11.
The necessity of having coordinated response procedures in place
became clearer during the second segment of the scenario that provided
the participants with the news that the bomb was in fact a ``dirty
bomb''' that contained Cesium-137. The presence of radioactivity was an
issue that the participants were clearly not prepared to deal with.
Issues that the participants felt were critical to address at this
stage were whether to shelter in place or evacuate the city, the
requirement for the President to declare Martial Law, the possibility
that METRO might be forced to shut down due to contamination, the role
of the media, the presence of radiation, emergency personnel
augmentation, and protective gear requirements.
The long-term implications of a radiological attack became
increasingly clear and overwhelming as the third segment was
introduced. The scenario presented participants with reports of
deserted D.C. streets and hotels, workers refusing to return to work,
and parents refusing to send their children back to schools that had
conducted field trips to D.C. on the day of the attack. These reports
were indicative of the deep, long-lasting psychological impact that a
radiological attack could have. The public has an inherent fear of
radiation, even though there is almost no danger of dying from exposure
to this type of isotope--only the potential for long-term health
implications in the form of increased cancer and cataract rates. The
participants felt that issues associated with long term economic impact
and recovery were critical to address in advance of this type of
attack.
It is important to note that nowhere else in America do the people
charged with addressing emergency response and recovery face a more
daunting challenge than in Washington, D.C. Nonetheless, the presence
of radioactivity was an issue that the participants were clearly not
prepared to deal with. This would seem to indicate that the greater
Washington region could be unprepared for unconventional terrorist
attacks involving materials that have the potential of contaminating
large areas. In the absence of well developed plans--and given the
complex, multi-layered jurisdictions within the greater Washington
region--the actions of the federal, local and state governments could
combine to reduce the efficiency and effectiveness of emergency
preparedness and response, particularly for unconventional attacks.
iv. general recommendations.
At the heart of any effort to establish a Department of Homeland
Security is the requirement to address the likely threats. However,
defining likely threats in this new environment is problematic in that
they will likely derive from multiple sources with different objectives
and various means to do us harm. Defining the threat is risky but
absolutely necessary for developing plans to organize and allocate
resources to address the myriad vulnerabilities that exist.
Later this summer, the White House Office of Homeland Security has
said it will unveil a comprehensive national strategy to secure the
United States from future terrorist attacks. Governor Ridge has
emphasized that the strategy will be guided by a risk management
philosophy, ``focusing our resources where they will do the most good
to achieve maximum protection of lives and property.'' A risk
management approach is essential--but defining the threat, identifying
critical vulnerabilities, and developing effective capabilities to
address them are a daunting challenge.
With the arrest last week of Abdullah al Muhajir, the would-be
``dirty bomber,'' the importance of educating our first responders and
the public in general about the new dangers we face is more apparent
than ever. If you asked most Americans to describe their greatest
terrorism fears, chances are they would suggest cataclysmic scenarios
involving weapons of mass destruction--nuclear, biological, or chemical
devices. These views have been reinforced by the media and by the
administration's recent spate of gloomy warnings. However, there are
significant financial and technical obstacles to obtaining and
deploying effective weapons of mass destruction (WMD). But since the
consequences of a successful terrorist attack using such weapons would
be devastating the government is correct to focus significant resources
toward preventing these gruesome possibilities. There is, however,
another category of attack that deserves at least equal attention from
government, the private sector and the public alike: not just high
consequence but very low probability WMD attacks or the less severe
consequence but much higher probability suicide bomber attacks, but
those attacks that fall in the middle. In retrospect, this mid-level
space is where September 11 belonged, and it is the space in which
future terrorists will likely operate.
Terrorist attack scenarios in this category are typically
unconventional and include ``dirty bombs'' like the one described
herein which employed conventional explosives laced with radioactive
Cesium-137--which can easily be found in industry, hospitals and
medical labs. Or terrorists could develop a well-coordinated attack
involving multiple near-simultaneous suicide bombings nationwide. They
could also target unsecured, highly visible, non-nuclear aspects of
energy infrastructure--``soft'' targets like oil refineries, petroleum
or liquid natural gas terminals. These types of unconventional attacks
are achievable now; indeed well developed plans along these lines are
probably already on the shelf. But although they represent real
possibilities, their impact in many cases is far more psychological
than real--in terms of injury and loss of life. Facing up to these
threats must not mean giving in to fear. Even as the nation develops
defensive technologies--from radiation and chemical and biological
sensors to bomb sniffing devices, citizens must be equipped with the
tools to protect themselves psychologically. An intensive program to
create public awareness can help avert the panic and paralysis attacks
like these aim to inspire.
The response, clean up, and recovery effort that would be required
following a radiological attack for example--that synchronize decisions
at the federal, state, and local levels as well as in the private
sector--must be fully thought through and incorporated into
comprehensive contingency plans. It is also important that long-term
economic recovery plans be developed considering the implications of
unconventional attack scenarios. The means to develop greater public
awareness and acceptance of risks should be considered. As such,
scenarios that can be employed in tabletop exercises and simulations
should be designed and incorporated into the development and testing of
plans to address the possibility of unconventional attacks. While we
would all like to believe that the scenario described herein represents
a remote possibility, the evidence points to the contrary. How real the
possibility that a terrible event like this could happen remains to be
seen but it is clear that adequate preparation for unconventional
attack is essential.
Addressing all the possible terrorist attack scenarios is a
daunting challenge, but it is important to keep in mind that from the
terrorist perspective, the challenges are far greater. To kill large
numbers of Americans and destroy significant portions of critical
infrastructure is extremely difficult. The terrorist must depend on
psychological impact to achieve his objectives--disrupting the economy,
breaking our spirit, and reducing our confidence in our government. By
focusing on the most likely threats, increasing situational awareness
and empowering first responders and the public with the knowledge they
need, we weaken the terrorist arsenal as we strengthen our own.
v. conclusion
Mr. Chairman, over the long term, considering this new and very
dangerous environment, the President's proposal must be acted upon to
ensure unity of effort and clear lines of authority, responsibility and
most importantly, accountability at every level to effectively address
the enormous complexity of securing the homeland.
Mr. Chairman, the road ahead remains fraught with challenges yet to
be addressed. The Center for Strategic and International Studies is
ready and willing to help. Organizing effectively to secure the
American Homeland is essential to the safety of our country's citizens
and to our prosperity as a nation. We appreciate the Committee's
leadership on this issue, and we look forward to helping in any way we
can.
Mr. Greenwood. Thank you, Mr. Anderson.
Dr. Atlas for 5 minutes. You need to push the button on
your microphone, sir.
TESTIMONY OF RONALD M. ATLAS
Mr. Atlas. Chairman Greenwood, members of the subcommittee,
we would like to thank you for inviting the American Society
for Microbiology to testify on issues related to the
administration's proposal to create the Department of Homeland
Security. The ASM has submitted a written statement which I
will briefly summarize. The ASM, which has particular expertise
in biomedical research and public health protection, supports
the establishment of a Department of Homeland Security that
would have oversight, coordination and leadership functions for
biodefense activities. We agree that the Department of Homeland
Security should be established to serve the important function
of integrating threat analysis and vulnerability assessments
and to identify strategic priorities for preventative and
protective steps that can be taken by other Federal agencies.
We believe that the Department of Homeland Security would
be able to work with the Department of Health and Human
Services and the National Institute of Allergy and Infectious
Diseases to pursue highly managed rapid paced and even
classified research and development projects, which are needed
to defend against the threat of biological weapons. ASM thinks
that having a strong science and technology component within
the Department of Homeland Security is essential and would help
provide critical linkage among the numerous mission agencies
charged with science development.
By having a strong science component, the Department of
Homeland Security would be able to play a vital role in
coordinating, reviewing and evaluating scientific and technical
programs relating to human animal and plant life. We need to
recognize, however, that biodefense research is part of the
continuum of the breadth of biomedical research aimed at
protecting the Nation aimed at infectious diseases. This field
is different than many other areas because of its duality and
the high degree of overlap with the public health and
biomedical research activities of the Nation.
We do not want to create a duplicative system. Rather, we
want a seamless, integrated and highly coordinated biodefense
response system. Therefore, ASM believes that it is critical
that a scientific health organization, namely HHS, continue to
prioritize and conduct Federal research relating to civilian
human-related, biological, biomedical and infectious diseases.
We feel it is important to distinguish between policy and
planning guidance, which would be well served by the Department
of Homeland Security and the responsibility and/or authority
for the direction, control and conduct of scientific research,
which should remain within HHS.
HHS and the National Institutes of Health are best
qualified to establish biomedical research and development
programs and to prioritize scientific opportunities and
research. The National Institute of Allergy and Infectious
Diseases bring to bear all aspects of biomedical research and
full capability of science to achieve scientific advances and
biodefense. The ability to build on the body of scientific
knowledge underpins the capability of the United States to
combat bioterrorism.
Because it is difficult to distinguish an introduced
infectious disease from a naturally occurring one, the
strategies to protect against either event in terms of new
scientific and technical approaches are the same. Since 9/11,
National Institute of Allergy and Infectious Diseases has
rapidly accelerated work to protect the Nation against the
threat of bioterrorism. This acceleration has occurred across
the spectrum of scientific activities from basic research in
microbial biology to the development of vaccines and
therapeutics to research related to diagnostic system.
We fear that the proposal to transfer responsibility for
biodefense research to the Department of Homeland Security
could create unpredictability and loss of momentum for these
research programs, would very likely divert money from research
and would not be the optimum way to obtain the integrated work
of the best scientific minds. It is clearly not the aim of the
administration's proposal. We, therefore, feel that the HHS, in
consultation and coordination with the Department of Homeland
Security, should retain primary responsibility for accelerated
biodefense research and development programs.
ASM also would leave primary responsibility for planning
for such emergencies for the Centers of Disease Control and
prevention. We do not want to create a separate public health
system for biodefense. A public health emergency arising from
biological causes public health authorities must determine the
nature of the organism, distinguish between a bioterrorism
attack and a natural event, and respond rapidly to the health
threat.
Regarding the select agent registration program, the
administration bill would transfer this and the enforcement
programs of HHS to the new department. HHS currently has the
scientific and institutional knowledge and expertise relating
to dangerous biological agents, biosafety and biosecurity to
administer the program, and ASM continues to believe that the
CDC should be responsible for the select agent registration
program, which is key to the development of the Nation's
biodefense capability.
Further, the administration bill does not appear to
transfer the select agent registration and enforcement programs
newly assigned to the Department of Agriculture. ASM believes
that coordination and the registration programs for agriculture
and human agents is critical as was recognized in H.R. 3448.
The proper administration of the select agent program must
balance public concern for safety with the need to not unduly
encumber legitimate research and diagnostic testing. We need an
integrated program that adds protection against misuse of
microbial resources.
Therefore, ASM is recommending that an interagency group
with the involvement of scientific societies address the
advisability of removing the select agent program from HHS
authority. Finally, ASM's full testimony touches upon a number
of other specific issues. These issues include management and
oversight of the National Pharmaceutical stockpile and response
to infectious disease outbreaks, be they natural or intentional
and provisions relating to research programs and activities of
the USDA and DOE.
Each of these specific areas merits careful review by this
committee. In closing, I want to reaffirm ASM's commitment to
working with the administration and the Congress to achieve the
most effective and most efficient system in the world for
research control and response to the threat posed by biological
agents.
[The prepared statement of Ronald M. Atlas follows:]
Prepared Statement of Ronald M. Atlas, President Elect, American
Society for Microbiology
introduction
The American Society for Microbiology (ASM) is pleased to testify
before the House Energy and Commerce Subcommittee on Oversight and
Investigations hearing on creating the Department of Homeland Security:
Consideration of the Administration's Proposal with a focus on
chemical, biological and radiological response activities proposed for
transfer to the Department of Homeland Security (DHS). The ASM is the
largest life science society with over 40,000 members and its principal
goal is the study and advancement of scientific knowledge of
microbiology for the benefit of human welfare.
The ASM has worked with the Administration, the Congress and
federal agencies on measures to protect against biological weapons and
bioterrorism. Most recently, ASM provided expert advice on provisions
to expand the Biological Weapons Statute in the USA Patriot Act and on
Title II of the Public Health Security and Bioterrorism Preparedness
and Response Act of 2002, which expands controls on certain dangerous
biological agents and toxins. ASM members are involved in research and
public health initiatives aimed at eradicating the scourge of
infectious diseases, which daily end the lives of thousands of
Americans and tens of thousands around the world. Infectious diseases
remain the major cause of death in the world for those under the age of
45 and particularly for children. They are the third leading cause of
death in the United States.
The ASM considers it critical that the proposed DHS build upon
existing science and technology programs that hold promise in the
defense against bioterrorism and in the effort against deadly
infectious diseases. We would like to focus our comments on issues that
Congress should consider on how best to achieve this goal.
the role of the department of homeland security
1. Role of science and technology in Homeland Security is Critical
The terrorist events of September 11 and the anthrax biocrimes
reveal the need and complexity of homeland defense. The ASM, therefore,
supports oversight, coordination and leadership for biodefense
activities in a Department of Homeland Security (DHS). Given that
science and technology will play a vital role in the biodefense of the
nation, the ASM believes it is essential to establish a strong science
and technology function in the DHS. This science component will provide
the necessary linkage between the Secretary of Homeland Security and
the numerous mission agencies charged with science and technology
development.
2. The Department of Homeland Security has an important role to play in
defending the nation against biological threats.
The DHS will have an important role in developing the nation's
defenses against, and responses to, biological threats. The role of DHS
should be to integrate threat analysis and vulnerability assessments
and to identify priorities for preventive and protective steps to be
taken by other federal agencies to protect the American public. The DHS
can coordinate, review, and evaluate scientific and technical programs
related to human, animal, and plant life. The DHS will be a proper
governmental vehicle to coordinate and to integrate the expanded roles
of mission agencies in bioterrorism related research. The important
role of the United States Army Medical Research Institute for
Infectious Diseases (USAMRIID) should be recognized and strengthened
and it should interface with the proposed DHS.
It will be important to define the boundaries between DHS and the
mission agency with major responsibility for protecting the nation's
health, HHS. An appropriate coordination office or position should be
established within DHS. One approach, for example, would be for DHS to
establish a position or appoint a person with the appropriate
scientific background who would report to both the DHS Secretary and
the HHS Secretary. That person would also work with the National
Institutes of Health (NIH) and National Institute of Allergies and
Infectious Diseases to ensure integration of threat and vulnerability
analysis about bioterrorism. The goal, of course, would be mutually
agreed upon research priorities that address threatening biological
agents.
Other mechanisms and/or functions may be needed for HHS and DHS to
serve the vital role of coordinating the pursuit of an integrated
research and development agenda for counter-terrorism, including highly
directed, high risk, fast-paced, classified projects, and to manage
between research results and applications to develop and evaluate
specific technologies and for procurement. For example, NIH/NIAID has
already accelerated basic and clinical research related to bioterrorism
to focus on ``Category A'' agents considered by CDC to pose the highest
threat. Last fall, the NIAID conducted a study to show that existing
stocks of smallpox vaccine could be diluted at least 5-fold to provide
immediate protection in case of a smallpox attack. NIAID also
accelerated screening of antiviral compounds for activity against
smallpox and related viruses and accelerated development of a ``new
generation'' bioengineered anthrax vaccine and a promising Ebola virus
vaccine. It has launched seven new fiscal year 2002 initiatives to
expedite biodefense research.
3. ASM recommends that HHS continue to be responsible for the
prioritization, direction, and conduct of federal research
efforts related to civilian, human, health-related biological,
biomedical, and infectious diseases.
Pathogenic microbes pose a threat to national security whether they
occur naturally or are released in a bioterrorism attack. Biodefense
research is part of the continuum of biomedical research aimed at
protecting the nation and the world against infectious diseases. The
capability to develop countermeasures and interventions is directly
related to information generated by biomedical research on pathogenic
microbes and the host response to these microbes. Therefore, it is
critical that federal research efforts related to civilian human
health-related biological, biomedical, and infectious diseases should
be prioritized and conducted by, and at the direction of, the
Department of Health and Human Services (HHS).
It is important to distinguish between oversight functions such as
policy and planning guidance and coordination, which would be served by
the DHS and the responsibility and authority for the direction, control
and conduct of scientific research. ASM recommends that HHS, a public
health and biomedical research agency of unparalleled success, should
continue to be responsible for the conduct and direction of scientific
research.
The Administration's Bill recognizes the necessity that HHS conduct
the research and development programs related to infectious diseases.
Section 303(a)(1) of the Bill provides that the Secretary of DHS shall
carry out responsibilities related to civilian human health-related
biological, biomedical, and infectious diseases through HHS and the
Public Health Service ``under agreements with the Secretary of Health
and Human Services, and may transfer funds to him in connection with
such agreements.'' Section 301(2) of the Administration's Bill,
however, gives DHS primary authority and responsibility for the conduct
of national scientific research including ``directing, funding, and
conducting research and development'' related to biological threats.
Additionally, at Section 303(a)(2), the Bill provides that DHS, in
consultation with HHS, ``shall have authority to establish the research
and development program, including the setting of priorities.'' The ASM
believes that the proposed restructuring of program authorities in the
Administration's bill will create unpredictability for research
programs, will divert monies from research and will not be the best
approach to achieving the goal of civilian biodefense, which requires
the involvement of the best scientific minds and the support of
excellent science based on merit review.
The HHS, the federal agency with the major mission for protecting
the public health, is best qualified to establish biomedical research
and development programs, identify scientific opportunities and the
research approaches for ensuring that biodefense needs are met in the
best way possible. The National Institute of Allergy and Infectious
Diseases (NIAID) is best able to bring together all aspects of
biomedical research and the full capability of science to ensure
breakthroughs and advances of high quality for biodefense. The ability
to build on the body of scientific knowledge underpins the capability
of the United States to combat bioterrorism. For example, the national
response mounted by NIH/NIAID to AIDS demonstrates the capability of
science to respond to a threat. The response was based on years of
accumulated scientific knowledge and biomedical research that had been
well supported by Congress. The response to bioterrorism will require
the same long-term dedication of financial resources and scientific
talent.
The NIAID, working with the DHS, has the knowledge about scientific
capabilities to respond to threats and vulnerabilities related to the
biological sciences. It can identify the science and infrastructure
relevant to the most pressing issues and take advantage of the most
highly leveraged opportunities for research that can contribute to
counter-terrorism solutions. Because it is difficult to distinguish an
introduced infectious disease from a naturally occurring one, the
strategies to protect against either event in terms of new scientific
and technical approaches, including surveillance, prevention and
response, are the same. There will be dual benefits for public health
in that investment in research to develop new therapeutics, vaccines,
antivirals, genomics, diagnostics, sensitive detection devices and
innovative surveillance approaches for biological agents will carry
over to public health breakthroughs for all infectious diseases.
The nation has already seen the ability of HHS to respond to
bioterrorism. In the months since September 11, 2001, the NIAID has
rapidly accelerated work to protect the nation against the threat of
bioterrorism. This acceleration has occurred across the spectrum of
scientific activities from basic research in microbial biology to the
development of vaccines and therapeutics to research related to
diagnostic systems. It is critical that this work continue to develop
rapidly and efficiently without delay, disruption or loss of momentum.
A scientific health agency, HHS, rather than the nonscientific,
nonpublic health DHS should have the principal authority for developing
and prioritizing scientific and health related programs. Essentially,
therefore, the ASM suggests reversing the responsibilities identified
in Section 303(a)(2) of the Administration's Bill. HHS, in consultation
and coordination with DHS, should retain responsibility for accelerated
research and development programs, including prioritizing such projects
the public health system for biodefense
The ASM is also concerned that the nation not create a separate
public health system for biodefense. Therefore, the ASM would leave
primary responsibility for planning for public health emergencies
arising from biological causes with the HHS and Center for Disease
Control. At the earliest possible moment after the outbreak of a
contagion, it is critical to determine the nature of the organism and
to distinguish between a bioterrorism attack and a natural event. Then,
public authorities must respond rapidly and appropriately to the health
threat that either one would present. The ASM believes CDC should be
charged with these tasks.
Section 505(a)(2) of the Administration's Bill requires DHS to
carry out these functions under agreement with HHS. Again, the ASM
believes the important and appropriate role for DHS is to coordinate
planning and development of programs and to lend technical assistance
to the responsible agency. It is entirely appropriate for HHS to
coordinate and consult with DHS. As with the direction and control of
research, however, the primary duty and authority should remain with
the scientific agency with the existing knowledge, experience, and
expertise to fulfill the critical mission. A scientific person within
the DHS with the appropriate public health background and reporting to
both the DHS Secretary and HHS Secretary could work closely with the
CDC Director to achieve mutually agreed upon public health priorities
for bioterrorism preparedness and response.
administration and enforcement of the program for registration for
possession and use of select agents
Agriculture, the food supply, and the environment are potential
targets of bioterrorism along with humans. It is important, therefore,
to integrate and coordinate programs related to human, animal, and
plant agents. Section 302(a) of the Administration Bill transfers to
DHS the select agent registration and enforcement programs of HHS.
However, it does not transfer the select agent registration and
enforcement programs of the Department of Agriculture to the DHS.
Subtitle C of the Public Health Security and Bioterrorism Preparedness
Act of 2002 mandated coordination of activities of HHS and the
Secretary of Agriculture regarding ``overlap agents''--that is, agents
that appear on the separate lists prepared by HHS and Agriculture.
Without doubt, such coordination must occur. Bioterrorism research and
surveillance extends and applies to infectious disease and select agent
research. The ASM believes that integration of the select agent
registration program inevitably will assist in the creation of an
efficient registration process thereby expediting registration.
The proper administration of the select agent program is key to the
development of the nation's biodefense capability and response and must
balance the concerns for public safety with the need to not unduly
encumber legitimate scientific research and laboratory diagnostic
testing. The ASM continues to believe that HHS has the scientific and
institutional knowledge and expertise related to dangerous biological
agents, biosafety, and biosecurity in microbiological and biomedical
laboratories and that it is best qualified to achieve the goal of
protecting the public health and safety without interfering with
research, and clinical and diagnostic laboratory medicine. Transferring
this program to DHS raises many questions with regard to the
administration of this program which must be carefully considered by
Congress, which recently enacted new legislation and additional
requirements for select agents. The ASM, therefore, requests that a
review be done by an interagency group with the involvement of
scientific societies to assess the advisability of removing the select
agent program from HHS authority.
each transfer of a scienific fundtion should be specifically reviewed
Some additional specific measures in the Administration Bill
require further consideration and comment by the ASM. The ASM continues
to study the Administration Bill to evaluate the best approach to
achieving expedited research that advances the defense against
bioterrorism but does not dilute the continuing, critical battle
against naturally occurring infectious diseases. The ASM suggests
expeditious review of the appropriateness of each transfer of a
facility or responsibility related to biological organisms from an
existing agency. Similarly, the proposed transfers within the USDA
should be carefully reviewed, in particular the justification should be
considered for transferring Plum Island which addresses animal diseases
but not incorporating the equivalent functional unit that addresses
plant diseases.
For example, as noted above, the defense against bioterrorism must
be fully integrated into the nation's public health system that is led
by the Centers for Disease Control and Prevention. Currently, CDC would
use the national pharmaceutical stockpile in response to infectious
disease outbreaks--both natural and intentional. Sections 501(3)(B) and
502(6) would transfer the Strategic National Stockpile to DHS. Such
transfer should be reviewed carefully during further consideration of
the Bill. HHS should be responsible for developing the materials in the
stockpile. Therefore, it seems appropriate for HHS to continue
management of the stockpile. The ASM, however, understands the
coordination and oversight function envisioned for DHS, and the final
resolution of the management of the stockpile ultimately must depend
upon the resolution of the scope and role of DHS responsibilities and
activities. At this time, we also recommend that there be an external
review of the CDC to ensure optimal preparedness for public health
emergences and bioterrorism and to ensure appropriate integration with
existing programs.
conclusion
We appreciate the opportunity to present this testimony. The ASM is
committed to working with Congress and the Administration to achieve
the most efficient and effective system in the world for research,
control, and response to the threat posed by biological agents.
Mr. Greenwood. Thank you, Dr. Atlas.
Dr. O'Toole for 5 minutes.
TESTIMONY OF TARA O'TOOLE
Ms. O'Toole. Thank you, Mr. Chairman. I am a physician and
a public health professional by training, so I am going to
restrict my remarks to those aspects of the proposed new agency
related to bioterrorism activities. First, I would like to say
that I support the President's call for a new agency dedicated
to homeland security. We are also extremely admiring of the
President's and the administration's initiatives on
bioterrorism, particularly over the past year. I think that the
R&D initiative situated in NIH as well as the funds now going
to State and local health departments for public health
preparedness reflect the President's recognition of the
importance of the bioterrorism threat as well as the unique
nature of this threat and the necessary response.
That said, however, I think the proposed reorganization as
it pertains to bioterrorism functions raises several serious
issues, and I would like to suggest some of them to you today.
As I look at the proposed new agency, it appears to be a tiny
island of bioscience, public health and medical functions
around bioterrorism concerns within a very large ocean of more
traditional national security and law enforcement functions.
This worries me.
First of all, my understanding is that the rationale for
consolidating many of these other border security type
functions into a single agency is to improve coordination,
cooperation and collaboration amongst similar functions and to
get them all under one roof. In the case of bioterrorism
programs, however, we would not be consolidating public health
and bioscience research functions, we would be splitting them
out to a new agency. This raises the specter of either, as Dr.
Atlas suggested, having to create redundant parallel programs
in homeland security in order to have enough leadership to
figure out what to do in these areas and do it properly, or
leaving one of the other agencies, either HHS or homeland
security with insufficient robustness and expertise to carry
out these important and difficult tasks.
The second problem that is raised by the proposed
reorganization is the question of talent. The Hart-Rudman
report talked quite eloquently about the crisis of competence
that the Federal Government is facing, and it noted that in
particular, we have failed to attract people with science and
technology backgrounds into the Federal service. This is a
problem we should confront now. Whoever belongs to this new
agency, I think the Congress would do the country a great
service if you could figure out ways to attracting young
people, particularly with scientific backgrounds into Federal
service.
I don't see that in the new bill as of yet. I would like to
list five things that I think are essential elements of any
department, whatever we name it, or whatever it is that has to
lead the Nation's biodefense and biopreparedness efforts. First
of all, as I said, they must have adequate expertise and
personnel. I believe the crisis of competence is already
afflicting the Federal agencies. And whether or not
bioterrorism programs move to homeland security, we must, we
must hire many new, I would say, at least 100 professionals to
deal with bioterrorism programs in CDC, HHS or homeland
security. This is for the medical and public health parts of
bioterrorism.
Second, one of the critical aspects of success in
bioterrorism prevention and preparedness is liaison with local
authorities. The core of bioterrorism response is going to
reside in hospitals, in clinics and in State health agencies.
The Federal Government has to enable those entities to work
properly. I am concerned that the programs already underway,
particularly the public health preparedness programs initiated
by the administration in February, are going to be disrupted
with this move or even the threat of this move. These programs
are getting started. The money is on the ground in the States.
Whatever we do, however we do it, we should ensure that
that progress is not thwarted. We will also, if we create a
homeland security agency as the home for bioterrorism
preparedness programs, be creating a two-stop shopping problem
for local authorities. They will go to CDC for traditional
infectious disease help and guidance. They will go to homeland
security, should we move the bioterrorism programs there. I
understand we are going to try to have tight coordination
between those agencies, but again, we seem to be splitting
rather than consolidating functions. That could be a real
problem for local agencies which have limited resources to
interact with the Federal Government.
Third, I am worried about sustained support. However we
configure bioterrorism programs, we are going to have to put
resources into these programs for many years to come. If we
move bioterrorism preparedness programs into homeland security,
we may lose the opportunity to build dual use programs, that is
bioterrorism response capabilities and systems that serve
routine organizational purposes in the medical and public
health field. That is not necessarily the case, but again,
moving it to a new agency threatens to create parallel systems
rather than one integrated system.
Fourth, we have to have a robust biodefense research and
development program. The President recognized this by granting
NIH the greatest budget increase in history in the past year.
We ought not to build this program from scratch, but we are
starting from very far back in the field. NIH does not now do
production and development of technologies. No one in the
government does it well. However we go forward with biodefense
R&D, we must engage the universities and the private sector in
this enterprise. That is where the real talent in bioscience
research lies in this country, not in the government.
The government, aside from NIH, actually has very few
bioscientists who are expert in R&D. So the new agency, whoever
it is, has got to be able to engage industry and the university
researchers and biodefense R&D.
Finally, I think that it is critically important that
bioterrorism and biodefense be seen as a top national security
priority. Coming from the Hopkins Center for Biodefense
Strategies, I am, as you might imagine, deeply worried about
this threat. I believe that this threat will grow considerably
in the next few years because the power and the diversity of
biological weapons is linked to advances in the life sciences
and these advances which will have great booms for human kind
are moving very, very quickly. That said, should we decide to
leave bioterrorism preparedness programs in HHS, we must make
sure that those programs don't get left behind and left out of
the national security policies planning and strategies. It has
taken several years to get national security experts to
recognize that it is essential to have public health and
medical people at the table making decisions about these
issues, and we should not lose that progress in the new move to
the new agency should we decide to go in that direction. Thank
you, Mr. Chairman.
[The prepared statement of Tara O'Toole follows:]
Prepared Statement of Tara O'Toole, Director, Center for Civilian
Biodefense Strategies, Johns Hopkins University
Mr. Chairman, my name is Tara O'Toole. I am a physician and public
health professional by training, the Director of the Johns Hopkins
Center for Civilian Biodefense Strategies, and a faculty member of the
Bloomberg School of Public Health. From 1993-97 I served as Assistant
Secretary of Energy for Environment Safety and Health, and prior to
that was a senior analyst at the Congressional Office of Technology
Assessment. It is a privilege to come before you today to discuss the
implications of President Bush's proposed bill to create a Department
of Homeland Security. I shall confine my remarks to those aspects of
the bill which deal with bioterrorism preparedness and biodefense
activities.
I strongly support the formation of a federal department of
Homeland Security as outlined by the U.S. National Commission on
National Security in the 21st Century (the ``Hart-Rudman report''). It
makes great sense, as President Bush has advocated, to consolidate some
of the many departments and agencies that share similar functions
pertaining to border security, customs procedures, etc. in order to
achieve greater collaborative power, efficiency and accountability.
There are some potential advantages to be gained from placing
bioterrorism preparedness and biodefense research and development
activities in a new federal agency. The activities dealing with the
biodefense mission are profoundly important to the nation's security
and deserve the attention and support the new agency is likely to
command in the coming years. If biodefense activities do not reside in
the Homeland Defense Department, there is some peril that these crucial
functions will be neglected. It is also important that the operational
public health and medical biodefense functions are integrated with
national security objectives and that biodefense experts be full
participants in national security policymaking and strategic planning.
I do, however, have serious concerns about the implications of
moving bioterrorism preparedness programs and biodefense activities
into the new agency, at least in the form presently envisioned.
A bioterrorist attack would be unlike any other type of terrorist
assault. This would not be a ``lights and sirens'' event with
firefighters, police and emergency rescue teams rushing to the scene of
attack. We will know we have been attacked with a biological weapon
when victims become ill and report to doctors' offices and emergency
rooms. The ``first responders'' to bioterrorism will be physicians and
public health professionals from state and local health agencies. The
center of action will be hospitals, clinics and laboratories.
Bioterrorism response activities--which will involve actions needed to
treat the sick and perhaps stem the spread of contagious disease--are
quite different from the emergency response to other types of
catastrophic terrorism or to natural disasters.
Allowing for the inevitable transition period of confusion and
adjustment, it is likely that the new agency will be more successful in
instilling work habits of cooperation and collaboration to the extent
that the agency's mission is coherent and tightly interconnected. It is
not clear to me how or whether simply combining highly diverse
functions from dozens of existing agencies under a single department
results in better coordination or operational accountability. The
description of the new department seems to envision an agency that is
largely dedicated to security functions--border protection and control,
vulnerability assessments of critical infrastructures, etc. The
bioterrorism related programs and the scientific research and
development aspects of the proposed department seem strikingly
different from everything else the agency would handle.
President Bush exercised admirable leadership this winter when he
greatly increased funding for bioterrorism preparedness programs in
Centers for Disease Control and Prevention (CDC) and initiated a
significant investment in bioterrorism research and development to be
administered through the National Institutes of Health (NIH). The
anthrax attacks of 2001 revealed that considerable improvement is
needed in the nation's ability to respond to such attacks. In the past
six months, notable progress has been made by the DHHS Office of Public
Health Preparedness (OPHP). The OPHP has set sound goals for upgrading
local medical and public health response capabilities, and the
``critical benchmarks'' it has demanded state health authorities
achieve will provide clear indications of progress. We should consider
disassembling and transferring this successful effort to the new
department only after careful deliberation of what might be lost in the
process. A recent poll reports that most Americans would seek and trust
the advice of CDC during a public health emergency. It is unclear if
such public confidence would transfer to the new department.
Part of the rationale behind the formation of a Homeland Security
agency, as I understand it, is to combine similar functions--such as
border control, customs services and immigration policy, etc.--within a
single department, thereby enhancing program focus, fostering
cooperation and collaboration and improving operational effectiveness.
Yet moving bioterrorism programs from the Department of Health and
Human Services (DHHS) to the proposed new agency will likely impede all
these goals. Instead of consolidating similar programs, the proposed
agency would split bioterrorism preparedness programs from the related
but more encompassing mission of public health protection which is
DHHS' main objective.
Rather than producing organizational coherence the proposed move
would require that parallel capacities be created in both DHHS and the
new agency. Homeland Security could not hope to lead the development of
an effective bioterrorism response capability unless it were staffed
with health officials and scientists having considerable expertise and
experience in infectious disease, epidemic control, laboratory
diagnosis, etc. Again, the country would be forced to create parallel
workforces: one in Homeland Security for bioterrorism preparedness and
another in DHHS for ``normal'' public health functions.
Moving bioterrorism programs to Homeland Security would disturb the
existing relationships between DHHS bioterrorism programs and the state
and local public health departments and health care facilities which
are the central core of bioterrorism response. This is an especially
important consideration right now, when the federal grants to state
health departments are just hitting the streets and programs to upgrade
response capacities at the city, county and state level are getting
started. Changing the federal partner for these path-breaking grants
will almost inevitably slow progress in this critical arena.
Moving bioterrorism preparedness and response activities out of
DHHS may also sacrifice opportunities to construct dual use programs.
Ideally, one would design bioterrorism response systems that also serve
routine organizational purposes. There is a real danger that by
sequestering bioterrorism programs in Homeland Security, they will be
treated as ``emergency use only'' functions or seen as such, reducing
the efficiency of preparedness efforts, and quite possibly compromise
response effectiveness.
Bioterrorism is, arguably, the type of terrorism with which the
country is least familiar and for which the United States is least well
prepared. A bioterrorist attack could be calamitous, killing many
thousands of people in the initial assault. The consequences would be
sustained and the crisis could continue for weeks or months, especially
if the weapon used were a contagious disease. The economic and social
disruption would be significant--as was seen in the aftermath of the
2001 anthrax attacks when only 22 people were infected with a disease
treatable with antibiotics. According to the Defense Science Board, we
currently have countermeasures of some effectiveness (vaccines, drugs)
for only 13 of the 50 pathogens most likely to be used as bioweapons.
In addition, the institutions and infrastructures which would be at the
core of bioterrorism response--health care organizations and the public
health system--are financially frail, highly stressed, and have almost
no capacity to contend with a sudden surge in demand for care.
These factors make it imperative that we make significant headway
quickly in our capacity to manage bioterrorist threats. If one looks at
the description of the proposed department, bioterrorism-related
activities appear to be a tiny island of bioscience, medical and public
health functions within a gigantic ocean of security and border control
operations. I am skeptical that such an odd coupling can be made to
work, particularly in the short term when there is such need for rapid
progress.
I am especially worried about the fate of science and technology
within the proposed department. Although there is clearly value in
linking national security needs to research and development priorities,
it is a very tall order to ask a single agency to develop national
security strategy and implement operations on the scale envisioned for
Homeland Security AND create a sophisticated scientific research and
development capability over a broad range of disciplines and
technologies.
Furthermore, we should have no illusions that creating a viable
biodefense R&D capability is merely a matter of transferring or
consolidating existing capabilities and programs. Regardless of how
biodefense R&D programs are structured, the US government will have to
build its capacity in these areas far beyond our present state. This
nation has tremendous talent in bioscience and biotechnology--but the
majority of talent lives in universities and the private sector, not in
government. Any successful biodefense strategy must find ways to engage
top scientists and young scientists in these sectors. Creating a robust
biodefense R&D capability should be a top national security priority
however we eventually design the architecture of biosecurity functions.
Bioterrorism must be considered a special category of terrorist
threat. The potential power of bioweapons is easy to lose sight of in
the aftermath of the thankfully limited anthrax attacks of 2001. But it
is important to keep in mind that bioterrorism occupies a special
category of terrorist threat that deserves careful scrutiny. The Hart-
Rudman Commission noted in its first volume of analysis that
``. . . the most serious threat to our security may consist of
unannounced attacks on American cities by sub-national groups
using genetically engineered pathogens.'' [US Commission on
National Security/21st Century, Sept. 15, 1999]
As we design programs to prevent and respond to bioterrorist
attacks we must proceed carefully, especially so since these weapons
are largely unfamiliar to policy experts. However we decide to proceed
in organizing federal bioterrorism activities, the nation's ability to
respond to mass casualty situations and to effectively contain spread
of contagious disease remains a grave concern. We must use our
prodigious talent in bioscience to create the vaccines and therapies
needed to respond to the bioweapons of today and of the future. We
cannot afford a pause or loss of momentum in accomplishing these tasks.
Mr. Greenwood. Thank you, Dr. O'Toole.
The Chair recognizes himself for 5 minutes for inquiry. Dr.
Atlas, in your testimony on page 3 you said the role of DHS
should be to interrogate threat analysis and vulnerability
assessments and to identify priorities, and I underscore
priorities for preventative and protective steps to be taken by
other Federal agencies to protect the American public. DHS can
coordinate, review and evaluate scientific and technical
programs relating to human animal and plant life. It seems to
me you support some role for the new Secretary with respect to
public health R&D and preparedness grants, including in some
instances having the Secretary set the priority for such
activities. Can you explain the distinction you are proposing
and some alternative models such as dual reporting?
Mr. Atlas. Yes, in a couple of ways. We see a very
important strategic role for the new Secretary. The new
Secretary will bring more of the intelligence community of the
overall government perception of threat to human health and
services for incorporation into the Nation's R&D plan. We could
well imagine that the Assistant Secretary that has been
discussed by your subcommittee today having a dual reporting
responsibility, and I know that is normally very difficult, but
we are dealing with such a complex issue with such duality,
such overlap that we think that perhaps such a unique solution
of having an individual with the health background that we need
being able to assist both the Secretary of HHS and the
Secretary of DHS in this area.
Mr. Greenwood. Let me ask a question of Dr. O'Toole. I
understand that you support the increased flexibility in the
administration's proposal for personnel-related decisions. You
talked about the need to bring young scientifically trained
people in the government, and to do it as quickly as possible.
Why is it necessary, in your opinion, for there to be this
civil service rule flexibility for this new agency?
Ms. O'Toole. Well, I think it wouldn't be necessary if we
were allowed to hire several thousand new FTEs into the Federal
Government. But absent that, in order to get a new skill mix
into the government, it has been my experience that it was
necessary to be able to move people in and out in ways that
were not permitted by the civil service regulations.
Mr. Greenwood. Mr. Anderson, what additional measures to
coordinate the Federal, State and local response to a nuclear
attack have been implemented subsequent to the Air and Space
Museum exercise?
Mr. Anderson. In following conversations I have had with
local first responders, public safety, public health folks,
there seems to be a great deal of momentum. I am not convinced
that we are anywhere near close to being able to solve this
problem and address it effectively. But at least the situation
awareness exists that didn't exist previously, and I think that
is going to lead to effective processes and procedures and
hopefully equipment procurement, and all of the coordination
that has to occur between the 17 surrounding jurisdictions in
order to effectively deal with this.
Mr. Greenwood. Did this exercise exclusively look at the
consequences to the post explosion, or did you look at
questions at all as to the access to the Cesium, for instance?
Mr. Anderson. We developed the back end of this thing
completely. We selected Cesium as the radioactive material,
simply because it is readily available and there's enough of it
missing or unaccounted, for according to the NRC, that it's
reasonable to believe that it could have fallen into terrorists
hands right here in this country.
Mr. Greenwood. What are the sources of it?
Mr. Anderson. Medical research, cancer research, cancer
treatment. It has industrial applications with various types of
diagnostic equipment. It is out there in large amounts. It
would take a pound and-a-half to do what the slide depicted.
And that was a DOD model that just plugged in 1,043 curies of
Cesium 137, or a pound and a half and 4,000 of TNT. We
absolutely believe--well, when we began, we thought it was a
very remote possibility.
We only selected a dirty bomb because we were looking for a
cross-jurisdictional crisis that would help in their planning
effort. When we finished the research--and again it included
all the back-end stuff like where are you going to get the
materials and where are you going to get a school bus and all
the rest. We absolutely believe this a real possibility. How
real remains to be seen, but real enough that we need to think
it through in terms of how we are going to respond.
Mr. Greenwood. My time has expired. The gentleman from
Florida for 5 minutes.
Mr. Deutsch. Thank you, Mr. Chairman. Dr. O'Toole,
obviously you listened to Mr. Anderson's testimony in terms of
the threat of biological and chemical, which is not something
that he discounts, but is describing as very far away. Would
you characterize those the same way he did?
Ms. O'Toole. No.
Mr. Deutsch. Do you want to elaborate on that?
Ms. O'Toole. I think it is quite possible there could be a
large bioterrorism attack in this country. It is very easy to
do. The materials are at least as available as those necessary
for a dirty bomb, although I agree with Mr. Anderson that a
dirty bomb is also quite feasible. It's also possible that
several small or a medium-sized biological attacks could be
levied upon the United States and we would have a very
difficult time figuring out what was going on and how to
respond to it. As we saw with the anthrax attacks, which is
only 22 cases, it doesn't take thousands and thousands of
people being killed in order to cause disruption and economic
loss.
Mr. Deutsch. Let me follow up with the issue at hand which
is our responsibility in terms of the proposal of the
Department of Homeland Security. You have expressed grave
doubts about this new department that it will have the capacity
to address bioterrorism and infectious disease outbreaks. How
would you envision if you were writing the legislation, how
would you structure the public health research and response
system?
Ms. O'Toole. Well, as I said, first of all, I would hire
more people into the system with appropriate expertise. I think
that we need to build a much more operational Federal public
health capacity that is able to go into the field, figure out
the epidemiology.
Mr. Deutsch. Let me make my question clearer. The people on
the appropriation side, we are the subcommittee that
authorizes, but will be involved at a direct level in terms of
actually structuring. The issue that we have talked about this
whole day so far is how much is HHS doing now in basically
biologicals with the component--and, you know, I have spent
some time at CDC and talked to them and they seem to have an
incredible, sophisticated, well-run operation now, but the
concept is to take that out of HHS and CDC and bring it into
homeland security.
So the issue in front of us is there seems to be some
that's coming out and some that's staying in. I mean, would
your advice be keep it in one place, whether it is HHS or bring
everything over to homeland security, or Dr. Atlas suggested--I
will be honest with you. I heard what you said. I don't think
it is possible. The whole point of doing this is you have two
people responsible and no one is going to be responsible as
creative as you want to be. So I think--and Dr. Atlas, I would
be happy for you to respond. But Dr. O'Toole, you can just
respond specifically about that issue.
Ms. O'Toole. If I had a magic wand in hand, I would keep it
in HHS and make it more robust. I would, however build in
mechanisms to both coordinate activities between HHS and
homeland security as well as to ensure that bioterrorism gets
appropriate notice and someone is accountable for bioterrorism
and HHS. I think the bioterrorism functions are basically
medical and public health functions. It's going to be really
hard to transplant them into this new security agency. It's
possible maybe 10 years from now, it will be highly desirable.
But in the near term, as I said, we run the risk of disrupting
our capabilities in this area with this transplant.
Mr. Deutsch. Would that mean there is no advantages of
thinking about the sort of public health response from a
terrorism basis or just a naturally occurring event basis. Do
you gain anything about that in sort of the discovery process
or treatment process or prevention process?
Ms. O'Toole. No. What you would gain is focus and attention
directed toward bioterrorism. It would clearly be a national
security priority, and it would be funded that way. And the
people dealing with bioterrorism would be part of the national
security inner circle. Public health is not now at the Federal
or State level on the hot water circuit. That presumably would
change to some extent. But again, I think you would lose a lot
of functional capacity, at least in the near term with the
move.
Mr. Deutsch. This is obviously a decision that Congress is
making over the next several months, and I think your
perspective--and all three of your perspectives are unique in
terms of the panels we have had up to this point. Hopefully--I
know our staffs are interacting with you. But clearly, the
direction of everyone up to you and the direction that most of
us are at least coming from, and I think we still have open
minds and this is what this whole process is about is that we
are really talking about taking it away or setting up a two
tiered system. And again having some experience no where in the
orders of magnitude your experience with this and I know you're
being sincere with your belief and based on your background, I
think it's something we need to take very seriously.
If you could just work with us because all of us are trying
to get to the same goal, but the opinions you are expressing
really are a minority opinion which might be the correct
opinion but I think if I could encourage you to interact with
our staffs and with members directly because you know, I think
we have the ability to influence it and shape it the correct
way.
And as strongly as you can be--this is not politically
driven, it's not anything driven. It's just trying to come to
the best outcome. And I hear exactly what you're saying. Dr.
Atlas, if I could give you the opportunity to respond.
Mr. Atlas. I suggested what may be even more complicated,
one individual, an individual who could serve that coordinating
function, that integration between two secretaries. Like Dr.
O'Toole and the testimony clearly indicated that HHS should
retain the authority over the biomedical research and the
public health response, but clearly, there is this new function
of homeland security. There is a real need for it. It brings
other assets of the government to bear and it is somehow
linking those that we are, I think, debating as we are going
back on this, and I do see the possibility that appropriate
high level individual who can walk back and forth between the
two with great freedom would be a valuable asset in homeland
defense.
Mr. Deutsch. Mr. Chairman, if I could just, for 15 seconds,
kind of follow up with my last comment. But having spent some
time at CDC I think, Dr. O'Toole, what you are specifically
talking about where there are people there who basically made
their career there and they seem to be able to attract the best
and brightest within their little world of doing this
biological. And I agree with you completely, this is really an
individual basis. I mean, you need some incredibly bright--the
brightest of the brightest people in the world looking at this
to understand it. And if we are going to create a culture where
we are not going to be able to attract and keep those people,
it is going to be a failure. There is going on within HHS. Is
there is at least, from a laymen's perspective, there is a
culture that has been able to attract the brightest of the
bright, even if the salary structure is not as good as it could
be, and even if we can do a lot more. But we have got some
people there who really are the best of the best, and I guess
my real concern, which I hear you saying a little bit is, if we
move this over to a new agency without any history, without any
culture without any understanding how--you just can't move the
whole function and move it over.
Ms. O'Toole. Could I clarify just a minute, Mr. Chairman. I
think you can move it but you better prepare that ground. I
also think that you have to significantly revamp the CDC
operation and bring a lot more people than had been coming into
CDC in to do bioterrorism work in the near future. Either way,
I think that the bioterrorism functions deserve a lot of
attention and consideration. But what you don't want to do is
break the operations that are now beginning to work out of HHS.
They are young. They are like new chutes. If you transplant
them too early into hostile soil, it's not going to work.
Mr. Greenwood. Chair thanks the gentleman. The gentlelady
from Colorado is recognized for 5 minutes.
Ms. DeGette. Thank you, Mr. Chairman. Dr. O'Toole, I really
empathize with what you're saying, and I think part of the
problem we have since the details of this proposal aren't
completely fleshed out, it is hard for us to exactly see what
would happen. But here's something that I kind of wanted to
throw back at you, and if the gentlemen would like to answer
it, that would be great, too.
The problem with biological and also chemical warfare is
that it really cuts across many agencies and many disciplines
and the GAO's testimony today talked about--really highlighted
the types of problems when you're dealing with competing
authorities among different agencies. With the recent anthrax
events that you referred to, for example, local officials were
complaining that the FBI and the public health officials had
competing priorities about handling specimens, and this proved
problematic because the FBI was briefing FBI officials, and
local health departments didn't know what was going on and
first responders.
I saw some of this in a town hall meeting--wasn't a town
hall meeting, but a meeting with first responders talking about
anthrax in Denver and the Postal Service employees in Denver
got into a big argument with the State and with the FBI local
offices there because the Postal Service couldn't get the FBI
to test questionable specimens, and the Post Office didn't know
what to do with them.
And I hear what you're saying, but I wonder, does the
solution of hiring more people really help resolve issues of
how do you prioritize and how do you deal with these
interdisciplinary issues, and maybe you have some idea and I
would like to hear it, because I think it would help all of us.
Ms. O'Toole. Hiring more people doesn't solve all problems.
But I think some of the problems you mentioned would be at
least alleviated to some extent if we had more realistic
exercises so the people got used to working together and they
had a better sense of what the protocols would be in an actual
crisis. That was part of the problem in the anthrax response.
It was sheer confusion. It was also lack of expertise. You had
person A saying A and person B saying something else.
So getting our acts together actually is going to be a real
challenge, no matter where the bioterrorism functions lie
within the Federal bureaucracy. So hiring people is not a one-
size-fits-all solution, but if you had more people, you could
run more exercises and train more people. I think it would
help.
Ms. DeGette. How would you deal with the interdisciplinary
issues that are such a problem right now?
Ms. O'Toole. The interdisciplinary issues are always going
to be there.
Ms. DeGette. If you have one per--if you had a correctly
structured agency where one person was in charge of saying
here's the protocol for who's notified.
Ms. O'Toole. You can do that no matter how you structure
the organization. The problem is anticipating that we're going
to have to be dealing with the Post Office, okay. There is an
infinite number of scenarios that one can imagine for these
nontraditional attacks and we need to create organizations that
are expert enough and inventive enough and nimble enough to
respond appropriately to things we never imagined before.
Now all of the literature and all of the experience of
emergency disaster personnel and scholarship shows that
planning is the one thing that seems to help get people ready
for the next unexpected disaster, not because you put together
plans that you use, not because you generate protocols that you
snap into place, but because people know each other and they
work better, particularly when they have to invent things on
the run if they do know each other.
Ms. DeGette. You know, I think you're right, but we just
had Operation Top-Off in Denver, which was a year ago, which
was exactly this, planning for a biological attack. And yet
that experience, which involved all the very same agencies that
I was just talking about didn't help them even deal with an
anthrax threat, much less a real incident.
Ms. O'Toole. Top-Off was 2 years ago. There is still no
public analysis of what we learned in Top-Off, in part because
of a personnel deficiency. I think it did help, but I think the
failings in Top-Off are an indication of how hard this is and
how far we have to go. We need to be careful of silver-bullet
solutions. This reorganization is not going to be a solution.
It may be one step toward an ultimate solution, but it could
also be a step backwards. We need to be very thoughtful about
that.
Ms. DeGette. I think those are very wise words, and thank
you, Mr. Chairman.
Mr. Greenwood. The Chair thanks the gentlelady from
Colorado. The Chair thanks the panel, Mr. Anderson, Dr. Atlas,
Dr. O'Toole. We appreciate the good service you offered us
today to help us with this really important work. Thank you
again. Panel is excused and the committee is adjourned.
[Whereupon, at 2:30 p.m., the subcommittee was adjourned.]
CREATING THE DEPARTMENT OF HOMELAND SECURITY: CONSIDERATION OF THE
ADMINISTRATION'S PROPOSAL
----------
TUESDAY, JULY 9, 2002
House of Representatives,
Committee on Energy and Commerce,
Subcommittee on Oversight and Investigations,
Washington, DC.
The subcommittee met, pursuant to notice, at 9:15 a.m., in
room 2123 Rayburn House Office Building, Hon. James C.
Greenwood (chairman) presiding.
Members present: Representatives Greenwood, Bilirakis,
Gillmor, Burr, Whitfield, Bass, Tauzin (ex officio), Deutsch,
Stupak, Strickland, and DeGette.
Also present: Representatives Shimkus, Wilson, Buyer,
Green, Capps, and Burton.
Staff present: Tom DiLenge, majority counsel; Amit Sachdev,
majority counsel; Ray Shepherd, majority counsel; Peter Kielty,
legislative clerk; Brendan Williams, legislative clerk; Chris
Knauer, minority investigator; Jonathan J. Cordone, minority
counsel; Edith Holleman, minority counsel; David R. Schooler,
minority general counsel; and David Nelson, minority
investigator.
Mr. Greenwood. The committee will come to order. The Chair
recognizes himself for 5 minutes for the purpose of making an
opening statement.
Billboard ads for the movie ``Sum of All Fears,'' based on
the Tom Clancy thriller, are emblazened with these chilling
words: 27,000 nuclear weapons. One is missing.'' while the
phrase is classic Hollywood promotion, in the post-September 11
world, we find ourselves asking are we now at a point in our
history when we have to be prepared for even such a doomsday?
The threat of a terrorist attack involving nuclear weapons,
or, more likely, radiological materials mixed with conventional
explosives, the so-called dirty bombs, are more tangible than
any of us could have ever imagined in the cold war period. The
International Atomic Energy Association has documented 18 cases
of trafficking since 1983 involving highly enriched uranium or
plutonium, the key ingredients for an atomic bomb. These cases
represent only those instances where the perpetrators were
caught. A recent Washington Post article reports that the
Intelligence Community believes that al Qaeda could already
control a stolen Soviet-era tactical nuclear warhead or enough
weapons-grade material to fashion a functioning, if less
efficient, atomic bomb.
And what about the so-called dirty bomb? Experts estimate
that the loss of life would not approach that of an atomic
bomb, but the economic consequences could be just as
devastating.
In testimony before the Senate Foreign Relations Committee,
the Federation of American Scientists President Henry Kelly
said that if the proper ingredients were used, a dirty bomb
explosion could spread enough radioactive material to
contaminate all of Manhattan, making it uninhabitable for 40
years, and leading to the potential destruction of $2 trillion
of real estate.
The consequences of failing to safeguard our Nation and our
people against such nuclear and radiological threats are simply
too horrific to ignore.
We must take the steps needed to prevent weapons of mass
destruction or the materials used to make these devices from
being shipped into and around our country. Fortunately, good
work is now underway to reduce the threat of nuclear terrorism.
U.S. Customs service, for example, is taking bold long-term
steps in the right direction. Its Container Security Initiative
seeks to secure shipments into America by requiring that
containers bound for U.S. ports will be examined at their ports
of origin. While this is a valuable security measure, it will
take time to fully implement.
For that reason, we must do more in the immediate future to
protect our Nation from the agents of terror. To date,
government agencies have been slow to take all available steps
needed to protect our Nation's borders. Yet other Nations,
including Germany, Ukraine, Slovakia, and Italy, currently use
state-of-the-art technologies like portal monitoring systems to
examine vehicles at border crossings, and for the past 10 years
vehicles seeking entry into Poland have had to pass through a
similar radiation detection system.
None of this is unavailable to our own Federal agencies.
Ironically, the U.S. Department of Energy has been working
closely to install these devices at Russian border crossings.
Indeed, DOD officials estimate that there are already 100 such
vehicle monitoring devices in Russia right now.
Clearly, the American people and this Congress feel a sense
of urgency. So the question becomes why are we so far behind in
this critical area, especially when the technology, much of it
U.S. technology, exists to protect our seaports and our mail
and express package delivery system infrastructure?
This committee's 10-month investigation suggests two
principal answers:
First, the Federal Government has not provided sufficient
guidance and assistance to the governmental and private sector
entities at the front lines of homeland security on how to
identify, evaluate, and implement currently available
technologies that could measurably reduce the threat of nuclear
smuggling. Indeed, we have been unable to find any Federal
agency that believes it has the responsibility to do so.
Second, not surprisingly, the Federal Government's research
and developmental efforts in this area have not been
sufficiently focused and coordinated. Much of the work is
redundant, with numerous agencies contracting with various
laboratories to conduct similar R&D activities again. This
occurs because of the lack of organizational clarity. Up to
this point, no one agency has been charged with developing a
strategic plan for such research for its direction, funding,
coordination, and implementation.
All of this brings us to today's continuation of the
hearing this subcommittee begun 2 weeks ago to consider the
Bush administration' proposal to create a new Department of
Homeland Security. Besides examining how this proposal may help
to alleviate the two core problems described above, we will
also review two other important aspects of the President's
proposal at today's hearing: how public health research and
development may be affected by the proposed transfer of certain
authorities for terrorism-related biomedical research to the
new Department; and how the critical infrastructure assessment
and other related activities of the new Department may help
improve our Nation's protection of key assets such as the
energy and telecommunications grids and our food and drinking
water supplies.
We have many panels and witnesses to hear from today as we
embark on this very serious undertaking. I appreciate the
patience of our members and our witnesses as we proceed through
what will undoubtedly be a long day.
For purposes of information, let me provide a quick outline
of the day before us. The first two panels will focus on the
public health research and development activities potentially
affected by title III of the administration's proposal. The
third and fourth panels will focus on critical infrastructure
protection issues based on title II of the administration's
proposal, including discussion of public access to such
information.
The final two panels will discuss those aspects of title
III that relate to research and development of nuclear,
chemical, and biological detection technologies and other
related programs at the Department of Energy currently proposed
for transfer to the new Department.
Based on my consultation with the committee minority staff,
I expect that the subcommittee will approve a motion to close
to the public the last two panels of today's hearing due to the
sensitive nature of that discussion.
Before I recognize the ranking member for an opening
statement, I would like to point out that Thermo Electron
Corporation and Sandia National Laboratory will conduct
equipment demonstrations throughout the day. Members and staff
are encouraged to use this opportunity to assess the
capabilities of currently available detection devices.
Thermo's equipment is set up in the chairman's meeting
room, right next to the members' lounge near the hearing room,
and Sandia's devices will be in the meeting room attached to
the minority lounge. Thermo's demonstrations consist of a human
portal device capable of detecting both metals and radiological
material. The company will also have a live demo of the
detectors used in vehicle portal systems, which will include a
software display showcasing a graphical representation of the
information collected by the detector. Thermo has also set up a
model of a radiological detection device that can be used on
cranes.
Sandia will display various bomb disassemblement devices.
While these devices are used to disassemble common explosive
devices, they can also be used to deactivate dirty bombs. In
addition, Sandia will have a nuclear detection device, but it
will not be active. So you can take your nuclear devices right
past it.
The members are reminded that this is a continuation of a
previous hearing. Opening statements will not be required, but
they will be tolerated, and the Chair recognizes the ranking
member Mr. Deutsch.
Mr. Deutsch. Thank you, Mr. Chairman. Before I make a very
brief comment, there are three organizations that have
contacted us that want to be able to provide testimony, and
without objection, we can allow that: National Association of
City and County Health Officials; the American Public Health
Association; and the Association of State and Territorial
Health Officials.
Mr. Greenwood. Without objection.
Mr. Deutsch. Thank you, Mr. Chairman. As you mentioned,
this is a continuation of our previous hearing. I look forward
to working with you. I think this is really an issue which I
described as working shoulder to shoulder, heart and soul
together, to create this new Department. But as we're doing
that, I think our job--and I think both of us would agree--is
working out some of the details, particularly within areas of
our jurisdiction, like HHS and NIH. And just a concern that we
had expressed at the prior hearing, that some of the incredibly
significant jobs that they do now not be put into a second and
third or fourth place under an agency that clearly will have
the most significant task that our government is facing.
So with that, I would yield back the balance of my time.
Mr. Greenwood. The Chair thanks the gentleman and
recognizes the chairman of the full committee, the gentleman
from Louisiana, Mr. Tauzin.
Chairman Tauzin. Thank you, Mr. Chairman, and I too submit
statements for the record. But I want to just mention a couple
of things I think are critical as you begin an extraordinary
day. I think you've got 26 witnesses ahead of the committee
today as we work on a very short deadline to produce for the
President and for the House our recommendations on this new
Cabinet-level Department of Homeland Security. Our deadline is
July 12, and we're going to meet it. So this hearing is
critical to put on the record all of the investigation that is
going to help us formulate those final recommendations before
the end of this week. So we thank you, for all of you who
participate today.
I wanted to mention a couple of things, Mr. Chairman. You
mentioned the striking lines from the movie, the ``Sum of All
Fears,'' and it occurred to me that the attacks on our country
may well take very different forms. Just last week we learned
of an all-points bulletin announcement, announcing an effort to
retrieve or recover a tanker truck that was stolen from a
locked yard in Florida somewhere, the tanker truck containing
chemical waste material. Obviously we've seen some of the
reports indicating that those types of low-technology attacks
are being discussed by al Qaeda and by some of the cells and
networks that exist in this very country.
We learned in the newspaper this week how when Mohammed
Atta appeared before a USDA official seeking a loan to buy a
crop duster, trying to get Federal taxpayer dollars to buy a
crop duster that obviously was intended in his mind for a
terrorist attack, that he went absolutely ballistic when he saw
the beautiful aerial map of Washington, DC in the office there,
and that he put cash on the table, trying to buy that beautiful
map from the representative of the USDA because that map
represented to him, obviously, a source of information upon
which he might plan or his friends might plan an attack on this
city.
It calls to our attention the importance in this
legislation of amending the Freedom of Information Act to make
sure that road maps, vulnerability assessments of assets, both
public and private, other road maps of sensitive installations
and sensitive places in this country are not so easily
available to people who might have improper motives, such as
Mr. Mohammed Atta, in using those road maps to hurt this
country or its people. Balancing the needs of freedom of
information in this country against the concerns that I think
of all that the USDA office represents is going to be a
difficult challenge of this committee and the Congress, but I
know that this committee will be up to it as we make our
recommendations to the House.
And one final thought, and that is that we've got some
people we need to perhaps congratulate today. I want to single
out the Port of Norfolk, Virginia, which is a private port
authority which on its own set up a radiological detection
system on one of its cargo planes with almost no help from the
Federal Government. We've since come in and assisted them, but
that kind of initiative is to be recognized, and I want to
thank the Port of Norfolk, Virginia and the other ports of
America who are doing things like that on their own.
I have nine ports in my district, and we are working with
every one of them. One of them is Port Fourchon, where 16
percent of the oil that serves our country enters this country.
I don't believe it is yet on the list of ports that receive
Federal assistance in security, but we're working on that.
Making sure that all of these ports are more adequately
protected is going to be a critical component of this new
Department.
I want to congratulate the Customs Service pilot project
that is underway at the Detroit/Windsor border where a single
vehicle portal system is being tested, and we're very
interested in learning the results of that test.
I want to thank you, Mr. Chairman, and our staff for the
work you did with FedEx and UPS. These two organizations are
now planning to install radiation detection systems at their
overseas hubs, and they intend to achieve 100 percent coverage
of all packages that move through these organizations. That is
a big step forward, and I want to thank all of you, Mr.
Chairman and members of the staff, who have worked with these
organizations in ensuring that.
But we need to point out there is a lot of work to be done.
We've got six Dewey labs, for example, that are currently
working on research related to the detection of radiological
and nuclear material, but little coordination behind their
efforts. We hope this new Department will begin to coordinate
those very important efforts to make sure that port authorities
and customs services and other private entities who want to use
technologies like this know what is the best technology and
what works and what doesn't work. Now, that is going to be part
of the recommendations.
Finally, Mr. Chairman, if anyone wants to know when the
next attack on America is going to occur, the answer came in a
radio program today as I was driving into work. The next attack
on America will occur today, every day. There are 30 cyber
attacks that we can identify on sensitive government entities
in this country, at least 30. There are days when there are
hundreds, and there are days when there are thousands of such
attacks, coming in from places as far away as China. Some of
those are just business espionage attacks on private entities
and Web sites. Some of those are probing attacks on very
sensitive cyber systems that exist, that operate and that
protect this country, that operate sensitive installations and
protect this country in many important ways. Thirty identified
attacks every day; today, tomorrow, every day. If we don't make
sure the Homeland Security Department is prepared in this
critical area of cyber security, we will have failed in our
duty, and I hope this committee approaches that issue very
seriously as we move forward with our recommendation.
Thank you, Mr. Chairman.
Mr. Greenwood. I thank the chairman.
Are there members of the minority who wish to make opening
statement? Beginning with Mr. Stupak.
Mr. Stupak. Thank you, Mr. Chairman, and I'll be brief. I
look toward to today's hearing. I believe this is the second
hearing now we have had on the President's proposal to make
Homeland Security a Cabinet-level position.
I'm concerned that we're under a time line here of July 12,
that this homeland security must be completed by then and
passed. It is too important of an issue to put a time line out
there and say you have to pass it. In my 10 years' experience
when we do things under time line, that we don't have much
rhyme or reason, usually we rush things through and questions
are not answered. And then after the fact we are saying, why
did we do that?
So I would hope that we could slow this process down and
give this President's proposal the due consideration it
deserves, because I accept the principle that homeland security
is so important, that it demands a Cabinet-level position.
However, I'd like to see a clear chain of command in whatever
new structure we approve, and I don't see that in the
President's authority. And when we had the discussions last
week with Director Ridge, he told me that this Cabinet-level
position, after explaining--we were talking about ports and
radiation, how it went from Customs and DOE to Sandia, and we
still don't have an answer--and he said that is the way the
Federal Government works.
Well, if that is the way the Federal Government works, I
don't want to pass a Cabinet-level position to have the Federal
Government in a horizontal chain of command when a decision is
never made; and once the decision is made, no one accepts the
responsibility, but points to another person as the person who
made that decision. So I would like to see a clear chain of
command in whatever new structure we'll approve. We need to
know there is a vertical authority and people will accept
responsibility for their actions. We need to know where the
buck stops, if you will.
Portions of our homeland security are being neglected.
Again, last week I pointed out where hundreds of miles of
international coastland, about 700 miles, which is basically my
district along Canada there, is currently without any
surveillance or security measures whatsoever. And I think we
need to know who we would go to talk to to get this thing
fixed. That is not clear in the President's
proposal.Reorganization will come, but it needs to be better
than the piecemeal structure we see throughout the Federal
Government today.
So, again, while I'm supportive of the idea, I want to see
a clear level of command here. I just don't want merely a
shuffling of chairs at the table and calling it a Cabinet-level
position and somehow we cured this ill that we have called
homeland security by July 12.
So I look forward to today's hearing. I understand it is
going to be a long hearing, so I would yield back the balance
of my time and I look forward to hearing from the witnesses.
Thank you, Mr. Chairman.
Mr. Greenwood. The Chair thanks the gentleman.
Does the gentleman, Mr. Whitfield, care to make on opening
statement?
Ms. DeGette?
Ms. DeGette. Yes.
Mr. Greenwood. She's recognized for 5 minutes.
Ms. DeGette. Thank you, Mr. Chairman. I'd like to echo some
of the sentiments of my colleague, Mr. Stupak. I think that it
is essential that we have a Homeland Security Office with real
authority, with a Cabinet-level authority. What I don't want to
see is more layers of bureaucracy layered on what we have right
now and no clear decisionmaking process. And I don't think any
of us wants to see that, but if we rush this through in the way
that it is envisioned, I think we could face a lot more
problems when we face terrorist attacks, either from abroad or
domestically. And with those sentiments, I yield back.
Mr. Greenwood. The Chair thanks the gentlelady.
The gentleman from New Hampshire, Mr. Bass, does not care
to make an opening statement. Mr. Green, do you have a brief
opening statement?
Mr. Green. Mr. Chairman, just following up my colleagues on
both sides of the aisle, I hope the new Department would be
able to bring together what our goals are, but mainly the
established collaborative relationships between all these
agencies, that--maybe that is the goal of the administration,
but think there may be some lacking in the actual language of
the bill. But I support the Homeland Security Cabinet-level
position, but also hopefully we'll give it the authority it
needs to be able to protect us. Thank you.
Mr. Greenwood. The Chair thanks the gentleman.
Does the gentleman, Mr. Shimkus, wish to make an opening
statement?
Mr. Shimkus. I just want to thank the Chair for allowing
other members from the committees come and sit in on the
hearing and I look forward to the testimony.
Mr. Greenwood. Delighted to have you with us.
And that brings us to our first panel. Welcome, Mr. Hauer.
Mr. Hauer is the Director of the Office of Public Health
Emergency Preparedness in the Department of Health and Human
Services. We thank you and we welcome you. Sir, you're aware
that this committee is holding an investigative hearing and
when we do so, it is our custom to take testimony under oath.
Do you have any objection to giving your testimony under oath?
Mr. Hauer. None whatsoever.
Mr. Greenwood. So hearing that, you are also advised that
pursuant to the rules of this House and committee, you are free
to be represented by counsel. Do you choose to be represented
by counsel?
Mr. Hauer. No.
Mr. Greenwood. In that case, would you stand and raise your
right hand?
[Witness sworn.]
Mr. Greenwood. Thank you. You are under oath, and you are
recognized for 5 minutes for your opening statement.
TESTIMONY OF JEROME M. HAUER, DIRECTOR, OFFICE OF PUBLIC HEALTH
EMERGENCY PREPAREDNESS, DEPARTMENT OF HEALTH AND HUMAN SERVICES
Mr. Hauer. Good morning, Mr. Chairman, and thank you. I
thank you, too, members of the committee, for giving me the
opportunity to appear before you today on behalf of Secretary
Thompson to discuss the proposed Department of Homeland
Security.
The Secretary strongly supports the reorganization
initiative, and, as the President announced earlier this month,
the threat of terrorism in its myriad forms are becoming an
ever-present part of our daily lives. The new Department will
enable us to make further significant advances in protecting
the American people from those who are bent upon inflicting
death, destruction and social disorder, and to achieve their
ideological goal.
We are pleased that the Congress is giving the President's
proposal prompt and thorough attention. Secretary Thompson and
I look forward to working with this and other committees to
ensure passage of the legislation for the new Department.
The President's proposal deals with certain terrorist-
related activities that currently are the responsibility of the
Department of Health and Human Services. Some of these HHS
activities would be transferred to the Department of Homeland
Security. For other relevant public health and medical
activities, DHS would assume responsibility for setting goals
and providing strategic direction, but would rely on HHS to
implement and operate on a day-to-day basis.
My written statement focuses on all activities being moved
from the Department of HHS to the Department of Homeland
Security. I'll focus today on two examples of those in the
transfer.
First, the Select Agent registration program. Within HHS,
the Center for Disease Control and Prevention currently
regulates the transfer of certain dangerous pathogens and
toxins, commonly referred to as ``select agents'' from one
registered facility to another. These agents are widely used in
research laboratories across America. Examples are the
bacterium that causes anthrax, the bacterium that causes
plague, and the virus that causes Ebola, a lethal hemorrhagic
fever. Select agents are prime candidates for use by would-be
terrorists, and thus when used in research must be kept
constantly under safe and secure conditions.
The recently enacted Public Health Security and
Bioterrorism Preparedness Response Act of 2002 authorized HHS
to promulgate and enforce regulations concerning the possession
and use of select agents as well as air transfer. While CDC has
done its best to manage this program, CDC is a public health
agency and not a regulatory body. We believe that the new
Department, with its strong multipurpose security and
regulatory infrastructure, will be well suited to prevent
nefarious or other irresponsible uses of select agents. HHS
will be prepared to provide DHS with whatever scientific
expertise and other technical assistance it may seek to help to
manage this program. Under the administration's bill, the
Secretary of Homeland Security would administer the Select
Agents program in consultation with the HHS Secretary, and HHS
would continue to make key medical and scientific decisions,
such as which biological agent should be included in the select
agents list. Certain specific program-level details and
administrative choices are still being studied in order to
ensure the most seamless transition.
Let me focus now on civilian human health-related
biological and biomedical infectious disease defense and
research programs.
The President's proposal provides that the new Department's
civilian human health-related biological, biomedical, and
infectious disease defense research and development work shall,
unless the President otherwise directs, be carried out through
HHS. Under the President's proposal, the Secretary of Homeland
Security, in consultation with the Secretary of Health and
Human Services, shall have the authority to establish the R&D
program that will be implemented through HHS. Thus, as the
agency responsible for assessing threats to the homeland, DHS,
in consultation with HHS, will provide strategic direction
regarding the Nation's biological and biomedical countermeasure
research priorities.
The President's proposal provides that the new Department
shall, unless otherwise directed by the President, carry out
through HHS certain health-related activities such as programs
to enhance the bioterrorism preparedness of State and local
governments and nonFederal public and private health care
facilities and providers. The object of this provision is to
continue the important role that HHS plays in assisting State
and local governments and the hospital and public health
community in preparing for and responding to large-scale public
health emergencies. As with the research program, the Secretary
of Homeland Security, in consultation with the Secretary of
Health and Human Services, will establish the Nation's
antiterrorism preparedness and response program and priorities,
but the implementation of the public health components of that
program will be carried out largely through HHS.
Mr. Chairman and members of the committee, our Nation needs
a Department of Homeland Security. The Department of Health and
Human Services strongly supports the President's proposal, and
we look forward to doing whatever is necessary to effect a
smooth and swift transition of responsibilities and operations.
We believe that the President's proposal strikes the right
balance. It plays to the strengths of HHS and recognizes this
Agency's core mission, the protection of our Nation's public
health, while capitalizing on the strategic and logistical
strengths of the new Department of Homeland Security. We will
ensure that HHS fulfills its obligations to the new Department
and provides it with whatever public health, medical and
scientific expertise it may require.
I thank you for the time, and I'd be happy to answer any
questions.
[The prepared statement of Jerome M. Hauer follows:]
Prepared Statement of Jerome M. Hauer, Acting Assistant Secretary of
Public Health Emergency Preparedness, Department of Health and Human
Services
Thank you, Mr Chairman and members of the Committee for giving me
the opportunity to appear before you today on behalf of Secretary
Thompson to discuss the proposed Department of Homeland Security. The
Secretary strongly supports the reorganization initiative that the
President announced earlier this month.
The threat of terrorism in its myriad forms has become an ever-
present part of our daily lives. The new Department will enable us to
make further significant advances in protecting the American people
from those who are bent upon inflicting death, destruction, and social
disorder to achieve their ideological ends. We are pleased that the
Congress is giving the President's proposal prompt and thorough
attention. Secretary Thompson and I look forward to working with this
and other Committees to ensure passage of the legislation for the new
Department.
The President's proposal deals with certain terrorism-related
activities that currently are the responsibility of the Department of
Health and Human Services (HHS). Some of these HHS activities would be
transferred to the Department of Homeland Security (DHS). For other
relevant public health and medical activities, DHS would assume
responsibility for setting goals and providing strategic direction but
would rely upon HHS to implement and operate the activities on a day-
to-day basis.
I will discuss examples from each group of activities in turn.
examples of activities proposed for transfer from hhs to dhs
HHS functions conveyed to the new Department in the President's
proposal include:
The Select Agent registration enforcement program;
The Office of the Assistant Secretary for Public Health
Emergency Preparedness; and
The National Pharmaceutical Stockpile.
Select Agent Registration Program
Within HHS, the Centers for Disease Control and Prevention (CDC)
currently regulates the transfer of certain dangerous pathogens and
toxins--commonly referred to as ``Select Agents''--from one registered
facility to another. These agents are widely used in research
laboratories across America. Examples are the bacterium that causes
anthrax, the bacterium that causes plague, and the virus that causes
Ebola, a lethal hemorrhagic fever. Select Agents are prime candidates
for use by would-be bioterrorists and thus, when used in research, must
be kept constantly under safe and secure conditions.
The recently enacted Public Health Security and Bioterrorism
Preparedness and Response Act of 2002 authorized HHS to promulgate and
enforce regulations concerning the possession and use of Select Agents,
as well as their transfer. While CDC has done its best to manage the
Select Agent program, CDC is a public health agency and not a
regulatory body. We believe that the new department, with its strong
multi-purpose security and regulatory infrastructure, will be well-
suited to prevent nefarious or other irresponsible uses of Select
Agents. HHS will be prepared to provide DHS with whatever scientific
expertise and other technical assistance it may seek to help it manage
the program. Under the Administration bill, the Secretary of Homeland
Security would administer the select agents program in consultation
with the HHS Secretary, and HHS would continue to make key medical and
scientific decisions, such as which biological agents should be
included in the select agents list.
Office of the Assistant Secretary for Public Health Emergency
Preparedness
The Public Health Security and Bioterrorism Preparedness and
Response Act of 2002 created the HHS Office of the Assistant Secretary
for Public Health Emergency Preparedness for which I serve as Acting
Assistant Secretary. The responsibilities of this new office include
the supervision of the Office of Emergency Preparedness, the National
Disaster Medical System, the Metropolitan Medical Response Systems, and
related HHS emergency management functions. This cluster of activities
is a logical and proper candidate for transfer to DHS--thereby enabling
seamless integration of national public health and medical emergency
management assets with the Nation's new preparedness and response
infrastructure at DHS. The Public Health Service Officers and other HHS
employees who have faithfully performed disaster relief work over the
years have done a wonderful service for our Nation. They are a credit
to HHS as they surely will be to the new Department.
Strategic National Stockpile
CDC currently manages 12 ``push packages'' of pharmaceutical and
medical supplies and equipment strategically located around the United
States; additional lots of pharmaceuticals and caches of medical
materiel are maintained by manufacturers under special contractual
arrangements with CDC. You may recall that one of the push packages was
dispatched to New York City on September 11th and that elements of the
stockpile were used to respond to the anthrax attacks. CDC has done an
exemplary job managing what is now called the Strategic National
Stockpile and this fine work has set the stage for integration of the
Stockpile with other national emergency preparedness and response
assets at DHS.
The President's proposal is designed to achieve this integration by
tapping the strengths of DHS and HHS in a precisely coordinated way.
Thus, the Secretary of Homeland Security will assume responsibility for
continued development, maintenance, and deployment of the Stockpile--
making it an integral part of the larger suite of federal response
assets managed by FEMA and other future DHS components--while the
Secretary of Health and Human Services will continue to determine its
contents. The arrangement will ensure effective blending of the public
health expertise of HHS with the logistical and emergency management
expertise of DHS.
dhs functions to be carried out through hhs
Certain specific program level details and administrative choices
are still being studied in order to ensure the most seamless
transition, and to give the greatest possible levels of efficiency and
effectiveness to our fight against the threat of biological warfare and
to protect the public health. However, the President's proposal clearly
designates the following two activity areas that the Secretary of
Homeland Security will carry out through the Department of Health and
Human Services:
1. Civilian Human Health-Related Biological, Biomedical and Infectious
Disease Defense Research and Development
The President's proposal provides that the new Department's
civilian human health-related biological, biomedical, and infectious
disease defense research and development work shall--unless the
President otherwise directs--be carried out through HHS. Under the
President's proposal, the Secretary of Homeland Security, in
consultation with the Secretary of Health and Human Services, shall
have the authority to establish the research and development program
that will be implemented through HHS. Thus, as the agency responsible
for assessing threats to the homeland, DHS, in consultation with the
HHS Secretary, will provide strategic direction regarding the Nation's
biological and biomedical countermeasure research priorities.
2. Certain Public Health-Related Activities
The President's proposal provides that the new Department shall--
unless otherwise directed by the President--carry out through HHS
certain public health related activities (such as programs to enhance
the bioterrorism preparedness of state and local governments and non-
federal public and private health care facilities and providers). The
object of this provision is to continue the important role that HHS
plays in assisting state and local governments and the hospital and
public health community in preparing for and responding to large-scale
public health emergencies. As with the research program, the Secretary
of Homeland Security, in consultation with the Secretary of Health and
Human Services, will establish the Nation's anti-terrorism preparedness
and response program and priorities, but the implementation of the
public health components of that program will be carried out largely
through HHS.
conclusion
Mr. Chairman and members of the Committee, our Nation needs a
Department of Homeland Security. The Department of Health and Human
Services strongly supports the President's proposal and we look forward
to doing whatever is necessary to effect a smooth and swift transition
of responsibilities and operations. We believe that the President's
proposal strikes the right balance: it plays to the strengths of HHS
and recognizes this agency's core mission--the protection of our
Nation's public health--while capitalizing on the strategic and
logistical strengths of the new Department of Homeland Security. We
will ensure that HHS fulfills its obligations to the new Department and
provides it with whatever public health, medical, and scientific
expertise it may require.
At this time, I would be happy to answer your questions.
Mr. Greenwood. Thank you, Mr. Hauer, we appreciate your
presence and your testimony.
The Chair recognizes himself for 5 minutes for questions.
As you know, sir, many in the public health community have
expressed concern about sections 301 and 303 of the
administration's proposal, which seem to grant this new
Department of Homeland Security direction over the conduct of
traditional public health research activities, albeit ones
involving potential terrorist weapons such as anthrax and
smallpox. The question is why did the administration propose
this change, and what advantages do you see flowing from it, if
adopted, and how do you respond to the concerns that have been
raised about it?
Mr. Hauer. Well, first of all, we have heard some of the
concerns, but at the end of the day, I think that some of it is
misinformation that has--or misunderstanding of the direction
in which the new Department will play and the role the CDC will
continue to play in addressing public health research. CDC will
continue its normal course of public health research. What will
happen is the new Department of Homeland Security will take
responsibility for ensuring that certain aspects of the
research, those related to threats that impact public health,
are coordinated through them, because as with other types of
R&D, this new Department will have access to information, will
be able to coordinate research, and will ensure at the end of
the day the focus of public health research when it comes to
dealing with threats that this country now confronts is well
coordinated by one Agency at the Federal level.
Mr. Greenwood. Does that in your mind have the effect and
is it the intent that if the Secretary of Homeland Security
says to CDC, I want you to conduct the following research
projects and I want you to do it right away and I want you to
do it with this level of intensity and so forth, that given all
these finite resources of government, that would trump and take
priority over CDC's other projects at that time, and that the
Department of Homeland Security would have the ability to sort
of push some of CDC's agenda off the table temporarily while
that----
Mr. Hauer. Depending on the nature of the threat, I would
envision that if in fact there is a threat or a threat or
concern that Homeland Security feels is a high priority that
they would work with CDC. CDC does ongoing biological and
nuclear and chemical research currently, and it consistently
rearranges its priorities based on things that are going on.
One good example is West Nile. In 1999, when West Nile first
was recognized in New York City, CDC had to reshift its
priorities fairly quickly to understand what was going on.
Mr. Greenwood. But I think we understand that, and that
says it ought to be--I think the concern that has been raised
here that needs to be clear in all of our minds is that on a
given day if the Secretary of Homeland Security says to CDC, I
want you to devote X resources and personnel to studying an
Ebola in some capacity, and the Secretary of HHS says, no, that
is--we don't need to do that. I'm much more interested in West
Nile right now. Keep the folks on West Nile. And there is a
disagreement about that, how is that resolved?
Mr. Hauer. Well, the disagreements--I think that there will
continue to be an Office of Homeland Security in the White
House reporting to the President, and disagreements of those
natures can be resolved at the Office of Homeland Security. But
I would envision that if Homeland Security--the new Department
of Homeland Security feels that the needs are that great, that
HHS and in fact CDC will do everything possible to try and work
with the new Department to ensure that research is done as
expeditiously as possible.
Mr. Greenwood. In your testimony you note that the new
Secretary will have the ability to, quote, establish the
research and development program for public health threats of a
terrorist nature that will be carried out by HHS, which is what
the President's proposal language says. Yet later you infer
that this only means that the new Secretary will provide,
quote, strategic direction regarding priorities for research.
Is that all that is meant by the statutory language proposed or
does the administration envision other functions for this new
Secretary in this R&D area?
Mr. Hauer. Well, I think the new Secretary, one, will set
some of the research and development priorities for the
chemical, biological, nuclear threats that we face. Clearly,
the ongoing research at NIH already focuses on some of those;
and in working with the new Department I think there will be a
significant synergy so that as the new Secretary begins to set
research priorities the new Secretary will clearly have to work
with the center directors at NIH and at CDC. And the new
Secretary--I don't envision the new Secretary actually
conducting or in any way getting into the research business but
working through NIH, working through CDC to actually conduct
the research, set some of the priorities, to fund some of the
research, but not to get into the actual research business in
and of itself within the new Department.
Mr. Greenwood. The Chair recognizes the ranking member, Mr.
Deutsch, for 5 minutes.
Mr. Deutsch. Thank you, Mr. Chairman.
The Centers for Disease Control is one of the really
international experts in infectious diseases and select agents.
In fact, it is probably the most complete laboratory used for
infectious disease identification research and surveillance. It
works with researchers around the world in these diseases.
However, when Governor Ridge testified before us in June, he
said the new role of the Centers for Disease Control would be
working with the maternal health, smoking and immunizations.
Was that an accurate representation of CDC's new role? Why are
we putting money to making their laboratory more secure and
capable of working on bioterrorism if they are not working with
these agents?
Mr. Hauer. Well, in fact, CDC is working on threat agents.
CDC has a very aggressive program in working with threat
agents, and the new Department of Homeland Security will
continue to work with the CDC. The new Department of Homeland
Security will be--the intelligence component of the new
Department will help determine what the focus of the new
research is on threat agents, because they will able--through
the intelligence work be able to determine what threat agents
we confront at that point in time. CDC will continue their
ongoing research in dealing with these kinds of threat agents,
as will the NIH in looking for new ways, new vaccines, new ways
to treat these types of threat agents, new ways of dealing with
these types of threats.
Mr. Deutsch. The Public Health Security Bioterrorism Act of
2002 also gave CDC the responsibility for improving public
health communication facilities and networks. Where does that
task go under this new structure?
Mr. Hauer. The HAN and NEDS, which are the infrastructure
that are being developed nationwide to allow CDC, State health
departments and city and county health departments to
communicate, will stay at CDC, as will NEDS, which is an
infrastructure in development at CDC to allow hospitals and
health care providers to communicate with local health
departments for either data mines, surveillance and other types
of surveillance systems. That will again take place in the
traditional public health activities--they will stay at CDC as
they are now.
Mr. Deutsch. If CDC is going to take on these additional
responsibilities, how will that be funded and who will be----
Mr. Hauer. Those responsibilities are at CDC right now and
are funded through the Bioterrorism Act of 2002.
Mr. Deutsch. Does Homeland Security have a clear
understanding of the difference between law enforcement first
responders, communications such as were needed on September 11
and the public health surveillance network which is for public
health and medical staff which may not be first responders?
Mr. Hauer. Well, I don't think there is any question that
there is a very clear understanding in the Homeland Security--
in the Office of Homeland Security right now and the people
that I deal with that the responsibility for public health
emergency is significantly different than the response to
chemical or nuclear energies. One is clearly a type of response
and a public health emergency--the first responders is a
completely different community, and the detection of a public
health emergency is one that will occur over time. It is not an
immediate--I don't think there is any question that that is
clearly understood and as part of a new structure of homeland
security is integrated into that structure.
Mr. Deutsch. Who is going to maintain responsibility to
improve the capacities of the State and local laboratories?
Mr. Hauer. That will be done through the Centers for
Disease Control, through the laboratory response network. That
will be an ongoing process. While Homeland Security will have
some oversight of that, the function will remain with CDC.
Mr. Deutsch. Has HHS failed with its recommendations about
how to improve the preparedness of the public health system?
Mr. Hauer. No. In fact during the last 8 months--I've
worked in this environment for almost 8 years now and in fact
had the first surveillance system in the country when I was
still a commissioner in New York City and was extremely
frustrated with HHS over time because HHS was not moving
forward. During the last 14 months or so, the Department has
made incredible strides.
Secretary Thompson, even before being confirmed, recognized
that bioterrorism was an issue that we would have to confront,
and we did briefings for the Secretary early on in the
administration. Since September of last year, we have
accelerated our programs in large part because of the support
we've gotten from Congress and the money we've received.
We have done--the original plan, just one example, was to
have 40 million doses of smallpox vaccine by 2005. When the
Secretary took over, that was the plan. We are now going to
have 260 million new doses of new vaccine by the end of this
year.
We have seen enormous strides at the State and local level
on the ability to receive the national pharmaceutical
stockpile, the training that is going on at the State and local
level, the exercises we're seeing at the State and local level.
We're finally seeing hospitals talking with their local health
departments. We are finally seeing strides that heretofore have
never occurred, and we expect as this gets integrated into the
Department of Homeland Security that there will be even closer
coordination with the--at the State and local level.
Mr. Deutsch. If I can indulge in just one very short
follow-up question, all that good future planning that you
described, how will that be affected in terms of the switching
of responsibilities to Homeland Security?
Mr. Hauer. I don't see any effect. In fact, because of so
much of what goes on in emergency response at HHS, it is so
closely coordinated with FEMA, as this becomes integrated into
the new department, I would imagine that the synergies will be
even stronger and that we will clearly see more coordination
both at the State and local level.
Mr. Greenwood. The Chair thanks the gentleman and
recognizes the chairman of the full committee, Mr. Tauzin.
Chairman Tauzin. Thank you, Mr. Chairman.
Mr. Hauer, as you're well aware, in the bioterrorism bill
we've beefed up the select agent's program at CDC, basically
making sure it is not only a registration but also a tracking
system on select agents that may affect human health, and I
understand that that is--that function is scheduled to be
transferred to the Homeland Security office. But we also at the
same time, as you know, put together a program at USDA, a
similar program for tracking and registering not only the
transfer or possession of select agents that may affect animal
health and we also in the bioterrorism bill encouraged those
two agencies to coordinate so that we end up with eventually a
single registration and tracking system. After all, a select
agent that can hurt an animal could well likewise hurt a human
being.
The question I have for you is, is it good for us to be
transferring this function from CDC and at the same time
leaving the other function at USDA, or should both functions be
transferred simultaneously or neither one? What is your
recommendation?
Mr. Hauer. Well, let me give you the perspective from HHS.
I'm not sure I can address the USDA perspective, but the--from
HHS's perspective, CDC has never really been a regulatory
agency. So having that function within CDC I think is probably
not the best spot to locate it. CDC is quite good at
determining what agents should be on a select agent list, but I
think moving it into Homeland Security, where they have more of
a coordination with law enforcement and intelligence, again
provides a better synergy----
Chairman Tauzin. But if that is correct, isn't it also true
that the USDA function should move with it?
Mr. Hauer. I don't know why at this point in time the USDA
component remains where it is. I can't answer that.
Chairman Tauzin. So you can't answer that. We can't either,
and we don't understand that. It seems to us, at least--I would
love your thoughts on this. But if you're going to move the CDC
program because of the fact that it now connects the
registration and tracking system to the coordination of law
enforcement efforts in the area, that it would be logical to do
the same thing for the USDA program as well.
Mr. Hauer. Well, at first blush I would envision that the
USDA in fact does do regulatory work and does have the
capability to go out and do an inspection and track these kinds
of things, where CDC and HHS have historically not. That
would--that would be my----
Chairman Tauzin. Nevertheless, the coordination with law
enforcement personnel in materials of the investigatory
outreach of those agencies in tracking and identifying perhaps
the mishandling or mistransfer or improper possession of these
agents would seem to compel an argument that those functions
ought to all be coordinated out of the same office, does it
not?
Mr. Hauer. I certainly understand your thinking on this,
but I will ask the folks at Homeland Security who are working
on this what their thinking was, and I'll get back to you on
it.
Chairman Tauzin. Please do.
Finally, we've got a lot of work to do today, and I don't
want to keep you, but we watched with great interest the
shooting at LAX Airport this last week. Interestingly enough,
when the shooting occurred they immediately began a debate as
to whether or not it was a terrorist attack. We noted local law
enforcement--local guards, first of all, El Al Air and the
local guards at LAX did their job, apparently, well. Local
police came in and effectively did their job well. FBI was
called in to find out whether it was a terrorist attack. Are
there some parallels here to the questions of how we manage the
very close similarity and features between a bioterrorism
attack and a naturally occurring infectious disease in our
Nation, and are their lessons there for how this new Homeland
Security will work with other agencies that deal with everyday
disease and research, et cetera?
Mr. Hauer. Yeah. I think that is an excellent comparison,
because early on in the evolution of an outbreak one might not
know whether it is a naturally occurring outbreak, whether it
is, you know, a bunch of kids who have had something bad to eat
at school or--in a lunchroom or whether in fact we've had
something a little more nefarious occur.
It's only--you know, there are certain assumptions at this
point in time. If we were to see anthrax or smallpox we could
assume that it probably is not something innocent, but some of
the other agents, some of the other things that could
potentially be used could create some confusion----
Chairman Tauzin. Although even with anthrax you have
animals spreading the----
Mr. Hauer. In the Southwest we see----
Chairman Tauzin. The point I'm making is that the way in
which we structure this new department, we had best be careful
not to remove from certain agencies in the health community
their ordinary capacity to be the first on the scenes and to do
their job in terms of assessing an outbreak before you know
whether it's a terrorist attack or a naturally occurring
process. Right?
Mr. Hauer. I think that is absolutely right. I think at the
end of the day this Department, first of all, will not have
impact on the way State and locals do outbreak investigation,
other than to potentially strengthen what goes on at the local
level and to be a catalyst for better coordination with law
enforcement. But public health at the local level will continue
as it is, as will public health activities at the Centers for
Disease Control; and we have to ensure as the new Department
evolves that the coordination between the new Department and
HHS is a solid relationship so that those things that could
evolve very innocently, at the end of the day that might not
be--are escalated to the new Department for----
Chairman Tauzin. Yes. We can draw another really far-out
analogy. There was a horrific story a few years ago of the Boy
Scouts, you know, trekking around the mountains here in America
only to have one of the kids get lost. A helicopter located
him, but nobody seemed to be--have the authority to tell the
helicopter to land, pick him up, and to leave the kid out there
overnight. Parents knew he was out there alone at night lost in
the woods. The helicopter couldn't get authority to land to
pick him up.
That's our worst fear as we make these changes. Please know
that. We hope--work with us on that. Our worst fear is that
some bureaucrat is sitting around trying to figure out whether
this is a bioterrorism attack or whether this is naturally
occurring and so nobody moves until that decision is made. Our
worst fear is that we take away authorities that currently
would respond quickly, regardless of what caused the problem
and begin to deal with it rapidly and effectively. Now I would
hope again that be central in all of the considerations and the
transfers of authority that take place.
Thank you, Mr. Chairman.
Mr. Greenwood. The Chair thanks the gentleman.
The gentlelady from Colorado, Ms. DeGette.
Ms. DeGette. Thank you, Mr. Chairman.
I'd like to follow up on Chairman Tauzin's questions,
because I think they are important. You see, when a gunman goes
into the L.A. Airport and shoots somebody, you know a crime has
been committed. So local law enforcement officers respond to
the crime, and they do what they need to do. Then we come and
say, was it a terrorist attack or something else? But with
biological warfare it is not so clear-cut, and I think that is
the issue we've got.
Because what happens is there's an outbreak of something,
not anthrax or smallpox. I mean, we're going to make that same
assumption just like when you have a gunman going into the L.A.
Airport. But let's say you have some other kind of outbreak,
and what would happen--I mean, right now, the CDC has
responsibility for researching naturally occurring public
health issues, issues like flu, food-borne illnesses, new and
emerging infectious diseases. So we're now going to know--we're
not going to be able to say if there's an outbreak of one of
these diseases, well, this could be bioterrorism. It's probably
likely going to be naturally occurring, unlike a shooting or
some clear-cut crime. And so the question--so what would happen
right now is there's an outbreak of Legionaire's disease or
something else. CDC begins to investigate it. How are we going
to be able to separate those normal functions of the CDC from
biological warfare, and how is the new agency going to do that
without totally subsuming the CDC's routine functions?
Mr. Hauer. Well, let's start at the local level, because
all terrorism really starts at the local level. I very much
like your analogy of the law enforcement officers and the way
they respond. An outbreak at the local level usually starts
with a local or county health department, and it's escalated
usually to the State health department and then to CDC. None of
that would change. Much as at the local level the law
enforcement agencies call the FBI in, local health departments
will call in either the State health department or CDC.
If in fact the outbreak or the incident is suspected based
on what they see, based on the patterns to be something
intentional rather than a naturally occurring outbreak, then
the Department of Homeland Security clearly would be brought in
early on so that the coordination with law enforcement and with
other agencies is begun as quickly as possible.
Ms. DeGette. Let me stop you right there. Who makes the
determination to bring them in?
Mr. Hauer. Well, that would be part of--as the information
becomes available, HHS would notify Homeland Security very
quickly that an outbreak investigation that they are looking at
looks to be other than a naturally occurring outbreak; and as a
matter of course, the new Department would probably be notified
anytime there's a large outbreak or something suspicious as a
matter of courtesy.
Ms. DeGette. Okay. So I'm just trying to follow this,
because I think it's important.
Denver health, which actually--we have, as you know, one of
the few coordinated departments. They see something they
suspect is a big outbreak of something. They bring in the State
health department. The State health department brings in CDC.
Is it the CDC through HHS that then decides whether or not to
bring Homeland Security in? Are there going to be Homeland
Security people looking at that, too?
Mr. Hauer. No. I would envision the HHS would notify
Homeland Security that there's an outbreak of some kind, that
it's being tracked. The other----
Ms. DeGette. Okay. And then what's Homeland Security going
to do that CDC doesn't do now?
Mr. Hauer. Well, it depends on the nature of the outbreak,
depending on what assets are needed, if the national
pharmaceutical stockpile is needed. A lot of that requires
infrastructure from other Federal agencies, air assets,
mobilization of people, of volunteers, depending again on the
nature of the outbreak, if we have to do a mass prophylaxis of
people or a vaccination. All of that requires coordination from
other Federal agencies, and that is better coordinated at the
Department of Homeland Security.
Ms. DeGette. Right. But I'm really talking about disease
research and identification. In our last hearing, some of the
medical and research experts said that they thought that
transferring some of the responsibility for research in
biological countermeasures and identification is simply going
to add bureaucracy and it's going to put scientific decisions
out of the hands of scientists and into the hands of
bureaucrats. I'd like to know your response.
Mr. Hauer. Yeah. But we've got to separate outbreak
investigation or a response to a potential incident to the
actual research and development activities that are going on on
a daily basis. And the R&D activities that are currently being
conducted by NIH and CDC would continue as they are----
Ms. DeGette. Those would not be supervised by the new
Department?
Mr. Hauer. The new Department would coordinate and would
oversee the bioterrorism, chemical terrorism and nuclear
terrorism-related activity to ensure that at the Federal level
we have a better coordinated approach. We have numerous R&D
activities going on at the Federal level. By bringing them all
together in one department we will have a more effective and
more efficient R&D program.
Ms. DeGette. Just one last question. I would ask unanimous
consent for one additional----
Mr. Greenwood. Without objection. The Chair would just
remind you it's going to be a long day.
Ms. DeGette. I know.
But the Department of Homeland Security, we sort of have--
it would say to CDC and to NIH, we want you to do this
research, because we think it's important.
Mr. Hauer. Yes, I believe that is----
Ms. DeGette. That is----
Mr. Hauer. The question is one the chairman had earlier on.
Ms. DeGette. Thank you, Mr. Chairman.
Mr. Greenwood. The Chair recognizes the gentleman from New
Hampshire, Mr. Bass, for 5 minutes.
The gentleman from North Carolina, Mr. Burr.
Mr. Burr. Thank you, Mr. Chairman.
Welcome, Mr. Secretary. I really want to focus on the
office that you're Acting Secretary of that we created in the
bioterrorism bill, because I think that was debated heavily
within the ranks of this committee. We saw a tremendous need
for it, and I would take for granted you still see a tremendous
need for it.
Mr. Hauer. Yes. I think that there needs to be some kind of
a coordinated function within HHS to continue to coordinate
HHS's activities; and, again, the need for an Assistant
Secretary's position is one that I would defer to Congress to
decide about.
Mr. Burr. Well, the great thing is you're here and we get
to ask you. For that reason, I would ask you, do we need in the
newly configured world of a shift of some responses over to
Governor Ridge and Homeland Security to still create an
Assistant Secretary slot at HHS that's configured much the same
way?
Mr. Hauer. Well, I think again there needs to be some
coordinated function at HHS to be interfaced with the new
Department and to coordinate the multiple activities within HHS
that will remain with the Department once components are
shifted over to Homeland Security.
Mr. Burr. And the components that currently are under
debate to shift are pretty obvious ones--the National Medical
Response Team, the Metropolitan Response Teams, who also have
significant roles as it relates to training, precautionary
deployments because of national and international conferences
that we feel that they may be needed for, which you could make
a tremendous argument that they ought to stay over in HHS
because their hopeful deployments are more for practice than
they are for the actual threats.
But we do leave at HHS the responsibilities, as I
understand it, for bioterrorism preparedness, emergency
preparedness, a number of things that are still over at HHS.
I think the reason that this committee specifically created
this Office of Assistant Secretary was we saw that without an
Assistant Secretary there was an inability to focus on the
preparedness that was needed. So I am asking you if we only
shift a few of the functions and we've still got this huge
slice that deals with our ability to prepare, don't we still
need an Assistant Secretary level at HHS to drive that focus?
Mr. Hauer. Yeah, the functions that are being shifted over
to Homeland Security, or I should say the most obvious ones,
are those that have response functions to either natural or
intentional incidents, OEP, NDMS. Those functions because of
the work they do with FEMA, with the Secret Service, with the
FBI would fit quite naturally in the new department. The funds
that will be coordinated and remain with HHS do need to have
some coordinating focus within the Secretary's office. And how
that's structured, you know, until the bill was passed we had a
Director of the office, a Special Assistant. Any structure
would work but we do need to have a coordinated focus within
HHS for the Department of Homeland Security to deal with.
Mr. Burr. I make the claim that there's a greater tendency
today on the part of any agency to say now that we have an
Office of Homeland Security it's their responsibility to make
sure that the infrastructure for preparedness, whether it's
national, whether it's State, whether it's local, is in fact in
place, that they've the correct training, that they've got the
right equipment, that they're prepared. Now we all understand
it's the Office of Homeland Security that would make the
notification in the event of a threat. But clearly the way
we've designed it downstream, the equipping, the training will
stay as a responsibility of HHS, am I correct?
Mr. Hauer. That's correct.
Mr. Burr. I guess what I would ask you is given that we
were there before and even though we knew we needed this and
this was from administration to administration to
administration yet we didn't make a lot of progress, I'll ask
you again don't you need an Assistant Secretary level to drive
the type of focus within HHS regardless of who's there to make
sure that downstream we have the components in place to be able
to adequately address the call from Homeland Security that says
we have to mobilize?
Mr. Hauer. Yes, we definitely need somebody in the
Secretary's office who reports to the Secretary, has the weight
of the Secretary, to get and to maintain coordination of all
the operational divisions within HHS.
Mr. Burr. I might also add that we saw this office as a key
component to our ability to rebuild our public health
infrastructure in America. We cannot lose focus of that
opportunity that we have. Even as we talk about how to split up
these things we cannot miss the opportunity to rebuild that
public health infrastructure, and that's through CDC.
Mr. Hauer. It's within the focus of HHS and I think it
deserves input from the Assistant Secretary level person.
Mr. Greenwood. The Chair thanks the gentleman. Mr. Stupak
is recognized for 5 minutes.
Mr. Stupak. Thank you, Mr. Chairman. Following up Mr.
Burr's question, whether we need an Under Secretary, the bill
we have before us would give the current Secretary the
authority to establish guidelines for State and local
government efforts to develop and implement countermeasures to
chemical, biological and other threats. But I believe the bill
is ambiguous in conferring this authority. Is it your
understanding that the guidelines are mandatory or are they
merely suggestions?
Mr. Hauer. The guidelines for State and local governments?
Mr. Stupak. Yes.
Mr. Hauer. Right now most of the money comes from the
Federal Government.
Mr. Stupak. But the bill. The bill's language, suggestive
or mandatory?
Mr. Hauer. Subjective of what, the guidelines?
Mr. Stupak. Conferring the authority. Who's going to have
the authority to do this?
Mr. Hauer. It would be the Under Secretary of the
Department of Homeland Security.
Mr. Stupak. That's mandatory; they would have to do that?
Mr. Hauer. That they would establish guidelines.
Mr. Stupak. But yet it appears the bill doesn't really
grant that authority. Do you believe these guidelines will be
effective and will help to improve our State and local
emergency preparedness if the Federal Government does not
assist State and local units in acquiring the necessary
technology? You can do the guidelines, you can say it's
mandatory, but how do you assist them in acquiring the
necessary technology to actually implement these guidelines to
make us more secure?
Mr. Hauer. At the State and local level? In fact, I think
the Department of Homeland Security would fix one of the
greatest problems for State and local responders, and that's
been this multiple department approach. And, again, coming from
the local level and the State level, I was always quite
frustrated dealing with numerous departments here in DC.
Mr. Stupak. How does this fix it?
Mr. Hauer. It has one department that is coordinating
units, one department that is coordinating technology, one
department that is sending out a single message.
Mr. Stupak. I won't have to go to HHS or DOE; I can go
right to this department?
Mr. Hauer. Correct.
Mr. Stupak. Good. As you may be aware, the administration
issued its homeland security proposal in advance of the joint
House and Senate Intelligence Committee's completion of its
analysis of what happened on September 11, how it might be
prevented and how, moving forward, we might effectively respond
to another attack. In your experience, isn't this analysis key
to understanding what is needed to effectively prepare and to
respond to an attack? Basically we're pushing this
administration proposal, the chairman said it's going to be
done by July 12. Shouldn't we really have the analysis of the
joint committee before we push through a proposal? Don't we
have the cart before the horse here?
Mr. Hauer. In fact, I think that the proposal as it stands
shows a fair amount of insight into the problems that we've
confronted as a government.
Mr. Stupak. A fair amount, but not all the insight,
correct?
Mr. Hauer. Poor choice of words. I think as it was drafted
it really addresses many of the problems that I as a local
responder for many years----
Mr. Stupak. Many, but not all. See, the point I'm trying to
say, if we've got these joint committees doing the work,
shouldn't they do the work before we push through this
proposal? I don't want to push this thing through and get it on
the floor because we have this end of month recess, we're going
to August, and say, jeez, we did this and we find out we did it
half right or many things right but not all.
Mr. Hauer. I think the longer we wait to try to resolve
some of these problems, the longer we wait in trying to address
the creation of this department, the longer we maintain some of
the vulnerabilities that we have at the State level, the local
level and at the Federal level. I think that's why the
President at this point is anxious to move forward so
aggressively to address this, because I think they see and
understand exactly what the issues are.
Mr. Stupak. But with all due respect, in our aggressiveness
we shouldn't be blinded to the real needs that this country
needs in homeland security.
Mr. Hauer. Agreed. But I think that as the proposal stands,
I think it addresses those issues. I think it addresses the
needs.
Mr. Stupak. Let's move on. I'd like to see the joint
committee issue a report, their analysis, before we jump
forward with this bill and not under this arbitrary time line.
But the bill would also grant DHS the authority to develop
interoperative communications technology in helping to ensure
that emergency response providers acquire such technology, yet
the bill does not include the authority for DHS to provide
grants to assist State and local units of government to equip
the first responders with the so-called interoperative
communications technology. So how are we going to do this? How
will the communications interoperability be improved without
the authority?
Mr. Hauer. I believe through the FEMA grant program and
through the Department of Justice grant program there is the
capability for State and local governments----
Mr. Stupak. But you told me earlier we were going to do it
all under Homeland Security for one-stop shopping.
Mr. Hauer. But that will all be moved under Homeland
Security.
Mr. Stupak. So FEMA won't be in any more?
Mr. Hauer. In combining those grant programs, one of the
biggest frustrations at the local levels is all these multiple
grant programs coming from FEMA, Justice and trying to figure
out guidelines and who can do what, in trying to streamline
that particularly, and I think you're absolutely right,
interoperable communications has been a problem. It was a
problem at the World Trade Center. And you know in many of the
incidents I've managed over the years, interoperable
communications has been a need. This new department will allow
a better funding stream, a more coordinated funding stream and
a more efficient funding stream so that things like
interoperable communications can be funded.
Mr. Stupak. So FEMA and Justice would be out of it?
Mr. Hauer. They are moved into the new department and the
money that they currently flow to the State and local
governments would be better coordinated.
Mr. Greenwood. The time of the gentleman has expired. Chair
recognizes the gentleman from Illinois, Mr. Shimkus.
Mr. Shimkus. Thank you, Mr. Chairman. I'll try to be brief,
too. To my friend from Michigan I would just say that it's--he
needs to talk to his minority leader. One of the driving
emphasis to the movement so quick is the September 11 date set
by the minority leader. I, too, am concerned about the speed at
which we're moving. It's a bipartisan rapid movement to a
finish line. I would--I like the aspect of this registrar to
track and get information down or up the chain through the
community health departments, the other Clancy book where they
have the ebola virus spreading all over the place. The
President at that time just stopped all flow of individuals
within the country to try to contain the spread. I think that's
part of it, the vision of what would happen if you could gather
information of sporadic outbreaks and if you stopped the
movement of people then you could possibly stop the spread, and
I think that's a very positive thing.
The question I have is why is the scope of the research
authority given to the new Secretary limited to civilian
efforts of the Federal Government and to what extent is the DOD
research in these same areas, which I understand is quite
extensive, being incorporated into the new department's
authority?
Mr. Hauer. I think when you look at the research that DOD
does versus the research that we do at NIH and CDC, the
research that DOD has historically done is combat environment
research. It's based on military constructs and the needs of
the military. And very often the military research does not
transfer that easily to the civilian environment. We saw that
in 1996 when a lot of DOD equipment was given to cities as part
of the original Nunn-Lugar funding and a lot of cities really
could not integrate military equipment into their response. The
civilian research, however, is pretty much focused on the needs
of the civilian responders, whether it's for chemical attack,
nuclear or biological.
So I think keeping that separation is a good one, I think,
though it doesn't prohibit nor does it in any way obstruct the
ability for the researchers to share data, to share what
they're doing, but the military focus is really just a
different focus. Ideally what you can do is take some of that
military research that's going on, and this in fact occurs now,
and hand it over to the civilian environment but to just, to
take the military research per se, their focus has historically
just been a little different.
Mr. Shimkus. Does that sharing go on now?
Mr. Hauer. Yes. In fact, we've got an ongoing program with
DOD and we work closely with DOD. But again we work with them,
a lot of their focus--and we're doing one project now on bio
detection with them, but they look from the military
perspective and how it would work in a combat environment. We
have to translate that into how it works in the civilian
environment.
Mr. Shimkus. Being from the military environment, I
understand there's great differences.
I yield back my time.
Mr. Greenwood. The Chair thanks the gentleman. The
gentleman from Texas, Mr. Green, for 5 minutes.
Mr. Green. Thank you, Mr. Chairman. We heard in our last
hearing and again today we'll hear from medical and research
experts that they believe transferring the responsibility of
research and development in biological countermeasures to the
Homeland Security is inefficient and adds additional
bureaucracy and puts scientific decisions in the hands of the
nonscientific agency. We haven't heard a response from the
administration. Do you have a response to that concern about
the adding bureaucracy, then taking the decisionmaking away to
a nonscientific agency?
Mr. Hauer. First of all, I don't think it takes any
decisionmaking away from the researchers of NIH or CDC. I think
at the end of the day having a central agency centrally
coordinate the needs for research and then helps coordinate the
direction of research based on the needs of terrorism will
provide more efficiency with the use of our research dollars
and I think more effectiveness. But it in no way inhibits
what's going on in the scientific community. It in no way
inhibits what is going on right now. It does not do anything to
undermine the basic science research at NIH or the public
health research at CDC.
Mr. Green. You're the Acting Assistant Secretary of Public
Health Emergency Preparedness. Your entire office would go over
to the Homeland Security. Does that mean that HHS does not need
to be in the public health and emergency preparedness program
and would HHS be out of the preparedness business?
Mr. Hauer. No. As I mentioned earlier, I think there's
still a need to have somebody on the Secretary's staff who
would be coordinating the activities of HHS.
Mr. Green. And they would coordinate, I assume, with the--
--
Mr. Hauer. With the department.
Mr. Green. Would you explain the relationship between the
select agent registration and lab security program with that of
the lab bio safety programs already in operation under the
proposed select agent registration lab security program.
Mr. Hauer. The new select agent program is one that allows
the new Department of Homeland Security to track and monitor
agents that are being used. Mainly the pathogens that are being
looked at in research labs around the country right now are
pathogens that could be used as bioterrorist weapons. The new
legislation, the legislation that was passed and would now be
transferred to Homeland Security, allows the Department of
Homeland Security to inspect labs, to trace and track the
shipment of select agents, because clearly these agents could
potentially be problematic if there's no control.
Mr. Green. Who's going to take over the bio safety
inspection program and will there be coordination?
Mr. Hauer. Clearly there will be coordination. There's no
question about it. CDC and NIH will continue to give guidance
and technical assistance to the department re the lab safety
and security issues.
Mr. Green. Who's going to actually do it? Will it be the
Homeland Security?
Mr. Hauer. Yes, the Department of Homeland Security will
oversee the select agent registry. The CDC and NIH will have
input as to what agents should be on the select agent list.
Mr. Green. Okay. Will the new Homeland Security also take
over the bio safety regulation inspection program or will that
still be under the CDC?
Mr. Hauer. That would be under, if I'm correct, under the
CDC.
Mr. Green. Are you going to have dual inspectors? Will
there be collaboration between the two?
Mr. Hauer. I would envision there would be good
collaboration between the two.
Mr. Green. So there wouldn't be dual inspections by two
Federal agencies?
Mr. Hauer. I would not envision it at this point. That
level of detail needs to be worked out as the department
evolves.
Mr. Green. Thank you, Mr. Chairman.
Mr. Greenwood. The Chair thanks the gentleman, recognizes
the gentlelady from New Mexico, Ms. Wilson, for 5 minutes.
Mrs. Wilson. Thank you, Mr. Chairman. I appreciate your
having this hearing today. I appreciate your having so many
good witnesses. I wanted to start out with an observation,
listening to the questioning that's going on, and then ask a
couple of questions. It seems to me that kind of getting away
from some of the detail and getting up to a more general
strategic level, there are two strengths that the United States
can buildupon to ensure homeland security. One is the ability
to collect and integrate information. That's not within the
realm of this committee's jurisdiction, but it is critical. The
second is technological superiority. Without leveraging those
two strengths, this department is not going to be successful, I
don't think. Even the draft legislation is weak in both of
those areas, as evidenced by the confusion about the R&D
structure and the lack of an R&D structure in the bill itself.
In the draft bill there's only one Under Secretary that has any
kind of responsibility for R&D. It's underemphasized in the
bill. It's unclear. And that's been demonstrated amply by the
questions and answers we've gotten this morning where it needs
to be clarified and we need to know how we're going to pursue
research, development, tests, and evaluation, because if we
don't we won't be able to leverage those strengths long term.
I don't think the answer is necessarily moving more cells
back and forth between a new department and old department in
regard to particular research. I also think we should avoid the
temptation to designate a particular group or a particular
laboratory as the one that does research on homeland security,
because every Under Secretary is going to have different needs.
If you're the Under Secretary who's responsible for biological
events you will be wanting to call on NIH and CDC and the
pharmaceutical agency and national laboratories and
universities, depending on the nature of the problem, of the
alligators that are after you today. At the same time there
needs to be a longer term focus. The guy who is responsible for
emergency preparedness has problems and operations he needs to
conduct today and will be looking at applied research. But
there is nothing in the bill that gives the Department of
Homeland Security that broad look and that long-term look for
both basic research and applied research that will give us the
things that all of those guys are going to be asking for 10
years from now or 20 years from now. It's a critical weakness
in the bill, and I think we're going to have to remedy it in
part in this committee as well as other committees that are
looking at it.
Let me ask a couple of questions. What is your
understanding in the base bill of where the budget authority
lies? Who gets the money and manages the money for bioterrorism
research? Is it you, or is it HHS or is it Department of
Homeland Security?
Mr. Hauer. It's the Department of Homeland Security.
Mrs. Wilson. So they are the ones who will determine where
the dollars get farmed out to, but they can call on the CDC lab
or NIH or whatever?
Mr. Hauer. Or one of the national labs. Again, one of the
reasons you have better coordination of funding is by having a
central focus for all the R&D on these different threats.
Mrs. Wilson. You currently do work for others within HHS? I
mean, do you have a Department of Defense or other Federal
agencies come and say we've got this piece of work to do and
there's a laboratory within HHS that has the expertise to do
it?
Mr. Hauer. On occasion, yes.
Mrs. Wilson. Do those relationships--are they difficult to
perform or are they--I mean, is it hard to do or is it a fairly
seamless process for that money to be----
Mr. Hauer. It depends on the nature of the research.
Mrs. Wilson. Okay. Do you do cooperatively research with
different agencies or even private industry and HHS
laboratories-funded research?
Mr. Hauer. Yes.
Mrs. Wilson. How do those work?
Mr. Hauer. It depends again on the nature of the research.
We have ongoing research with other agencies, with
universities; depends on whether it's the biologic area where
we have strengths or in the nuclear area where we work with
some of the national labs on some of the R&D programs. We have
certain needs, but they might have certain strengths. Again it
depends on the research.
Mrs. Wilson. I know that your position is new and you're
just getting up and running, but have you got in progress a
strategic plan or an R&D road map for setting priorities in
both short-term and long-term research in the biological area?
Mr. Hauer. Absolutely. We're looking at a number of areas,
including new vaccines, new antibiotics. We're working with NIH
on the research strategy, both short and long term, on
immunomodulations to try and avoid using antibiotics. We're
again working both within HHS and with outside experts to help
formulate some of the agenda.
Mrs. Wilson. Thank you.
Mr. Greenwood. The Chair thanks the gentlelady; recognizes
for 5 minutes the gentlelady from California, Ms. Capps.
Mrs. Capps. Thank you, Mr. Chairman, for holding this
hearing and to you, Mr. Hauer, for your testimony. The
publication, weekly publication, Mortality and Morbidity
Report, from CDC was very useful to me in the years that I was
a school nurse working in public health, as I did in my career
before coming to this place. When I visited with Mr. Deutsch at
the CDC a few months ago, I was struck by how intimately
involved they are with health officers and health facilities on
the local level, probably more than about any other Federal
agency that I'm aware of. To me that is a real skill.
To cite another example, shortly after 9/11, I, as did many
of my colleagues, went back home to the various local entities
that had come together around this event and put together
disaster teams of preparedness using the local structure. I
asked them what they needed. They told me they felt the public
health and other infrastructures was already stretched before
9/11 at the local level. We know that any event happens
locally, witness the LAX event, whatever that means, which
happens at a precise place.
So what we have both in CDC and NIH, in my opinion, is that
ability with professional expertise to go up and down the line
from the local research interests to the national ability to
gather together, coordinate and so forth. If we were stretched
before 9/11 in our infrastructure, which I and others believe
we were, how can whatever is being put together now through
Homeland Defense mitigate those real needs that are there and
not be seen, as some at home have said to me, where's the money
for the first responders. We know what we need to do to
prepare. We don't even have vaccines on hand for flu or various
other things. That's where I'm coming from today.
Mr. Hauer. The issue of the money getting to the first
responders, HHS, and in probably record time for the Federal
Government, the Secretary, once the President signed the bill
in January, told us that we had a very short window to get
money to the local and State public health departments, and in
fact we did that. Thirty days after the grants came in they
were reviewed. We had over 114 grants reviewed within 30 days
from the four cities and the States and Territories, and they
were reviewed and the money was committed and got it out to the
States.
Mrs. Capps. I don't want to interrupt you, but right at
that point that was before this legislation. This new
department that we are struggling with and asking questions
about is going to be yet another layer. I mean, the immediacy
that you just described is what is needed. What will this
agency do?
Mr. Hauer. I think a couple of things. First of all, this
department, you mentioned earlier on that local responders
continue to wonder where the money is. Having been one of them
for many years, I understand those frustrations. I think what
the President is trying to do is ensure that there is an
efficiency in getting that money out as well as a rapidity in
getting money out to State and local responders, but ensuring
at the same time that there's not duplication of programs, as
there is now, which is confusing local responders and making it
very difficult for them to understand training guidelines. We
have training programs that sometimes have contradictory
information. We are giving out equipment, hand-held assets for
detecting biological equipment, which should not be used by
local responders.
Mrs. Capps. I see the yellow light. I want to pin this down
because I appreciate the fact that you have had very local
experience and so you know what this is. It is very easy to be
cynical and say this is just one more bureaucracy. Precisely at
the area you're describing, coordination some of us are
hearing, is that a transfer of authority? And I don't think
we're--I for one am not even on the subcommittee but I'm very
interested in this topic. I need to be convinced more clearly
that the authority of professionals in the field, in the area
of research, whatever, is not going to compromise that
integrity.
Mr. Hauer. I don't think there's any question that what
this bill envisions is allowing from an R&D perspective those
folks doing R&D, whether it's the national lab, NIH or CDC, to
continue their focus, but when it comes to the threats that
confront the country right now, whether it's chemical,
biological or nuclear, to have a more coordinated effort in
researching those types of remedies so that we don't have one
agency giving something out to first responders that might not
work while another agency is saying don't use them. And that's
where we stand right now. I think that's what the President is
trying to do.
Mrs. Capps. Thank you.
Mr. Greenwood. The Chair thanks the gentlelady. Mr. Hauer,
thank you so much for your testimony, for answering our
questions and for your service. You are excused.
The Chair would call the next panel, consisting of Ms. Jan
Heinrich, who is the Director of Health Care and Public Health
Issues at the General Accounting Office; Dr. Gail Cassell, Vice
President, Scientific Affairs, Distinguished Research Scholar
for Infectious Diseases at Eli Lilly and Company; and Dr.
Margaret Hamburg, Vice President, Biological Programs, Nuclear
Threat Initiative.
Thank you for being with us. This committee is holding an
investigative hearing. When doing so, it is our practice to
take testimony under oath. Do any of you have qualms about
testifying under oath?
In that case, I should also inform you that pursuant to the
rules of the committee and the House, that you are entitled to
be represented by counsel. Do any of you wish to be represented
by counsel?
Thank you. If you will stand and raise your right hand.
[Witnesses sworn.]
Mr. Greenwood. Thank you very much. You are under oath. Ms.
Heinrich, you are recognized for 5 minutes.
TESTIMONY OF JANET HEINRICH, DIRECTOR, HEALTH CARE AND PUBLIC
HEALTH ISSUES, GENERAL ACCOUNTING OFFICE; GAIL H. CASSELL, VICE
PRESIDENT, SCIENTIFIC AFFAIRS, DISTINGUISHED LILLY RESEARCH
SCHOLAR FOR INFECTIOUS DISEASES, ELI LILLY AND COMPANY; AND
MARGARET A. HAMBURG, VICE PRESIDENT, BIOLOGICAL PROGRAMS,
NUCLEAR THREAT INITIATIVE
Ms. Heinrich. Mr. Chairman and members of the subcommittee,
I appreciate the opportunity----
Mr. Greenwood. I think your mike is not on yet.
Ms. Heinrich. Is that better?
I appreciate the opportunity to be here today to discuss
one component of the proposed creation of the Department of
Homeland Security. My remarks will focus on the potential
effects of reorganization of biomedical research under Title
III.
The proposed department is tasked with developing national
policy for and coordinating the Federal Government's civilian
research and development efforts for all threats, biological,
radiological and nuclear. The new department could improve
coordination of the biomedical research efforts, most of which
is sponsored or conducted at the National Institutes of Health.
The President's proposal could help improve coordination by
giving one person the responsibility for a single national
research and development agenda.
In the past, we have recommended the creation of a unified
strategy to reduce duplication and leverage resources, and
suggested that the plan be coordinated with Federal agencies
performing research as well as State and local authorities.
Such a plan would help to ensure that research gaps are filled,
unproductive duplication is minimized, and that individual
agency plans are consistent with the overall goals.
Interagency coordination will remain essential under the
proposal. It should be noted that the legislation focuses on
civilian efforts only. The new department will also need to
coordinate with DOD because it also conducts biomedical
research geared toward protecting service members, but
applicable to the civilian population as well.
NIH and DOD currently collaborate on a number of projects,
such as a shared data base to compare the sequences and
functions of pox virus genes and testing of new vaccines. This
coordination needs to continue.
It also includes four academic centers, CDC, USAMRID,
DARPA, and American Type Culture Collection.
Despite these positive aspects of the proposal, we are
concerned about the implications of the proposed transfer of
control and priority setting for dual-purpose research. The
President's proposal would transfer the responsibility for
biomedical defense research to the new department, but the
programs would continue to be carried out by NIH. These
programs include a variety of efforts to understand basic
biological mechanisms of infection and to develop and test
rapid diagnostic tools, vaccines, and antibacterial and
antiviral drugs.
The research on biologic agents that could be used by
terrorists cannot be readily separated from research on
emerging infectious diseases. For example, research being
carried out on antiviral drugs for biodefense research is
expected to be useful in the development of treatments for
hepatitis C. Research to expand our knowledge of factors that
play a role in determining antibiotic resistance, virulence and
invasiveness, as well as factors influencing the severity of
disease, are critical to emerging infectious diseases as well
as biodefense research.
In addition, the proposal would allow the new department to
direct, fund and conduct research on its own. This raises the
potential for duplication of efforts, lack of efficiency, and
an increased need for coordination with other departments that
would continue to carry out relevant research. It is
inefficient to build and duplicate the expertise and facilities
that already exist in the current Federal laboratories that are
needed to conduct this work.
In conclusion, better coordination of research efforts
could reduce wasteful duplication and increase efficiency. We
are concerned, however, with the President's proposal to
transfer broad control of biomedical research to the new
department. Although there is a need for a strategic plan for
research, there is also a need for maintaining the synergy of
biodefense, emerging infectious diseases, and basic biomedical
research efforts.
The R&D funding and priority setting needs to be vested at
the program level best positioned to understand the benefits of
both the basic and applied research efforts. If disagreements
arise over priorities for biomedical research, there may need
to be a mechanism for resolution within the Office of the
President or in the Congressional appropriations process.
Mr. Chairman, this concludes my remarks. I would be happy
to answer any questions.
[The prepared statement of Janet Heinrich appears at the
end of the hearing.]
Mr. Greenwood. Thank you, Ms. Heinrich.
Ms. Cassell.
TESTIMONY OF GAIL H. CASSELL
Ms. Cassell. The establishment of a new Federal Department
of Homeland Security can potentially achieve greater
efficiency, effectiveness and accountability regarding many
aspects of terrorism. However, there are unique characteristics
of bioterrorism that deserve special consideration and suggest
the need to address them in a manner differently than that
proposed by the administration's bill. I will limit my comments
this morning to those that directly relate to research leading
to countermeasures.
There is no simple counter to bioterrorism, no magic
bullet. Instead, development of an integrated set of strategies
is required. Such efforts must include preventing countries
from acquiring bioweapons in the first instance, dismantling
existing programs and capabilities where proliferation has
already occurred, deterring the use of biological weapons and
ultimately putting in place countermeasures that can rapidly
detect and effectively defend against such use. It is the
latter that requires special consideration with respect to the
proposed role of DHS.
In the long term the only way to defend against
bioterrorism is through a combination of constant surveillance,
accurate diagnostics to identify threats as early as possible,
and availability of high quality vaccines and drugs that can be
useful against any attacks that do occur. Research related to
bioterrorism is inextricably linked to that of naturally
occurring infectious agents and development of the new
antibiotics, antivirals diagnostics and vaccines. Thus, the
research and development of technologies for biodefense should
be synergistic and duplicative.
The diversity of existing biological weapons and the ever
increasing possibilities preclude simple therapeutic
countermeasures to bioterrorism. Currently our countermeasures
are very limited, even for known threats. This is a very
important consideration. There are 13 viruses on the select
agent list today, yet there is only one antiviral and this is
for smallpox, and it must be administered intravenously. There
are no truly broad spectrum antivirals. We have only a limited
number of antivirals for a few naturally occurring viruses.
The situation is somewhat better, but still worrisome with
respect to antibiotics. There has only been one new class of
antibiotics developed in the past 30 years. The Russians are
known to have constructed bioweapons resistant to current
antibiotics. While there are currently 23 antibiotics in Phase
I through III clinical trials today, there are few new classes
and importantly no new broad spectrum antibiotics, only more
quinolones like Cipro. In short, our antibiotic armamentarium
is limited and there is growing concern about an increase in
resistance to existing antibiotics, exemplified by two
different bills introduced within the past few months.
An idea of the problem of resistance, in fact it's now
known that the E. coli strains occurring, 90 percent of these
are--or 50 percent of these actually are resistant. Thus it
seems clear that no public health response to bioterrorism is
likely to prove effective without addressing the overall
problem of existence and the technical challenges of drug
discovery and development.
Development of effective countermeasures will depend on
interdisciplinary research ranging from basic research into the
mechanisms by which the agents cause disease, how the body
responds, and how the agents are transmitted. This new
knowledge then must be used to develop innovative vaccines,
antibiotics, and antivirals and immunomodulators. Equally
important will be to benefit from knowledge gained in previous
failures in development efforts. It is important to realize
while development of a new bioweapon only takes months,
development of a single new drug or vaccine on average, based
on many years of experience, requires anywhere from 8 to 10
years. Thus, meeting time lines and research goals are vital to
our defense given our current situation.
The magnitude of this challenge cannot be underestimated.
Success will require involvement of the very best scientific
and medical talent in government, academia and the private
sector. Likewise, in order to achieve success in a timely
manner the United States must be able to capitalize upon the
existing infrastructure for product development. Engaging the
full spectrum of private industry from the smallest biotech to
the largest pharmaceutical companies in the search for
solutions will not only greatly raise the chances of success,
but also significantly lower the total cost to taxpayers,
augmenting public appropriations with private capital
investment.
The NIH, specifically NIAID, is uniquely positioned to lead
this effort. The NIH recognizes that significant advances occur
when they often are unforeseen. These advances expand the
experimental possibilities. It must be recognized that not all
research problems are equally approachable no matter how urgent
and important to public health. Development of countermeasures
for bioweapons is not like designing a new tank. Research and
development of countermeasures will be a long-term endeavor.
There is always uncertainty about where the most valuable
discoveries can be made, but NIH is best placed to identify
scientific opportunities and applications that are relevant to
the most pressing issues. NIAID is unrivaled in its track
record of bringing the right scientists and rigorous peer
review and oversight of funded research. Indeed, many of the
best investigators have already been funded by NIAID and have
recently made major advances in determining the mechanism of
action of the anthrax toxin and the molecular mechanism by with
the Ebola virus induces death.
As evidenced by mechanisms put in place early in the AIDS
epidemic, NIAID has a positive track record of working with the
private sector from early phase discovery to clinical
development. NIAID can quickly mobilize the entire research
community. Last fall NIAID conducted a study to show that
existing stocks of smallpox vaccine could be diluted at least
fivefold to provide immediate protection to a larger number of
individuals should the need arise. Within 3 months post-9/11 a
comprehensive biodefense research agenda was developed with
broad input from the scientific and medical communities,
including those from industry. Over 20 initiatives already have
been launched to expedite biodefense research by NIAID.
This impressive efficiency is in part based upon the
synergy which is derived by driving the biodefense research in
parallel with all other infectious disease research. Separation
of these two efforts could result in failure due to missed
opportunities, failure to apply the latest technologies or
knowledge gained from the study of other infectious agents.
Therefore, I strongly recommend that the Department of Health
and Human Services continue to be responsible for the
prioritization, direction, and conduct of Federal research
efforts related to the development of countermeasures for
bioterrorism.
Although the administration's bill recognizes the necessity
that HHS conduct the research and development programs, the
bill provides that DHS in consultation with HHS shall have
final authority to establish the research and development
program, including the setting of research priorities. The
proposed transfer of program and funding authority in the
administration's bill gives ultimate control of research
spending and priorities to DHS, a nonscientific, non-public,
health-based agency. I will submit that you cannot wisely set
research priorities without being actively engaged in research
and with wise medical input from the medical and scientific
investigators.
The bottom line is that DHS could under the current
administration's bill change priorities midstream and by budget
allocations. To create the appropriate scientific and medical
infrastructure in DHS would result in loss of momentum and
unpredictability of new and ongoing research programs within
HHS. There is no time to reinvent the wheel. Rather it should
capitalize on the solid infrastructure that already exists in
the infectious disease research in this country.
It is not clear which activities by the DHS would
duplicate, supplant, or replace existing programs conducted by
HHS and create increased and recurring costs. One of the most
critical determinants of success in biodefense research will be
support and oversight of excellent science based upon peer
review and merit. As stated earlier, NIH-NIAID has an
unparalleled track record of success based upon external peer
review. A scientific health agency, HHS, rather than the
nonscientific, non-public health DHS, should have the principal
authority for developing and prioritizing scientific and health
related programs.
The role of DHS should be to integrate threat analysis and
vulnerability assessments and research agenda. This could be
accomplished by appointment of an Assistant Secretary who would
have dual reporting to HHS and DHS and to work closely with
NIAID. The desired outcome would be mutually agreed upon
research priorities that address threatening biological agents,
whether they be intentionally released or naturally occurring.
Last, regulation and oversight measures for work with
infectious agents must be balanced so as not to impede
legitimate research, diagnosis, and treatment of naturally
occurring infectious agents. I recognize that there's concern,
and I share those concerns, about pathogenic microorganisms
being used as biological weapons by nations or individuals. As
these concerns are addressed, however, I urge that there be
careful review of possible measures that might be taken to
establish appropriate safety and enforcement measures. HHS has
the best scientific and institutional knowledge to provide
oversight of select agent registration and to develop rational
enforcement programs.
Thus, I believe the program for select agents should remain
within HHS at the CDC. To transfer it to DHS will result in a
delayed implementation, which could considerably slow down
implementation of the biodefense research agenda. And as
currently structured, I would just point out that minimal
regulations are being put in place now so there's opportunity
to change those obviously by DHS further down the road. As a
result of this, more importantly, DHS could result in undue
tension within the research community. Inappropriate policy
measures and regulations to prevent terrorists from acquiring
pathogens could have unintended consequences for research aimed
at developing the very countermeasures that could eventually
remove agents from the select agent list. There needs to be
careful balancing and public concern about safety and security
and the need to conduct legitimate research to protect the
public.
I thank you for the opportunity to share my concerns with
you this morning, and I'm happy to answer questions.
[The prepared statement of Gail H. Cassell follows:]
Prepared Statement of Gail H. Cassell, Vice President for Scientific
Affairs and Distinguished Research Scholar in Infectious Diseases, Eli
Lilly and Company
Mr. Chairman and members of the Committee, thank you for the
opportunity to participate in this hearing. Before sharing my views,
some comments about my background may be helpful. My name is Gail
Cassell. I am a microbiologist currently serving as Vice President for
Scientific Affairs and Distinguished Research Scholar in Infectious
Diseases, Eli Lilly and Company. Prior to my arrival at Lilly five
years ago, I was the Charles H. McCauley Professor and Chairman of the
Department of Microbiology of the University of Alabama Schools of
Medicine and Dentistry, Birmingham, Alabama. My background is that of a
research scientist in infectious diseases working in laboratories of
both industry and a research-intensive university as well that of a
Director of large training programs for pre- and postdoctoral students
in molecular genetics, virology, and immunology. I have served on the
Advisory Committee of the Director of the National Institutes of Health
(NIH) and on the Advisory Council of the National Institute of Allergy
and Infectious Diseases of the NIH and as Chair of the Board of
Scientific Councilor's of the National Centers for Disease Control and
Prevention (CDC). I am currently a member of the Director's Advisory
Committee of the CDC. Over the years, I have participated in reviews of
the biomedical research programs (including bioweapons defense
research) in the Department of Defense. Of particular relevance to the
discussions today, I have been actively involved in issues related to
biodefense for over the past decade, as a past President of the
American Society for Microbiology (ASM), Chair of the Public and
Scientific Affairs Board of the ASM and a member of ASM's Task Force on
Biological Weapons. I served as Co-chair of the committee that reversed
the decision to destroy the U.S. stocks of smallpox and as a member of
the Advisory Committee to establish the first unit in the U.S. military
to address a bioweapons attack on U.S. soil. In addition, I continue to
serve on a number of committees in the National Academy of Sciences
(NAS) dealing with bioweapons, including a Russian research advisory
committee. Most recently I served on the Bioweapons Subcommittee of the
NAS Committee on Science and Technology for Countering Terrorism.
The events of September 11, and the anthrax incidents which
followed, have proven the vulnerability of the United States to
terrorism and the complexities of preparedness. The need to strengthen
planning, coordination, implementation and oversight of homeland
security is obvious. The establishment of a new federal Department of
Homeland Security, at a cabinet level, can potentially achieve greater
efficiency, effectiveness and accountability regarding many aspects of
terrorism. However, there are unique characteristics of bioterrorism
that deserve special consideration and suggest the need to address them
in a manner differently from that proposed by the Administration's
Bill. These characteristics include: (1) inadequacy of existing
countermeasures and urgent requirement for interdisciplinary research;
(2) indistinguishable features of bioterrorism and naturally occurring
infectious diseases; and (3) the nature and extent of the bioterrorism
threat and the need to balance public safety and legitimate research in
regulation and oversight measures.
1. inadequacy of existing countermeasures and urgent requirement for
interdisciplinary research
There is no simple counter to bioterrorism, no ``magic bullet.''
Instead, development of an integrated set of strategies is required.
Such efforts must include preventing countries from acquiring
bioweapons in the first instance, dismantling existing programs and
capabilities where proliferation has already occurred, deterring the
use of biological weapons, and, ultimately, putting in place
countermeasures that can rapidly detect and effectively defend against
such use. It is the latter that requires special consideration with
respect to the proposed role of DHS.
In the long term, the only way to defend against bioterrorism is
through a combination of constant surveillance, accurate diagnostics to
identify threats as early as possible, and continuous innovation to
provide high quality vaccines and drugs that can be useful against any
attacks that do occur. Research related to bioterrorism is inextricably
linked to that of naturally occurring infectious agents and development
of new antibiotics, antivirals, diagnostics and vaccines. The research
and development of technologies for biodefense should be synergistic
and not duplicative.
The diversity of existing biological weapons and the ever-
increasing possibilities preclude simple therapeutic countermeasures to
bioterrorism. Furthermore, response possibilities are limited even for
known threats. Although there are 13 viruses on the current select
agent list, there is only one antiviral, which is for smallpox and must
be administered intravenously. There are no truly broad-spectrum
antivirals, and only a limited number of antivirals for routine
pathogens like influenza, herpes, hepatitis B, and HIV. The situation
is somewhat better but still worrisome with respect to antibiotics.
There has only been one new class of antibiotics developed in the past
three decades. The Russians are known to have constructed antibiotic
resistant bioweapons. In short, our antibiotic armamentarium is
limited, and there is growing concern about an increase in resistance
to existing antibiotics. It seems clear that no public health response
to bioterrorism is likely to prove effective without addressing the
overall problem of antimicrobial resistance and the challenges of drug
discovery and development. Finally, the best deterrent against the use
of a biological weapon of mass destruction may be a constant stream of
new, innovative antibiotics, antivirals, and vaccines. Knowledge of
such commitment and successful developments would surely dissuade the
efforts of our enemies in such an arena.
Development of these countermeasures will depend on
interdisciplinary research ranging from basic research into the
mechanisms by which the agents cause disease, how the body responds,
and how the agents are transmitted. This new knowledge then must be
used to develop innovative vaccines, antibiotics, antivirals, and
immunomodulators. Equally important will be to benefit from knowledge
gained in previous failures in countermeasure development efforts.
Given the long lead-time necessary for development of vaccines and
drugs (average 8-10 yrs), achieving timelines and goals are critical.
The magnitude of the challenge to develop effective countermeasures
is great. Success will require involvement of the very best scientific,
medical, and pharmaceutical talent in government, academia, and the
private sector. Likewise, in order to achieve success in a timely
manner, the United States must be able to capitalize upon the expertise
of and existing infrastructure for product development that resides in
the pharmaceutical industry. Engaging the full spectrum of private
industry, i.e., from the smallest biotech to the largest pharmaceutical
companies, in the search for solutions to infectious diseases, will not
only greatly raise the chances of success, it can also significantly
lower the total cost to taxpayers, augmenting public appropriations
with private capital investment. Thus, it is critical to recruit these
organizations into the biodefense effort and assure effective alignment
between government, academia and industry.
NIH/NIAID is uniquely positioned to lead the effort. The NIH
recognizes that significant advances occur when they are often
unforeseen. These advances expand the experimental possibilities and
open new pathways for research. It must be recognized that not all
research problems are equally approachable no matter how urgent and
important to public health. Research and development of countermeasures
will be a long-term endeavor. There is always uncertainty about where
the most valuable discoveries can be made but NIH is best placed to
identify scientific opportunities and applications that are relevant to
the most pressing issues that will yield solutions. NIH/NIAID is
unrivaled in its track record of bringing together the brightest
scientists and rigorous peer review and oversight of funded research.
Indeed, many of the best investigators have already been funded by
NIAID and have recently made major advances in determining the
mechanism of action of the anthrax toxin and the molecular mechanism by
which the Ebola virus induces death. As evidenced by mechanisms put in
place early in the AIDS epidemic, NIAID has a positive track record of
working with the private sector from early phase discovery to clinical
development. They can quickly mobilize the research community. Last
fall, the NIAID conducted a study to show that existing stocks of
smallpox vaccine could be diluted at least 5-fold to provide immediate
protection to a larger number of individuals should the need arise.
Within three months a comprehensive Biodefense Research Agenda was
developed with broad input from the scientific and medical communities,
including those from industry. Over 20 initiatives already have been
launched to expedite biodefense research. This impressive efficiency is
in part based upon the synergy, which is derived by driving the
biodefense research in parallel with all other infectious disease and
immunology research. Separation of these two efforts could result in
failure due to missed opportunities--failure to apply the latest
technologies or knowledge gained from the study of other infectious
agents. Therefore, I recommend that the Department of Health and Human
Services (HHS) continue to be responsible for the prioritization,
direction, and conduct of federal research efforts related to
development of countermeasures for bioterrorism.
Although the Administration's Bill recognizes the necessity that
HHS conduct the research and development programs related to infectious
diseases, Section 303(a)(2) of the Bill provides that DHS, in
consultation with HHS, shall have final authority to establish the
research and development program, including the setting of priorities.
The proposed transfer of program and funding authority in the
Administration's Bill gives ultimate control of research spending and
priorities to DHS, a non-scientific, non-public health based agency. To
create the appropriate scientific infrastructure in DHS would result in
loss of momentum and unpredictability of new and ongoing research
programs within HHS. There is no time to ``re-invent the wheel'' rather
we should capitalize on the solid infrastructure that already exists in
infectious disease research in this country. It is not clear which
activities by the DHS would duplicate, supplant, or replace existing
programs conducted by HHS and create increased and recurring costs. One
of the most critical determinants of success in biodefense research
will be support and oversight of excellent science based upon peer
review and merit. As stated earlier, NIH/NIAID has an unparalleled
track record of success based upon merit review.
In summary, a scientific health agency, HHS, rather than the non-
scientific, non-public health DHS should have the principal authority
for developing and prioritizing scientific and health related programs.
The role of DHS should be to integrate threat analysis and
vulnerability assessments into the research agenda. This could be
accomplished by appointment of an Assistant Secretary that would have
dual reporting to HHS and DHS and to work closely with NIH/NIAID. The
desired outcome would be mutually agreed upon research priorities that
address threatening biological agents.
2. indistinguishable features of bioterrorism and naturally occurring
infectious diseases
While bioterrorism poses grave threats, the human race has been
ravaged by infectious diseases throughout its history. The emergence of
new infectious diseases (notably HIVAIDS) has decimated entire
societies, while infectious agents such as influenza can turn
unexpectedly virulent, e.g. the 1918 influenza pandemic killed tens of
millions of people. In this broader context of emergent and resurgent
infectious disease, the victims of a bioterrorist attack pose an
indistinguishable set of public health challenges from any number of
foreseeable natural outbreaks. Since well over 30 previously unknown
infectious agents (including several new hemorrhagic fever viruses and
new highly virulent strains of streptococci) have been identified since
1973, it is imperative that our public health infrastructure and
surveillance systems be structured to recognize both naturally
occurring and intentionally released infectious agents. CDC should have
this responsibility. Section 505(a)(2) of the Administration's Bill
requires DHS to carry out these functions under agreement with HHS. A
separate public health system for biodefense should not be created. The
primary duty and authority should remain with CDC, which has the
existing knowledge, experience, and expertise. Again, an Assistant
Secretary with dual reporting to HHS and DHS could coordinate planning
and development of programs and lend technical assistance. Working
closely with the CDC Director mutually agreed upon public health
priorities for bioterrorism preparedness and response could be achieved
in an efficient manner.
3. the nature and extent of the bioterrorism threat and the need to
balance public safety and legitimate research in regulation and
oversight measures
Biological weapons have varied characteristics. High potency,
substantial accessibility, and relatively easy delivery characterize
the most fearsome agents. Humans, animals, and plants are potential
targets for bioterrorism. Many of these agents-bacteria, viruses, and
toxins--occur naturally in the environment. Thus the agents and much of
the technology required to produce them are available for civilian or
military use in many countries. Regulation and oversight measures for
work with infectious agents must be balanced so as not to impede
legitimate research, diagnosis, and treatment of these naturally
occurring infectious agents. I recognize that there is public concern
about pathogenic microorganisms being used as biological weapons by
nations or individuals. As these concerns are addressed, however, I
urge that there be careful review of possible measures that might be
taken to establish appropriate safety and enforcement measures. The
response taken should be carefully weighed and it should be balanced to
avoid over regulation and intrusive schemes that could interfere with
the flow of research activities in academia and industry. Any resulting
harm to research could deprive society of the benefits of research
advances. Scientific research must not be discouraged by unreasonable
restrictions. To do so would not serve the public interest.
In reviewing the possible risks and options for responses, we
should consider emulating the process used in overseeing recombinant
DNA research. This experience is an example of where a technical
problem was recognized and a balanced analysis and an appropriate
mechanism were set in place for overseeing activities. The NIH
Recombinant DNA Advisory Committee developed a rational approach to
regulatory oversight of recombinant DNA. The NIH Guidelines were
developed by a committee of experts and an oversight regime was
designed with an understanding of the issues and risks. We should use
the same model to construct a reasonable method that will not impede
research or result in unnecessary costs. Institutions must take a
proactive role in assuring that hazardous agents are brought into or
shipped from their facilities and used in compliance with applicable
regulations. The most effective approach to adequate oversight and
record keeping is for institutions to monitor possession, transfer and
use of select agents. Placing responsibility at the level of individual
institutions for compliance with Title II of HR 3448 will be the least
inhibitory to research.
It is important to coordinate programs related to human, animal,
and plant agents because some of the threats for each are the same.
Section 302(a) of the Administration's Bill transfers to DHS the select
agent registration and enforcement programs of HHS. However, it does
not transfer the select agent registration and enforcement programs of
the Department of Agriculture to the DHS. Subtitle C of the Public
Health Security and Bioterrorism Preparedness Act of 2002 mandated
coordination of activities of HHS and the Secretary of Agriculture
regarding ``overlap agents''--that is, agents that appear on the
separate lists prepared by HHS and Agriculture. Title II of that
legislation expands the current select registration program to include
mandatory registration of possession of select agents. Mr. Chairman,
the Energy and Commerce Committee is to be congratulated for their role
in this important legislation. Indeed, integration of the select agent
registration program will undoubtedly result in a more efficient
registration process thereby expediting registration.
Coordination among agencies that have regulations for infectious
substances is important. Better compliance can be achieved if
regulations are clear and coherent, streamlined and integrated, based
on real risks, and effectively communicated to individual researchers.
Emphasis must be placed on education, guidance and dissemination of
information to research investigators, who must clearly understand
their role and responsibilities. Institutional Biosafety Committees can
be strengthened and there should be qualifications and training for
institutional biosafety officers. Laboratory scientists and safety
managers in institutions must have input into the rule-making
procedures and work to assure that regulations are realistically
applied with minimal intrusiveness.
The core elements of a regulatory regime are already in place in 42
Code of Federal Regulations Part 72 and in the Biosafety and
Microbiological and Biomedical Laboratories (BMBL) Manual. Appendix F
includes guidelines for Laboratory Security and Emergency Response for
Microbiological and Biomedical Laboratories. Although it is currently
nonspecific, it is a reasonable basis for the development of
biosecurity requirements. It should be possible for HHS to modify its
current regulatory regime to govern registration for possession and
build on the BMBL guidance to provide for threat and risk based
regulations. Security for select agents should be based upon risk
levels.
HHS has the best scientific and institutional knowledge to provide
oversight of select agent registration and to develop rational
enforcement programs. The scientific communities, both in universities
and in the private sector, are accustomed to self-regulation in use of
radioactive materials, chemicals, and infectious agents. This service
is provided by institutional Biosafety Offices. Likewise, review of
protocols and inspection and accreditation of facilities are the norm
for use of laboratory animals in research. Again, implementation of
regulations related to select agents is reminiscent of the oversight
put in place with the advent of recombinant DNA technology. In short,
once the regulations have been established, implementation can be
achieved through use of a system modeled after Biosafety Office
Programs already in existence.
I believe the program for select agents should remain within HHS.
To transfer it to DHS will result in a delay to implementation, which
could considerably slow down implementation of the biodefense research
agenda. More importantly, housing it within DHS could result in undue
tension with the research community. For example, it is unclear whether
the regulations to be put in place within the next 180 days will be
changed taking on more of a criminal approach rather than one based
upon scientific knowledge and insights into the biomedical research
process utilizing infectious agents. The Administration's Bill states
that interim regulations will be put in place thereby leaving freedom
following the transfer of authority to DHS for other regulations to be
drafted.
In summary, I support Title II and its protections for the
legitimate and critical performance of research and diagnostic testing.
Security for biological facilities is different from security for
nuclear and chemical facilities and must take into account the unique
aspects of work with biological agents. Inappropriate policy measures
and regulations to prevent terrorists from acquiring pathogens could
have unintended consequences for research aimed at developing the very
countermeasures that could eventually remove agents from the select
agent list. There needs to be a careful balancing of public concern
about safety and security with the need to conduct legitimate research
to protect the public. Because of the enactment of HR 3448, which again
the Energy and Commerce Committee and this Subcommittee had direct
responsibility, the United States is in a leadership position with
regard to the establishment of reasonable controls on select agents.
However, we should not have a false sense of security since no other
country in the world has adopted similar legislation, which will be
necessary. Ultimately, successful oversight will depend upon the
integrity of the personnel who have access to select agents and on
local institutional commitment.
conclusion
Again, I appreciate having been given the opportunity to share my
views and concerns with you. The inadequacy of our current public
health infrastructure and existing biomedical defenses against a range
of possible bioterrorist attacks has become clear. This inadequacy has,
moreover, served to underscore the already well-documented need for
better and more varied antimicrobials, vaccines, and other agents to
detect, prevent or treat infectious diseases. One likely outcome from
increased attention to bioterrorism threats will be the development of
more comprehensive public health measures and countermeasures to
threats posed by naturally occurring infectious diseases. I believe the
recommendations I have made today provide the greatest chances for
success.
Mr. Greenwood. We thank you. Thank you for being with us.
Ms. Hamburg for 5 minutes.
TESTIMONY OF MARGARET A. HAMBURG
Ms. Hamburg. Thank you for the invitation to discuss the
proposed Department of Homeland Security, and the implications
for public health and bioterrorism.
I strongly support current efforts to give greater
authority and accountability to our homeland security program,
including the creation of a new department with cabinet level
authority. Yet we should move forward carefully as you are
doing. Realistically, a reorganization of this magnitude
requires a strategic framework for action, one that defines
critical goals and objectives and how best to achieve them and
one that defines the relative roles and responsibilities of the
different entities involved.
The opportunities for greater efficiency, effectiveness and
accountability through a new department is fairly evident in
realms of overlapping security, such as border security,
customs procedures and aspects of emergency response. How best
to organizationally address the activities related to
bioterrorism prevention, preparedness and response is a more
complicated question.
Bioterrorism is fundamentally different from other security
threats we face. Meaningful progress against the biological
threat depends on understanding it in the context of infectious
and/or epidemic disease. It requires different investments and
different partners. Unless we recognize this, our Nation's
preparedness program will continue to be inadequately designed,
the wrong first responders will be trained and equipped, we
will fail to build the critical infrastructure we need for
detection and response, the wrong research agendas will be
developed, and we may miss important opportunities to prevent
an attack from occurring in the first place.
And before a major reorganization of the agencies and
activities involved in biodefense, we would be well advised to
examine our recent experience with the deadly dissemination of
anthrax for lessons learned. It is stunning and disappointing
that we have not done this. An independent, comprehensive
analysis of the anthrax episodes and response should be
undertaken. Looking within and across the relevant agencies of
government, levels of government and at the relationships with
private sector organizations, an informed analysis with
identification of gaps and preparedness would be of enormous
value. There may be certain real advantages to consolidating
programs within the new Department of Homeland Security.
The biological threat and the public health programs
required to address it is of profound importance to our
national security. By residing within this new department it
may command more priority attention and support. It may help
ensure that experts in biodefense and public health
preparedness are full partners at the national security table.
However, including biodefense and public health programs in
the new department has some serious drawbacks. A fundamental
concern is that you will loss program focus and organizational
coherence by combining biodefense activities which deal largely
with infectious disease medicine and public health into a
department devoted mainly to a very different set of security
functions and concerns. These biodefense activities could well
be swallowed up in this huge new agency, which will likely lack
the expertise and technical leadership necessary to plan and
direct vital bioterrorism preparedness functions.
In addition, most of the public health activities required
for bioterrorism are just as important for day-to-day functions
of public health and medical care. In the months since 9/11 the
administration, through programs developed and administered by
the HHS Office of Public Health Preparedness and the CDC, has
made significant progress building the programs necessary to
strengthen the public health infrastructure for bioterrorism
within this broader context. If these programs are carved out
and moved into this new department, it will disconnect certain
functions such as bioterrorism surveillance, laboratory
networks and response, from other essential components of
infectious disease response and control. It will thin out
already limited expertise and enormously complicate the ability
of our public health partners at the State and local level to
work effectively. Rather than consolidating functions in a
single agency, transferring the bioterrorism preparedness
activities into this new department may actually require the
creation of parallel and duplicative capabilities.
Therefore, HHS and CDC should continue to have direct
responsibility for programs related to the public health
infrastructure for infectious disease recognition,
investigation and response, including bioterrorism.
However, we will need to integrate these activities into
the framework for Homeland Security. One approach might be a
coordination office placed within the new department working
closely with CDC to achieve mutually agreed upon national
security and public health priority for bioterrorism and
response.
Similarly, future preparedness requires a comprehensive
biodefense research agenda that links national security needs
and research and development priorities and assures proper
balance and integration of relevant research activities across
many departments and agencies.
Coordination of such an agenda could be undertaken by the
proposed department, engaging other departments like HHS, DOD,
Commerce, DOE and USDA. However, the role of the Department of
Homeland Security should be that of coordinator/facilitator
only. The actual design implementation and oversight of the
research agenda and its component programs must remain at the
level of the mission agencies where the scientific and
technical expertise resides.
For example, resources to develop and support the NIH
biodefense research agenda should remain within that
department.
Clearly, a new Department of Homeland Security will require
significant expertise in public health infectious disease and
biodefense. This must be seen as an important priority and
reflected in the appropriate and high level appointments and
in-house entities.
But in the final analysis, strengthening our homeland
security programs will depend on achieving dramatically
improved coordination and accountability. No matter where the
lines are drawn in the new department critical activities will
and should fall outside. So whatever the new department may
look like, we must establish additional mechanisms to assure
adequate oversight and coordination.
There are many more issues that will need to be raised and
clarified before such important legislation is passed, but time
does not allow all of that discussion now. I thank you for the
interest of your committee, the holding of these hearings, and
I stand ready to help you in any way that I can. I would be
happy to answer questions.
[The prepared statement of Margaret A. Hamburg follows:]
Prepared Statement of Margaret A. Hamburg, Vice President of Biological
Programs, Nuclear Threat Initiative
Mr. Chairman and members of the Committee: I appreciate your far-
reaching interest in Homeland Security and particularly your attention
to the public health and bioterrorism threats that are the focus of
this hearing, and I thank you for the chance to participate in this
hearing. My name is Margaret (Peggy) Hamburg. I am a physician and a
public health professional, currently serving as Vice President for
Biological Programs at NTI, a private foundation, co-chaired by Ted
Turner and Sam Nunn, whose mission is to reduce the global threat from
weapons of mass destruction. Previously, I have served as Assistant
Secretary for Planning and Evaluation in the Department of Health and
Human Services in the last Administration; as New York City Health
Commissioner for six years, under both Mayor Dinkins and Mayor
Giuliani; and as Assistant Director of the National Institute of
Allergy and Infectious Diseases, National Institutes of Health. I have
spent much of my time over many years working on bioterrorism
preparedness and response, and I welcome this opportunity to offer my
views on the new Department of Homeland Security and improving US
defenses against bioterrorism.
Events this past fall--including the attacks of September 11 and
the dissemination of anthrax through the postal system--demonstrated
our nation's vulnerability to terrorism, and underscored both the
importance and complexity of homeland defense.
I applaud current efforts to give greater authority and
accountability to our homeland security program, including the creation
of a new federal Department of Homeland Security. There is a strong
rationale for consolidating some of the many departments and agencies
that share similar functions or provide various aspects of what is
needed for comprehensive preparedness and response. Both the
Administration's Bill to establish a Department of Homeland Security
and S. 2452 to establish a Department of Homeland Security and a
National Office for Combating Terrorism as introduced by Senator
Lieberman and colleagues, offer important opportunities to strengthen
leadership, focus and coordination of essential programs and policies.
However, they also raise a number of concerns.
Preparing our nation against the threat of terrorist attack
requires well-defined authority, accountability and coordination across
an exceedingly broad array of agencies and activities. The existing
Office of Homeland Security, despite the yeoman efforts of Governor
Ridge and his staff, is clearly not structured for the task. A new
cabinet-level Department of Homeland Security can potentially improve
coordination of U.S. government activities such as border security,
customs procedures and aspects of emergency response. But improving
coordination of activities related to bioterrorism prevention,
preparedness and response is a greater challenge.
In my testimony this morning, I want to briefly raise a number of
issues that apply broadly to the creation of a new Department of
Homeland Security, then focus my attention specifically on the
biological threat.
department of homeland security: some broad concerns
The attacks of September 11 followed by the anthrax attacks have
created great political pressure on the White House and Congress to
take action to improve homeland security. Just as President Bush
refused to be rushed with his post-September military response in
Afghanistan and delayed the strikes until they could be timed for
maximum effectiveness, so must Congress--in creating a Department of
Homeland Security, act deliberately, with full analysis and without
undue haste, before taking steps it will find hard to reverse. We need
to move forward only after the most careful consideration of our goals
and how best to achieve them. Several important concerns come to mind:
Need for a Strategic Framework
The creation of a new Department of Homeland Security represents an
ambitious reorganization which will be difficult to implement and
disruptive to many functions of government. Even under the best of
circumstances, this restructuring will cost time and momentum in
current programs. Thus the goals must be defined before legislation is
passed, so the benefits of the new structure outweigh the costs of
achieving that structure. We should be very clear about what we are
doing and why--spelling out goals and objectives, as well as the
related roles and responsibilities of the various partners.
Need for Balance
Current plans require that a great many agencies and agency
components be pulled into one large Department focused primarily on
terrorism preparedness and response. At the same time, this new
Department of Homeland Security will still be responsible for dealing
with a broad range of other activities. Many of these more routine
activities will be important to the core Departmental mission because
they will, on a regular basis, allow for the practice of systems that
would be recruited into service in the event of an attack (e.g.
disaster response and sheltering, FEMA). Similarly, routine non-
terrorism activities might serve to identify unusual patterns or
situations that might signal an impending terrorist event (e.g.
monitoring shoreline for drug-runners or boating accident rescues,
Coast Guard). However, there is serious concern that when you create a
Department as diverse as this one would be, you will either lose focus
on the organizing mission of countering terrorism or you will fail to
effectively support those other routine functions. It is hard to
imagine a Department remaining honed in on terrorism preparedness and
response while responding to mudslides, hurricanes and fires,
monitoring the fisheries, searching out drug traffickers, controlling
hog cholera and investigating outbreaks of disease. It is also hard to
imagine effective leadership for such a diverse array of tasks,
requiring an equally diverse array of professional backgrounds and
expertise.
Need to Address Existing Weaknesses (Not Just Move Pieces Around)
Given the above concerns about managing this complex and varied new
Department, serious questions must be raised as to how the Department
will remedy known weaknesses in certain of its component agencies and
activities. Reorganizing defective components will not improve
performance. Some of the problems may benefit from new leadership or
enhanced attention and scrutiny, but without a clear game plan and
focused strategy, others may continue to fester, or worse, their
continuing dysfunction may be amplified in a new and confusing
bureaucracy. A host of personnel, budgetary and jurisdictional issues
may add to the difficulties of providing appropriate oversight,
management and operational accountability.
Need to Maintain Program Connectivity/Coherence
In several domains, but particularly with respect to bioterrorism,
the creation of a new and distinct Department may serve to disconnect
certain functions such as bioterrorism surveillance, laboratory
networks and response from the infrastructure needed to respond to
routine, non-intentional public health issues. The response to a
disease outbreak, whether naturally occurring or intentionally caused,
will require the same critical components. Most likely, we will not
initially know the cause of an emerging epidemic. What is more, our
overall infrastructure for infectious disease recognition and response
is far from robust. We must be careful not to further fragment our
capacity, and inadvertently undermine our own best interests. We must
also avoid the unnecessary development of duplicative systems at a time
of limited resources.
homeland security and the biological threat
As our nation struggles to respond to the concerns posed by
bioterrorism, both the nature of the threat and the role of public
health, medicine and science continue to be poorly understood and
underemphasized. The threat of bioterrorism is fundamentally different
from other threats we face, such as ``conventional'' terrorism or
attack with a chemical or nuclear weapon. By its very nature, the
bioweapons threat--with its close links to naturally occurring
infectious agents and disease--requires a different paradigm.
Designing that paradigm is proving to be a difficult challenge.
Public health has never been traditionally viewed as an element of
national security. Consequently, those who specialize in national
security are largely unfamiliar with the public health system--what it
is, how it works and why it is important to our overall mission of
protecting the nation. It is not surprising that the various Commission
Reports (e.g. Hart-Rudman) that have looked at national security/
terrorism issues and current legislative proposals for the creation of
a federal Department of Homeland Security have had trouble
conceptualizing an appropriate organizational approach that includes
bioterrorism preparedness and other biodefense activities. In fact,
there is no clear and simple answer to the question of how best to
organize the components of an effective bioterrorism prevention,
preparedness and response program.
Critical Elements of a National Response
Certainly, before a major reorganization of the agencies and
activities involved in biodefense, we must understand how these
components need to mobilize and work together in every stage of
defense--from prevention, to preparedness, to response. Accomplishment
of this task would greatly benefit from a thorough and complete
critical analysis of our response to the anthrax attacks.
It is stunning and disappointing that we haven't undertaken a
systematic review of what happened. And I strongly recommend that an
independent and comprehensive after-action review of the response to
the anthrax letters be undertaken. It should be done in a rigorous
fashion, looking within and across the relevant agencies of government,
at all levels, and at the relationships with private sector
organizations. We cannot afford to let these incidents go by without
taking stock of what happened, what should have happened (but did not),
and what needs to be done to improve response in the future. This must
be more than a listing of lessons learned. It needs to be a well-
researched report, with thoughtful and informed analysis,
identification of gaps in preparedness and response, and realistic
recommendations for improvement. To the best of my knowledge, no such
exercise is currently underway in a crosscutting and systematic manner.
Even as the aftermath and the investigation of the of the anthrax
letters is still unfolding, there is still a real urgency to undertake
such a process, before significant events fade from memory and before
new events and priorities overwhelm us.
Such an analysis would give us indispensable insight into how we
should structure our national response to bioterrorism, and how we
should incorporate the following four essential elements.
(1) Prevention. Every effort must be made to reduce the likelihood
that dangerous pathogens will be acquired or used by those that want to
do harm. This must include improving intelligence, limiting
inappropriate access to certain biological agents and establishing
standards that will help prevent the development and spread of
biological agents as weapons.
(2) Strengthening public health. Rapid detection and response will
depend on enhanced disease surveillance and outbreak investigation from
a well-trained cadre of public health professionals, educated and alert
health care providers, upgraded laboratories to support diagnosis, and
improved communications across all levels of government, across
agencies and across the public and private sector.
(3) Enhancing medical care capacity. We must improve treatment for
victims of an attack by enhancing local and federal emergency medical
response teams, training health professionals to diagnose and treat
these diseases, developing strategies to improve the ability of
hospitals to rapidly increase emergency capacity, and providing
necessary drugs or vaccines where they are needed through the National
Pharmaceutical Stockpile.
(4) Research. A comprehensive research agenda will serve as the
foundation of future preparedness. Perhaps most urgently, we need
improved detectors/diagnostics, along with better vaccines and new
medications.
Some of these activities are already underway, but need to be
strengthened and extended. Other programs and policies still need to be
developed and implemented. All are essential for homeland security. Yet
it is important to note that while certain aspects of these activities
are required to respond to the threat of bioterrorism specifically,
these programs are just as important for the day-to-day, routine
activities of public health and medical care.
Potential Benefits of Housing Biodefense Activities in a New Federal
Department
There are certain real advantages to be gained from placing these
programs within a new federal Department of Homeland Security. First
and foremost, the biological threat, and the necessary programs to
address it, is of profound importance to our national security. These
activities require greatly enhanced priority and support. By residing
within this new Department, they may be more likely to command that
needed attention and support. Furthermore, experts in biological
weapons threats, biodefense and public health preparedness must be full
partners at the national security table, participating in strategic
planning, policymaking and program design and implementation. Being
part of the Department of Homeland Security might help to
institutionalize this important participation.
In addition, legitimate concerns have been raised that if not
housed within this new Department, crucial public health and
bioterrorism programs may be neglected, and important operational
public health and biomedical defense functions may not be integrated
with national security objectives.1
---------------------------------------------------------------------------
\1\ O'Toole, Tara. ``Creating the Department of Homeland Security:
Consideration of the Administration's Proposal.'' Testimony before the
House Subcommittee on Oversight and Investigations, June 25, 2002
---------------------------------------------------------------------------
Clearly, there is an urgent need for improved coordination and
integration of bioterrorism programs and policies across agencies of
government. The current patchwork--of programs that address
bioterrorism prevention, preparedness and response, including
research--is inadequate and unacceptable. These need to be brought
together into a collective programmatic vision, and implemented in a
manner that sets priorities, supports synergy, identifies gaps and
avoids unnecessary overlap or duplication. To date, this has proved a
difficult challenge. One might argue that the most effective way to
address this concern is to pull these activities together under one
roof.
There might be additional benefit of centralizing aspects of
biodefense activities under one roof from the perspective of certain
state and local government entities as well as private sector
entities--including the medical care system and the pharmaceutical
industry--all of whom are essential partners in combating bioterrorism
and should also be integrated into an effective vision and framework
for action. Looking at the federal government from the outside, it can
be very confusing to discern where and how best to interact with the
system. Again, the creation of a unified site within a Department of
Homeland Security might reduce confusion, strengthen the ability to
work across levels of government, and support the kinds of public-
private partnerships that will prove essential to success.
Potential Disadvantages of Inclusion in a New Federal Department /
Recommendations
While there clearly are benefits to be gained by moving certain
aspects of bioterrorism and related public health issues into a
consolidated new Department of Homeland Security, a serious cost/
benefit analysis has to consider how best to ensure that our overall
governmental effort is maximally effective.
Organization of Bioterrorism Activities
As currently envisioned, the Administration's proposal for a
Department of Homeland Security would seek to develop a single,
government-wide, comprehensive and integrated research and preparedness
plan to prevent chemical, biological, radiological and nuclear (CBRN)
attacks, to reduce our nation's vulnerabilities to terrorism and to
minimize damage and assure effective response should an attack occur.
This approach is intrinsically troubling--from the point of view of
biodefense--because, as I noted earlier, the bioterrorism threat has
some very distinctive features as compared to ``conventional''
terrorism or other weapons of mass destruction. Past experience tells
us that many so-called bioterrorism programs failed to achieve their
potential because they were addressed within the framework of CBRN or
``Chem/Bio''. There was an underlying assumption that these problems
could be effectively approached with a ``one size fits all'' model, but
in reality, such programs simply failed to address the biological
component.
Meaningful progress against the bioterrorism threat depends on
understanding it in the context of infectious and/or epidemic disease.
It requires different investments and different partners. Until the
distinctive nature of bioterrorism is fully taken into account at the
level of policy, our nation's preparedness programs will continue to be
inadequately designed: the wrong first responders will be trained and
equipped; we will fail to fully build the critical infrastructure we
need to detect and respond; the wrong research agendas will be
developed; and we will never effectively grapple with the long-term
consequence management needs that such an event would entail. We may
also miss critical opportunities to prevent an attack from occurring in
the first place.
Recommendations:
(1) Any new Department of Homeland Security must be staffed at the
highest levels of leadership and decision-making with individuals who
have significant expertise in public health, infectious disease and
biodefense/bioterrorism.
(2) An Undersecretary for Biological Programs should be appointed
to oversee and integrate the various activities going on within the
Department of Homeland Security that relate to the biological threat.
In addition, that individual should serve as liaison to the various
other Departments with significant responsibilities and programs in the
biological arena.
(3) An external advisory group for biological programs should be
established with the responsibility of reviewing the appropriateness
and comprehensiveness of biological threat related programs, policies
and resource allocation / budget priorities.
Emergency Response/Role of Public Health Infrastructure
As noted earlier, a bioterrorism attack would differ in fundamental
ways from other forms of terrorist assault. The requirements for
effective bioterrorism preparedness and response are, for the most
part, substantially different as well. Biological terrorism is not a
``lights and sirens'' kind of attack. Unless the release is announced
or a fortuitous discovery occurs early on, there will be no discrete
event to signal that an attack has happened, and no site you can cordon
off while you take care of the casualties, search for clues and
eventually clean up and repair the damage. Instead, a biological
terrorism event would most likely unfold as a disease epidemic, spread
out in time and place before authorities even recognize that an attack
has occurred. We would see the first evidence of attack only after
people begin appearing at their doctor's office or emergency rooms with
unusual symptoms or an inexplicable disease. In fact, it may prove
difficult to ever identify the perpetrators, the site of release, or
even to determine whether the disease came from a natural outbreak or a
terrorist attack.
Under most circumstances, the ``first responders'' to a
bioterrorism event will be public health officials and health care
workers. ``Ground zero'' will be in hospitals, health care facilities
and laboratories. The ``battlefield'' response will come in the form of
disease diagnosis, outbreak investigation, treatment of the sick and
public health actions required to stop continuing contagion and stem
disease. How swiftly we recognize and respond to a potential attack
will dramatically influence our ability to reduce casualties and
control disease. All of these recognition and response functions are
more closely tied to public health and medical care activities than to
the emergency response required for other types of catastrophic
terrorism or even other kinds of natural disasters.
In the months since 9/11, the Bush administration--through programs
developed and administered by the HHS Office of Public Health
Preparedness (OPHP) and the Centers for Disease Control and Prevention
(CDC)--has made some progress in building the programs necessary to
strengthen public health infrastructure for bioterrorism within this
broader context of infectious disease. If these programs are carved out
of their current habitats and moved into this new Department, it will
disconnect bioterrorism preparedness from other essential components of
infectious disease response and control, thin out already limited
expertise, and complicate the ability of our public health partners at
the state and local level to work together effectively. If the nation
develops two parallel systems for infectious disease surveillance and
response--one (that for bioterrorism) of which is only really activated
and practiced in a crisis--the likely outcome will be to weaken and
fragment our nation's capacity to respond to infectious disease--
whether occurring naturally or caused intentionally.
Recommendations:
(1) HHS and CDC should continue to have direct responsibility for
programs related to the public health infrastructure for infectious
disease recognition, investigation and response, including
bioterrorism.
(2) A public health professional with appropriate background and
experience could be placed within the Department of Homeland Security,
perhaps with dual reporting to the DHS Secretary and the HHS Secretary.
This individual could then work closely with the CDC Director to
achieve mutually agreed upon public health priorities for bioterrorism
preparedness and response
(3) The Department of Homeland Security should assure greater
coordination, collaboration and program integration among the
components of government doing infectious disease surveillance
activities (e.g. DOD, USDA, Wildlife and Forestry).
Biodefense Research
Further investments must be made in biomedical research to develop
new drugs, vaccines, rapid diagnostic tests and other medical weapons
to add to the arsenal against bioterrorism. At the same time, it is
also essential that we improve technologies to rapidly detect
biological agents in environmental samples and develop other
technologies to protect the health of the public. We must learn more
about how these organisms cause disease and how the human immune system
responds so that we can develop better treatments and disease
containment strategies to protect us in the future. In addition, we
must also devote more attention and resources to ``systems research,''
in an effort to understand more about such issues as personal
protective gear, environmental safety and decontamination.
Success will require collaboration among many agencies of
government (HHS, DOD, DOE, USDA and others), academia and the private
sector. Coordination of the development and budgetary support for such
a comprehensive, integrated biodefense research agenda could certainly
be offered under the auspices of the proposed Department of Homeland
Security. This could help make sure that investment supports both
national security needs and research and development priorities. It
would also help integrate the bioterrorism-related research activities
of the various mission agencies, including threats to humans, animals
and crops. Hopefully, this would help foster proper recognition and
support for elements of the research enterprise which are currently
undervalued/under-resourced--such as the United States Army Medical
Research Institute for Infectious Diseases (USAMRIID) and the
Department of Agriculture's animal health research facility, Plum
Island. It would also help identify program gaps, overlaps and
opportunities for synergy.
At the same time, the role of the Department of Homeland Security
should be that of coordinator/facilitator. The actual design and
implementation of the research agenda and its component programs must
remain at the level of the mission agencies, where the scientific and
technical expertise resides. With a few possible exceptions, it would
be unrealistic and inefficient to build the kind of sophisticated
scientific expertise necessary to take on the direct conduct or
management of research and development activities across a broad range
of disciplines and technologies at the level of this new Department.
Recommendations:
(1) A research coordination office could be established within the
Department of Homeland Security and charged with responsibility for
assuring the development and funding support for a comprehensive,
integrated biodefense research agenda. This research coordination
office could also help support the integration of threat and
vulnerability analysis with the process of setting the research agenda.
Such a research coordination office might also be effectively placed
within a strong White House Office of Homeland Security, where it could
work across the full set of cabinet agencies, including the Department
of Homeland Security, to ensure a comprehensive, integrated and
appropriately funded biodefense research agenda. An individual with
appropriate scientific background and experience should head this
office.
(2) Given the fact that HHS is the primary department with
responsibility for biomedical research, and the unique role played by
NIH, resources to support the NIH biodefense research agenda should
remain within that Department.
(3) An external advisory mechanism should be established to
encourage ongoing communication and collaboration with academic and
industry partners. New mechanisms must be developed to engage
participation from outstanding scientists from academe and industry,
and to bring new young scientists into these endeavors.
(4) The highest level of government commitment is needed to address
the national crisis in the development and production of new vaccines
and antimicrobial drugs--a crisis that is growing in urgency in light
of the bioterrorism threat. A new Department of Homeland Security,
working closely with the appropriate agencies of government (e.g. FDA,
NIH, DOD), industry and Congress, could lead such an effort, or it
could be undertaken directly from the White House.
concluding remarks
Mr. Chairman and Members of the Committee: Government has no more
important mission than protecting the lives of its citizens. A new
Department of Homeland Security and a heightened defense against
bioterror go directly to the heart of that mission. These tasks are as
complicated as they are crucial. I thank you for the depth of the
interest you've exhibited by holding this hearing. I stand ready to
help in any way I can. And I would be happy to answer your questions--
now or in the future.
Mr. Greenwood. Thank you. The Chair recognizes himself for
5 minutes for questions. This is a question I'd like to address
to each of you. I think it's important to emphasize that the
research programs targeted by the administration's bill are
limited to only those dealing specifically with countermeasures
to terrorist threats, such as smallpox and anthrax. Why
shouldn't the new Secretary who will have access to a great
deal of information about terrorist capabilities and interests
have the authority to set the research priorities within this
limited network?
Ms. Heinrich. Our review of the proposed legislation states
that the research would be broader than you suggest, Chairman.
It says all biodefense research, which is--it is not only
applied research and research that's focused onto particular
pathogens, it's our understanding that it's an array of
diseases. And what we have learned in discussions with experts
is that there is a lot of interchange between those agents that
could be used in naturally occurring infections, and in
emerging infectious diseases.
Mr. Greenwood. If in fact, though, someone else's
interpretation was more narrow than yours would you be happy
with that?
Ms. Heinrich. We still would have concerns because you're
separating out the people that are responsible for actually
conducting the research from the overall overarching authority
and responsibility. It would seem to us that the role of
Homeland Security can be that of coordinator, as Dr. Hamburg
has suggested, that we have to have the strategic framework
that we don't have and that your operating agencies that are
actually conducting the work can be in a position to actually
respond to areas that the Secretary of Homeland Security has
said are areas of priorities. If in fact there are conflicts,
there may be other mechanisms that can be used to resolve
those. Certainly we've heard before this notion from the Office
of the President and it also may be that Congress through the
appropriations process would have a role to play in making sure
that priorities were responded to.
Mr. Greenwood. Thank you. Ms. Cassell.
Ms. Cassell. I would make the argument that having someone
hold the purse string, so to speak, and being able to establish
the priorities for research would be unwise if in fact that
particular individual or agency, the head of that agency or
department I should say, really does not have the scientific
and medical infrastructure to wisely set the priorities. You
stand a chance of not only disrupting research programs but,
more importantly, I think what would happen is that you're not
able to take full advantage of the scientific and medical
infrastructure related to infectious disease research that
already is ongoing and in place.
For example, I think it was only possible to establish the
research agenda for biodefense, for developing countermeasures
in a 3 to 4-month period, based on the wealth of basic
knowledge and ongoing research that's already going on within
NIAID. I think if you transfer the authority for establishment
of priorities, whether it be for only one agent or two agents,
you would miss those opportunities for the leveraging and the
synergism, and that would be a major concern. I think for the
next couple of years we're probably okay because the research
agenda has been established.
However, giving the budget authority and the program
authority to the Department of Homeland Security doesn't give
me any assurance, in fact, that those efforts will have an
opportunity to be materialized.
Mr. Greenwood. Isn't the concern on the other end of the
spectrum that you could have research that is so academic and
so far removed from the immediate threat of terrorism, that we
are just not focused where we ought to be?
Dr. Cassell. I can appreciate some of those concerns.
However, I think that having something like the assistant
secretary and an individual like the assistant secretary that
will have dual reporting would, in fact, take care of that
concern, because you would constantly have the input from that
assistant secretary into the research agenda with respect to
helping to set priorities, and also basically oversight in
terms of meeting deadlines and time lines and research goals.
Mr. Greenwood. Ms. Hamburg?
Ms. Hamburg. Yes. Well I think that clearly we need a
stronger and more accountable system of coordination for a
comprehensive integrated research agenda that engages the best
talent within many parts of government and the private sector.
But I think in terms of actually setting priorities and
determining the elements of that research agenda, we will
actually undermine our own best interests if we don't ensure
that it actually is housed within agencies that are
appropriately expert in the domains of research and connected
to where the research is going.
Again, all of us have emphasized the close connection
between the bioweapons threat and the threat of naturally
occurring infectious disease. I think we also have to recognize
that the bioweapons threat is evolving very quickly, because
our capabilities in science and technology are evolving very
swiftly. Some of the expertise in security only setting
research agenda may actually miss emerging and important
threats that are coming forward because of new capabilities in
science, our ability to manipulate organisms, to understand
what makes them infective and actually to manipulate them so
they might be more infective, to actually manipulate them so
they might be more lethal to create new organisms de novo, and
I think looking forward, if we want to be prepared, if we want
to be ahead of the curve in terms of evolving threats, then we
really have to link this very, very closely to the scientists
who know where science and technology is actually going, and
where we can best target our resources and our capabilities to
really have the kind of comprehensive short-term, long-term
research agenda that we need for our protection.
Mr. Greenwood. Ms. Cassell, you wanted to add something?
Ms. Cassell. Yes. Thank you. I think that we should be very
careful to take advantage of lessons we can learn. We can learn
by evaluating the defense research programs that have been in
existence in terms of development countermeasures, very
narrowly and with very narrow focus. We should look at the
track record of those programs, I think, and again, lessons
learned by being so narrowly focused, first having much broader
focus in terms of taking advantage, as Dr. Hamburg has said, of
other available knowledge.
Mr. Greenwood. Thank you. The Chair recognizes the
gentlelady from Florida, but before doing so, would indicate
for everyone's information--is this a series of votes? Never
mind.
The gentleman from Florida for 5 minutes.
Mr. Deutsch. Thank you. Thank you, Mr. Chairman. The White
House and Governor Ridge have told the committee that the new
Department of Homeland Security would be quite capable
prioritizing and managing the research and development programs
and public health preparedness programs in the Department of
Health and Human Services and contracting actual work back to
HHS without any delay in those programs.
Is there any way that inserting another layer of
decisionmakers over these programs would not close delay? If
each of you can respond to that. Ms. Cassell?
Ms. Cassell. I would say definitely not. I can't imagine
that there won't be delay. First of all, you have to create
appropriate scientific medical infrastructure within the new
department in order to allow you to make those rational
decisions that must be made.
Ms. Hamburg. It's hard to imagine how that would increase
efficiency and accountability. I think it will also require the
addition of new layers of expertise within the Department of
Homeland Security, and I think one needs to examine what are
the benefits. Again, I come back to the crying need for better
coordination, but that doesn't have to be achieved by creating
a whole new systems of management.
Ms. Heinrich. I'd like to suggest that we could learn from
previous experience and actually look for places where we have
successfully coordinated across Federal agencies in the private
sector as well, especially in the area of R&D. I think there
are examples of where agencies and programs have done that
successfully.
Mr. Deutsch. This is really a follow-up. What type of
expertise would homeland security have--or have to have in-
house to prioritize and manage these programs?
Ms. Hamburg?
Ms. Hamburg. Well, I think, you know, one contribution the
new Department of Homeland Security could make would be to
bring to bear the best possible information about the nature of
threats and the credibility of emerging threats so that it
could be integrated into preparedness and response programs. It
also could help to ensure that the various elements that are
being actually implemented by different parts of government are
brought together into a more comprehensive picture so there
aren't unintended gaps in programmatic activity or unnecessary
duplication of effort.
And I think that it can offer an opportunity for
individuals working outside of the Federal Government to have a
place to go to in a coordinating way, to then find the services
and programs that they need, get clarification of policies if
you're at the State and local government, or if you're in the
private sector, but not actually directly running those
programs.
Mr. Deutsch. You know, one of the issues which really ties
into this is really where would they get that expertise? These
are human resources. That is really a question of trying to
hire people. And one of the things that has impressed me
incredibly, you know, from the jurisdiction of this
subcommittee and the committee is, you know, CDC and HHS and
NIH are, you know, on part with no part in terms of expertise.
I mean, and there's a culture in each of those agencies that
sort of breeds that. And I've never seen that created
overnight. I mean, it seems impossible to create overnight, so
I guess the real question is, if that's the level, the best of
the best, the brightest of the brightest, the most creative of
the most creative, how can you even expect that to happen in
any short period of time in a new agency? I mean, I see you
agree with me, so I guess, you know, Ms. Cassell in particular,
if you want to respond.
Ms. Cassell. I think you're right on target. In fact, I
could not agree with you more.
I would just like to add to your comments in regards to
what type of expertise would be required. One thing I think
that is important if you're going to have the new department
controlling, again, the research program, both from program
development, setting of priorities and the budget, you need to
have some expertise that's very knowledgeable with grant review
and peer review process for ongoing research programs.
I can give you an example. I'm familiar with, based on
participation in different reviews of biomedical research
programs in this country, and that is when monies were awarded
to the Department of Defense, for example, for breast cancer
research, ultimately the authority for review of those programs
and oversight of the programs actually was not transferred
initially, but certainly the NIH ended up playing the lead role
in terms of the administration of the program. Again, because
that was--in terms of peer review research----
Mr. Deutsch. If I can make just one follow-up question, and
that is really, you know--and this is just getting on the
practical side of how you actually do this once--I mean, we
are--once we create the agency. I mean, I have this real
concern, and it's a practical concern, that there are people
who are, you know, developers of--and really have the
expertise, and it's not expertise you can just learn in school.
It's expertise, that why would someone with that type of
expertise in an environment that, you know, are in and they're
happy, because otherwise these are people who clearly could
leave and get jobs in different settings. Why would someone
want to leave with a big question mark?
And it almost seems like the people that are going to--the
incentive if you're an agency--CDC, whatever, you almost want
to get rid of your sort of deadwood to a new agency. There
would seem to be a sort of bureaucratic incentive at that point
not to give up your best people, but your second best people. I
mean, is that a concern, and how do we deal with that?
Ms. Hamburg. Well, I think you clearly are experiencing the
way of government and that's a valid concern and we've
certainly seen it happen in many instances. I've worked in
government in most of my career at the local and Federal level,
and it's a concern that I immediately had when I heard this
proposal. I think it's also the case that we have a limited
supply of trained professionals in many of these critical
areas, whether it's the bench researchers working on certain of
these pathogens or the epidemiologists and infectious disease
experts that we need to shape the research activities, the
programs and the policies, and so we cannot afford to dislocate
people from where they are currently working and functioning
and working in a dual use, not exclusively a bioterrorism
manner, and pull them into a new department that will not fully
utilize their very important and limited talent in terms of our
national personnel resource base.
Mr. Deutsch. Thank you.
Ms. Heinrich.
Ms. Heinrich. I would just make a comment that I think that
it's a challenge to draw experienced researchers and new
researchers into the field of this biodefense work away from,
you know, where their current focus is. So it's probably a
problem that's more complex rather than easier.
Mr. Deutsch. Thank you.
Mr. Bass [presiding]. The Chair recognizes himself for 5
minutes. Just a process point here. I should note that Dr.
Cassell and Dr. Hamburg are doctors, not--and should be
addressed as such, even though they were mislabelled.
Dr. Hamburg, I just have a quick question for you. Nuclear
threat initiative has been closely associated with Nunn-Lugar,
the nuclear weapons initiative, and I'm wondering if you could
give us some perspective which the other two witnesses might be
able to comment upon about how a similar type program might be
structured for the bioterrorist threat or the biological
threat, because we don't have any such program currently to
date.
Ms. Hamburg. Well, Let me just give a little bit of
background. The organization for which I work is cochaired by
former Senator Nunn and Ted Turner who has funded it. It's a
charitable organization whose focus is to reduce the threat of
weapons of mass destruction, and on our board actually are many
distinguished individuals, including Senators Lugar and
Domenici who have been deeply involved with these activities
for many years, along with Senator Nunn.
The Nunn-Lugar program really had focused predominantly on
nuclear, but has had a biological component and it's been
looking at how can we reduce the threat that exists from the
weapons programs in the former Soviet Union that are now no
longer active in many of the components, but facilities exist,
people with expertise and know-how are now unemployed or
underemployed. There are real security issues across many
domains and concerns that important materials and capabilities
could get in the hands of individuals who would use them to do
harm.
On the biological side, I think there's enormous
opportunity and opportunity that we can realize almost
immediately by making greater commitment to that program. The
former Soviet Union had a very large biological weapons program
functioning in many different institutes with literally
thousands of scientists and personnel working on different
aspects of biological threats, animal, human and crop. We need
to make sure that we, as a Nation, and in partnership with
other nations, do everything that we can to ensure that both
the material developed and the expertise developed can be
redirected into many valuable prosocial research activities,
both academic and entrepreneurial.
Mr. Bass. But Nunn-Lugar as it's currently constructed, can
initiate and execute this kind of a program in biological
containment as well as nuclear.
Ms. Hamburg. It can, and there has been an element of it
that has focused on the biological threat. It's been a small
component, and it has, I think, been undersupported and
undervalued in terms of the contribution that can be made. And
I would be very eager to work with you if you'd like to explore
opportunities in that realm to a greater degree.
Mr. Bass. Dr. Castle.
Ms. Cassell. Yes. I'd just like to comment that you
probably may be aware that there are small programs within HHS
and DOD, some of which are administered by The National Academy
of Sciences, to do exactly as Dr. Hamburg has described with
respect to engaging former Russian bioweapons research
scientists into meaningful infectious disease research. But
again, it's a very small program and has been, I would argue,
woefully underfunded for the last 6 years.
Mr. Bass. It's a huge problem. I yield back. I recognize
the gentlelady from Colorado for 5 minutes.
Ms. DeGette. Thank you, Mr. Chairman. As I read the
administration's proposed plan, it looks to me like the
Department of Homeland Security would have the ability to shift
research funds in both the NIH and in the CDC in any way they
wanted. In other words, they could supersede decisions that
those two agencies are currently making. Would that
interpretation be correct, Dr. Cassell?
Ms. Cassell. I'm going to agree with you 100 percent, and
this is my major concern. I think it is the current of a lot of
people. I think people may have trust that over the next 2
years because the agenda has already been established, this
won't happen, but in years following the next two, I think
that's a very real possibility that would occur----
Ms. DeGette. And looking at the legislation, I think people
think it won't happen just because they think it won't be done,
but it, in fact--the legislation gives the Department of
Homeland Security to do exactly that. In other words, to say to
the NIH, we think we need the resources you're using for other
types of interdepartmental--any kind of research. We think,
well, it might be important, but we think that this other thing
is more important. So we're just superseding your decision, and
we're redirecting it. That would be your understanding of the
legislation as well?
Ms. Hamburg. That is my impression that they have the final
authority in terms of allocation of dollars and setting of
priorities, and I think that is a real concern.
Ms. DeGette. Ms. Heinrich, do you agree that that's what
the legislation says?
Ms. Heinrich. The legislation gives--the proposed
legislation gives the Department of Homeland Security the money
and the authority to establish priorities. It also says that it
should conduct the research through HHS predominantly and NIH.
It also gives the President the prerogative to decide not to
conduct and do research through this kind of arrangement, but
it doesn't give us any indication of under what circumstances
the President might use that prerogative.
Ms. DeGette. Okay. Thanks. See, here's the concern I have,
and I think we're all agreeing. And by the way, Mr. Chairman, I
think this is a wonderfully illuminating panel, and thank you
very much for coming today.
The concern I have, Dr. Cassell, in listening to your
testimony, there are a lot of infectious diseases that are
killing millions of people every month, every year, and a great
deal of money has been invested in trying to cure them. HIV is
an example that I can think of, but yet we haven't done that,
so the question is, if the Department of Homeland Security
decides to shift the money to select agents, what happens to
the research that's being done for these other diseases?
Ms. Cassell. Well, I think through the regular
appropriations process, NIH and--one might take confidence that
these other programs would be protected, and I think that we
have heard assurance from the doctor who directed the NIAID
that the other research programs won't be compromised. However,
I think that, you know, that is today as we've said, and what
will happen in 2 years out, I think that might be another
question.
I'd just like to add, if I might, to your concerns about
some of the authorities that have been given, and it goes back
to the oversight of select agents, and in fact, the way things
are written now certainly, I think, gives a lot of room for
going back and changing regulations and oversight of that
program, and not that I want to change the direction you're
going, but this does also potentially have the possibility of
having a tremendous negative impact on the very research that
we need to do in order to be able to get accounting measures.
Ms. DeGette. Right. You're not changing direction. That's
exactly what I was trying to get at. And Mr. Hauer said, well,
the problem is that we have limited resources, and we just have
to recognize that, and so practically speaking, if you want to
continue ongoing research and then have research into select
agents, you're not going to be able to do both. You are going
to have to shift resources away from some ongoing research, and
I guess the question many of us are asking is who should be
making those decisions, the scientists at CDC and NIH or
somebody who is in this new department who's superseding their
decisions. Correct? Dr. Hamburg, do you have----
Ms. Hamburg. Well, I think--I think that, you know, clearly
we live in a world, with limited resources and we can't do
everything we might want to do in all areas of activity. I
think that one of the great advantages of really housing our
research activities, both the priority setting and
implementation of the research at places like NIH is that you
get synergy that you will lose if you try to carve it out into
segments.
Fundamental understandings of how organisms cause disease,
how the human immune system responds will have implications for
both naturally occurring disease and intentionally caused
disease. It will have implications for new drugs or vaccines we
might develop against select agents that we're particularly
concerned about as bioweapons threats, but also against
organisms that might occur in nature. So I think you get more
bang for your buck by having both biodefense-related research
agenda but having it integrated with infectious disease
research more broadly and understanding of immune response.
Ms. DeGette. Thank you. Mr. Chairman, let me just say in
closing up here, I'm really concerned about what this bill--
what the administration's proposal does for biological research
within CDC and NIH, and I would hope that we could work in a
bipartisan way to fix this, because some of the suggestions
that this panel has had for having some coordination function
but not a superseding function I think really make a lot of
sense, and I yield back.
Mr. Greenwood. The Chair thanks the gentlelady.
I believe our questioning has been accomplished. So we
thank the witnesses for your testimony in answering questions
and excuse you and call forward our next panel, consisting of
Dr. James McDonnell, the director of Energy Security and
Assurance Program at the Department of Energy; Mr. John S.
Tritak, director of Critical Infrastructure Assurance Office in
the Department of Commerce; Mr. Robert Dacey, director of
information security issues in the General Accounting Office;
Dr. Samuel G. Varnado, director of the Infrastructure and
Information Systems Center at Sandia National Laboratories; and
Dr. Donald D. Cobb, associate director for threat reduction at
Los Alamos National Laboratory.
Thank you. You understand that this subcommittee is holding
an investigative hearing and in doing so it is our practice to
take testimony under oath. Do any of you object to taking
testimony under oath? Seeing no affirmative responses, the
Chair would then inform you that pursuant to the rules of the
committee and the House, you're entitled to be represented by
counsel. Do any of you wish to be represented by counsel?
Seeing no affirmative responses, would you please stand and
raise your right hand.
[Witnesses sworn.]
Mr. Greenwood. Thank you, you're under oath and Mr. Tritak,
we'll begin with you. You're recognized for 5 minutes for your
opening statement.
TESTIMONY OF JOHN S. TRITAK, DIRECTOR, CRITICAL INFRASTRUCTURE
ASSURANCE OFFICE, DEPARTMENT OF COMMERCE; JAMES F. MCDONNELL,
DIRECTOR, ENERGY SECURITY AND ASSURANCE PROGRAM, DEPARTMENT OF
ENERGY; SAMUEL G. VARNADO, DIRECTOR, INFRASTRUCTURE AND
INFORMATION SYSTEMS CENTER, SANDIA NATIONAL LABORATORIES;
DONALD D. COBB, ASSOCIATE DIRECTOR FOR THREAT REDUCTION, LOS
ALAMOS NATIONAL LABORATORY; AND ROBERT F. DACEY, DIRECTOR,
INFORMATION SECURITY ISSUES, GENERAL ACCOUNTING OFFICE
Mr. Tritak. Thank you, Mr. Chairman I'd like to have my
written remarks in the record.
Mr. Greenwood. Without objection.
Mr. Tritak. But I actually would like to touch on a couple
of themes that I think are of interest to the committee and
spend my 5 minutes on those and any follow-up questions we
could take.
I think I'd like to start, Mr. Chairman, by trying to
underscore how fundamentally different the homeland security
mission is from what I would refer to as classic national
security. When I got into this business back in the late
1980's, national security was something the government did. It
was something the State Department did, the Defense Department
did, the Justice Department did on behalf of the people. The
role of the private industry really was a supplier of services
and goods or as a taxpayer. But these were quintessentially
government functions.
We're now entering a new age. Homeland security presents a
national security problem that the government can't do alone.
The target of terrorist activity, we know from statements made
by bin Laden, is our economy, the pillars of economy
specifically, which we take to mean the national infrastructure
of the United States, and we also know that Osama bin Laden has
urged his followers to exploit vulnerabilities, wherever they
may be. On September 11, we saw how they were exploited in the
physical sense, but we also have to take into account that the
introduction of information systems and networks on a vast
level create a veritable digitalness across the globe. It
presents some new opportunities perhaps for exploitation.
Now, let's be clear what the goal of the terrorists is.
It's to force us to turn inward and to disengage from our
global responsibility, particularly the Middle East. They're
going to fail in that mission. The notion is that by attacking
the economy of the American people, we will fall to our knees.
And whether or not they're going to succeed, which I know they
are not, they're certainly going to try. So we have to
recognize that homeland security is going to be a shared
responsibility between the government and the owners and
operators of our economy, the vast majority of which are
private. And frankly, that is going to require redefining and
clarification of the respective roles and responsibilities of
the government industry on a level that we've never had to
conceive of before.
The industry must be a full partner here. They bear
responsibility to help secure our national infrastructure, and
they need to work with government in a way that they are not
used to. It's going to require a cultural investment on both
sides. It's not easy for government to acknowledge that role--
that change of role that government plays in this. It's not
easy for industry either. But what I believe needs to take
place and one of the most awesome tasks that the new Secretary
is going to have to undertake is to create a culture of
collaboration and partnership with industry that must permeate
every level of organization in the new Department of Homeland
Security.
We're not recreating a new Pentagon here. We're creating a
new entity to achieve a common goal of protecting the American
way of life within our borders against terrorism and to deal
with episodic events where terrorism may find its mark.
And as I indicated, it will require a cultural adjustment,
and that is not going to be easy and some need to be skeptical
of whether or not that can take place. I happen to think it's
inescapable and that a cultural collaboration brought on by a
confrontation with the owners and operators is what is
required. And so I want to underscore that whatever else is
being discussed here today in terms of statutory changes in the
bill or anything else is to recognize that I think this is a
fundamental principle that is inescapable in this new age.
Now, going a little further, we also recognize that
information sharing is an indispensable part of securing our
infrastructure, indeed securing our homeland, and the
administration's policy, and indeed the policy of the last
administration, was to encourage information sharing. And
information sharing has been taking place, the National
Security Telecommunications Advisory Counsel, which you'll hear
a little bit more about with Guy Copeland in the next panel.
But as much as information sharing is taking place, there
is a reluctance to engage in the wholesale open exchange in a
proactive manner, in a dynamic manner, because of concerns
about existing laws and regulations. People can disagree over
whether FOIA does or does not cover this sort of activity. My
question is a little more basic. In the current statutory and
regulatory environment, is it conducive to promoting or
impeding voluntary information sharing?
And of course, resolving this is not going to be easy,
because you may very well have two public goods that come into
conflict, on the one hand, the need to encourage voluntary
information sharing, and on the other, the demands of open
government. Reconciling these two are inescapable, and frankly,
they're going to fall on the shoulders of the Congress. I think
it's important to recognize, however, that reconciliation and
we need to address this issue.
Now, the administration has made it clear that a narrowly
crafted FOIA exemption would help advance the cause of
voluntary information. I know that there are people who look at
section 204 of the present bill and have expressed some
concern. And as I understand it, that section is in the process
of being relooked at and revised in light of the dialog that
has taken place between the Congress and the administration.
But what I'd like to be able to conclude is at least say
something about the basic principles that the administration is
trying to advance without going into details, which at this
point, I'm not in a position to do. One, it's designed to be
narrowly crafted, not overly broad. Two, it's only dealing
within the zone of voluntary activity. There's no intention to
role back mandatory disclosure requirements that exist in other
parts of the law or regulation. And third, there's no intention
to create safe havens for gross negligence or criminal
activity. The idea here is to create an environment that is
conducive and encourages this voluntary activity.
Now, I want to be very clear about something, because you
probably will hear a little bit about this later. FOIA reform
in this area is not a silver bullet. There is not going to be
an avalanche of information pouring into the Federal Government
the day after the passage of the bill, because one thing that
information sharing requires, and it cannot be legislated, it
cannot be regulated, is trust, and that trust evolves over
time, and part of the experience with industry and government
engaging on an ongoing basis on a constructive activity that
advances the public interest.
What I referred to earlier is one example of a group that
has been sharing information with the government for some time.
They have already demonstrated the importance of it, but they
too have indicated that more needs to be done in the way of
FOIA.
Ultimately, Mr. Chairman, this process is going to be one
of give and take. What this bill ultimately has to look like
and what it will look like will be a consensus between the
government, the Federal and executive branch and the Congress
on homeland security. Recognizing that honest people can agree
or disagree on any specific provision, let there be no doubt
about what needs to happen, and I for one stand ready to
support your efforts and yours of the committee in moving this
along. I would also like to acknowledge one other thing, if I
may, Mr. Chairman, and that is, both your leadership over the
years on this issue and also the leadership of a very, very
solid staff on both sides of the aisle. I've had the
opportunity now to meet with a fair number of them, and they
are a very tough bunch, but the one thing I will tell you is
that their professionalism and their honesty and
straightforwardness made it a pleasure to deal with them, even
if we disagreed on some of the details of the policy. Thank you
very much.
[The prepared statement of John S. Tritak follows:]
Prepared Statement of John S. Tritak, Director, Critical Infrastructure
Assurance Office, Bureau of Industry and Security, United States
Department of Commerce
i. introduction
Mr. Chairman, members of the Committee, I am honored to appear
before you today to discuss the critical infrastructure protection
activities proposed for transfer to the new Department of Homeland
Security. I look forward to discussing with you the important role that
the Critical Infrastructure Assurance Office (CIAO) would play in this
new Department.
It is very clear in this current environment that the country needs
a single, unified homeland security structure that will improve
protection against today's threats and be flexible enough to help meet
the unknown threats of the future. The creation of the Department of
Homeland Security is the most sweeping reorganization of our national
security establishment in over 50 years. However, this decision was
made on the basis of careful study and experience gained since
September 11. The Administration considered a number of organizational
approaches for the new Department proposed by various commissions,
think tanks, and Members of Congress. The Secretary of Commerce, the
Under Secretary and I--as well as all other senior management at the
Commerce Department--fully support the President's plan and stand ready
to undertake necessary efforts to facilitate the creation of the new
Department as soon as possible.
The new Department of Homeland Security would be organized into
four divisions: Border and Transportation Security; Emergency
Preparedness and Response; Chemical, Biological, Radiological and
Nuclear Countermeasures; and Information Analysis and Infrastructure
Protection. The new department will be comprised mainly of existing
organizational elements located in other Federal departments and
agencies. For example, my office, the CIAO, now located in the
Department of Commerce's Bureau of Industry and Security, will become
part of the new Information Analysis and Infrastructure Protection
Division.
I would like to take this opportunity to provide some background on
the CIAO and to discuss briefly some of the specific activities and
initiatives we are currently undertaking on cyber security and homeland
security.
ii. background on the critical infrastructure assurance office
The CIAO is not a new arrival to the homeland security effort: we
have been working to realize the objective of critical infrastructure
assurance for four years. The CIAO was created in May 1998 by
Presidential Decision Directive 63 (PDD-63) to serve as an interagency
office located at the Department of Commerce to coordinate the Federal
Government's initiatives on critical infrastructure assurance. On
October 18, 2001, Executive Order 13231 (the Order), was issued and
entitled ``Critical Infrastructure Protection in the Information Age,''
the CIAO began serving as a member of and an advisor to the newly
created President's Critical Infrastructure Protection Board (the
Board). The Board was created to coordinate Federal efforts and
programs relating to the protection of information systems and networks
essential to the operation of the nation's critical infrastructures. In
carrying out its responsibilities, the Board fully coordinates its
efforts and programs with the Assistant to the President for Homeland
Security.
iii. major ciao activities and initiatives
CIAO's responsibilities for developing and coordinating national
critical infrastructure policy focus on three key areas: (A) promoting
national outreach and awareness campaigns both in the private sector
and at the state and local government level; (B) assisting Federal
agencies to analyze their own risk exposure and critical infrastructure
dependencies; and (C) coordinating the preparation of an integrated
national strategy for critical infrastructure assurance.
A. Outreach and Awareness
The Federal government acting alone cannot hope to secure our
nation's critical infrastructures. The national policy of
infrastructure assurance can only be achieved by a voluntary public-
private partnership of unprecedented scope involving business and
government at the Federal, State, and local levels. Forging a broad
based partnership between industry and government lies at the heart of
the CIAO's mission.
Private Sector Partnerships: CIAO has developed and implemented a
nation-wide industry outreach program targeting senior corporate
leadership responsible for setting company policy and allocating
company resources. The challenge of such an effort is to present a
compelling business case for corporate action. The primary focus of the
CIAO's efforts continues to be on the critical infrastructure
industries (i.e., information and communications, banking and finance,
transportation, energy, and water supply). The basic thrust of these
efforts is to communicate the message that critical infrastructure
assurance is a matter of corporate governance and risk management.
Senior management is responsible for securing corporate assets--
including information and information systems. Corporate boards are
accountable, as part of their fiduciary duty, to provide effective
oversight of the development and implementation of appropriate
infrastructure security policies and best practices.
In addition to infrastructure owners and operators, the CIAO's
awareness and outreach efforts also target other influential
stakeholders in the economy. The risk management community--including
the audit and insurance professions--is particularly effective in
raising matters of corporate governance and accountability with boards
and senior management. In addition, the investment community is
increasingly interested in how information security practices affect
shareholder value--a concern of vital interest to corporate boards and
management. In partnership with these communities, the CIAO has worked
to translate potential threats to critical infrastructure into business
case models that corporate boards and senior management can understand.
Corporate leaders are beginning to understand that tools capable of
disrupting their operations are readily available not merely to
terrorists and hostile nation states but to a wide-range of potential
``bad actors.'' As a consequence, they are beginning to grasp that the
risks to their companies can and will affect operational survivability,
shareholder value, customer relations, and public confidence. The CIAO
has also worked actively to facilitate greater communication among the
private infrastructure sectors themselves. As individual Federal lead
agencies under PDD-63 formed partnerships with their respective
critical infrastructure sectors, private industry representatives
quickly identified a need for cross-industry dialogue and sharing of
experience to improve the effectiveness and efficiency of individual
sector assurance efforts. In response to that expressed need, the CIAO
assisted its private sector partners in establishing the Partnership
for Critical Infrastructure Security (PCIS). The PCIS provides a unique
forum for government and private sector owners and operators of
critical infrastructures to address issues of mutual interest and
concern. It builds upon, without duplicating, the public-private
efforts already being undertaken by the Federal Lead Agencies.
State and Local Government Partnerships: The CIAO has developed an
outreach and awareness program for state and local governments to
complement and support its outreach program to industry. State and
local governments provide critical services that make them a critical
infrastructure in themselves. They also play an important role as
catalyst for public-private partnerships at the community level,
particularly for emergency response planning and crisis management. The
issue of securing the underlying information networks that support
their critical services was a relatively new issue before September 11.
State and local governments tend to be well organized as a sector, with
multiple common interest groups. Similar to its program for industry,
the CIAO has laid out a plan to implement outreach partnerships with
respected and credible channels within state and local government. CIAO
has also met with the National Governors Association and the National
Association of State Chief Information Officers to encourage input into
the National Strategy for Cyberspace Security. The front lines for the
new types of threats facing our country, both physical and cyber,
clearly are in our communities and in our individual institutions.
Smaller communities and stakeholders have far fewer resources to
collect information and analyze appropriate actions to take.
Consequently, in February of this year, the CIAO began a series of four
state conferences on Critical Infrastructures: Working Together in a
New World, designed to collect lessons learned and applied from the
events of September 11 from New York, Arlington, and communities across
the United States. The intent of this conference series is to deliver a
compendium of community best practices at the end of the first quarter
of 2003. The first conference was held in Texas and the second in New
Jersey. The last two will be held in the latter part of 2002 and the
first quarter of 2003.
B. Support for Federal Government Infrastructure Activities
Homeland Security Information Integration Program: The
Administration is proposing in the President's Fiscal Year 2003 budget
request to establish an Information Integration Program Office (IIPO)
within the CIAO to improve the coordination of information sharing
essential to combating terrorism nationwide. The most important
function of this office will be to design and help implement an
interagency information architecture that will support efforts to find,
track, and respond to terrorist threats within the United States and
around the world, in a way that improves both the time of response and
the quality of decisions. Together with the lead federal agencies, and
guided strategically by the Office of Homeland Security, the IIPO will:
(a) create an essential information inventory; (b) determine horizontal
and vertical sharing requirements; (c) define a target architecture for
information sharing; and (d) determine the personnel, software,
hardware, and technical resources needed to implement the architecture.
The foundation projects will produce roadmaps (migration strategies)
that will be used by the agencies to move to the desired state.
Federal Asset Dependency Analysis--Project Matrix: The CIAO also is
responsible for assisting civilian Federal departments and agencies in
analyzing their dependencies on critical infrastructures to assure that
the Federal government continues to be able to deliver services
essential to the nation's security, economy, or the health and safety
of its citizens, notwithstanding deliberate attempts by a variety of
threats to disrupt such services through cyber or physical attacks.
To carry out this mission, the CIAO developed ``Project Matrix,'' a
program designed to identify and characterize accurately the assets and
associated infrastructure dependencies and interdependencies that the
U.S. Government requires to fulfill its most critical responsibilities
to the nation. These are deemed ``critical'' because their
incapacitation could jeopardize the nation's security, seriously
disrupt the functioning of the national economy, or adversely affect
the health or safety of large segments of the American public. Project
Matrix involves a three-step process in which each civilian Federal
department and agency identifies (i) its critical assets; (ii) other
Federal government assets, systems, and networks on which those
critical assets depend to operate; and (iii) all associated
dependencies on privately owned and operated critical infrastructures.
Early experience with the CIAO's Project Matrix process has
demonstrated such significant utility that the Office of Management and
Budget has recently issued a directive requiring all Federal civilian
agencies under its authority to fund and perform the analysis.
C. Integrated National Strategy for Critical Infrastructure Assurance
Finally, the CIAO also plays a major role with respect to the
development and drafting of the two national strategies relating to
critical infrastructure protection--the National Strategy for Cyber
Space Security and the National Strategy for Homeland Security.
Specifically, the CIAO coordinates and facilitates input from private
industry, as well as state and local government, to the national
strategies. The Office of Homeland Security has enlisted the CIAO to
provide coordination and support for its efforts to compile information
and private sector input to its strategy to protect the physical
facilities of critical infrastructure systems. The CIAO, working with
its private sector partners, also has been instrumental in coordinating
input from the private sector to the cyber space security strategy.
iv. conclusion
The American economy is the most successful in the world. However,
in the information age, the same technological capabilities that have
enabled us to succeed can now also be turned against us. Powerful
computing systems can be hijacked and used to launch attacks that can
disrupt operations of critical services that support public safety and
daily economic processes.
As the President and Governor Ridge have noted, today no Federal
Agency has homeland security as its primary mission. Responsibilities
for homeland security are dispersed throughout the Federal Government.
The President's plan would combine key operating units that support
homeland security so that the operations and activities of these units
could be more closely directed and coordinated. This will serve to
increase the efficiency and effectiveness of the Federal Government's
critical infrastructure assurance and cyber security efforts.
The CIAO looks forward to continuing its role in advancing critical
infrastructure protection policy in the new Department of Homeland
Security. Thank you for the opportunity to appear before you today. I
welcome any questions that you may have.
Mr. Greenwood. Thank you. Let me underscore your words
about the staff. We couldn't do any of this without them.
Mr. McDonnell for 5 minutes.
TESTIMONY OF JAMES F. McDONNELL
Mr. McDonnell. Mr. Chairman and distinguished members of
the committee, thank you for the opportunity to testify on the
administration's proposal to create a Department of Homeland
Security, and specifically, the critical infrastructure
protection activities that will be assigned to the new
department. I am James F. McDonnell, director of the Department
of Energy, Office of Energy Assurance. I have been in this
position since December of 2001, working with the Office of the
Secretary to develop an integrated and streamlined management
approach to protecting the national energy infrastructure. The
Secretary of Energy has the responsibility as the lead Federal
agency to coordinate protection activities in the energy
sector.
Presidential decision directive 63 assigned this
responsibility to DOE, and the Secretary expects the homeland
security national strategy to continue that assignment of
responsibility. The Office of Energy Assurance was established
at the Department to better protect against severe energy
disruptions in close collaboration with State and local
governments and the private sector, and where possible, to
assist with emergency response efforts.
The Office provides technical expertise and management
oversight to identify energy system critical components and
interdependencies, identify threats to the system, recommend
actions to correct or mitigate vulnerabilities, plan for
response and recovery system disruption, and provide technical
response support during energy emergencies. As originally
conceived, the Office has four principle areas of management,
which are energy reliability. The Office of Energy Assurance
coordinates Department of Energy policy development and
intergovernmental, interagency activities related to the
protection and reliability of the national energy
infrastructure.
The Office will utilize long-standing relationships with
government appeared industry representatives to develop a
national strategy for energy assurance and establish a national
tracking and reporting process to assess the ongoing
effectiveness of the national strategy, identifies shortfalls
and develops corrective action plans; and coordinates efforts
to expand cooperation on national energy infrastructure with
friendly nations, international organizations and multinational
corporations.
Energy emergencies: The Office of Energy Assurance ensures
we are prepared to support States and industry efforts to plan
for, respond to and mitigate actions that disrupt the Nation's
energy supplies. This Office's primary missions are twofold.
First is the identification of potential threats to the
national energy infrastructure, including natural disasters and
industrial accidents, and deliberate acts of terror, sabotage.
The Office maintains an effective communications and liaison
network with the energy sector to facilitate information flow
during emergencies and communicate potential and actual threats
to the appropriate authorities.
The second mission is to assist in the development of
Federal energy emergency response plans. In carrying out this
function, OEA will provide technical and professional
assistance to States and industries for the development of
local and regional response plans and conduct readiness
exercises with States and industry to assist in identifying
shortfalls prior to actual emergencies. Following such
exercises, the Office will compile lessons learned during the
conduct of emergencies and exercises for broad dissemination
among relevant industries and facilities.
Energy infrastructure: The energy assurance team works with
the companies whose resources comprise the Nation's energy
sector to improve the protection of critical energy facilities.
The infrastructure office works with the energy sector to
introduce new security practices into the energy sector. The
Office also interfaces with the DOE laboratory community to
help identify and speed commercialization of new technologies
designed to enhance the protection of sensitive facilities.
Infrastructure interdependencies: The Office of Energy
Assurance had been designated to provide Federal oversight to
the National Infrastructure Simulation and Analysis Center as a
collaborative effort between the national laboratories, the
Office of Energy Assurance, and other Federal agencies. The
NISAC, once fully operational, will provide a fundamentally new
technical planning and decision support environment for the
analysis of critical infrastructures, their interdependencies,
vulnerabilities and complexities for policy analysis and
emergency planning. NISAC will use distributed information
systems architectures to provide virtual analysis capabilities
that will accommodate a large number of providers and a large
number of users.
Tasking for the NISAC will be developed through an
interagency planning process chaired by the Department's NISAC
administrator, which includes representatives of the
laboratories and industry and will ensure that the NISAC is
truly a national asset to meet national strategy.
The Department of Homeland Security: The President's
legislative proposal creating the Department of Homeland
Security, includes moving the management of the National
Infrastructure Simulation and Analysis Center, NISAC, and other
functions of the Office of Energy Assurance from DOE to DHS.
The NISAC capability, once established, will provide a
unique tool for planning and decisionmaking. The complexities
of the physical and cyber interdependencies associated with the
national energy infrastructure are vast by themselves. Once
those complexities are overlaid with the other infrastructures,
such as telecommunications, the interdependency complexities
rise to a level that they become an issue that must be
addressed at a national level. The transfer of the NISAC into
the Department of Homeland Security will ensure that
requirements develop and programmatic tasking for NISAC meet
national priorities. DOE is planning to transfer funding and
two staff members to DHS to provide program oversight for
NISAC. DOE will continue to be a customer of NISAC, seeking to
utilize this national capability to support energy sector
analysis.
The transfer of the NISAC administrative functions with the
Office of Energy Assurance into DHS will provide the new
department with an integrated management structure to conduct
activities associated with protecting the national energy
infrastructure. The Office also manages a robust vulnerability
assessment program that utilizes expertise from the private
sector and the national laboratory complex, plans for and
supports restoration and recovery efforts following natural
disaster or acts of terrorism, assists States and industry in
all aspects of energy emergency planning and supports the
development of strategic energy policies.
The new Department of Homeland Security will thus have the
ability to directly access the expertise located associated
with the Office of Energy Assurance and the National
Laboratories for Assessments of the energy sector. In addition,
the new homeland security centers for excellence will provide
the department with direct access to the capabilities currently
resident in the national laboratories for research and analysis
in other areas of the Nation's critical infrastructure.
Thank you, Mr. Chairman. I would be pleased to respond to
any questions the committee may have.
[The prepared statement of James F. McDonnell follows:]
Prepared Statement of James F. McDonnell, Director, Office of Energy
Assurance, U.S. Department of Energy
introduction
Mr. Chairman and distinguished members of the committee, thank you
for the opportunity to testify on the Administration's proposal to
create a Department of Homeland Security, and specifically, the
critical infrastructure protection activities that will be assigned to
the new department. I am James F. McDonnell, Director of the Department
of Energy Office of Energy Assurance. I have been in this position
since December of 2001, working with the Office of the Secretary to
develop an integrated and streamlined management approach to protecting
the National Energy Infrastructure. The Secretary of Energy has the
responsibility as the lead federal agency to coordinate protection
activities in the Energy Sector. Presidential Decision Directive 63
assigned this responsibility to DOE and the Secretary expects the
Homeland Security National Strategy to continue that assignment of
responsibility. The Office of Energy Assurance was established at the
Department to better protect against severe energy disruptions in close
collaboration with State and local governments and the private sector
and, where possible, to assist with emergency response efforts.
The Office provides technical expertise and management oversight to
identify energy system critical components and interdependencies,
identify threats to the system, recommend actions to correct or
mitigate vulnerabilities, plan for response and recovery to system
disruption, and provide technical response support during energy
emergencies. As originally conceived, the Office has four principle
areas of management, which are:
Energy Reliability
The Office of Energy Assurance coordinates Department of Energy
policy development and intergovernmental, interagency activities
related to the protection and reliability of the national energy
infrastructure. The Office will utilize longstanding relationships with
government and industry representatives to develop a national strategy
for energy assurance and establish a national tracking and reporting
process to assess the ongoing effectiveness of the national strategy,
identifies shortfalls and develops corrective action plans; and
coordinates efforts to expand cooperation on national energy
infrastructure with friendly nations, international organizations and
multinational corporations.
Energy Emergencies
The Office of Energy Assurance ensures we are prepared to support
states and industry efforts to plan for, respond to and mitigate
actions that disrupt the nation's energy supplies. This Office's
primary missions are twofold; first is the identification of potential
threats to the national energy infrastructure, including natural
disasters and industrial accidents, and deliberate acts of terror,
sabotage. The Office maintains an effective communications and liaison
network with the energy sector to facilitate information flow during
emergencies and communicate potential and actual threats to the
appropriate authorities.
The second mission is to assist in the development of federal
energy emergency response plans. In carrying out this function, OEA
will provide technical and professional assistance to states and
industries for the development of local and regional response plans and
conduct readiness exercises with states and industry to assist in
identifying shortfalls prior to actual emergencies. Following such
exercises, the Office will compile lessons learned during the conduct
of emergencies and exercises for broad dissemination among relevant
industries and facilities.
Energy Infrastructure
The Energy Assurance Team works with the companies whose resources
comprise the nation's energy sector to improve the protection of
critical energy facilities. The Infrastructure Office works with the
energy sector to introduce new security practices into the energy
sector. The Office also interfaces with the DOE laboratory community to
help identify and speed commercialization of new technologies designed
to enhance the protection of sensitive facilities.
Infrastructure Interdependencies
The Office of Energy Assurance had been designated to provide
federal oversight to the National Infrastructure Simulation and
Analysis Center as a collaborative effort between the National
Laboratories, the Office of Energy Assurance, and other federal
agencies. The NISAC, once fully operational, will provide a
fundamentally new technical planning and decision support environment
for the analysis of critical infrastructures, their interdependencies,
vulnerabilities, and complexities for policy analysis and emergency
planning. NISAC will use distributed information systems architectures
to provide virtual analysis capabilities that will accommodate a large
number of providers and a large number of users. Tasking for the NISAC
will be developed through an interagency planning process chaired by
the Department's NISAC Administrator, which includes representatives of
the laboratories and industry and will ensure the NISAC is truly a
national asset meet national strategy.
The Department of Homeland Security
The President's legislative proposal creating the Department of
Homeland Security includes moving the management of the National
Infrastructure Simulation and Analysis Center (NISAC) and other
functions of the Office of Energy Assurance from DOE to DHS.
The NISAC capability, once established, will provide a unique tool
for planning and decision-making. The complexities of the physical and
cyber interdependencies associated with the national energy
infrastructure are vast by themselves. Once those complexities are
overlaid with the other infrastructures, such as telecommunications,
the interdependency complexities rise to a level that they become an
issue that must be addressed at a national level. The transfer of the
NISAC into the Department of Homeland Security will ensure that
requirements development and programmatic tasking for NISAC meet
national priorities. DOE is planning to transfer funding and two staff
members to DHS to provide program oversight for NISAC. DOE will
continue to be a customer of NISAC, seeking to utilize this national
capability to support Energy Sector analysis.
The transfer of the NISAC administrative functions with the Office
of Energy Assurance into DHS will provide the new Department with an
integrated management structure to conduct activities associated with
protecting the National Energy Infrastructure. The Office also manages
a robust vulnerability assessment program that utilizes expertise from
the private sector and the National Laboratory complex, plans for and
supports restoration and recovery efforts following natural disaster or
acts of terrorism, assists states and industry in all aspects of energy
emergency planning and supports the development of strategic energy
policies. The new Department of Homeland Security will thus have the
ability to directly access the expertise located associated with the
Office of Energy Assurance and the national laboratories for
assessments of the energy sector. In addition, the new Homeland
Security Centers for Excellence will provide the Department with direct
access to the capabilities currently resident in the national
laboratories for research and analysis in other areas of the nation's
critical infrastructure.
Thank you, Mr. Chairman. I would be pleased to respond to any
questions the Committee may have.
Mr. Greenwood. Thank you, Mr. McDonnell.
Mr. Varnado for 5 minutes.
TESTIMONY OF SAMUEL G. VARNADO
Mr. Varnado. Mr. Chairman and distinguished members, thank
you for this opportunity. I'm Stan Varnado, director of Sandia
National Laboratories Programs Critical Infrastructure. The
work you're doing here is very important and we're proud of
being a part of it. My written statement has been entered into
the record, and I'll just present a brief summary about of what
is in that statement. I want to focus on two major problems in
critical infrastructure protection. First is cyber security,
and second is infrastructure interdependency.
In the cyber area, past research has shown that computer
systems that control many of the Nation's infrastructures are
highly vulnerable to cyber attack. These systems are called
Supervisory Control and Data Acquisition, or SCADA systems.
They are ubiquitous in the electric power, oil and gas,
telecommunications and transportation industry. We are
particularly worried about the SCADA systems for several
reasons. First, many of the U.S. infrastructure elements depend
upon their reliable operations. Second, the systems in which
the electric power industry are used--are using are being used
in ways to which they were never designed because of the way
the grid is being operated under the restructuring environment.
Third, the consequences of attacks on the SCADA systems can be
significant including loss of life, burnout of equipment that
is difficult to replace, environmental impacts and others.
Fourth, the industry is coming to us now and asking for
help. Fifth, according to an article in the June 27th addition
of The Washington Post, the Al Qaeda terrorist network is
looking for information on the SCADA system to maybe plan an
attack. In our research, we found many vulnerabilities in the
SCADA systems and these will increase as the industry moves
toward Internet-based control systems. Some of these
vulnerabilities are listed in my written statement. We believe
that the security of these systems must be up there. DHS should
make the cyber security issue a prominent one.
In the case of SCADA systems, DHS may want to work with the
program that DOE has already staffed. They can supply
requirements to DOE and could support DOE's request for
resources. The second major area of concern is that of
infrastructure interdependency. U.S. now depends upon an
increasingly interdependent staff critical infrastructure
elements that include electric power, oil and gas,
transportation, water, communication, banking and finance and
others. These systems depend upon each other for reliable
operations. For example, banking and finance depend upon
telecommunications which is dependent upon electricity, which
is dependent upon coal, oil, nuclear and gas, which is
dependent upon water and so on. The list is endless.
Currently no two exists that allow an adequate
understanding of the operation of such a complex system. The
system interdependencies make it hard to identify critical
nodes that must be protected, to define the consequences of
outages and to optimize mitigation strategies.
The National Infrastructure Simulation and Analysis Center,
NISAC, which is proposed to now become a part of the new
Department of Homeland Security, was established to address
this problem. We use Sandia and Los Alamos National
Laboratory's extensive computing and simulation capabilities to
allow comprehensive assessments of the vulnerabilities of the
Nation's infrastructure to allow identification of critical
nodes and to develop and optimize mitigation strategy. I will
provide some background on NISAC for you, and my colleague will
provide additional information on NISAC capabilities.
NISAC was formally established last year in the USA PATRIOT
Act. The current status is that it's funded at $20 million in
fiscal year 2002. The money this year came through DOD's DTRA's
organization. In fiscal year 2003, the President's budget calls
for the money to come through DOE. We have established a NISAC
joint program office to represent both laboratories that are
involved. We have selected a NISAC joint program director to
manage the program. We are currently developing strategies and
partnerships with public entities, private industry and
universities who will also participate in this activity as
technology suppliers. We are already developing models of the
electric power grid, oil and gas distribution systems,
telecommunications networks and economic models of the
consequences. For example, in models of interdependencies of
the electricity and telecommunications infrastructure in
California has been developed. We are currently studying their
interdependency and the consequences.
The proposal to place NISAC in the new Department of
Homeland Security is very sound. We agree with it. The reason
is that it allows the NISAC to address national needs rather
than just the need of any simulation. To achieve this, however,
we need a national level multiagency committee that represents
the interests of all the agencies, and that should be
established in order to set requirements for NISAC. So our
concern is we offer the following recommendations.
The homeland security actions requires DHS to establish a
national level multiagency process to solicit needs from all
concerned agencies and to define requirements for NISAC. The
Act should give DHS the authority to pass the DOE NSA
laboratories directly, just as the nonNSA portions of DOE do
now. This would eliminate bureaucratic red tape and additional
costs and delay associated with the process. We further
recommend the legislation specify that NISAC be managed for DHS
by the existing NISAC joint program office in order to take
advantage of the significant amount of research that has
already been done.
We believe that the inclusion of these recommendations in
the Homeland Security Act will provide the greatest utilization
advances to important issues facing critical infrastructure
protection. Thank you, Mr. Chairman, and members of the
committee for this opportunity.
[The prepared statement of Samuel G. Varnado follows:]
Prepared Statement of Samuel G. Varnado,, Sandia National Laboratories
introduction
Mr. Chairman and distinguished members of the committee, thank you
for the opportunity to testify on the Administration's proposal to
create a Department of Homeland Security, and specifically, the
critical infrastructure protection activities that will be assigned to
the new department. I am Dr. Samuel G. Varnado, Director of Sandia
National Laboratories' Infrastructure and Information Systems Center. I
have more than thirty-eight years' experience in energy, information,
and infrastructure systems development. I currently coordinate the
Laboratories' activities in critical infrastructure protection.
Sandia National Laboratories is managed and operated for the
National Nuclear Security Administration (NNSA) of the U.S. Department
of Energy (DOE) by Sandia Corporation, a subsidiary of the Lockheed
Martin Corporation. Sandia's unique role in the nation's nuclear
weapons program is the design, development, qualification, and
certification of nearly all of the nonnuclear subsystems of nuclear
warheads. We perform substantial work in programs closely related to
nuclear weapons, including intelligence, non-proliferation, and treaty
verification technologies. As a multiprogram national laboratory,
Sandia also conducts research and development for other Federal
agencies when our special capabilities can make significant
contributions.
At Sandia National Laboratories, we perform scientific and
engineering work with a mission in mind--never solely for its own sake.
Even the fundamental scientific work that we do (and we do a great deal
of it) is strategic for the mission needs of our sponsors. Sandia's
management philosophy has always stressed the ultimate linkage of
research to application. When someone refers to Sandia as ``the
nation's premier engineering laboratory,'' that statement does not tell
the whole story: We are a science and engineering laboratory with a
focus on developing technical solutions to the most challenging
problems that threaten peace and freedom.
My statement, which amplifies my colleague David Nokes' testimony
to this committee on June 25, 2002, will describe some of the key
problems posed in protecting the nation's critical infrastructure and
Sandia National Laboratories' contributions and capabilities in that
area. I will also comment on the proposed relationship of that work to
the Department of Homeland Security.
sandia's contributions to critical infrastructure protection
Like most Americans, the people of Sandia National Laboratories
responded to the atrocities of September 11, 2001, with newfound
resolve on both a personal and professional level. As a result of our
own strategic planning, our LDRD investments, and the foresight of
sponsors to invest resources toward critical infrastructure protection,
Sandia was in a position to immediately address some urgent needs.
For example, we quickly completed vulnerability assessments of a
number of dams in the Western U.S. and worked with the electricity
sector to improve the robustness of their supervisory control and data
acquisition (SCADA) systems to cyber attacks. These and other
contributions to critical infrastructure protection are possible
because of strategic planning we had conducted years ago and early
investment in the capabilities that were needed to respond. The
outstanding technology base supported by NNSA for its core missions is
the primary source of this capability. We also made strategic decisions
to invest laboratory-directed research and development funds (LDRD) in
the very things that we knew were urgent needs: physical security
technology, modeling and simulation of infrastructure elements, and
cyber security. We were heavily involved in supporting the President's
Critical Infrastructure Protection Committee during the Clinton
administration, and that activity provided impetus for our current
activities. In recent months, requests for Sandia's services from
federal agencies other than DOE for work in emerging areas of need have
increased. Approximately twenty-eight percent of our total laboratory-
operating budget is now provided by federal agencies other than DOE.
sandia capabilities for critical infrastructure protection
Sandia National Laboratories and the other nuclear weapon
laboratories constitute a broad, multidisciplinary technology base in
nearly all the physical sciences and engineering disciplines. We
leverage those capabilities to support other national security needs
germane to our missions, including homeland security, when our
capabilities can make significant contributions.
Physical Security
For over 25 years, Sandia has been the lead laboratory for the DOE
in safeguards and security. During this time, we have developed risk
assessment methodology and used it to design the security approaches
for storage and shipment of nuclear weapons and special nuclear
material. We have developed vulnerability assessment capabilities and
models to optimize mitigation strategies. These models were used in the
early days to design protection systems for nuclear power plants as
well as for our traditional missions. Recently, the same technology has
been used to assess the vulnerabilities and improve the robustness of
dams, chemical plants, water systems, conventional electric power
plants, and pipelines.
We have developed numerous airport security sensors and systems,
including design of secure portals and explosives detectors. Today, a
commercially produced, walk-through portal for detecting trace amounts
of explosive compounds on a person is available for purchase and
installation at airports and other public facilities. The technology
for this device was developed, prototyped, and demonstrated by Sandia
National Laboratories over a period of several years and licensed to
Barringer Instruments of Warren, New Jersey, for commercialization and
manufacture. The instrument is so sensitive that microscopic quantities
of explosive compounds are detected in a few seconds.
Using similar technology, we have developed and successfully tested
a prototype vehicle portal that detects minute amounts of common
explosives in cars and trucks. Detecting explosives in vehicles is a
major concern at airports, military bases, government facilities, and
border crossings. The system uses Sandia's patented sample collection
and preconcentrator technology that has previously been licensed to
Barringer for use in screening airline passengers. The same technology
has been incorporated into Sandia's line of ``Hound TM''
portable and hand-held sensors, capable of detecting parts-per-trillion
explosives and other compounds. These devices can be of great value to
customs and border agents at ports of entry.
Sandia pioneered a tool called Probabilistic Risk Assessment (PRA)
to evaluate the risks in high-consequence systems such as nuclear
weapons and nuclear power generation plants. We use this tool to assess
the risks in critical infrastructure systems such as dams, water
utilities, chemical plants, and power plants. Combined with our
expertise in security systems for nuclear facilities, we have helped
utilities and industrial associations create security assessment
methodologies that help owners and operators determine vulnerabilities
and identify mitigation options. Methodologies have been developed for
water utilities, chemical storage facilities, dams, power plants, and
electrical power transmission systems.
Cyber Security
Sandia has significant ongoing work in the technology areas
intended to protect cyber and network resources and the information
that resides on such systems. Programs that assess the vulnerabilities
associated with these systems are in place for our own resources as
well as for those at other federal government agencies. We conduct red-
teaming to challenge information systems and identify and remove
vulnerabilities. Our objectives are to enhance the robustness of
critical information systems and develop solutions for survivability
and response options for systems under attack. Sandia operates a
supervisory control and data acquisition (SCADA) laboratory to study
the real-time control systems that are used to control the power grid,
the pipelines, transportation systems, and water systems. Sandia's
capabilities in cyber security arise from our nuclear weapons mission,
in which we design the cryptographic systems needed for secure command
and control systems for the nuclear stockpile. Sandia is the only DOE
laboratory that is approved by NSA to conduct cryptographic research.
We have helped many infrastructure owners perform vulnerability
assessments and develop risk mitigation strategies.
Modeling and Simulation
National security and the quality of life in the United States rely
on the continuous, reliable operation of a complex set of
interdependent infrastructures: electric power, oil and gas,
transportation, water, communications, banking and finance, emergency
services, law enforcement, government continuity, agriculture, health
services, and others. Today, these systems depend heavily on one
another; that interdependency is increasing. Disruptions in any one of
them could jeopardize the continued operation of the entire
infrastructure system. Many of these systems are known to be vulnerable
to physical and cyber threats and to failures induced by system
complexity.
In the past, the nation's critical infrastructures operated fairly
independently. Today, however, they are increasingly linked, automated,
and interdependent. What previously would have been an isolated failure
could cascade into a widespread, crippling, multi-infrastructure
disruption today. Currently, there are no tools that allow
understanding of the operation of this complex, interdependent system.
This makes it difficult to identify critical nodes, determine the
consequences of outages, and develop optimized mitigation strategies.
The National Infrastructure Simulation and Analysis Center (NISAC)
concept, which would be transferred to the Department of Homeland
Security under the Administration's bill, is also an example of our
experience with critical infrastructures and will be described and
discussed later in this statement.
critical infrastructure protection problems
The U.S. infrastructure is difficult to protect because of its size
and complexity. There are many avenues for possible exploitation by an
adversary. In this statement, I will address two of the problems we
consider to be the most serious.
Cyber Security
Computerized supervisory control and data acquisition (SCADA)
systems control the operations of critical infrastructures such as
power utilities, distribution networks, and municipal water supplies.
These systems have generally been designed and installed with little
attention to security. They are highly vulnerable to cyber attack. In
fact, it has been claimed that it is possible to turn the lights off in
many major cities with a cyber attack. An article in the June 27, 2002,
edition of the Washington Post adds credence to this claim, and states
that these systems have been the targets of probing by Al Qaeda
terrorists. Some government experts conclude that the terrorists plan
to use the internet as an instrument of bloodshed by attacking the
juncture of cyber systems and the physical systems they control. The
article further postulates that combined cyber and physical attacks
could generate nightmare consequences.
Sandia has been investigating vulnerabilities in SCADA systems for
five years. During this time, many have been found. Our assessments
show that security implementations are, in many cases, non-existent or
based on false premises. Some of the vulnerabilities in legacy SCADA
systems include inadequate password policies and security
administration, no data protection mechanisms, and information links
that are prone to snooping, interruption, and interception. When
firewalls are used, they are sometimes not adequately configured, and
there is often ``back-door'' access because of connections to
contractors and maintenance staff. We have found many cases in which
there is unprotected remote access that circumvents the firewall. From
a security perspective, it should be noted that most of the SCADA
manufacturers are foreign-owned. In summary, it is possible to covertly
and easily take over control of one of these systems and cause
disruptions with significant consequences. Recognition of that fact led
numerous federal agencies and municipal water and transportation
systems to request Sandia help following September 11.
Of even more concern is the fact that the control systems are now
evolving to the use of the internet as the control backbone. The
electric power grid is now, under restructuring, being operated in a
way for which it was never designed. More access to control systems is
being granted to more users; there is more demand for real time
control; and business and control systems are being connected.
Typically, these new systems are not designed with security in mind.
More vulnerabilities are being found, and consequences of disruptions
are increasing rapidly. Industry is now asking for our help in
understanding vulnerabilities, consequences, and mitigation strategies.
After September 11, Sandia also received requests for help from private
companies and professional societies.
Interdependencies
The U.S. infrastructure is becoming increasingly interdependent.
For example, the banking and finance sector depends upon
telecommunications, which depends on electricity, which depends on
coal, gas, oil, nuclear sources, water, and transportation. These
interdependencies create the potential for high consequence, cascading
failures in which a failure in one element of the infrastructure leads
to failures in others. Further, interdependencies make it difficult to
identify critical nodes, vulnerabilities, and optimized mitigation
strategies. We have studied one case, for example, in which the best
way to assure operation of the electric power grid is to protect the
gas pipeline that feeds the generation stations in that area. The
bottom line is that interdependencies cause the infrastructure to
behave as a complex system whose behavior is difficult to predict.
Most of the current federal critical infrastructure protection
activities are directed at individual infrastructure elements. This
stovepiped approach was reinforced by PDD-63, in which various agencies
were assigned responsibility for protecting specific infrastructure
elements (e.g., DOE was assigned electricity and oil and gas, DOT was
assigned transportation, etc.). While it is necessary to understand
these individual elements, the more compelling problem is to address
the interdependent nature of the behavior of the infrastructure in
order to prevent more severe consequences. We believe that this
modeling and simulation effort is essential and will lead to the
ability to define the critical nodes at the system level, identify
consequences of outages, and define optimized protection strategies.
Possible Solutions to Critical Infrastructure Problems
It is unreasonable to expect that every part of the infrastructure
can be completely protected. Rather, a risk management strategy must be
used to decide where to invest limited protection resources. Three
steps are needed:
Define the infrastructure elements that are truly critical.
Criteria must be established that define ``critical''. These
could include, for example, loss of life, economic impact, time
to rebuild, cost to rebuild, potential for loss of confidence
in the government, etc.
Perform vulnerability assessments for these critical elements.
Develop optimized prevention and mitigation strategies.
It will be necessary to work closely with private industry in all
these steps, since they own 85% of the US infrastructure. They must see
a business case, based on risk analysis, before they are willing to
invest in protection. Vulnerability assessment methodology is well
known to Sandia, other DOE labs, and certain private companies. They
can play important roles in all three steps, but especially in
identifying, from a systems perspective, the critical nodes and in
evaluating the consequences of disruptions so that business cases can
be developed. The methodology for conducting the required analysis is
known. What is needed from a technology development perspective is
additional research in cyber security techniques and development of
additional simulation and modeling capability, since modeling of the
behavior of complex systems will require high performance computing.
Additionally, help is needed in working with private industry. Many of
the private owners of the infrastructure feel that identification of
critical nodes and vulnerabilities is sensitive information, and they
are reluctant to share it with the government. Government action is
needed to create a process under which sensitive information can be
shared among those in government and industry with a need-to-know.
Congressional support is needed to help implement the following
steps that will lead to a more robust national infrastructure:
Establish a new category of sensitive, restricted information
for Critical Infrastructure Protection applications. Procedures
for protecting the information and processes for granting
access to both industry and government personnel are needed.
Provide training in vulnerability and risk assessment
methodology to private industry.
Support additional research into cyber security issues,
including cryptographic methods such as authentication, low
power encryption methods, and standards. The establishment of
test beds to allow evaluation of competing technologies should
be encouraged.
Support development of tools needed for identifying critical
nodes, consequences of outages, and optimized mitigation
strategies.
national infrastructure simulation and analysis center (nisac)
The President's bill to establish a Department of Homeland Security
provides for an Under Secretary for Information Analysis and
Infrastructure Protection. It further proposes, under Title II, to
transfer the responsibility for NISAC to the Department of Homeland
Security. NISAC was formally chartered by the USA Patriot Act of 2001
(Oct 26, 2001) to serve as ``a source of national competence to address
critical infrastructure protection and continuity through support for
activities related to counter terrorism, threat assessment, and risk
mitigation.'' (Section 1016 of Public Law 107-56, the USA Patriot Act,
10/26/2001). NISAC, a partnership of Sandia and Los Alamos national
laboratories, is leveraging current modeling, simulation, and analysis
expertise to develop higher fidelity simulations crucial to the success
of the Nation's critical infrastructure protection program. These labs
were chosen to manage NISAC because of their considerable investment in
infrastructure and interdependencies modeling over the last decade, the
availability of high performance computers at the labs, and their
modeling and simulation capabilities.
Status
The President's FY03 budget request called for the FY03 NISAC
activities to be funded through the Department of Energy. NISAC, with
Sandia and Los Alamos national laboratories as core partners, has
devoted considerable effort to expanding the critical infrastructure
modeling, simulation, and analysis capabilities of the two
laboratories. A Joint Program Director has been selected to manage the
NISAC program on behalf of both labs. NISAC has built consensus in the
government and private sector on the importance of infrastructure
interdependency analysis to the nation's critical infrastructure
protection program. The NISAC Joint Program Office is developing
strategic plans and associated research and development programs to
meet its national charter. These plans include the identification of
key strategic partners from other labs, universities, and private
industry who will serve as technical collaborators in the performance
of the tasks assigned to NISAC. Further, NISAC has proposed a senior-
level, national, interagency process, including DHS, to generate,
prioritize, and set national-level requirements for its modeling and
simulation activities.
Observations
The proposal to move NISAC to the Department of Homeland Security
is sound. It will allow NISAC to serve as a national resource that can
address critical infrastructures and, most importantly, their
interdependencies across the entire range of infrastructure elements--
energy, telecommunications, transportation, banking and finance, water,
etc. It will allow the NISAC work to be prioritized by national needs,
rather than the by the interests of a single agency. Further, it will
be possible to implement a national level requirements-setting process
for NISAC activities, which fulfills the intent of the Patriot Act.
It is important that the existing NISAC Joint Program Office
continue to serve as the managing entity for NISAC, serving under the
oversight of the new DHS, in order to capitalize on the previous
decade's investment in the technology base. An added benefit to the
proposed organizational structure within DHS is that it would place
NISAC and the National Communications System (NCS) under the same Under
Secretary. NCS has significant capability in modeling the
telecommunications infrastructure, while Sandia and Los Alamos have
similar capabilities in modeling the energy infrastructure, chem./bio
problems, and infrastructure interdependencies. This concentration of
technical capability in one organization will provide a demonstrated
competence that should lead to early and useful results.
Recommendations
The legislation that establishes the Department of Homeland
Security should clearly state that NISAC will be managed by the
NISAC Joint Program Office for the Department of Homeland
Security.
The legislation should state that DHS will assume both funding
and oversight responsibilities for NISAC as soon as DHS is
established. A NISAC program manager within DHS should be
named.
The Homeland Security Act should give the Department of
Homeland Security the power to task the NNSA laboratories
directly, just as do the Science, Energy, Environmental, and
other non-NNSA offices of DOE. That authority would eliminate
the bureaucratic red tape and additional costs associated with
the Work-for-Others (WFO) process.
The legislation should require that DHS establish a national
level, multi-agency process to solicit needs and define
requirements for NISAC. Participating agencies could include
DOE, DOT, DOC, OSTP, DOS, Treasury, and others. Final approval
for all NISAC activities should reside with a senior DHS
official.
summary and conclusion
Sandia National Laboratories and the other NNSA laboratories
constitute a broad, multidisciplinary technology base in nearly all of
the physical sciences and engineering disciplines. We are eager to
leverage those capabilities to support the science and technology needs
of the Department of Homeland Security when our capabilities can make
significant contributions.
Sandia possesses strong competencies in physical and cyber security
and in modeling and simulation. Most of this technology is suitable for
transfer to industry and deployment in homeland security applications.
We have been proactive in addressing the challenges of infrastructure
protection. We have a track record of anticipating emerging homeland
security threats and investing in technology development to counter
them through our Laboratory-Directed Research and Development program
and sponsor-directed programs. We are one of the premier laboratories
for working with industry to transform laboratory technologies into
deployable commercial applications. Bureaucratic and regulatory
roadblocks exist that limit access to the DOE/NNSA national
laboratories by other federal agencies, and those obstacles should be
removed by the homeland security legislation in order to facilitate
direct access to those resources.
On behalf of the dedicated and talented people who constitute
Sandia National Laboratories, I want to emphasize our commitment to
strengthening United States security and combating the threat to our
nation's critical infrastructures. It is our highest goal to be a
national laboratory that delivers technology solutions to the most
challenging problems that threaten peace and freedom. Thank you, Mr.
Chairman. I would be pleased to respond to any questions you may have.
Mr. Greenwood. Thank you, Dr. Varnado.
Dr. Cobb for 5 minutes.
TESTIMONY OF DONALD D. COBB
Mr. Cobb. Thank you, Mr. Chairman, and distinguished
members of the committee for inviting Sandia and Los Alamos
here today to discuss the issue of critical infrastructure
protection, and in particular, the national infrastructure
simulation and analysis center, or NISAC.
This morning I'd like to discuss with you the efforts to
protect the Nation's critical infrastructure in the form of
this joint, and I think, unique Los Alamos and Sandia
partnership. NISAC brings to bear on the problem of protecting
the Nation's critical infrastructure, some of the most
sophisticated modeling simulation technology to be found
anywhere. This technology is based on a decade-long, $150
million investment by the Federal Government in work at both
laboratories. The work is to do complex modeling and simulation
of some of the most complex systems, namely our infrastructure.
It also is supported by two of the largest secure computing
environments. I think that is an important point in that we
have the experience to use massive computing as tools, and also
the environment to protect the information in the appropriate
fashion. NISAC, when it's fully operational, is envisioned to
provide the type, scale, comprehensive level of information
that will enable the Nation's senior leadership, our
decisionmakers at the highest levels, to proactively work to
deny terrorist attacks against high targets, key nodes and our
critical infrastructure.
For the first time, we'll be able to simulate the
operations of and the interdependencies among the elements of
our infrastructure, including telecommunications, electricity,
oil and gas, transportation, public health and so forth.
We will have confidence that these results can be used by
decisionmakers to identify key gaps and vulnerabilities, and
thereby set the priorities for investment in protection
measures. Today NISAC is already providing important
information to the Office of Homeland Security and other
government agencies. Permit me to just describe one example.
Recently we were asked to complete a short fuse study for
the Office of Homeland Security looking at various scenarios
for distributing vaccine. This study used a new simulation tool
called EpiSims, which stands for epidemiological simulation.
EpiSims, in turn, builds on a decade of transportation modeling
simulation that was carried out for the Department of
Transportation. This latter capability called TranSims
literally reproduces the complex nonlinear pattern of traffic
in major urban areas on a minute-by-minute basis.
How are these two things connected? Basically, the
methodology in TranSims, in order to replicate how dynamic
interactions occur among members of a diverse population such
as a major city in the United States and that synthetic urban
population which is derived from demographic information are
the tools that we need to do many of this type of model and
simulation. So EpiSims used that basic methodology and those
synthetic populations in the studies that we did.
Along with input from some of the experts that you heard
earlier on public health interactions so we could have the lead
people in the area of public health allegation provide input
and then looking at our results to confirm that they do, in
fact, match their experience.
So in recognition of this type of capability that has been
developed over the years and building on this and leveraging
it, Congress chartered NISAC under the U.S. PATRIOT Act of 2001
to, quote, serve as a national source of competence to address
critical infrastructure protection and continuity through
support for activities related to counterterrorism, threat
assessment and risk mitigation.
As was stated earlier, the President's homeland security
legislation calls for the transfer of NISAC to the new
Department of Homeland Security. Because the purpose of NISAC
and its true realization is the responsibility--has the
responsibility across all the infrastructure sectors that are
interdependencies, it seems to us that we concur that this is
the appropriate place for NISAC to be. In other words, it
should report directly to the agency that will inherit this
responsibility for protecting our infrastructure.
So in closing, let me say that through the NISAC
collaboration, Sandia and Los Alamos look forward to continuing
support the new Department of Homeland Security and in
protecting our Nation's critical infrastructure and I thank you
for the opportunity, and we will be happy to answer your
questions later.
[The prepared statement of Donald D. Cobb follows:]
Prepared Statement of Don Cobb, Associate Director, Threat Reduction,
Los Alamos National Laboratory
Thank you Mr. Chairman and distinguished members of the House
Energy and Commerce Subcommittee on Oversight and Investigations for
inviting me here today to discuss the administration's proposal for
creating the Department of Homeland Security. I am Don Cobb, Associate
Director for Threat Reduction at Los Alamos National Laboratory. At Los
Alamos, I am responsible for all programs directed at reducing threats
associated with weapons of mass destruction. I personally have more
than 30 years experience working to reduce these threats. Los Alamos is
operated by the University of California for the DOE/NNSA and is one of
three NNSA laboratories, along with Lawrence Livermore National
Laboratory and Sandia National Laboratories, responsible for
maintaining the nation's nuclear stockpile. In addition to our
stockpile responsibilities, the three NNSA laboratories have been
involved for decades in technology development and problem solving in
the realm of arms control and nonproliferation. Through our work in
these areas, Los Alamos has developed a skill and technology base that
enabled us to respond immediately following the September 11 attacks,
to calls for assistance in counter terrorism and homeland security.
With the President's call for a new Department of Homeland Security,
Los Alamos stands ready to focus its capabilities in support of this
new department.
Today, I would like to discuss with you the broad set of
capabilities that Los Alamos brings to U.S. efforts to protect our
homeland from future terrorist attacks. While my testimony is Los
Alamos centric, progress in science and technology depends on
collaboration among the national laboratories, government, industry and
academia.
Los Alamos National Laboratory firmly supports the creation of a
Department of Homeland Security (DHS). Consolidation of federal
homeland security agencies has the potential to protect the nation
against terrorism.
The President's proposal would give the Department four divisions:
Information Analysis and Infrastructure Protection; Chemical,
Biological, Radiological, and Nuclear Countermeasures; Border and
Transportation Security; and Emergency Preparedness and Response. Each
of these mission areas will require focused research and development
(R&D). My statement will describe some of the key contributions Los
Alamos and the other national laboratories can make to homeland
security in each of these areas.
engaging the science and technology (s&t) community
``The government will need mechanisms to engage the technical
capabilities of the government and the nation's scientific,
engineering, and medical communities in pursuit of homeland security
goals,'' says a new National Academies report.1 Every
division of the DHS will require research, development, testing, and
evaluation (RDT&E) to solve the technical challenges it will face.
---------------------------------------------------------------------------
\1\ National Research Council Committee on Science and Technology
for Countering Terrorism, Making the Nation Safer: The Role of Science
and Technology in Countering Terrorism (Washington, DC: National
Academy Press, June 2002).
---------------------------------------------------------------------------
At Los Alamos, we have asked the question, ``How can a newly formed
DHS best engage with the S&T community, including the national
laboratories, universities and industry?'' I believe that in order to
succeed, DHS requires a single, focused S&T office that serves as the
central R&D organization for the Department. As suggested by the House
and Senate bills, this office could be placed under a separate Director
of Science and Technology. The best and brightest human resources,
including federal staff augmented by scientists and engineers assigned
from national laboratories, industry and academia, must staff this S&T
office. Boundaries with other organizations must be ``permeable,''
enabling people to move back and forth easily.
The S&T office would be responsible for the planning and oversight
of focused RDT&E, including both rapid technology acquisition and long-
term, high-risk, high-payoff research. Functional responsibilities for
the agency would therefore include:
Threat and vulnerability assessment;
Identification of needs through interactions with other
agencies, and with state and local governments;
Strategic planning and prioritization for RDT&E investments;
Program planning, budgeting, funding and oversight;
Systems architectures;
Science and technology acquisition from universities, industry
and national laboratories;
Technology integration;
Evaluation of technologies and systems effectiveness; and
Close coordination with end-users during initial system
deployments.
The office should be established quickly, in place and functioning
concurrently with the establishment of the DHS--we want to maintain,
and even accelerate, the momentum which has built since September 11. I
now will describe some of the key contributions Los Alamos is making to
homeland security.
information analysis and infrastructure protection
National Infrastructure Simulation and Analysis Center (NISAC). Los
Alamos is partnering with Sandia National Laboratories to establish
NISAC. NISAC is intended to provide improved technical planning,
simulation, and decision support for the analysis of critical
infrastructures, their interdependencies, and vulnerabilities for
policy analysis and emergency planning. This technology is based on a
decade long, $150M investment in basic research and software
development, supported by the world's largest secure, scientific
computing environment. NISAC will provide the type, scale, and
comprehensive level of information that will enable the nation's senior
leadership proactively to deny terrorist attack options against
potentially high-value targets, instead of simply reacting to the
latest threat scenarios. NISAC will provide essential analytic support
for discovering and overcoming gaps in our homeland security.
NISAC was created as part of the U.S.A. Patriot Act of 2001 (P.L.
107-56). The President's proposal calls for the transfer of NISAC to
the DHS. Because NISAC has responsibility across all infrastructure
sectors, it is appropriate that NISAC should directly support the
agency charged with cross-infrastructure responsibilities. NISAC is
part of a broader portfolio of infrastructure modeling and simulation
work at the two laboratories. This is significant. The technical and
programmatic synergies that accrue to NISAC as a result of this
association allow for immediate application of the R&D efforts to real
problems today. From vulnerability assessments of actual
infrastructures to ``what if'' simulations of biological event
scenarios, NISAC is providing insights and information to senior
decision makers now. As this capability matures, we will do more.
National Transportation Modeling and Analysis Program (NATMAP).
NATMAP, currently being developed for the Department of Transportation,
builds on Los Alamos' transportation modeling technology developed over
the past decade. NATMAP simulates individual carriers--trucks, trains,
planes, and waterborne vessels--and the transportation infrastructures
used by these carriers to simulate freight commodity shipments of the
U.S. transportation network. It moves individual freight shipments from
production areas, through intermodal transfer facilities and
distribution centers, to points of consumption. The advantage of the
NATMAP is that the nation's system can be represented at any level of
detail--from trucks and goods moving among counties and within regions,
to national multi-modal traffic flows including cross border trade with
Mexico and Canada. This strength can be exploited for transportation
policy, security and infrastructure investment purposes.
Vulnerability/Threat Assessments: Nuclear Facilities. Over the last
20 years, Los Alamos and Sandia have analyzed physical security and
identified vulnerabilities at numerous nuclear facilities throughout
DOE, DoD, and U.S. Nuclear Regulatory Commission (NRC) facilities.
These facilities include nuclear reactors, plutonium-handling
facilities, nuclear weapons storage facilities, commercial nuclear
power plants, and spent nuclear fuel facilities. We routinely train
external agencies on developing protection strategies for low-
probability/high-consequence scenarios, such as aircraft crash,
sabotage, and fire. Fundamental to these activities are the unique
facilities and capabilities that Los Alamos brings to these analyses.
We are the only site where highly radioactive materials can be studied
experimentally for their response to postulated threat scenarios. Such
an understanding is essential for analyzing threats and their potential
consequences.
Threat Analysis and Warning. Following the September 11 attacks, we
established a multidisciplinary team of analysts searching for evidence
of terrorist activity. Such analysis requires the latest information
management technologies, advanced computational methods, and automated
pattern identification to search enormous amounts of electronic
information. This tremendous task is complicated by the fact that the
vast majority of data represents completely innocent activity. Under
the new Department, a major effort will be needed to develop the tools
that will provide the ability to accurately synthesize information from
intelligence, law enforcement, and open sources. Using our experience
in solving related problems over the years, for example in identifying
activities indicating WMD proliferation, Los Alamos will continue to
provide analytic capability in this area.
Immigration and Naturalization Service: Entry/Exit System. The
Immigration and Naturalization Service Data Management Improvement Act
(DMIA) of 2000 (P.L 106-215) created a Task Force to evaluate how the
flow of traffic at United States ports of entry can be improved while
enhancing security and implementing systems for data collection and
data sharing. The Task Force is advisory in nature, and as such, will
develop recommendations regarding the development and deployment of an
integrated, automated entry/exit system. A team of experts from Los
Alamos is working with the Task Force to provide advice and objective
recommendations regarding the design and development of the system.
GENetic Imagery Exploitation (GENIE). Los Alamos has developed a
sophisticated image analysis technology called GENIE to create high-
resolution maps. Current sensor platforms collect a flood of high-
quality imagery. Automatic feature extraction is key to enabling human
analysts to keep up with the flow. Machine learning tools, such as the
genetic algorithm-based GENIE, have been successfully used in military
and intelligence applications of broad area search and object
detection, evaluation of environmental disasters, space imaging, and
diagnosis from medical imagery. GENIE has been quickly deployed on a
wide range of processing systems across the nation, and was recently
recognized with an R&D 100 award.
Gigabit Computer Network Traffic Monitoring. Los Alamos has
recently developed technology that can monitor computer network traffic
at gigabit/gigabyte rates, which could be applied to the problem of
terrorist activity detection. By being able to scan network traffic at
gigabit rates, both for trends as well as between specific sources and
destinations, our tools can be used to provide indicators or early
warning of suspicious communications. While many of these traffic
analysis techniques are well known, they have been limited until now by
the inability to collect and process data at gigabit rates.
Geographic Information Systems (GIS). Los Alamos has high-end
computer systems capable of assembling, storing, manipulating, and
displaying geographically referenced information. Our GIS make it
possible to link, or integrate, information that is difficult to
associate through any other means. For example, a GIS might allow
emergency planners to easily calculate emergency response times in the
event of a disaster; we can predict water quality, air quality,
contaminant transport, wildfires and other natural hazards based on
defined threat scenarios. A critical component of Los Alamos' GIS is
our 3D modeling and visualization capability. We can produce wall maps
and other graphics, allowing the viewer to visualize and thereby
understand the results of analyses or simulations of potential events.
chemical, biological, radiological, and nuclear countermeasures
The response to chemical, biological, radiological and nuclear
threats necessarily take very different approaches. The dual-use nature
of chemical and biological materials makes them easily accessible. For
instance, feritlizer can be used to help plants grow, but the same
chemicals can also be used in the construction of a bomb. In addition,
hazardous microorganisms can be grown from very small starting samples.
Given the prevalence of these materials, the primary focus in
countering chemical and biological threats is on early detection of
attack, early warning to authorities and first responders, and rapid
characterization of the agent to guide response. Radiological and
nuclear materials, on the other hand, have a much longer history of
being regulated and safeguarded at their source. Consequently, the best
way to respond to this variety of threat is to prevent terrorists from
ever acquiring the necessary materials, protecting them at their
source. Thus, we have an opportunity for a layered protection strategy
to counter nuclear terrorism.
Chemical and Biological Countermeasures
Los Alamos has a long history of working in the biological
sciences, born out of initial work done on the effects of radiation on
humans. Over the years, this has developed into a significant
expertise, including leadership in the international Human Genome
Project and the development of now widely used biomedical technologies,
based on our expertise in lasers and isotope chemistry. For example,
Los Alamos created the field of flow cytometry, which allows
researchers to flow objects past a laser that can rapidly answer
questions about individual cells or molecules, like DNA. Thanks to this
strong foundation in the biosciences, Los Alamos was able to make
contributions during the recent anthrax attacks, as well as in the
broader area of biothreat reduction, primarily through our work for
NNSA's Chemical and Biological National Security Program (CBNP).
Field Detection and Early Identification of Pathogens
The Biological Aerosol Sentry and Information System (BASIS), a
joint Los Alamos-Livermore project, provides early warning of airborne
biological weapons attacks for special events such as the Olympics.
Planned for use in civilian settings, BASIS can detect a biological
attack within a few hours, early enough to treat exposed victims and
limit casualties significantly. It was deployed at the 2002 Winter
Olympics in Salt Lake City. The BASIS system incorporates distributed
sampling units (sensors), a re-locatable field laboratory, and an
operations center that employs a secure web-based communications
system.
Advanced BASIS technology is currently being integrated into the
Biosurveillance Defense Initiative. The Initiative, which is sponsored
by the Defense Threat Reduction Agency of the Department of Defense and
the NNSA, is a joint Los Alamos, Livermore, and Sandia program. The
tri-lab effort will establish an urban test bed for biosurveillance in
a U.S. metropolitan area this fall. Technologies developed by the three
NNSA laboratories for early detection of biological incidents, as well
as Department of Defense systems, will be included in the test bed.
Pathogen Characterization for Forensics, Attribution and Response
Once an attack has occurred, it is up to the biological science and
medical communities to respond to the aftermath. These communities, Los
Alamos included, responded to the challenge posed by the fall 2001
anthrax attacks. Los Alamos assisted the federal response to the
attacks from the beginning, providing DNA forensics expertise to the
investigation, determining what strain of anthrax was used, as well as
other characteristics important for response (e.g., antibiotic
resistance or genetic manipulation).
Los Alamos was able to respond to the attacks as we did because we
have been working for the past ten years on analyzing the DNA of
anthrax and building a comprehensive database of strains from around
the world. Beyond just anthrax, the Laboratory is working on a variety
of pathogen strain analysis approaches for detection, characterization
and attribution of threat pathogens. This work, along with that of our
colleagues at Livermore and Northern Arizona University, has provided
the assays being used in BASIS. Sophisticated analysis capability
resides at Los Alamos for more comprehensive pathogen characterization
and, importantly, for the identification of unknown microbes.
Los Alamos works with a broad range of characterization and
identification technologies. For instance, Los Alamos has established a
DNA fingerprinting method for rapidly identifying the ``genetic
barcode'' for each threat agent species. We have established an archive
of such ``barcodes'' so that, when we conduct an analysis on a new
sample, we can rapidly compare its signature to all those in the
database. Additionally, if a threat pathogen is known, Los Alamos can
use our DNA analysis methods to detect a broad range of agent
properties that are important for understanding the attack and guiding
prophylaxis and treatment; including evidence of genetic manipulation
and antibiotic resistance. We can also differentiate strains of the
known threat agents and can, for some species, determine their original
geographic origin.
Biological Demonstration and Application Program. The forensic
technologies described above, as well as routine analytical techniques,
are being evaluated and standardized in the Biological Demonstration
and Application Program (BDAP). BDAP is a collaborative NNSA-sponsored
effort between Los Alamos, Livermore and the Northern Arizona
University. The BDAP will facilitate rapid transition of NNSA-developed
forensic technology into use by the public health, law enforcement and
intelligence communities.
Biological Toxin Detection. We have developed a prototype of a
simple, compact sensor system for detection of biological toxins,
viruses, and bacteria. The prototype has been sent to a customer for
use and evaluation. Our initial efforts have been focused on the
development of a single-channel, hand-held, battery operated instrument
for detection of cholera and ricin toxins within environmental samples.
This sensor approach offers high sensitivity and specificity,
simplicity of use, and rapid response time (5-10 minutes).
Chemical Detection. Los Alamos has also developed sensors for
detecting chemical threats. For instance, the Swept Frequency Acoustic
Interferometer (SFAI) can be used to determine the composition of
suspected chemical weapons without opening up the weapon or disturbing
it. These devices are hand-carried and have been tested extensively.
The technology is so sensitive that it can easily distinguish between
the contents of cans of Coke and Diet Coke .
Research is also moving forward employing fuel cell technology for
development of an inexpensive, small and highly sensitive chemical
agent vapor detector.
Nuclear and Radiological Countermeasures
As described earlier, the radiological and nuclear threat must be
dealt with in marked contrast to how the chemical and biological threat
is managed. For example, if you wait to detect the use of a
radiological or nuclear device, in most cases, it's too late. Instead,
what is critical in this area is making every effort possible to secure
materials at their source and ensure that terrorists cannot access
them.
Securing Materials at their Source
The DOE/NNSA Materials Protection, Control and Accounting (MPC&A)
program is the first line of defense against nuclear terrorism. With
the dissolution of the Soviet Union, NNSA/DOE estimates that Russia
inherited approximately 850 tons of highly enriched uranium (HEU) and
plutonium. Considering the International Atomic Energy Agency
definition of significant quantities, this is enough material to make
more than 50,000 nuclear explosive devices. MPC&A security upgrades are
complete for about \1/3\ of the fissile material identified as being at
risk of theft or diversion in Russia. Rapid progress is being made to
increase the security of the remaining materials, but completing the
effort will take several more years of intensive work.
Whereas in the past nonproliferation efforts were focused on
weapons-usable materials, today there is a recognition that other
radiological materials (used for industrial, medical and research
purposes) pose a threat in the form of radiological dispersal devices
(RDDs), or ``dirty bombs.'' Los Alamos is actively working with DOE/
NNSA and counterparts in Russia to develop strategies to secure
radiological sources that pose a threat in the form of a dirty bomb.
Thousands of radiological sources are used in the U.S. for
research, medical and industrial applications. The Nuclear Regulatory
Commission plans to strengthen control of the sources it licenses for
these uses. The DOE and its predecessor agencies originally produced
radiological--sources for a variety of defense and civilian
applications. These so-called ``orphan sources'' are being recovered by
Los Alamos and repackaged as transuranic waste. More than 3,000 sources
have been recovered to date. The pace of this recovery effort will
likely increase to cover the more than 5,000 sources remaining.Second
Line of Defense
The Second Line of Defense (SLD) program has the mission to detect
and recover any nuclear material that may slip through the first line
of defense described above. The program works to strengthen Russia's
overall capability to prevent the illegal transfer of nuclear
materials, equipment, and technology to would-be proliferators. The
immediate goal of the program is to equip Russia's most vulnerable
border sites with nuclear detection equipment. A future goal is to
establish a sustainable counter-nuclear smuggling capability in Russia.
SLD provides training programs for front-line inspectors, and purchases
detection equipment that can ``sniff'' out nuclear materials.
Protecting U.S. Borders, Bases and Cities
This area, in effect the third line of defense, strives to detect
radiological or nuclear materials at U.S. ports of entry. For several
federal agencies, including the U.S. Coast Guard and the U.S. Customs
Service, we are providing information on handheld radiation detectors
and isotope identifiers. We are providing advice on what instruments to
buy, and instructing operators in their use. Los Alamos is actively
involved in a maritime surveillance study that analyzes potential
vulnerabilities of commercial shipping.
Los Alamos is also playing a role in helping to protect U.S.
military bases. One example of this is a joint NNSA and Defense Threat
Reduction Agency effort. Its goal is to improve the Department of
Defense's ability to detect, identify, respond, and prevent
unconventional nuclear attacks by national, sub-national, or terrorist
entities. The project combines technology and resources from both
agencies to develop, deploy, test and demonstrate nuclear protection
systems and networks at four different U.S. military installations.
This effort is currently underway and involves Los Alamos and several
other NNSA and DOE laboratories. If successful, the systems will be
applicable to civilian urban areas.
Radiation Sensors and Detection Systems
Handheld Search Instruments. Handheld instruments are those that a
police officer, customs inspector, or similar official can use to
search for radioactive material on a person or in a suspicious package.
They can identify the isotope emitting the radiation--an enhancement
that allows a user to distinguish between benign radiation emitters
such as radiopharmaceuticals or smoke alarms, and the weapons-usable
material that we want to interdict. Los Alamos has developed a new
handheld instrument with a Palm TM interface that enables
users to distinguish between radiation sources within seconds. The Palm
TM unit can provide data about the nature of the nuclear
source at hand and the isotopes present. Los Alamos is exploring
commercial licensing and production for this handheld search
instrument. Earlier versions, the so-called GN (gamma-neutron) series
of handheld instruments have already been commercialized.
Package Monitor. The Laboratory has developed systems to detect
nuclear materials, particularly hard-to-detect ones such as uranium-
235, which might be missed by regular search instruments. An example of
this is a newly developed package monitor that detects nuclear material
in parcels via neutron interrogation. A prototype of the package
monitor is currently being field-tested at a U.S. Customs facility.
Portal Monitors. Portal monitors are specialized radiation sensors
in physical packages that are optimized for detecting radiation from
nuclear materials as a pedestrian or vehicle passes through a choke
point. Los Alamos is the DOE repository of portal-monitoring expertise
and has helped developed the technical standards for portal monitor
performance. LANL has placed portal monitors around the world in
support of the nuclear Second Line of Defense program as well as
domestic and international safeguards programs. Currently, LANL is
involved in the technical evaluation of portal monitors from all U.S.
vendors against the technical standards.
Active Interrogation of Cargo Containers. Los Alamos is working
with Idaho National Engineering and Environmental Laboratory and
commercial partner ARACOR to develop and test a system that actively
interrogates large cargo containers (air, sea, rail, and road) to
determine if there is any nuclear material present. The system, a large
U-shaped structure with a linear accelerator on one side and x-ray
detectors on the other, can be driven over a cargo container to produce
an x-ray image. The image shows neutron emissions, which are a
signature of nuclear material.
Long-Range Alpha Detector. The LRAD is potentially valuable for
sampling volumes of air or extensive surfaces where an alpha emitter
may have been dispersed, and thus might be used in response to
radiation-dispersal attacks. LRADs have been used for environmental
monitoring at places where dispersed uranium is a problem. An LRAD
implementation for radon monitoring has been commercialized by Eberline
and could be rapidly adapted to the contamination-monitoring role.
emergency preparedness and response
Los Alamos plays an important role within the area of nuclear
emergency response. The largest and the most well-known team in this
area is the DOE-managed NEST team. NEST was created in 1975 in response
to concerns over nuclear terrorism activity. Its effectiveness is due
to well-established interagency relationships including significant
Department of Defense and FBI collaboration. NEST is focused on
responding to a threatened act involving radiological or nuclear
materials or devices. Among the range of potential terrorist threats
involving weapons of mass destruction, the nuclear response
infrastructure and capabilities are the most mature and capable of
addressing the threat. NEST includes the capabilities to search for,
diagnose, and disable an improvised nuclear device.
NEST depends on a team of highly dedicated individuals at the
national laboratories and facilities throughout the DOE-complex who
volunteer their expertise to this program. Los Alamos' NEST and related
activities are funded at approximately $10 million in fiscal year 2002.
More than 100 Los Alamos scientists and engineers are involved in
various aspects of the NEST program. Nearly all are involved in other
parts of the Laboratory's research in nuclear weapons or threat
reduction. Many of the employees who work part-time on NEST are
involved with more than one team within the NEST program.
It is important to note that NEST is more than a group of
scientists who stand at the ready with pagers on their belts, waiting
to be contacted to respond to a crisis. NEST team members at the DOE
and NNSA laboratories, including Los Alamos, are involved in a wide
range of related activities including research and development into
diagnostic tools, disablement techniques, and computer simulations and
modeling; working with the intelligence and law enforcement communities
on the analysis of threats and the development of analytical tools;
training of employees from other government agencies in environments
that allow hands-on work with the actual nuclear materials that they
might encounter in the field; and providing subject-matter experts when
required. Los Alamos has the lead within NEST for development of
nuclear diagnostic tools to help determine the nature of the suspected
threat device and for maintenance of what is called the ``home team,''
a group of experts parallel to those that would be deployed in the
field who can provide analysis, advice and technical support.
Los Alamos is involved to varying degrees in all aspects of the
national NEST program. The activities of the national team, and Los
Alamos' role, are as follows.
Search Activities. Los Alamos is primarily involved in research and
evaluation of detectors used for search.
Joint Tactical Operations Team (JTOT). JTOT is a partnering of DOE
and DoD expertise that provides advice or direct assistance to render
safe a suspect malevolent employment of a nuclear device by terrorists
or others and to perform a nuclear safety assessment for the eventual
safe disposition of the device. Los Alamos plays a major role in the
JTOT mission and is involved in maintaining management oversight,
render-safe capability, diagnostics capability, emergency response
home-team capability, a watchbill (a group of experts who are on call
24 hours-a-day, seven days-a-week, year-round), communications support
and deployable equipment, and contingency planning.
Real Time Radiography. This system uses a portable source of x-rays
to look at a suspect object in real time, without moving or disturbing
the object. Using this technique, we can identify electronic components
within the object, yielding important data for action decisions. Just
as a dentist uses an x-ray to locate a cavity, we can use this system
to locate where to drill a suspect object, disrupting its electronics
and disabling other components. This system was adapted from
commercially available equipment and enhances what is available to most
emergency responder units.
Accident Response Group (ARG). ARG is responsible for dealing with
incidents involving a U.S. weapon, commonly referred to as a ``Broken
Arrow.'' Los Alamos has experts on the ARG roster that may be called
upon if their particular set of knowledge is necessary to deal with the
given situation.
Disposition. These assets support both the JTOT and the ARG team,
making decisions about the ultimate disassembly and disposition of a
device after it has been made safe to move and ship to a remote
location.
Consequence Management. Following an incident, this team is
involved in the immediate monitoring of any potential radiological
dispersal and in monitoring and forecasting that can advise responders
on issues of evacuation and treatment.
Attribution. This area involves drawing upon capabilities from the
U.S. weapons testing program to analyze samples and draw forensic
inferences about a threat device. In the case of a nuclear detonation
or seizure of a weapon (or precursor material) it will be necessary to
attribute quickly and accurately the material/item/incident to the
perpetrators through an understanding of the materials used, type of
device, yield produced or anticipated, the source of the technology and
the pathway(s) that lead to the event. This requires an integrated
national security program that draws on the broad based technical
expertise available in NNSA as well as key NNSA facilities and
analytical capabilities.
Radiological Assistance Program (RAP). Related to but separate from
NEST, DOE and Los Alamos maintain response plans and resources to
provide radiological assistance to other federal agencies; state local,
and tribal governments; and private groups requesting such assistance
in the event of a real or potential radiological emergency. The Los
Alamos RAP organization provides trained personnel and equipment to
evaluate, assess, advise, and assist in the mitigation of actual or
perceived radiological hazards or risks to workers, the public, and the
environment. This Los Alamos capability supports associated activities
throughout RAP Region Four: Kansas, Oklahoma, Texas, Arizona, and New
Mexico.
conclusion
Los Alamos is a national laboratory with a broad set of
capabilities in the area of homeland security and a long history of
serving the nation in this area. As President Bush stated in his June
6, 2002, address to the nation, ``In the war against terrorism,
America's vast science and technology base provides us with a key
advantage.'' Our capabilities will continue to be at the service of the
nation.
Mr. Greenwood. Thank you very much, Dr. Cobb.
Mr. Dacey for 5 minutes.
TESTIMONY OF ROBERT F. DACEY
Mr. Dacey. Mr. Chairman and members of the subcommittee,
I'm pleased to be here today to discuss the potential benefits
and the challenges in implementing the information analysis and
infrastructure protection division in the proposed Department
of Homeland Security. As you requested, I will briefly
summarize my written statement. As proposed by the President,
the division's functions would include (1) receiving and
analyzing law enforcement, intelligence, and other information
to detect and identify potential threats of terrorism to the
United States, (2) assessing the vulnerabilities of the key
resources and infrastructures and developing a comprehensive
national plan to secure them, and (3) taking necessary measures
to protect these resources in coordination with executive
agencies and in cooperation with State and local government
personnel, the private sector and other entities.
It is important to note, as has been said earlier today,
that nonFederal entities control most of our Nation's critical
infrastructures. The consolidation of these critical
infrastructure protection functions and organizations may, if
properly organized and implemented, lead over time to a more
efficient, effective and coordinated program. Combining related
efforts such as incidents reporting, warning, and analysis
could not only eliminate possibly duplicative efforts, but
might also result in stronger and more coordinated
capabilities. Other potential benefits include better control
of funding and the consolidation of points for Federal contact
in coordinating CIP activities.
Also, the division will face tremendous human capital,
information management and technology, and other challenges,
not the least of which will include integrating the diverse
communications and information systems in the programs and
agencies being brought together and securing the sensitive
information that these networks and systems will likely
process.
Further, through our past work, we have identified other
significant challenges for many of the aspects and the
functions that are to be transferred to the new Department. For
each of these challenges, significant improvements have been
made and numerous continuing efforts are in progress. However,
much more needs to be done to address them.
These challenges which face the new Department include No.
1, developing a national CIP strategy. A more complete strategy
is needed that addresses specific CIP roles and
responsibilities, both within the department and the many
agencies that will remain outside of the Department. Also the
strategy needs to clearly identify interim milestones and
objectives and set timeframes for achieving them, establish
performance measures and clarify how CIP entities will
coordinate their activities with each other. A national
strategy that covers both cyber and physical CIP is expected to
be issued within the next several months.
The second challenge is improving analysis and warning
capabilities. More robust analysis and warning capabilities are
still needed to identify threats and provide timely warnings.
Such capabilities need to include both cyber threats which has
been the historical focus of many of our national CIP efforts,
as well as physical threats. The third area is improving
information sharing on threats and vulnerabilities which needs
to be improved both within the Federal Government and between
the Federal Government and the private sector and State and
local governments.
The fourth and last area is addressing pervasive weaknesses
in Federal information security. One of the principle tenets of
PDD 63 was that the Federal Government would serve as a model
for information security. At this point, a comprehensive
strategy for information security is needed, again, in which
roles and responsibilities for Federal systems will be
delineated, appropriate guidance is given, regular monitoring
is undertaken, and security information and expertise are
shared to maximize its value. Resolving these significant
challenges will be critical to the success of the new
Department.
Mr. Chairman, that concludes my statement. I'd be happy to
answer any questions you or other members of the subcommittee
may have.
[The prepared statement of Robert F. Dacey appears at the
end of the hearing.]
Mr. Greenwood. Thank you, Mr. Dacey.
The Chair recognizes himself for 5 minutes and I'll address
the question first to you, Mr. Tritak. The last time you
testified before this subcommittee was last year in April. I
asked you to provide us with a worst-case scenario for a major
terrorist attack using computer systems on a critical
infrastructure, and we had a substantial discussion about those
threats. You indicated then that your primary mission was
awareness, essentially to work with the Federal civilian
agencies and private sector companies to make sure that they
were aware of the risks in planning for such terrorist attacks.
Well, since then we've unfortunately had catastrophic and
tragic terrorist attacks on the United States, albeit not
primarily computer-based. Can you tell us how your role has
changed and what you see it being or becoming in the new
Department of Homeland Security?
Mr. Tritak. Yes, I will, Mr. Chairman. First, obviously 9/
11, for many of us, was a shock and a surprise. We had--the
kinds of things we saw, were things that kept us up at night
for quite sometime.
In turning to the worst-case, I tend to try to avoid
characterizing it that way, but I think it is important because
it builds on some of the things you have heard in the opening
remarks, is that a terrorist is not going to limit himself to
one means of disruption, and in fact, one could envision--in
fact, if you will recall the article that came out in The
Washington Post recently, a combined cyber physical attack may
very well be contemplated by terrorists. If, God forbid, there
should be another attack of this sort using terribly
destructive physical means and then through cyber means
disrupting communications, emergency communications and the
like, that would create panic, but would also preclude our
emergency people from getting to where they need when they
needed to get there.
I think where I view the role moving in this new
organization is that the need to engage industry much more so
even than we were able to before, but quite frankly before 9/
11, while people intellectually accepted the challenges, it
seemed so farfetched. Now nothing seems other-worldly anymore.
We need to figure out exactly how far they can go in dealing
with this on a voluntary basis under--by incentivizing market
forces as much as possible.
Recognizing that we may have to bring in other measures to
make--bridge the gap between where the business case can go and
what homeland security demands. I think it requires
collaboration, because what we want is we want to have an
economy that remains robust and effective. We don't want to
throw a bone to bin Laden in this regard.
I think what we're seeing though, since 9/11 is I've been
hearing from companies. They want to do the right thing. One
great benefit of the new Department is I think there's going to
be a clear message about what is needed. There's going to be
maybe not one voice, but one message as to what needs to be
done, and we're going to--I like to think that the work I do
now is complementary to those things being done at other
organizations, but I'm not going to kid you. There will be some
overlap, and where efficiencies can be gained and an effective
approach by industry will not be obtained by consolidating some
of these networks.
Mr. Greenwood. Thank you. Let me address the question to
you, Mr. McDonnell. The NISAC, when fully staffed and
operational, is intended to serve as a premiere operation for
conducting complex interdependency analyses of the Nation's
critical infrastructures, many of which are privately owned.
How will these analyses be done, and would you be relying on
data and modeling generated primarily from the DOE? And last,
will you be working with the private sector infrastructures to
jointly model the interdependencies? And following that, who
can and will be the primary clients for these new capabilities?
Mr. McDonnell. Sir, I can address the programmatic
oversight of that; and they may choose to jump in here as well,
addressing the technical aspects. It is a vision that NISAC
will sort of use all source data which will use information
from the industry, from different levels of government, and use
different community capabilities throughout universities that
are in collaboration with the national agencies.
The development of a collaborative effort that is geared on
sharing information is the common understanding of the
provision. As Dr. Cobb mentioned, there is utilization of
simulation capabilities that were designed for different
functions some years ago. The Argonne National Laboratory has
this dependence capability that's also being put into that.
The envisioned principal customer prior to the announcement
of the homeland security is the national government, the
Federal Government, in a national program and that the
priorities for the requirements for NISAC will be driven based
on the collaborative process where private industry can come
in, academia could go through the laboratory complex or through
the member universities working at the laboratories and the
laboratories can come in with science-based proposals to push
the technology forward. Those requirements, those initial
requests would be vetted in the emergency process.
It's already been established this is an interdependency
community. That community then kicks into the Executive Office
of the President for a decision, and it will now move to the
Department of Homeland Security to establish what the
requirements, the priorities are going to be for the NISAC for
the fiscal year. That way the States, academia, pretty much
anyone who has an interest in this will have an opportunity to
get their concerns on the table.
That will be made in a collaborative effort. There won't be
one agency that will be saying ``this is mine.'' it truly will
be a national team effort to determine what should be done and
how it should be done. The deliverables will be to myself as an
emergency response planner to be able to take this data back
from NISAC instead of waiting for disaster. I would sit down
with other agencies and say let's game this out, let's model an
infrastructure with, for example, a terrorist attack on a
region with the intent of the destruction of the economy, as
opposed to a specific site, and think through where the
vulnerabilities are, what actions we want to make, make sure
you've thought through these things.
Mr. Greenwood. Let me interrupt you there. In your opening
statement, your testimony, you indicated that knowing where the
greatest nodes of vulnerability are is a difficult thing to
accomplish and you've set about to do that. What occurred to me
when you said that was, well, if you don't--if it's difficult
for you to know right now, it's probably pretty darn difficult
for the bad guys to know right now. It's going to be very
difficult for them to assemble the information that you're
going to be able to assemble. So when you complete your job
you'll know something that the other guys don't know. They'll
want to know very much, and you'll be sitting on some pretty
critical information.
What can you tell me--it's your sort of putting a genie in
the bottle here--whatever the right words are--but you're going
to create some information that doesn't exist. You're going to
identify some vulnerabilities. By the very act of identifying
those vulnerabilities you're going to create a vulnerability in
the publication of information that's very dangerous. Can you
tell me a little bit about how much thought has gone into how
to protect that information?
Mr. McDonnell. Yes. It's sort of a two-part question.
First, I would submit to you that there probably are people
overseas looking at our infrastructure with the intent of doing
what I was discussing. Our military and our strategic planning
has done that as part of our national war planning computers.
So it's not so much that we're starting something new in
looking at our infrastructure as an effort to attack the United
States, it's getting the collaborative team of industry, State
and Federal folks doing it together.
The second part of the question is the protection of the
infrastructure. As Dr. Cobb mentioned, part of the reason for
the national laboratories wanting control and development of
this information is they have for years done this and have the
protocols in place to ensure that this information is
protected. The Defense Department has been a partner in
discussions on how we protect the community. The actual
controlling and protecting the information has to be done as
national security information, classified appropriate as
national security information and protected.
Mr. Greenwood. My time has expired.
The Chair recognizes the gentleman from Florida.
Mr. Deutsch. Mr. Dacey, in your testimony you detail the
shortcomings of Federal agencies regarding the implementation
of Presidential Directive 63 some 4 years after the
Presidential Directive speech. My question is very simple: What
does it take for agencies to take these Presidential Directives
seriously?
Mr. Dacey. As you pointed out, we did comment on some of
the shortcomings in the implementation of PD 63. In that
particular case, it had to do with Federal agencies. I think we
have for quite a number of years indicated there are
significant challenges in getting Federal agencies to
adequately secure their systems, not just with respect to CIP
but the broader issues we bring out in our testimony later on.
I think there are a variety of issues that need to be
considered, and I think some are being considered currently
under legislation that would extend the existing GISRA
requirements. That would be a requirement for regular reporting
performance measurement by the agencies as well as independent
analysis by the inspector reports going forward to OMB and to
the Congress.
Part of that process and structure would really require
regular oversight, too, by agencies as well as by Congress to
ensure that actions are taking place. There have been a number
of improvements, but there are substantial challenges that go
forward.
I think, given initial implementation, GISRA, which we
testified on earlier this year, it's clear agency heads are now
starting to become aware of it and actions are taking place,
but we're not close to having a secure system in the Federal
Government.
Mr. Deutsch. Has Congress provided the resources?
Mr. Dacey. One of the challenges that agencies offered to
us was one of having adequate technical resources to do the
work. I know that in the fiscal year 2003 budget there is a
substantial increase in computer security requested budget
funding to help fund some of those requirements. So I think
that will go a long way toward providing some of those
resources. Whether that's enough or not I can't say. Because
one of our criticisms at the time was this is the first time in
the GISRA reporting that agencies really tried to assess what
their actual costs were, and OMB came out in their report and
indicated they didn't find a correlation between the amounts
expended and the security of those systems.
So I think it's going to take a little bit of time so that
we have systems that measure those benefits of those costs to
see if we're spending money appropriately and what additional
funding will be necessary, if any.
Mr. Deutsch. Have the agencies whose operations have been
transferred to the new Department successfully implemented the
Presidential Directive?
Mr. Dacey. A lot of the efforts have been at the agency
level. I'm not sure of the specific components, most of which
are subcomponents of the larger agencies, how they fit
specifically into that process. I can get back to you if we
have any information. I'm just not sure we do at this point----
Mr. Deutsch. If you can, I would appreciate it.
[The information referred to follows:]
As we stated in our written testimony, both GAO and the
inspectors general have issued reports highlighting concerns
about PDD 63 implementation in federal agencies, such as
development of critical infrastructure protection plans,
identification of mission-essential infrastructure assets, and
performance of vulnerability assessments and preparation of
related remediation plans. PDD 63 required agencies to appoint
a critical infrastructure assurance officer and specified
reporting at the agency level. Consequently, we do not have
information at the agency subcomponent level that would
correspond to almost all of the functions proposed to be
transferred to the new Department of Homeland Security.
Mr. Deutsch. Would the transfers to the new Department make
it more or less likely that PD 63 will be implemented promptly?
Mr. Dacey. I think there are certainly some tremendous
benefits in putting into one central place some of these
functions that are directly related to critical infrastructure
protection. The main focus of the Department is really in terms
of gathering a lot of information and trying to assess what is
the nature of threats and what is the nature of vulnerabilities
in our current critical infrastructure, and to begin
identifying them and coming up with a national strategy.
So there are a lot of tasks there. So that will lead to
some improvements in the coordination of some of the functions
that are currently carried out by the separate entities, as we
pointed out in our testimony.
The key part of it is, though, there are a significant
number of entities outside of the new Department that are
involved in CIP, particularly cyber CIP. It's going to be
important, as we point out in the testimony, that these
functions be appropriately coordinated, whether it be by the
Critical Infrastructure Protection Board or otherwise. We're
looking forward to a strategic plan that would include some
discussion of how those entities will work together.
We're talking in terms of entities working together in CIP,
cyber CIP and those need to be coordinated with the ones that
are being transferred to the new department.
Mr. Deutsch. Has the Critical Infrastructure Assurance
Office assigned tasks adequately?
Mr. Dacey. In terms of that, we have not done an analysis
of the functions being performed by the Critical Infrastructure
Assurance Office. We have been aware that they have been doing
outreach. Certainly that's one of their functions.
Second, in terms of the national strategy, we understand
we're about to see that. We're waiting and have made comments
on the types of information that we would expect to be in the
national strategy. I understand it will be issued in the some
time in the next few months, probably September.
The other area is in the project matrix, certainly they've
been making significant efforts to work with the Federal
Government. In fact, OMB has now required other agencies to
undergo a project matrix which is really to see what are the
critical assets that exist in these agencies and what are the
critical infrastructure that they rely on and how do we protect
them. I think that's an important project because I think some
of the initial plans and programs submitted under PDD 63 which
have been criticized didn't really get about fully identifying
what those critical assets are in trying to determine what
needs to be done to protect them. So I think project matrix, if
it continues to be properly implemented, will be an important
program to try to get at some of the initial objectives of PDD
63.
Mr. Deutsch. If we were to move the Critical Infrastructure
Assurance Office to the new Department, would the performance--
would you predict the performance would be better at that
point?
Mr. Dacey. I think some of the issues that we pointed out.
They do have some similar types of activities to some of the
other entities being sent over. There's a lot of outreach going
on by the Critical Infrastructure Assurance Office. Similarly,
the NIPC is doing outreach through InfraGuard and other
programs to the private sector and State and local governments.
To some extent those activities, not that they're not
coordinated now, but certainly bringing those together could
provide an opportunity to consolidate the outreach efforts as
well as to consolidate the points of contact in the Federal
Government. As we said earlier, I think it helps to have some
place where everybody knows here's where we need to call to
deal with these issues. I think that's an important point.
The other areas have to do with identifying critical
assets. As I said the project matrix, the NIPC, has had a key
asset initiative under way to try to identify key critical
infrastructure assets. I think those two programs could be
better coordinated under one program. I assume some of these
would be combined in this new Department into one or a few
programs versus the many that now exist.
Mr. Whitfield [presiding]. Mr. Tritak, since that is one of
your areas of responsibility, would you like to comment on Mr.
Dacey's remarks?
Mr. Tritak. I actually agree with everything he's just
said. CIAO is a creation of the 1998 governmental organization.
We operate on a fairly modest budget. I would like to think we
made some headway in terms of reaching out to industry and the
project matrix program which was an attempt and is an attempt
to focus efforts--if you have scarce resources and you have to
allocate them, be sure you allocate them against those
functions which we can't afford to lose even for brief periods
of time.
I also agree with Mr. Dacey by creating this new Department
we can make better use of not only the assets of CIAO but also
the other agencies brought in under it. When you hear the word
``outreach,'' there's a tendency to think of one model
approach. There are different parts of audiences we're trying
to reach. We spend much of our time trying to focus on
corporate leadership. They're the ones that make the investment
choices, and they set the policy. Once you get that kind of
buy-in, the other is information sharing across agencies. Lots
of the good work that's been done by NIPC and others is
engaging in that level. So I think, however, when we--they're
able to leverage this out much more effectively now.
Bob Dacey and I talk at least once a week, but it's easier
if I'm turning around a corner and talking to him.
Mr. Whitfield. Thank you very much.
There's been a lot of discussion about the public-private
partnership. I would like to make a couple of comments, then
ask each of you to comment on it, if you would.
There's been some argument made that building this public-
private partnership is too much carrot and not enough stick and
that a much more regulatory approach is needed. I'd like to
know what your view is on that. Do you believe efforts to
regulate security across these private sectors is warranted or
even remotely likely to be effective?
Mr. Tritak. The policy of both the past administration and
this is to try and encourage, incentivize the market and to
look to owners and operators to manage this risk in an
effective manner. Clearly, we haven't begun I think to explore
all the ways in which that can be done; and we think
information sharing is one piece that can actually produce good
results. In order for these modeling simulations to work, there
has to be a collaboration between the owners and operators. By
doing that, it creates all forms of possibilities in terms of
work. So I think that it can work.
I think that, more importantly, if we want this homeland
security function to work properly we have to create a
proposition in the mission statement that calls for
collaboration and partnering. I think, as I indicated before,
it's going to take some adjustment of government and industry.
Both have to realize we're in a different ball game here. It's
not just industry. It's on our side. They shouldn't just wait
for government to come to tell them what needs to be done.
Mr. Whitfield. Mr. McDonnell.
Mr. McDonnell. First off, I wouldn't believe at this point
that we have determined that regulation is warranted. There has
been a lot of discussion about regulating security, but I've
had teams go out with 25 key energy assets since the first of
January and, in general, I truly believe that security managers
and the executives out there are trying to do the right thing.
They're looking to us for our leadership, to provide them the
information they need to do the right thing. That is going to
take a lot of work. That's the outreach efforts that I do think
are complementary, where John's staff and mine tend to bump
into each other and step on each other a little bit. It's a
good, positive tension. We're working extremely hard to work
with industry to give them the information they need to make
intelligent decisions.
I do not think that security should be regulated because I
believe that we need to protect security information as
national security information. We need to protect
vulnerabilities from public disclosure. As we start regulating
those then the nature of the information stops being a
collaborative effort to protect the asset itself and starts
being an effort to formulate a requirement of the Federal
Government which then requires some level of disclosure.
When the industry operators--when I send a team to the
vulnerability sector, they know they're not going to see that
information turn around back to them as regulation, as an
increased burden that they have to deal with. They can share
that information among staff and with the national laboratory
folks that we that do these assessments and get real, honest
observations and advice without worrying about having have us
come back.
That being said, if as we go forward with vulnerability
assessments--let me back up real quickly. We've developed with
industry voluntary security guidelines that have just been
published with all of the energy sector. If we go forward with
our vulnerability sectors and industry is not taking care of
the assets, then maybe we need to revisit what regulation is
required. At this point, we don't have any justification.
Mr. Whitfield. Dr. Varnado.
Mr. Varnado. I believe we're going to have sell industry a
business case for why they should invest. Right now, we don't
have tools to show them what are the consequences. So one of
the things that NISAC is trying to do is to present to industry
a cost-benefit program saying, if you protect against this
particular threat, you will avoid this kind of consequence. But
until this point we haven't really had a way to show them what
the results will be of all of that. So one of the thrusts of
our work is to do the economic modeling, and that's going on
reasonably well at this point. At some point we'll be able to
say to industry, this is your risk problem to manage.
Industry is excellent in managing risk. That's what they
do. But they need the tools to understand how to understand the
risk. So at some point we will understand that. We will talk
like insurance salesmen at that point. The government down the
road will say, the risk that the industry is willing to accept
is not acceptable to us. I think we need to work this business
case risk management problem first and see how the industry
responds.
Mr. Whitfield. Dr. Cobb.
Mr. Cobb. Just a short comment.
I think in the balance between regulation and trying to
move forward jointly there's a premium, at least from our
perspective, on trust building; and trust building is somewhat
difficult if it's totally governed by rule.
I think--as Mr. McDonnell said, I think our experience in
protecting proprietary and very sensitive information from
major sectors of the American industry, for example, which is
privately run, transportation information that affects a local
urban area and so forth, that we have the experience--I know at
Sandia and Los Alamos we have the experience of protecting this
kind of vulnerability in securing information and working with
the people who have those responsibilities to do the protection
to their benefit. I would hope you would be able to maintain
that.
Mr. Whitfield. Mr. Dacey.
Mr. Dacey. In terms of this area, we certainly have
provided a lot of commentary in this testimony and the prior
reports in determining some of the challenges that are faced by
implementing the PDD 63. At the same time, I think it's been
said already, that we're dealing with a little different
situation.
I think what we're looking at here is a need to have a
relatively free flow of information taking place between
private sector local government and the Federal Government and
not so much in terms of periodic reports and things of that
nature but regular free flow of information in both directions,
both from those entities to the government and back. I think
that makes it a little bit different of a dynamic in terms of
the cooperation.
We have done studies on information sharing and have
pointed out a number of the key areas that are important to
that process. At the same time, I think there are some things
that maybe not have been explored as thoroughly as possible in
terms of providing appropriate incentives for industry and the
State and local governments to deal with it. For example, when
we did our report information sharing and other prior work,
it's been consistently pointed out that there are concerns with
both FOIA, antitrust and civil liabilities issues with respect
to the willingness of some of those entities to provide
information voluntarily to the Federal Government.
We also point out that, in terms of Y2K, we had similar
concerns that were expressed in sharing information, very
sensitive information, often times and now we're getting into
some incident information too, specific breakins and attacks
that have occurred that are fairly proprietary. Trying to get
that kind of information, we may need consider some of these
types of things--I know there's current draft legislation out
on that issue exactly and some provisions certainly in the bill
with respect to FOIA.
In terms of other areas, there have been some bright spots.
I think it's been consistently shown where we had a long-term
relationship, and we pointed this out last April, with the
electric power industry, the success of those efforts have been
much greater than the other ISACs because the Federal
Government has had a long-standing relationship with that
industry. There is more a degree of trust that exists between
them, as we pointed out. That could perhaps be a model. I'm not
sure we're there in the other ISACs to quite to that level as
we are with the electric power industry.
Second, certain sectors--I believe it was the American
Chemical Council is now requiring their members to undergo
vulnerability assessments as a condition for membership in that
organization. So there are some efforts taking place.
The real question is, can the government get the
information it needs on a voluntary basis? We haven't done a
thorough analysis to assess that. But other witnesses can
provide some insights about whether or not they are willing to
provide this information.
Again, it has to do with an incident that might signal an
attack or scanning activity that might indicate that someone is
trying to get some information. We know there's been activity
in scanning and that area. So it's that vulnerability analysis.
So I think there are a lot of things that need to be explored.
The question for the Congress and the new Department is whether
or not those have been adequately explored to make a change in
the current direction.
Mr. Whitfield. Well, thank you for your comments.
I'll recognize the gentleman from Michigan, Mr. Stupak.
Mr. Stupak. Thank you.
Let me pick up where the Chair has just left off. Mr.
Dacey, in your testimony, though, you conclude that--I'm
quoting--the new Department will face tremendous information
management and technology challenges, not the least of which
will be integrating the diverse communications and information
systems of the programs and agencies that need to be brought
together.
So if we have this tremendous challenge in trying to adjust
management information and the information you get from other
Federal agencies and private sector, there have been
experiences you can point to within the Federal Government
where there've been integrated Federal programs that suggest
that this can't even be accomplished. Are other departments and
agencies willing to give up their turf or their information, if
you will?
Mr. Dacey. I think one of the critical elements, success
factors, if you will, of the new Department is to make sure all
the relevant information is getting focused in this new sector.
We now have a fairly active process taking place currently at
NIPC in coordination with a lot of other entities, some of
which will be transferred to the new Department in trying to
deal real time with some these issues, trying to identify some
of the concerns that exist out there. I think it's going to be
important to try to deal with that.
I think that's an issue that's going to have to be faced,
regardless of the movement of this new Department. I think we
really need to have a comprehensive way to bring this
information together to properly analyze and see what the
issues are. As we pointed out in numerous reports after
September 11, the government had a lot of information relative
to the attack. We need to figure out how to get that
information together. I think that's going to be a challenge
again, regardless of what gets moved to the new Department. The
Federal Government needs to look at ways to get that
information together.
In terms of successes in putting together similar types of
information, I'd have to get back to you on that and see if we
have any examples that we can provide.
[The information referred to follows:]
The size of the integration of communication and
information systems for the proposed Department of Homeland
Security is unprecedented in the federal government. Although
the federal government has made improvements in its IT
management, our work shows that agencies continue to face
challenges in (1) information technology investment selection
and management control processes, (2) enterprise architecture,
(3) software development, cost estimating, and systems
acquisition practices, (4) effective chief information officer
leadership and organizations, and (5) information security. The
department will need to overcome challenges such as these to
develop effective systems. We understand that the
administration is working on the development of an enterprise
architecture for the new department. An effective enterprise
architecture is a key element of an such effort.
Mr. Stupak. It seems to me if you have face-to-face contact
with these departments and agencies and discuss it--because I
can't think of--I've been here 10 years now. I remember going
all the Y2K hearings. None of the computers seem to be
compatible with the Federal Government. Every time you spent
a--whether it's HHS, it doesn't work with this one, doesn't
work with this, we have to start all over again.
I think most of this information is stored within the
computers. The computer systems aren't compatible. What happens
to cyber security when these software programs are learning to
talk with each other? GAO even said that there's pervasive
weakness in the Federal information security. How do we
accomplish that with this new Department when the computers
won't talk to each other and cyber security is still a real
threat out there?
Mr. Dacey. I think the cyber security issue needs to be
dealt with. What we talk about in our testimony and what we
understand is currently under way is to look at standardized
enterprise architecture for the new systems and the new
Department. I think that's going to be critical. Otherwise, you
will end up with stovepipe systems that won't talk to each
other. You need a model. Here is where we are now, and here's
where we want to be in the future. I think that's critical that
be done as part of the process.
Mr. Stupak. How long do you think it will take to us get
there?
Mr. Dacey. I don't know how long it will take. Certainly
there have been challenges for the Federal Government in
developing enterprise architecture in other settings, as we
point out in your testimony as well.
Mr. Stupak. None of them have worked.
Mr. Dacey. I wouldn't say none, but certainly we have lots
of examples.
Mr. Stupak. Can you tell me of one that worked?
Mr. Dacey. I'll get back to you on that.
[The information referred to follows:]
Federal agencies are at different stages of maturity in
their development and use of enterprise architectures, with
most agencies now establishing the management foundation needed
to successfully develop and use them. But few agencies have
actually developed and are currently using them. The Customs
Service and the Internal Revenue Service, both within the
Department of Treasury, are examples of agencies that have and
are using enterprise architecture.
Mr. Stupak. I'm not making a point. I just sat through so
many of these hearings. It seems like nothing had compatibility
and doesn't seem to work so well.
You know, in your testimony you do speak a lot of the need
to share information on the principle of vulnerabilities,
including the private sector. There's been an interesting
discussion going on there, but what really are the barriers to
the sharing of sensitive information with private firms that
may clearly have a need to know that the information comes from
a law enforcement office, classified intelligence information?
I mean, what are the barriers we're facing here?
Mr. Dacey. Well, certainly one of the challenges which we
pointed out last April in our report is the need to try to
sanitize the information to protect from an intelligence
standpoint sources and methods, from a law enforcement
standpoint information that would be critical for potential
prosecution. The key area there, it just takes a little time. I
think we have seen evidence that those processes have worked.
In looking at NIPC and some of the examples they could
provide initially, there was a lot of information that was
withheld pending trying to figure out what is the law
enforcement value and protecting that. I think they've worked
out mechanisms now to better allow them to disseminate the
information and still have the law enforcement process ongoing.
So I think there are definitely challenges. I think they can be
accommodated.
One of the other issues that's currently taking place is
getting security clearances for certain people so more secure
information can be shared with those people who do have
clearances.
Mr. Stupak. It would seem that--not only trying to figure
out if there's a law enforcement angle to the information, it
seemed like there was more of a turf war. We don't trust this
with this information and this is our information and it's not
going further or second guessing of the person who wrote the
memos, wherever they may be. So I don't think it's all just
computer-related problems or security-related problems but
really leadership problems in trying to trust the information
we have and not be afraid to share it with someone else who may
get credit before. Having spent quite a bit of time in law
enforcement, I certainly witnessed firsthand many times how
that happens.
What can we do--I know I'm over, Mr. Chairman, but let me
ask this question--what can we do about the problem some people
would say crying wolf with too much unspecific information
regarding a possible terrorist attack or threat that is
released to the public? How do we deal with that?
Mr. Dacey. That is a challenge.
One of the issues that we raised in our report last year
was to make sure that we aren't too extensive in the number of
reports that go out for that very reason. I think those that--
we've gotten a lot of more sensitive certainly since September
11. There have been a lot of issues that have been out there,
if you follow the NIPC. But a lot of the other sites, a lot
more activity seems to be taking place right now in
identification of potential threats that need to be
communicated. I think there will be a continuing challenge.
With respect to your other comment in terms of sharing, I
think one of the issues that NIPC set up is a model--Ron Dick
had indicated the critical success factor in his mind was
really representation from the different sectors that
contribute information. He has folks there from the CIA, from
NSA, and from DOD intelligence agencies that are serving very
key roles in the staff at NIPC. In fact, we criticize that in
our April report. Since then, actually, I've--they've had
consistent representation.
So I think one of the keys is really to make sure we have a
really multi-agency representation and capability. Otherwise,
you're going to certainly have the potential for people not
willing to share. If we have people there that are part of
those organizations, hopefully they can help facilitate better
communications.
Mr. Whitfield. The gentleman's time has expired.
I want to thank those members of Panel 3 for their
testimony today. We appreciate your being here. Unless there's
additional questions, we will dismiss this panel.
The Chair calls forward Panel 4. The Chair welcomes those
of you on Panel 4. We appreciate you being here today. We look
forward to your testimony.
We have as witnesses today: Mr. William Smith, Executive
Vice President, Network Operations, BellSouth; Mr. Guy
Copeland, Vice President, Federal Sector, Computer Sciences
Corporation. We have Ms. Lynn Costantini, Director of Online
Services at the North American Electric Reliability Council. We
have Mr. John Sullivan, President and Chief Engineer of the
Boston Water and Sewer Commission. We have Mr. Kenneth Watson,
who's the President of the Partnership for Critical
Infrastructure Security at Cisco Systems. We have Mr. David
Sobel, who's General Counsel of the Electronic Privacy
Information Center; and we have Mr. Jeremiah Baumann,
Environmental Health Advocate with the U.S. Public Interest
Research Group.
You are aware that the committee is holding an
investigative hearing and when doing so has had the practice of
taking testimony under oath. Do you have any objection to
testifying under oath today?
The Chair advises you under the rules of the House and the
committee you are entitled to be advised by counsel. Do you
desire to be advised by counsel during your testimony today?
In that case, if you would please rise and raise your right
hand, I will swear you in.
[Witnesses sworn.]
Mr. Whitfield. You are now under oath, and you may proceed
with your 5-minute summary of your written statement.
Mr. Smith, the Chair will recognize you to start.
TESTIMONY OF WILLIAM SMITH, EXECUTIVE VICE PRESIDENT, NETWORK
OPERATIONS, BELLSOUTH; GUY COPELAND, VICE PRESIDENT,
INFORMATION INFRASTRUCTURE ADVISORY PROGRAMS, FEDERAL SECTOR,
COMPUTER SCIENCES CORPORATION; LYNN P. COSTANTINI, DIRECTOR--
ONLINE SERVICES, NORTH AMERICAN ELECTRIC RELIABILITY COUNCIL;
JOHN P. SULLIVAN, JR., PRESIDENT AND CHIEF ENGINEER, BOSTON
WATER AND SEWER COMMISSION; KENNETH C. WATSON, PRESIDENT,
PARTNERSHIP FOR CRITICAL INFRASTRUCTURE SECURITY, CISCO
SYSTEMS, INC.; JEREMIAH D. BAUMANN, ENVIRONMENTAL HEALTH
ADVOCATE, U.S. PUBLIC INTEREST RESEARCH GROUP; AND DAVID L.
SOBEL, GENERAL COUNSEL, ELECTRONIC PRIVACY INFORMATION CENTER
Mr. Smith. Mr. Chairman and members of the subcommittee,
good afternoon. My name is Bill Smith. I'm Chief Technology
Officer for BellSouth Corporation. I appreciate the opportunity
to be here with you today to discuss a vital national security
issue and that is information sharing between government and
the private sector and the role of the proposed Department of
Homeland Security.
As a major telecommunications network operator, the
challenge we face is reliability, security, and robustness of
the critical national and international infrastructures.
Furthermore, we need a comprehensive strategy that's flexible
enough to prepare for and respond to an evolving spectrum of
threats. Such a strategy should both increase the protection of
vital industry assets and ensure public safety.
The cause of the increased reliance and interdependency and
the potential for infrastructure disruption may come from
multiple sources, including rapid growth, regulation,
deregulation, terrorism, natural disturbances such as
hurricanes and earthquakes. Telecommunications systems
constitute a fundamental infrastructure of modern society, and
a successful terrorist attempt to disrupt them could have
devastating effects on national security, the economy and every
citizen's life.
It is clear to all that the telecommunications industry is
facing some of the greatest challenges in our economy today.
There is fierce competition and eroding market shares
compromising the environment in which we operate.
Despite these challenges, BellSouth continues to support
numerous infrastructure protection initiatives formed pursuant
to PDD 63, but like others in our industry we find that there
are many duplicative efforts under way, all competing for the
same scarce resources. In the wake of the September 11
terrorist attacks, our industry as well as those supporting
other infrastructures has seen dramatic increases in the number
of requests to participate in these efforts.
In addition, we've received numerous requests for sensitive
information such as lists of critical facilities and Federal,
State and local authorities. From the perspective of a
corporation such as BellSouth these requests are troubling,
because if such a list were released publicly, whether through
accidental disclosure, it would provide terrorists with
essentially a road map directing them to our most critical
locations. Therefore, we would support efforts of the
Department of Homeland Security to, among other things, serve
as a focal point to coordinate these efforts and to allow us to
make best use of our expertise and resources such as the
National Coordinating Center, or NCC, for Telecommunications.
I have included a number of our concerns in the written
testimony. However, with FOIA our concerns are largest. With
respect to FOIA, many companies are hesitant to voluntarily
share information with the government because of the possible
release of this information to the public.
BellSouth currently shares cyber-related institutions
information with the Telecom Sharing and Analysis Center or the
telecom ISAC located in NC. However, whatever the cause of the
concerns, information sharing is done on a limited basis within
entrusted circles and strictly within a fashion that will
eliminate any liability of harm from FOIA requests from
BellSouth.
This is not to say that ISACs do not provide value.
BellSouth and the other ISAC participants have benefited from
the advanced warning of viruses. Our first notification of the
Nimba worm enabled us to successfully defend our networks. In
turn, BellSouth was the first company notified in telephone
ISACs the problems associated with simple network management
protocol.
Eventually, all the Nation's critical infrastructures will
have ISACs, and their level of success will depend on several
factors. First, information must be shared voluntarily in a
trusted form. PDD 63 and the national plan clearly say that
critical infrastructure protection must be in a public-private
partnership. Legislating information sharing will not foster
the type of cooperation that's needed to address these critical
issues.
Second but of equal concern is the need to improve
information sharing within and amongst government agencies.
In closing, I would like to reaffirm BellSouth's commitment
to protecting our Nation's critical infrastructure. Thank you
for the opportunity to appear here today. I look forward to
answering any questions you may have.
[The prepared statement of William Smith follows:]
Prepared Statement of Bill Smith, Chief Technology Officer, BellSouth
Corporation
Mr. Chairman and Members of the Subcommittee. [Good morning/
afternoon.] My name is Bill Smith and I am Chief Technology Officer for
BellSouth Corporation. I appreciate the opportunity to appear before
you today to discuss a vital national security issue--information
sharing between the government and the private sector and the role of
the proposed Department of Homeland Security.
Virtually every crucial economic and social function in our society
depends on the secure and reliable operation of infrastructures.
Indeed, they have enabled our country to achieve levels of productivity
and a standard of living that is the benchmark for the rest of the
world. However, these benefits have come at the cost of increased
complexity, interdependency and risk. Critical infrastructures such as
energy, banking and finance and transportation depend on the robustness
of our telecommunications networks, while the explosive growth of the
Internet's ability to interconnect computer networks, and our digital
economy have increased the demand for reliable and disturbance-free
communications.
As a major telecommunications network operator, the challenge we
face is maintaining the reliability, security and robustness of
critical national and international infrastructures. And, we need a
comprehensive strategy flexible enough to prepare for, and respond to,
an evolving spectrum of threats. Such a strategy should both increase
protection of vital industry assets and ensure public safety.
Because of increased reliance and interdependency, the potential
for infrastructure disruption may come from multiple sources, including
system complexity, rapid growth, regulation, deregulation, terrorism,
and natural disturbances such as hurricanes and earthquakes.
Telecommunications systems constitute a fundamental infrastructure of
modern society, and a successful terrorist attempt to disrupt them
could have devastating effects on national security, the economy, and
every citizen's life. At BellSouth, we continue to improve the security
of our telecommunications systems, but our widely dispersed physical
assets, unfortunately, can never be defended absolutely against a
determined attack.
It is clear to all that the telecommunications industry is facing
some of the greatest challenges in our economy today. Fierce
competition, eroding market shares and tenuous market conditions
compromise the environment in which we operate.
Despite these challenges, BellSouth continues to support the
numerous infrastructure protection initiatives formed pursuant to
Presidential Decision Directive 63 (PDD 63), but like others in our
industry, find that there are many duplicative efforts underway, all
competing for the same scarce resources.
In the wake of the September 11th terrorist attacks, our industry,
as well as those supporting other infrastructures, have seen dramatic
increases in the number of requests to participate in these efforts. In
addition, we have received numerous requests for sensitive
information--such as lists of critical facilities--from federal, state
and local authorities. From the perspective of a corporation such as
BellSouth, these requests are troubling because if such a list were
released publicly, whether through a FOIA request or through accidental
disclosure, it could provide terrorists with a road map directing them
to our most critical locations.
Therefore, we would support efforts of a Department of Homeland
Security to, among things, serve as a focal point to coordinate these
efforts, and allow us to make the best use of our expertise and
resources such as in the National Coordinating Center (NCC) for
Telecommunications.
In the current environment, we have the following concerns about
information sharing:
liability under the Freedom of Information Act
third-party liability (e.g., sharing suspected problems about
a piece of equipment before thoroughly tested and verified)
the lack of a defined antitrust exemption for appropriate
information sharing concerning infrastructure vulnerabilities
possible disclosure of information under state sunshine laws
disclosure of sensitive corporate information to competitors
declassification of threat/intelligence information to a level
that can be acted upon by company personnel and,
the natural inclination of law enforcement, DoD, and
intelligence agencies to dissuade the sharing of information
related to criminal investigations.
With respect to FOIA, many companies are hesitant to voluntarily
share sensitive information with the government because of the possible
release of this information to the public. BellSouth currently shares
cyber-related intrusion information with the Telecom Information
Sharing and Analysis Center--the Telecom ISAC--located within the NCC.
However, because of the concerns just noted, the information sharing is
done on a limited basis, within trusted circles, and strictly within a
fashion that will eliminate any liability or harm from FOIA requests
for BellSouth information. This is neither maximally efficient nor
effective.
This is not to say that the ISACs do not provide value. BellSouth
and the other ISAC participants have benefited from advance warnings of
worms and viruses. For example, the ISAC provided us our first
notification of the NIMDA worm in a clear and timely manner that
enabled us to successfully defend our networks. In turn, BellSouth was
the first company to notify the Telecom ISAC of problems associated
with the simple network management protocol (SNMP).
Eventually, all of the Nation's critical infrastructures will have
ISACs, and their level of success will depend on several factors.
First, information must be shared voluntarily in a trusted forum. PDD-
63 and the National Plan (Version 1.0 for Information Systems
Protection) clearly state that critical infrastructure protection must
be a public/private partnership. Legislating or regulating information
sharing will not foster the type of cooperation that is needed to
address these critical issues. Second, but of equal concern, is the
need to improve information sharing and communication within and
amongst governmental agencies.
As an owner and operator of a significant portion of the Nation's
critical infrastructure, BellSouth assumes a proactive stance regarding
critical infrastructure protection. For this reason, we routinely
monitor legislation addressing these issues. Although the House
recently passed H.R. 4598, the ``Homeland Security Information Sharing
Act,'' BellSouth hopes it is refined further as it moves through the
legislative process. Specifically, it is not enough to share classified
or sensitive information with select individuals as cited in the
legislation. What is important is that that information be
``actionable''--that is, recipients of such information must have the
flexibility to act on that information by passing it on to other
appropriate parties. With respect to H.R. 5005, the ``Homeland Security
Act of 2002,'' we support this legislation and believe that Section
201(5) will best be implemented through a public-private sector
partnership, rather than through an expansion of regulatory authority
and the imposition of new regulation. We also support Section 204 which
provides an important FOIA exemption for information regarding
infrastructure and other vulnerabilities that is provided voluntarily.
Finally, we support the FOIA and antitrust protections embodied in H.R.
2435, the ``Cyber Security Information Act.''
In closing, I would like to reaffirm BellSouth's commitment to
protecting our Nation's critical infrastructures. Thank you for the
opportunity to appear here today. And I look forward to answering any
questions you may have.
Mr. Whitfield. Mr. Copeland, you're recognized for 5
minutes.
TESTIMONY OF GUY COPELAND
Mr. Copeland. Thank you, Mr. Chairman and members of the
subcommittee. I am honored to be here today testifying on
behalf of the Information Technology Association of America,
known generally as ITAA, where I serve as Co-Chair of the
Information Security Committee and Vice Chair of the Homeland
Defense Task Group. I'm also a board member of the Information
Sharing and Analysis Center for the Information Technology
industry sector of the IT ISAC in which my company is a
founding member and which ITAA was instrumental in forming.
ITAA represents a broad spectrum of information technology
and communications companies and is a strong public advocate
for the very important goals of homeland security, including
cyber security.
A recent Washington Post article quoted the Chief of Staff
of the President's Critical Infrastructure Protection Board. He
said we were underestimating the amount of attention al Qaeda
was paying to the Internet. Now we know that they see it as a
potential attack vehicle. Al Qaeda spends more time mapping our
vulnerabilities in cyberspace than we previously thought. An
attack is a question of when, not if.
A study just released by Internet security firm Riptech
Incorporated found that Internet attacks against public and
private organizations around the world leapt 28 percent in the
last 6 months, with most targeting technology, financial
services and power companies.
Government and industry can work together to address this
threat. That is why, for example, ITAA helped found the IT
ISAC. It is the reason that ITAA has worked to help get the
information and communications sector input into the
President's developing a national strategy for critical
infrastructure and cyberspace security. In turn, this Critical
Infrastructure Assurance Office and the Critical Information
Protection Board under Dick Clarke are working closely with
industry.
Corporations own and operate the majority of systems that
make up and protect our country's critical infrastructure. ITAA
joins with other sectors in believing that effective
information sharing between government and private sector
ultimately is critical to address insider threats.
Sharing information about information security experiences
is difficult. No company wants to risk information that they
have volunteered in good faith and confidence may be misused or
misinterpreted to their detriment, and certainly no company
wants information to surface to any terrorists or criminals.
Government agencies seek detailed data about infrastructure
and computer attacks. The private sector wants consistently to
provide comprehensive and detailed information to government on
a voluntary basis but only with the guaranty that it be
protected. Today, however, corporate counsels frequently raise
the unacceptable risk that such information could be ultimately
be divulged through the Freedom of Information Act. If the
government wants to include the way America responds to the
threat of critical infrastructure attacks, government needs to
give CEOs the certainty that voluntarily provided sensitive
information would be protected.
As Mr. Dacey noted in the previous panel, various
legislative proposals address this. Among them, ITAA has
endorsed H.R. 2435, the Cyber Security Information Act,
cosponsored by Representatives Tom Davis and Jim Moran and S.
1456, the Critical Infrastructure Information Security Act,
cosponsored by Senators Bob Bennett and John Kyl.
Today, we would like to express our support for a proposed
amendment to title II of H.R. 5005 being offered by Congressman
Tom Davis, establishing relationships of trust and confidence
for information sharing which are still all too rare.
An excellent example cited by John Tritak is the
President's Advisory Committee and related bodies such as the
National Coordinating Center for Telecommunications.
Dating to September 1982, the NSTAC is perhaps the oldest
and most successful industry and government partnership to
address telecommunications and information systems issues
impacting national security and emergency preparedness. I
suggest you examine the NSTAC and its partnering government
organization, the National Communications System, and their
ongoing joint government and industry processes as a successful
foundation on which to build.
Despite their past experience with sharing of operational
information and in light of the need for even more sensitive
sharing to address tomorrow's threats, the NSTAC is on record
as twice endorsing the need for FOIA protection for voluntarily
shared critical infrastructure information.
Attached to my testimony is a list of several reasons why
current FOIA interpretation may not be sufficient. Ambiguity
and discretion remain the order of the day when it comes to
agency decisionmaking and remains the top concerns. That is why
there is clear unity in the private sector in favor of removing
disincentives to information sharing, and that is why we
support legislation in the U.S. House of Representatives and
U.S. Senate and specifically we recommend adopting Tom Davis'
amendment to H.R. 5005, the Homeland Security Act. We call on
this committee and Members of the U.S. Congress that have not
already indicated their support for this legislation to do so
today.
Also, Mr. Chairman, I would like to mention the proposal
from the ITAA president to Congressmen Tauzin and Dingell last
week.
As the committee reviews and considers possible changes to
the Homeland Security Act for 2002, ITAA encourages you and the
administration to ensure proper priority for information
security in the new Department. Toward this end, ITAA
recommends creating a Bureau of Cyber Security headed by the
Senate confirmed Assistant Secretary for Cyber Security. This
proposal would have the Assistant Secretary for Cyber Security
reporting to the Under Secretary for Information Analysis and
Infrastructure Protection. We believe that such a structure
will provide appropriate focus of resources and management
visibility to address all cyber threats, including physical
attacks on cyber assets and lead to better security in
cyberspace.
Thank you, Mr. Chairman. I would be pleased to answer
questions.
[The prepared statement of Guy Copeland follows:]
Prepared Statement of Guy Copeland, Vice President, Information
Infrastructure Advisory Programs, Computer Sciences Corporation on
Behalf of the Information Technology Association of America
Good morning Mr. Chairman and distinguished Members of the
Subcommittee. I am honored to be here today. I am testifying on behalf
of the Information Technology Association of America--known as ITAA--
(http://www.itaa.org/infosec) where I serve as Co-Chair of the
Information Security Committee and Vice Chair of the Homeland Defense
Task Group. I also am a Board Member of the Information Sharing and
Analysis Center for the Information Technology industry sector--the IT
ISAC (http://www.it-isac.org)--in which my company is a founding member
and which ITAA was instrumental in forming. And I represent Mr. Van
Honeycutt, the CEO of my company, Computer Sciences Corporation, in the
President's National Security Telecommunications Advisory Committee--
more easily pronounced as the acronym NSTAC--(http://www.ncs.gov/nstac/
nstac.htm), a body that provides the President of the United States
with industry advice regarding critical, information and
telecommunications services supporting our national economy and other
critical functions of society. Mr. Honeycutt chaired the NSTAC from
September 1998, to September 2000. During that period I served as the
chair of the working body of the NSTAC, the Industry Executive
Subcommittee Working Session. Many of the companies represented in the
NSTAC membership are also members of ITAA.
ITAA represents a broad spectrum of information technology and
communications companies, and supports the very important goal of
increasing information sharing 1.) within the private sector and 2.)
between industry and government in order to better protect our nation's
critical infrastructure and to promote and sustain global physical and
economic security.
Also, Mr. Chairman, I would like to reference a proposal that ITAA
noted in letters to Commerce Committee Chairman Tauzin and Ranking
Member Dingell last week. As this Subcommittee and the full Committee
review the Homeland Security Act of 2002 or H.R. 5005 and considers
possible changes to the bill, ITAA encourages you and your colleagues
to work with the Bush Administration to highlight information security
in the new Department.
Towards this end, ITAA recommends creating a Bureau of Cyber
Security headed by an Assistant Secretary for Cyber Security. Under the
current proposal, the components that would be merged into the
Department of Homeland Security from other departments and agencies
that focus on cyber security (e.g. NIPC, NCS, CIAO, and Cybercorps)
would be included with those that focus on physical security in the new
Information Analysis and Infrastructure Protection division. This
melding would be a mistake. The challenges in the cyber world are
sufficiently different from those in the physical world to merit a
Bureau that focuses on Cyber Security and that is headed by a Senate-
confirmed public official.
This proposal would have the Assistant Secretary for Cyber Security
reporting to the Under Secretary for Information Analysis and
Infrastructure Protection. There would be three bureaus in this new
bureau under the revised structure: 1. Bureau of Analysis and Warning,
which would analyze all source intelligence, 2. Bureau of Critical
Infrastructure, which would develop protection for physical assets, and
3. Bureau of Cyber Security, which would conduct programs within the
USG and with the private sector to protect communications, the
Internet, computer systems, and IT networks.
We believe that such a structure would enhance the internal
cohesion of U.S. cyber terrorism fighting efforts, provide appropriate
focus of resources and management visibility, and lead to better
homeland security in cyberspace. This only addresses one piece of the
equation, however. Just as the Internet interconnects a vast array of
public institutions and private entities, so too must the security
policies and practices of public and private domains be linked to
bolster the safety of all concerned.
As you may know, Mr. Chairman, ITAA has endorsed H.R. 2435, the
Cyber Security Information Act co-sponsored by U.S. Representatives Tom
Davis and Jim Moran, and S. 1456, The Critical Infrastructure
Information Security Act, co-sponsored by Senators Bob Bennett and John
Kyl. Today, we would like to express our support for a proposed
amendment to Title II of H.R. 5005 by Congressman Tom Davis. We call on
this Committee and Members of U.S. Congress that have not already
indicated their support for this legislation to do so today. For
reasons I will outline below, the certainty and trust these bills
engender are key to preventing or at least minimizing future threats to
critical infrastructures.
You may have heard the numbers before. According to the 2002 FBI /
Computer Security Institute Survey:
90% of large corporations and government agencies responding
detected computer security breaches within the last twelve
months.
80% acknowledged financial losses due to computer breaches.
44% were willing and/or able to quantify their financial
losses. These 223 respondents reported $455,848,000 in
financial losses.
34% reported the intrusions to law enforcement.
A December 2001 ITAA / Tumbleweed Communications survey found:
70% of Americans concerned about Internet and computer
security.
74% expressed fears that their personal information on the
Internet could be stolen or used for malicious purposes.
74% said they are concerned that cyber-attacks could target
critical infrastructure assets like telephone networks or power
plants.
A study released yesterday by Internet security firm Riptech, Inc.
found that ``. . . Internet attacks against public and private
organizations around the world leapt 28 percent in the past six months,
with most targeting technology, financial services and power
companies.'' 1
---------------------------------------------------------------------------
\1\ ``Internet Attacks on Companies Up 28 Percent, Report Says,''
by Michael Barbaro, Washington Post, July 8, 2002.
---------------------------------------------------------------------------
While these numbers show the magnitude of the economic impact and
also the concerns of the American people about cyber attacks on our
critical infrastructure, let me read a passage from an article in late
June 2002 from the Washington Post to emphasize the sheer magnitude of
the threat in this age of terrorism that we are living in:
``Unsettling signs of al Qaeda's aims and skills in cyberspace have
led some government experts to conclude that terrorists are at the
threshold of using the Internet as a direct instrument of bloodshed.
The new threat bears little resemblance to familiar disruptions by
hackers responsible for viruses and worms. It comes instead at the
meeting points of computers and the physical structures they control.''
2
---------------------------------------------------------------------------
\2\ ``Cyber-Attacks by Al Qaeda Feared,'' by Barton Gellman,
Washington Post, June 27, 2002
---------------------------------------------------------------------------
Sobering, isn't it? But, government and industry can work together
to address this threat, reduce the economic impact of cyber attacks,
and help reduce Americans' very understandable and justified concern
about the possibility of cyber attacks on our nation's critical
infrastructure. Information sharing between government and the private
sector is a very important part of detecting and mitigating cyber
threats.
As the U.S. General Accounting Office (GAO) stated in an October
15, 2001 report entitled ``Information Sharing: Practices That Can
Benefit Critical Infrastructure Protection,'' information sharing and
coordination ``are key elements in developing comprehensive and
practical approaches to defending against computer-based, or cyber,
attacks which could threaten the national welfare.''
``. . . The importance of sharing information and coordinating the
response to cyber threats among various stakeholders has increased as
our government and our nation have become ever more reliant on
interconnected computer systems to support critical operations and
infrastructures, such as telecommunications, power distribution,
financial services, national defense, and critical government
operations. Information on threats and incidents experienced by others
can help stakeholders identify trends, better understand the risks they
face, and determine what preventative measures should be implemented.''
3
---------------------------------------------------------------------------
\3\ Report to Senator Robert F. Bennett, Ranking Minority Member,
Joint Economic Committee, Congress of the United States by the U.S.
General Accounting Office, October 15, 2001, page 1.
---------------------------------------------------------------------------
Many of the same concerns regarding information sharing existed in
the period leading up to the Year 2000 date rollover, and resulted in
an unprecedented effort between industry, government and the public
interest sectors to support the drafting and passage of Federal
legislation to remove legal obstacles--FOIA, antitrust, and civil
liability--from ``Y2K readiness disclosures'' that were an essential
element of our successful addressing of the date change challenge.
Indeed, many of the same elements in the Year 2000 Information and
Readiness Disclosure Act of 1998 are found in the Davis-Moran and
Bennett-Kyl bills. This is not surprising, given that many of the same
individuals who labored to assure our successful meeting of the Y2K
challenge occurred have been in leading roles among critical
infrastructure providers to assure that terrorism does not succeed
where father time did not, for example, by helping to draft this
legislation.
In short, ITAA joins with our critical infrastructure providers in
believing that effective information sharing can: 1) reduce the harm
and impact of attacks on critical infrastructures; 2) help the owners
and operators of critical infrastructure systems in multiple sectors to
determine the nature of an attack; 3) provide timely warnings; 4)
provide analysis to both industry and government to prevent future
attacks; 5) mitigate attacks in real-time; and 6) assist in re-
constitution and recovery efforts.
As I stated at the outset, ITAA supports the very important goal of
information sharing. Strong and unwavering support of that goal is why
ITAA and its members are cooperating with several other sectors and a
variety of government partners in the National Cyber Security Alliance
(http://www.staysafeonline.info), the Partnership for Critical
Infrastructure Security (http://www.pcis.org), and the Cyber
Citizen Partnership (http://www.cybercitizenship.org).
Support of that goal is why ITAA helped found the IT Information
Sharing and Analysis Center (http://www.it-isac.org) and is the reason
that ITAA has worked to help develop and facilitate private sector
input for the Information & Communications Sector into the President's
National Strategy for Critical Infrastructure and Cyberspace Security,
a plan that Presidential Advisor Dick Clarke calls ``a living
document'' that will change as the threats change.
Support of that goal is why ITAA and its sister associations from
around the world have prioritized e-security and critical
infrastructure assurance as public policy priorities in the 46-country
World Information Technology and Services Alliance or WITSA (http://
www.witsa.org), and is why ITAA and WITSA sponsored the first Global
InfoSec Summit now nearly two years ago.
Support of that goal is why ITAA continues to raise awareness of
critical infrastructure assurance and e-security challenges as a
business continuity issue, if not a business survivability issue at the
CXO (CFO, CTO, etc.) and Board level among our member companies and
throughout the private sector.
Support of that goal is why ITAA and its members are so committed
to building trust-based relationships with law enforcement officials
and agencies at every level of government and internationally.
Support of that goal is why ITAA and many of its sister
associations--which represent millions of small and medium business as
well as large corporations--have been in strong support of the bi-
partisan legislation that I referenced earlier. H.R. 2435 and S. 1456
were introduced in both the U.S. House of Representatives and U.S.
Senate last year to remove narrowly defined legal barriers to
information sharing within the private sector and between the private
sector and government.
Better information sharing is a necessary step to leveling the
playing field in the critical infrastructure assurance world. How so?
``Bad actors'' have great advantages when it comes to pooling what they
know about hacking tools, malicious code, network vulnerabilities and
the like. One of the ironies of the Internet is that it can serve as a
school for scoundrels, fostering hacker communities, serving as a
classroom for future attacks and helping cyber-psychos communicate
their exploits.
Meanwhile, sharing information about corporate information security
practices is inherently difficult. Companies are understandably
reluctant to share sensitive proprietary information about prevention
practices, intrusions, and actual crimes with either government
agencies or competitors. Information sharing is a risky proposition
with less than clear benefits. No company wants information to surface
that they have given in confidence, and that may jeopardize--through
misunderstanding or misperception--their market position, strategies,
customer base, investor confidence or capital investments, and
certainly no company wants information to surface that could aide
terrorists or criminals.
Government agencies seek detailed data about computer attacks for
the purposes of better law enforcement, earlier detection, and the
promotion of best practices in government and industry. Today, however,
corporate counsels advise their clients not to share voluntarily the
details of computer attacks with government agencies because the risk
that such data could ultimately be divulged through the Freedom of
Information Act (FOIA)--even over the agency's objections--is
unacceptably high.
The bottom line? Uncertainty. Uncertainty about whether existing
law may expose companies and industries that voluntarily share
sensitive information with the federal government to unintended and
potentially harmful consequences. This uncertainty has a chilling
effect on the growth of all information sharing organizations and the
quality and quantity of information that they are able to gather and
share with the federal government. We are not talking about a Harvard
moot court debate. If we want to improve the way corporate America
responds to the threat of critical infrastructure attacks, government
needs to give CEOs and their corporate counsels the certainty that this
legislation would provide.
I would like to report on steps industry has already taken to
promote information sharing and how this process can be improved; I
would also like to emphasize two points about the proposed legislation:
1. Government partners have come to the private sector to ask for
information concerning current and potential vulnerabilities in
various sectors of our national critical infrastructure. The
private sector wants consistently to provide comprehensive and
detailed information to government on a voluntary basis, but in
order to do so have asked that that information be protected.
2. The private sector AND the Federal Government both have agreed for
years that it is important to develop and strengthen
information sharing processes and organizations within the
private sector since we own and operate the majority of systems
that make up and protect our country's critical infrastructure.
The IT industry is one of several industries to adopt a formal
approach to the information sharing challenge. In January 2001,
nineteen of the nation's leading high tech companies announced the
formation of a new Information Technology Information Sharing and
Analysis Center (IT-ISAC) to cooperate on cyber security issues. The
objective of the IT-ISAC is to enhance the availability,
confidentiality, and integrity of networked information systems. The
organization is a not-for-profit corporation that allows the
information technology industry to report and exchange information
concerning electronic incidents, threats, attacks, vulnerabilities,
solutions and countermeasures, best security practices and other
protective measures. I am proud to be a Founding Board Member of that
organization.
On the telecommunications side of the Information and
Communications--or ``I&C'' -Sector, an ISAC has been formed by the
National Coordinating Center for Telecommunications (NCC). Building on
NCC's traditional role as the operational focal point for the
coordination, restoration, and reconstitution of national security and
emergency preparedness--or ``NS/EP''--Telecommunications and
facilities, the NCC-ISAC facilitates voluntary collaboration and
information sharing among government and industry participants. The
NCC-ISAC gathers information about network vulnerabilities, threats,
intrusions, and anomalies from various sources, including the
telecommunications industry and the U.S. government. That information
is then analyzed with the goal of averting or mitigating the effects of
computer intrusions on the telecommunications infrastructure.
The value of the ISAC approach is found in the ability to acquire
and share information with the group in a way that individual group
members cannot accomplish. This process often involves the rapid
assessment and conversion of information that individual ISAC members
had held as proprietary and confidential into a form that can be shared
both with ISAC members and with other affected or interested parties.
ISACs are exchanging some ``sanitized'' information between sectors and
at times, on a very limited basis, with the National Infrastructure
Protection Center or NIPC. The ISAC information product commonly deals
with the provision of early warnings of impending attacks, and the
establishment of trends in types and severity of attacks. If more legal
protections were in place, there could be more sharing of Internet
threat and solution information among the ISAC membership and other
appropriate organizations, including the Federal Government. ISACs
operate successfully because they are a closed community, founded on
mutual trust, and focused on prevention before a large attack occurs.
They differ markedly from other open communities whose duties are to
alert the more general networked public after a breach has occurred.
As the world economy continues to become more international in
nature, ISACs will provide a rich source of useful, validated security
threat information, for those enterprises that do not, or are not able
to, participate in the information security structure. It is by sharing
security data that the nation and the world will be able to respond
effectively to the continuing and growing threat, both internally and
externally, against critical infrastructures.
Two additional points need to be made: First, this entire process
is just getting underway. While there are a few examples of the most
competitive companies sharing information within a few ISACs, more time
is needed before we will be able to measure real success. Relationships
of trust and confidence need to be built. That is why the government,
through legislation, has a critical role to play NOW, in the formation
of the process, and its encouragement.
Second, many in the business community believe that their efforts
are hampered by the government's apparent desire for a limited, one-way
form of information sharing. The government seems to conduct much of
its internal conversations about critical infrastructure on the basis
of classified information--the kind that can only be shared in very
restricted ways--and yet it expects the business community to share its
own sensitive information without any ironclad assurances of
confidentiality, certainly nothing like the treatment accorded
classified information. We are not seeking that level of protection,
but as we encourage greater sharing we must likewise promote the notion
that the communication must flow in both directions.
A lack of certainty is also a decided impediment to sharing
critical infrastructure information with government. That kind of
information is not ``ordinary'' and should be entitled to the
extraordinary treatment of a complete ban on FOIA disclosure.
Legislative proposals address this defect by taking the subject
information out of the realm of agency discretion to disclose. We need
to close the gate firmly when this information is shared with
government.
Concerns about inappropriate release of sensitive infrastructure
information via FOIA have impeded current sharing with government.
Dating to September 1982, the NSTAC is perhaps the oldest and most
successful industry and government partnership to address
telecommunications and information systems issues impacting national
security and emergency preparedness (NS/EP).
NSTAC activities are the genesis for technical reports,
recommendations to the President, and NS/EP operational programs.
Showing how industry and government partnership is an integral part of
the success of the NSTAC, the primary working body of the NSTAC, the
Industry Executive Subcommittee (IES) is chaired by a government
executive, the Deputy Manager, National Communications System. The IES
consists of executive representatives appointed by each NSTAC
Principal. The IES holds regular Working Sessions to consider issues,
analyses, or recommendations for presentation to the NSTAC members for
their approval. When an issue requires research or other examination,
the IES forms a task force to address it. For example, the National
Coordinating Center for Telecommunications (NCC), an industry/
Government coordination center for day-to-day operational support to
NS/EP telecommunications, began in 1984 from an NSTAC recommendation.
More recently, the NCC has established an Information Sharing and
Analysis Center (ISAC) function as part of its NS/EP telecommunications
mission. The Telecommunications Service Priority (TSP) System, once an
NSTAC issue, is also now an operational program. TSP is the regulatory,
administrative, and operational authority that enables priority
provisioning and restoration of telecommunications services for
Federal, State, and local government users, as well as nongovernmental
users. Also originating from NSTAC activities, an industry-based
Network Security Information Exchange (NSIE) was created and meets
regularly with a Government NSIE in a classified forum to address the
threat posed to the public network as a result of actual or possible
electronic exploitation of system vulnerabilities.
Despite this track record of success, their past experience with
sharing of operational information, and in light of the need for even
more sensitive sharing to address tomorrow's threats, the NSTAC is on
record as twice endorsing the need for FOIA protection for voluntarily
shared, critical infrastructure information.
Antitrust concerns are another potential legal hurdle to
information sharing. We understand that the Department of Justice has
offered assurances that its program of business review letters would be
forthcoming for information sharing and analysis centers constituted
under the Administration's policies. Yet the issuance of even a set of
such letters would prove inadequate, for at least three reasons. First,
such ISACs would have to be constituted with a view toward satisfying
the Department, as opposed to maximally fulfilling their primary
mission. Second, there is the unavoidable negative implication for
numerous other affected parties not in possession of a business review
letter. Third, the ISACs are not the only organizations that have been
constituted to share cyber threat information among industry sector
members or with Federal agencies.
Beyond federal FOIA and antitrust--and let me emphasize the ITAA
believes that addressing the FOIA issue is the heart of the proposed
legislation--the current bills go on to clarify that critical
infrastructure threat data shared voluntarily with the government would
not be disclosed either under the Federal Advisory Committee Act (FACA)
or under state FOIA laws. We do recognize the federalism question that
the second provision raises. At the same time, homeland defense is
creating a need for federal, state, and local bodies to work jointly to
a previously unprecedented degree. In some instances, first responders
will not be from federal agencies. Information sharing ought not to
dead-end at the federal level but should flow all the way down to the
first responders. Without the same protection at the state level as at
the federal, state agencies will face the same lack of revealing detail
that federal agencies are experiencing today. In this regard, language
in Sec. 3(e) of H.R. 4598 recently passed by the House dealing with the
sharing among law enforcement agencies of homeland security information
may provide a model for treatment of FOIA-excluded critical
infrastructure threat information moving to the states and local
governments.
Finally, the bills also call for limited use protection--not
immunity--so that critical infrastructure information disclosed to the
government cannot subsequently be used against the person submitting
the information. Opponents of this legislation state that the provision
is a smokescreen for promising unlimited liability to the corporate
community. Nothing could be further from the truth. Once again, it
bears repeating: the subject of this legislation is information that
the government has requested informally from the business community.
There is ample reason to grant limited use protection in return for
full disclosure of this information intended to help the government
accomplish its mission.
A comparison with the legislative, public policy and marketplace
purposes behind this legislation and that underlying the Y2K
legislation may be instructive. In 1998, as today, many of the leading
proponents of that legislation were uncertain about the extent of the
need to alter FOIA's exemptions, in order to assure that information
would flow from the private sector custodians to the government and
beyond. But, lacking the luxury of time to wait for a court test case,
consensus in Washington was that a Congressional imprimatur of approval
of limited FOIA, antitrust and civil liability exposure (later provided
in the ``Y2K Act of 1999'') was appropriate, indeed, critical, in view
of the scope of risk, and extreme reticence of many corporate holders
of information to share that.
A very similar situation exists today with regard to custodians of
critical infrastructure threat and risk information. Whatever position
a legal scholar may take on the extent of FOIA's present shield, an
affirmative statement of Congressional approval of ISACs and other
information sharing organizations is essential to our meeting the
challenge of the terrorist threat.
Attached to my testimony is a list of several reasons why current
FOIA language may not be sufficient to protect critical infrastructure
information from disclosure. Ambiguity and discretion remain the order
of the day when it comes to agency decisions about disclosure of any
kind of business confidential data, despite its importance and despite
good precedents in some of the Federal Courts. The lack of certainty is
of course acceptable in the ordinary course of business; it simply
reflects the bias of FOIA in favor of disclosure, a bias with which we
do not quarrel. However, critical infrastructure assurance cannot be
considered business as usual.
With the appropriate protections in place, legitimate businesses,
law enforcement agencies, intelligence agencies, and the Homeland
Security organization--in whatever form it may take--can share the
information needed to ward off attacks and track down attackers.
There has been, in ITAA's view--and this view has also been
expressed by other associations such as the Edison Electric Institute,
the U.S. Chamber of Commerce, the National Association of
Manufacturers, the Financial Services Roundtable, Americans for
Computer Privacy, and the American Chemistry Council --a
misunderstanding of the legislation by some critics. Again, we are not
calling into question the existing FOIA case law, which taken together
suggests that a federal agency would win a test case. Rather, we are
saying only that the risk of a loss of such a test case--as viewed by
the parties bearing the risk--remains unacceptably high. More
importantly, corporations should not be required to accept such risks,
or the cost of litigation, when reporting significant cyber events in
an attempt to protect the public interest. Second, the proposed
legislation has only to do with disclosure of computer attack data and
critical infrastructure protection. Normal regulatory information
gathering will proceed unimpeded, as it should.
In closing, I would like to cite another passage from the
Washington Post article that I referred to earlier in my testimony:
``We were underestimating the amount of attention [al Qaeda was] paying
to the Internet,'' said Roger Cressey, a longtime counterterrorism
official who became chief of staff of the President's Critical
Infrastructure Protection Board in October. ``Now we know they see it
as a potential attack vehicle. Al Qaeda spent more time mapping our
vulnerabilities in cyberspace than we previously though. An attack is a
question of when, not if.'' 4
---------------------------------------------------------------------------
\4\ ``Cyber-Attacks by Al Qaeda Feared,'' by Barton Gellman,
Washington Post, June 27, 2002
---------------------------------------------------------------------------
The threats are out there. Our critical infrastructure is
vulnerable. The private sector and public sector must work together to
understand, respond to, and prevent these threats. That is why there is
clear unity in the private sector in favor of removing disincentives to
information sharing and that is why we support legislation in the U.S.
House of Representatives and U.S. Senate--and specifically, we
recommend adopting Tom Davis' amendment to H.R. 5005, the Homeland
Security Act of 2002. We call on this Committee and Members of U.S.
Congress that have not already indicated their support for this
legislation to do so today.
Thank you, Mr. Chairman. I would be pleased to answer any questions
that you and/or Members of this Committee may have at this time.
Appendix 1:
focus on the freedom of information act
reasons current law fails to adequately protect critical infrastructure
threat information
The Freedom of Information Act (FOIA, 5 USC 552) expresses the
policy of the United States in favor of disclosure of information in
the government's possession, to the greatest possible extent. No one
argues with this basic premise of government in America. Transparency
and open government are important parts of the foundation of our
democracy.
At the same time, no one disputes that when the government engages
in strategic planning and discussions about the national security and
national defense in the emerging and dangerous world spawned by the
resurgence of terrorism and the necessity of making war on it, the
sensitive information generated should be exempt from disclosure on
grounds of overriding national defense and foreign policy
considerations.
In addition, no one disputes that the ``Critical Infrastructure''
of the United States--from pipelines and electric utilities to
information networks and telecommunications, transportation systems for
goods and people and more--is at risk of attack both prior to, and now,
during the war on terrorism.
The bulk of this critical infrastructure, however, is under the
ownership and control of America's private sector, not the national
security umbrella of government. It is time to recognize the important
role in national security and foreign policy that America's critical
infrastructure plays, and treat information related to ``any threat to
the security of critical infrastructure'' just as any other information
exempt from disclosure as a matter of national security.
That is not the case today. Information generated by the government
and properly classified under ``criteria established by an Executive
order to be kept secret in the interest of national security or foreign
policy'' is exempt from disclosure. Period. 5 USC 552 (b)(1)(A)(B).
Information generated by the private sector owners and operators of the
nation's critical infrastructure and voluntarily shared with a
government agency may be treated as ``confidential business
information'' 1, but only if the agency makes a number of
determinations in its discretion, and it does not exercise its
discretion to change its mind in the future. Such information may also
fit within the FOIA exclusion for ``law enforcement information'' when
disclosure ``could reasonably be expected to endanger the life or
physical safety of any individual'' (5 USC 552(b)(7)(F)), but the same
reservations about agency discretion apply here as well. Treatment of
critical infrastructure threat information should be ``upgraded'' by
providing that it is specifically exempted from disclosure by statute
(5 USC 552(b)(3)), removing the extra burden of discretionary
treatment.
---------------------------------------------------------------------------
\1\ The statutory phrase is ``trade secrets and commercial or
financial information obtained from a person and privileged or
confidential.'' 5 USC 552 (b)(4).
---------------------------------------------------------------------------
The change will not open the floodgates to a host of other
exemptions from disclosure. This change would respond to a limited need
for specific relief in the case of information that rises to the level
of a national security concern, but resides outside the national
security umbrella. It does not seem likely that other requests for new
exemption could meet this test.
It should be the case that upgrading this specific type of
information is in the interest not just of the business community, but
also of the government itself and the citizenry in general. It is in
everyone's interest to take the steps reasonably necessary to protect
critical infrastructure from attack, and learn from incidents and
recoveries that have taken place in the past.
What is clear is that current FOIA treatment of critical
infrastructure threat information makes the private sector reluctant to
engage in the full and frank disclosure of information to government
that should be taking place right now. Why is the current FOIA
treatment of critical infrastructure threat information less than
adequate? There are a number of reasons. Here are several:
1. Under current rules the submitter of information does not know
whether it will be treated as confidential by the agency, and
the agency will not make a commitment at the time of
submission. This lack of certainty alone prevents many
disclosures.
2. Current policy requires that agencies not exercise their
discretionary authority unless and until a disclosure request
under FOIA is received. When a request is received, agencies
have discretion to inform the submitter of the need to defend
the confidentiality of their information. The agencies can
decide they have enough information to make the decision
without informing the submitter.
3. Recent precedents (the Critical Mass case and its progeny) suggest
that ``voluntarily'' submitted ``trade secret, commercial or
financial information'' may be protected from disclosure if not
``customarily'' disclosed by the submitter. Nevertheless, every
word in quotes represents a different discretionary
determination that must be made by the agency at the time of a
FOIA request. Submitters have their arguments to make, but no
assurance that those arguments will be accepted.
4. Recent precedents are not necessarily accepted throughout the United
States in every judicial circuit. Submission of critical
infrastructure threat information should not be expected to be
limited to agencies in Washington, D.C.
5. Information disclosed to competitors in an ISAC under the terms of
binding non-disclosure agreements (NDA) conditioning ISAC
membership may qualify for confidential treatment under the
Critical Mass case, but absent strict compliance with such
formal requirements--as could happen in the case of an incident
recovery crisis or other emergency--disclosure by the submitter
could lead to a finding that Critical Mass protections do not
apply.
6. Agencies always have discretion to decide that, despite a
submitter's claim of confidentiality and the reasons for it,
the submitter's claim in light of the passage of time or other
considerations cannot be valid and the policy interests
expressed by FOIA are stronger and enough to justify
disclosure. That is a risk the business community has come to
accept in its ongoing dialogue with government. It is not a
risk that should have to be assumed for the treatment of
critical infrastructure threat information.
7. Some confidential business information turns stale with the passage
of time, justifying the exercise of agency discretion. Critical
infrastructure threat information does not. That alone should
be reason enough to upgrade its treatment under FOIA.
In sum, it is essential to eliminate discretionary treatment for
this limited class of information. The owners and operators of the
nation's critical infrastructures should be able to have confidence
that the information they share with government will not be made public
at a later date. Today they do not have that confidence.
Mr. Whitfield. Thank you.
Ms. Costantini, you're recognized for 5 minutes.
TESTIMONY OF LYNN P. COSTANTINI
Ms. Costantini. Chairman Greenwood, ladies and gentlemen of
the subcommittee, thank you for the opportunity to testify on
behalf of the North American Electricity Reliability Council.
We are in support of the President's proposal for a Department
of Homeland Security. NERC is a not-for-profit organization
formed in 1965 to promote the reliability of electric systems
that serve North America. It accounts for all the electricity
supplied in the United States, Canada and a portion of Baja
California, Mexico.
In addition to its job of ``keeping the lights on,'' NERC
services the electric industry's contact and coordinator in the
United States and Canada for bulk electric systems security
matters and it operates the Electricity Sector's Information
Sharing and Analysis Center.
As the director of Information Technology, it is my
responsibility to ensure NERC's information assets and the
environment in which they operate are secure. I serve on the
Critical Infrastructure Protection Advisory Group, and I am a
member of the ES-ISAC team.
Generally, NERC supports the administration's Department of
Homeland Security and appreciates the recognition in this
proposal of the role of the private sector in protecting
critical infrastructure. More than 80 percent of assets that
drive our economy are privately held. Without the assistance of
the U.S. Government to help the owners of these assets
understand the threat environment and warn them when they are
hauled out as targets, these assets may be vulnerable.
The public-private partnership is crucial to helping us
understand such complicated potential vulnerabilities as the
independencies between and among different infrastructures,
such as telecommunications, electricity, transportation and
natural gas. NERC believes it's imperative to national security
to refine and strengthen that public-private partnership.
Organizing the authority and responsibilities for critical
infrastructure protection under the Department of Homeland
Security supports that goal.
We recognize, however, that there exists barriers which
prevent a flow of information between and among the public and
private sectors. Except in special circumstances, information
provided to the government is subject to disclosure to the
citizenry and others via FOIA. Information sharing among
members of private industry is subject to antitrust regulation,
and trust is as much a concern as antitrust.
The effect of these concerns is that some valuable
information necessary to fully analyze risks to critical
infrastructure interests is not being employed.
These concerns are more than theoretical. For instance, the
United States Department of Energy, working with the Office of
Homeland Security, has asked the electric utility industry to
provide the government with a list of nationally critical
facilities. While we understand how this information can be
useful, NERC and its members are unwilling to prepare a target
list without adequate assurance that such information will
receive appropriate protection. FOIA exemptions do not provide
that level of assurance.
Furthermore, in response to September 11, entire industries
must now decide whether and how to share spare parts or other
finite resources. The issue of sharing also involves potential
allocations of scarce supplies. Entire industries may need to
determine security-related requirements to ask of their
suppliers. At the very least, entire industries want to discuss
the security-related shortcomings of existing product supply
industries. Each of these actions is ripe for antitrust
allegation.
NERC does believe these barriers to public-private
partnership are surmountable. We will overcome them by
clarifying the Freedom of Information Act exemption to provide
indisputable, consistent rules for the nondisclosure of
critical infrastructure protection information. Alternatively,
create new statutes stipulating nondisclosure of specific,
sensitive data provided to the U.S. Government for the purposes
of critical infrastructure protection; grant security
clearances for personnel in critical infrastructure industries
so that the flow of information between the public and private
sectors can remain intact and secure; provide limited antitrust
exemptions such as those that enabled cross-sector coordination
during the year 2000 rollover; continuing to build trust.
NERC believes that centralizing leadership authority and
responsibility under the Department of Homeland Security is a
step toward this building trust.
Recognizing the voluntary system of information sharing
between the public and private sector as an effective means of
promoting critical infrastructure assurance is vital. Helping
the private sector overcome barriers to participation and
providing antitrust protection will allow the trust
relationship to grow and be fruitful.
On behalf of NERC, I thank you for your time.
[The prepared statement of Lynn P. Costantini follows:]
Prepared Statement of Lynn P. Costantini, Director--Information
Technology, North American Electric Reliability Council
critical infrastructure protection: the need for public-private
partnership
My name is Lynn Costantini, and I am the Director of Information
Technology for the North American Electric Reliability Council. NERC is
a not-for-profit organization formed after the Northeast Blackout in
1965 to promote the reliability of the bulk electric systems that serve
North America. NERC comprises ten Regional Reliability Councils that
account for virtually all of the electricity supplied in the United
States, Canada, and a portion of Baja California Norte, Mexico.
In addition to its job of ``keeping the lights on,'' NERC serves as
the electric industry's contact and coordinator in the United States
and Canada for bulk electric system security matters and operates the
Electricity Sector's Information Sharing and Analysis Center (ES-ISAC).
As the Director of Information Technology, it is my responsibility
to ensure NERC's information assets and the environment in which they
operate are secure. I serve on NERC's Critical Infrastructure
Protection Advisory Group and I am a member of the ES-ISAC team.
Generally NERC supports the Administration's proposed Department of
Homeland Security. NERC appreciates the recognition in this proposal of
the role of the private sector in protecting critical infrastructures.
Furthermore, NERC believes it is imperative to national security to
refine and strengthen the public-private partnership. Organizing the
authority and responsibilities for critical infrastructure protection
under the Department of Homeland Security supports that goal.
In this testimony, I will discuss the need to keep information
flowing between the public and private sectors, the barriers to
information sharing, what can be done to overcome those barriers, and,
finally, the electricity sector's experience in these areas.
Background
The information age dawned with little thought to security. We were
in awe of the power at our fingertips (information!) and we rushed to
find new ways to gather and use more and more information through an
increasing array of new techniques. A computer on every desktop,
complete with tools to improve efficiency and productivity, networked
together so we could share precious resources. How could something so
positive, so beneficial, be used against us? Never!
Today we know better. The silver cloud had a black lining. First
``script kiddies'' exploited vulnerabilities in our computing armor for
fun. Then committed hackers exploited us for profit. Now we are faced
with the prospect of nation-states exploiting us to rain terror. The
need for security was never clearer or more urgent.
We now also understand that security is multi-faceted. It is
guards, gates, and guns. It is firewalls and intrusion detection
systems. It is policy statements and disaster planning. It is also
about understanding the spectrum of threats we face so we can
accurately assess risk in the context of our industries, our operating
environments. Ultimately, security is about awareness, preparedness,
and action.
The Need for Partnership
Security, then, demands cooperation and coordination between the
public and private sectors. In fact, the public-private relationship is
vital. It is true that more than 80% of assets that drive our economy
are privately held. However, without the assistance of the United
States government to help the owners of these assets understand their
threat environment and warn them when they are called out as targets,
these assets may be vulnerable.
Moreover, the public-private partnership is crucial to helping us
understand such complicated potential vulnerabilities as the
interdependencies between and among different infrastructures, such as
telecommunications, electricity, transportation, and natural gas.
Barriers to Public-Private Partnership
Although the idea of information sharing seems so simple, it raises
serious concerns. Except in special circumstances, information provided
to the government is subject to disclosure to the citizenry and others
via the Freedom of Information Act (FOIA). Furthermore, information
sharing among members of private industry is subject to anti-trust
regulations. Trust is as much an issue as anti-trust.
Freedom of Information Act
Participants in critical infrastructure industries repeatedly cite
the inability of the federal government to assure them that any
sensitive information they supply will not fall into inappropriate
hands as a significant barrier to information flow between the public
and private sectors. The effect of these private-sector concerns is
that some valuable information necessary to fully analyze
vulnerabilities and risks to critical national interests is not being
reported. This will likely remain the case until the government can
offer such assurances of protection from disclosure.
Of course, legitimate market participants, regulators, and others
need to obtain information in a timely manner, but truly sensitive
information must be protected.
The existing FOIA disclosure exemptions do not provide the
necessary levels of assurance.
Exemption 4 asserts that information voluntarily given to the
government will be protected if the provider customarily treats such
information as confidential. This language leaves the door open to
legal challenges and thus, to the possibility of disclosure of
sensitive information. Rather than risk disclosure, the private sector
may decide not to release information to the government.
Exemption 1 protects sensitive information from disclosure by
classifying it in the interest of national defense or foreign policy.
This is strong, assuring language; however, only a small percentage of
the personnel working in critical infrastructure industries have
security clearances. The flow of information from the public sector
back to the private sector would be jeopardized if sensitive
information were classified.
FOIA disclosure concerns are not simply theoretical. The United
States Department of Energy, working with the Office of Homeland
Security, has asked the electric utility industry to provide the
government with a list of nationally critical electric facilities. We
understand how this information would be useful. Indeed, NERC has
maintained a critical equipment database since the mid-1980s, to which
strict access controls are applied. NERC and its members are unwilling
to hand over even a small part of any such database without adequate
assurance that such information will receive appropriate protection.
Anti-trust Regulations
Anti-trust regulation is another serious private-sector concern and
goes beyond the potential problems caused by merely sharing information
about threats. Entire industries must decide whether and how to share
spare parts or other finite resources to repair major, widespread
damage and prevent worse calamities due to cascading failures. The
issue of sharing also involves potential allocations of scarce
commodities--both supplies for repair and products for customers.
Further, entire industries may determine security-related requirements
to ask of their suppliers and business partners. At the least, entire
industries may discuss the security-related shortcomings of existing
products, suppliers and partners. Each of these actions is ripe for
anti-trust allegation. The risk of allegation seriously dampens the
willingness to share information, which, in turn, jeopardizes the
ability to adequately analyze cross-sector dependencies and develop
effective protection strategies.
Trust
As noted by the General Accounting Office last October, one issue
critical ``to establishing, developing, and maintaining effective
information-sharing relationships [to] benefit critical infrastructure
protections efforts, [is to] foster . . . trust and respect . . .''
1 Without a trust relationship between government and
private industry, information sharing stands little chance of success.
---------------------------------------------------------------------------
\1\ Information Sharing--Practices That Can Benefit Critical
Infrastructure Protection, GAO Report to Senator R. F. Bennett, Joint
Economic Committee (October 2001)
---------------------------------------------------------------------------
A report by the President's Commission on Critical Infrastructure
Protection (PCCIP) in October 1997 specifically commended NERC as a
model for information sharing, cooperation, and coordination between
the private sector and government. Clearly, the successful relationship
between NERC and its government partners ( the FBI and its National
Infrastructure Protection Center, the Department of Energy, and others
( has been a benefit to the electricity sector.
overcoming the barriers to public-private partnership
Clarify the Freedom of Information Act disclosure exemptions.
FOIA disclosure exemptions do not provide the necessary levels of
assurance to the private sector that its sensitive information will be
protected. Congress should clarify the exemptions to create
indisputable, consistent rules for the non-disclosure of sensitive
critical infrastructure protection information. Alternatively, create
new statutes stipulating non-disclosure of specific, sensitive data
voluntarily provided to the United States government for the purposes
of critical infrastructure protection.
Because of the FOIA concerns, participants in the electricity
sector are asking federal regulators, agencies, and states to
reconsider what information they request of utilities, especially
market information that identifies system constraints and the
availability of critical facilities. Our industry has especially asked
that they reconsider how they share that information once they obtain
it. In fact, the Federal Energy Regulatory Commission (FERC) is
beginning to address those issues. FERC recently asked for advice and
suggestions on how to prevent sensitive information from being
disclosed despite the requirements of FOIA. However, there is no clear
process or timeline for any final decision by FERC. Congress is in the
best position to mitigate the security risks inherent in information-
sharing activities.
Grant security clearances for personnel in critical infrastructure
industries so that the flow of information between the public
and private sectors remains intact and secure.
The owners of critical infrastructure assets need access to more
specific threat information and analysis from the public sector in
order to develop adequate protection strategies. This may require
either more security clearances or treatment of some intelligence and
threat information and analysis as sensitive business information,
rather than as classified information.
Provide limited anti-trust exemptions.
The possibility of anti-trust allegations inhibits cross-sector
information sharing. The private sector wants clarity as to what
information it can share and the extent to which information can be
exchanged without risking anti-trust allegations. A legislative action
similar to the 1998 Y2K Information and Readiness Disclosure Act would
provide the necessary level of clarity.
Build Trust
Infrastructure security requires a healthy, trusting public-private
relationship. Overlapping and inconsistent roles and authorities may
have hindered development of productive working relationships.
Clarification of roles and responsibilities both within the government
and the private sector is an important factor in building a trust
model. Centralizing leadership, authority, and responsibility under the
Department of Homeland Security is a step forward in building trust.
Recognizing a voluntary system of information sharing between the
public and private sector as an effective means of promoting critical
infrastructure assurance is another. Helping the private sector
overcome barriers to effective participation by clarifying FOIA and
providing anti-trust protection will allow the trust relationship to
grow and be fruitful.
the electricity sector experience
NERC has a long history of coordination with the federal government
on grid security. It began in the early 1980s when NERC became involved
with the electromagnetic pulse phenomenon. Since then, NERC has worked
with the federal government to address the vulnerability of electric
systems to state-sponsored, multi-site sabotage and terrorism, Year
2000 rollover impacts, and most recently the threat of physical and
cyber terrorism. At the heart of NERC's efforts has been a commitment
to work with various federal agencies including the National Security
Council (NSC), the Department of Energy (DOE), the Nuclear Regulatory
Commission (NRC), and the Federal Bureau of Investigations (FBI) to
reduce the vulnerability of interconnected electric systems to such
threats.
NERC maintains a close working relationship with the FBI's National
Infrastructure Protection Center (NIPC) and the Department of Energy's
Emergency Operations Center (DOE EOC), and participates in and hosts
several related critical infrastructure protection programs, the
Indications, Analysis, and Warnings Program (IAWP); the Electricity
Sector Information Sharing and Analysis Center (ES-ISAC); and the
Partnership for Critical Infrastructure Security (PCIS).
On at least two occasions, Congress has asked the General
Accounting Office (GAO) to study the practices of organizations that
successfully share sensitive information. GAO report B-247385, April
1992, ``Electricity Supply, Efforts Under Way to Improve Federal
Electrical Disruption Preparedness,'' and GAO report GAO-02-24, October
15, 2001, ``Information Sharing: Practices That Can Benefit Critical
Infrastructure Protection,'' outline and report on many of the ways in
which NERC coordinates industry response activities.
Information Sharing and Analysis Center for the Electricity Sector (ES-
ISAC)
Presidential Decision Directive (PDD-63), issued in May 1998,
called for government agencies to become involved in the process of
developing a National Plan for Information Systems Protection, and to
seek voluntary participation of private industry to meet common goals
for protecting the country's critical systems through public-private
partnerships. In September 1998, then Secretary of Energy Richardson
sought NERC's assistance in developing a program for protecting the
nation's critical electricity sector infrastructure and NERC agreed to
participate as the electricity sector coordinator.
In its role as the ES-ISAC, NERC performs the following functions:
Receives incident data from electricity sector entities
Assists the National Infrastructure Protection Center to
analyze electricity sector events
Disseminates threat and vulnerability assessments
Liaisons with other ISACs
Analyzes sector interdependencies
Participates in infrastructure exercises
Critical Infrastructure Protection Advisory Group
NERC created its Critical Infrastructure Advisory Group (CIPAG) to
evaluate sharing cyber and physical incident data affecting the bulk
electric systems in North America. The CIPAG, which reports to NERC's
Board of Trustees, has Regional Reliability Council and industry sector
and associations representation as well as participation by the
Critical Infrastructure Assurance Office in the Department of Commerce
(CIAO), DOD, DOE, NIPC, and FERC.
Participation in CIPAG represents all electricity sector segments,
which is an essential ingredient to its success. The participants
include the dedicated experts in the Electricity Sector who represent
physical, cyber, and operations security. NERC is recognized as the
most representative organization of the Electricity Sector for this
coordination function, as demonstrated by NERC's performance as project
coordinator for the Electricity Sector for the Y2K transition. The
security committees and communities associated with industry
organizations (American Public Power Association, Canadian Electricity
Association, Edison Electric Institute, and National Rural Electric
Cooperative Association) provide the expertise for security in the
electricity sector to compliment NERC's existing operational and cyber
security expertise. The CIPAG relies on small self-directed working
teams, a proven and effective method for developing detailed processes
and practices by subject matter experts, concluding with peer review in
the forum environment, and approval by NERC's Board of Trustees.
CIPAG activities are targeted to reducing the vulnerability of the
North American bulk electric system to the effects of physical and
cyber terrorism. The CIPAG's activities include developing
recommendations and practices related to monitoring, detection,
protection, restoration, training, and exercises.
conclusions
NERC believes it is imperative to national security to refine and
strengthen the public-private partnership. Building a strong trust
relationship is essential to the success of this partnership.
Overcoming the hurdles to effective communications and information
sharing as described in this testimony will enable cooperation for the
ultimate goal of protecting our nation's critical infrastructures, its
economy, and the well-being of all its citizens. Thank you.
Mr. Whitfield. Mr. Sullivan, you're recognized for 5
minutes.
TESTIMONY OF JOHN P. SULLIVAN, JR.
Mr. Sullivan. Thank you, Mr. Chairman and members of the
subcommittee.
My name is John Sullivan. I'm the Chief Engineer of the
Boston Water and Sewer Commission and the President of the
Association of Metropolitan Water Agencies on whose behalf I'll
testifying today.
AMWA is an organization of the Nation's largest publicly
owned drinking water agencies. In 1998, AMWA was designated the
Water Sector's liaison to the Federal Government on critical
infrastructure protection. In this role, AMWA has served as a
community coordinator of security activities.
Governor Ridge said 2 weeks ago that the DHS would focus
the resources of the Federal Government on critical
infrastructure protection. Giving the Cabinet-level agency the
authority to coordinate and consolidate the Federal
Government's vast resources will better protect consumers from
bioterrorism and life-threatening disruption from water
sources.
We recognize the importance of engaging in a new and unique
partnership with the Federal Government. We have been working
with the National Infrastructure Protection Center, EPA and the
Critical Infrastructure Assurance Office. We have also been
working with the Office of Homeland Security to develop a
national physical infrastructure protection plan, and we will
be working with that office to develop a report on cyber
security leads. We have also engaged the Departments of
Defense, Energy and Interior and the national laboratories in
discussions relating to security.
AMWA serves as the first-ever Water Information Sharing and
Analysis Center which became operational last September. The
ISAC issues advisories and warnings and EPA security-related
notices directly to approximately 1,000 major drinking water or
wastewater systems, State drinking water administrators and
several associations. Through the water ISAC, systems can also
submit incident reports to be analyzed by NIPC. In the future,
a more sophisticated ISAC that will be operational by the end
of this year is being developed with seed money from the EPA
grant.
Relating to the ISAC is the issue of information sharing by
the Federal Government. Title II of the President's proposal
directly relates to the water sector's need for credible and
timely intelligence. It is imperative that the information
gathered by law enforcement and the intelligence agencies be
shared with the water sector by way of the water ISAC. This
data is necessary not only to prevent or reduce damages from a
potential attack but also to better understand the type of
disruptions that could occur, to analyze trends and to build
protections into the design of our systems.
Protecting security risk and other information is another
top priority of the water sector. As part of the partnership
between the government and water sector, AMWA is hopeful that
the highest possible protection of information will be assured.
As always, water utilities stand ready to share key
information with Federal law enforcement and intelligence
agencies as we would with the new DHS help them conduct their
mission for protection of Americans in critical infrastructure.
We look forward to engaging in a dialog on this important topic
because it is essential that we avoid educating the terrorists.
It is why the system vulnerability assessment program works.
In 2000, more than a year before the September 11 attacks,
the water sector began development of the vulnerability
methodology the Boston water and sewer systems have since used.
Now thousands of water systems are engaged in this process.
Within the mission of the proposed department is the
comprehensive assessment of the vulnerabilities of America's
critical infrastructures, including water systems. Two weeks
ago, Governor Ridge asked Congress to give the new Department
the responsibility for the water system vulnerability
assessment program. We strongly support this idea. If DHS is
going to be a primary assessor of critical infrastructure
responsibilities, then to separate water structures from the
other sectors would undermine the ability to consolidate,
coordinate and streamline homeland security. This is important
given the interdependencies among the various sectors such as
the reliance on electricity supplies to treat and distribute
water and the need for reliable water supply by hospitals and
industry.
Research is another priority for the water sector. Under
title III of the President's proposal, DHS would help fill in
gaps in research with a national scientific research and
development program. We believe that DHS should specifically be
authorized to conduct research in methodologies and
technologies to detect, prevent and respond to acts of
terrorism, including acts of cyber terrorism against drinking
water systems. The need for new, sophisticated science in water
technology is vital.
Thank you for holding this important hearing and for
inviting us today. We anticipate a close and mutually
beneficial relationship with the Department of Homeland
Security and look forward to further discussions with Congress.
[The prepared statement of John P. Sullivan, Jr. follows:]
Prepared Statement of John P. Sullivan Jr., President, Association of
Metropolitan Water Agencies
introduction
Chairman Greenwood, Ranking Member Deutsch and members of the
subcommittee, thank you for inviting me to testify. My name is John
Sullivan. I am the Chief Engineer of the Boston Water and Sewer
Commission. I am also the President of the Association of Metropolitan
Water Agencies, or AMWA, on whose behalf I am testifying today.
AMWA is an organization of the nation's largest publicly owned
drinking water agencies, collectively serving more than 110 million
people across the country. In 1998, AMWA was designated the Water
Sector's liaison to the Federal government on critical infrastructure
protection. In this role, AMWA has served as a coordinator of security
activities across the Water Sector, which includes both drinking water
and wastewater systems, the vast majority of which are publicly owned.
We provide a single point of contact for the government to both gather
important information about the Water Sector and communicate data from
the government back to water systems across the United States.
Water utilities are especially sensitive to maintaining the
public's health, as well as its trust and confidence in a safe and
reliable supply of water. We operate both in small towns and in the
nation's largest cities and have a significant responsibility to the
communities we serve. We are on the front line for defending critical
water facilities here in the homeland, and we are acutely aware of this
responsibility.
Given these leadership responsibilities, we recognize the
importance of engaging in a new and somewhat unique partnership with
the Federal government. We are in the midst of a War on Terrorism and
must view this partnership in new and creative ways to adapt to the
evolving risk environment.
the department of homeland security
The proposed Department of Homeland Security must provide a vital
link between the Federal government and the Water Sector. Like other
critical infrastructures, the Water Sector is dependent on the
continuous supply of timely information on threats, warnings and other
security risks to fulfill our responsibilities to the nation.
There are a number of key areas within the enabling legislation
that should be strengthened to ensure that the new department relates
directly to the Water Sector. Four key provisions include:
Critical infrastructure protection.
Intelligence and information sharing.
Vulnerability assessments.
Science and technology development.
critical infrastructure protection
Governor Ridge said here two weeks ago that DHS would focus the
resources of the Federal government on critical infrastructure
protection. He also recommended that Congress provide the new
department with the responsibility for the Water Sector's vulnerability
assessment program--a proposal that we support.
AMWA, in its security role, has been working with a number of
Federal entities, such as the National Infrastructure Protection Center
(NIPC), the Environmental Protection Agency (EPA), and the Department
of Commerce's Critical Infrastructure Assurance Office (CIAO). We have
also been working with the Office of Homeland Security to develop of a
national physical infrastructure protection plan and, we will be
working with that office to develop a report on cyber security needs.
We have also engaged the Department of Interior, the Department of
Energy, the National Laboratories and the Department of Defense in
discussions related to security. Having a Cabinet-level agency with the
authority to coordinate and consolidate the Federal government's vast
resources will better protect consumers from bioterrorism and life-
threatening disruption of water services.
intelligence and information sharing
AMWA has undertaken a leadership role in organizing and
coordinating the flow of information and cooperation across the Water
Sector and with the government. AMWA is developing the first-ever Water
Information Sharing and Analysis Center, or Water ISAC, which will
provide water systems with alerts of potential terrorism and other
security-related services and information. The Water ISAC is being
developed to incorporate multiple pathways for communicating. It is
essential that these pathways run both ways--local to Federal and
Federal to local.
Title II (Information Analysis and Infrastructure Protection) of
the President's proposal directly relates to the Water Sector's need
for credible and timely intelligence, and it is particularly relevant
to the security of water systems and the effectiveness of the Water
ISAC. The ISAC, which AMWA is developing in close cooperation with NIPC
and EPA, will provide the nation's drinking water and wastewater
utilities with a secure forum for gathering, analyzing and sharing
security-related information. In addition, the Water ISAC will:
Serve as a single point-of-contact for the Water Sector;
Feed incident and trend information to the Federal government;
Facilitate the assessments of water systems' vulnerabilities
(required under the bioterrorism bill);
Analyze threats and risks unique to the Water Sector; and
Serve as a delivery vehicle for water security research, as
authorized under the bioterrorism bill.
Although the ISAC is not yet functional, the Water Sector has
developed an informal process for distributing threat information to
utilities and, in collaboration with NIPC, an interim mechanism to
collect utility security incident information in order to analyze
trends and imminent or ongoing threats.
Regardless of which Federal agencies oversee critical
infrastructure protection, it is imperative that information gathered
by law enforcement and intelligence agencies be shared with the Water
Sector, via the Water ISAC. This data is necessary not only to prevent
or reduce damages from a potential attack, but also to better
understand the types of disruptions that could occur, to analyze trends
and to build protections into the design of our systems.
Furthermore, as part of the partnership between the government and
the Water Sector, AMWA is hopeful that the highest possible protection
for security, risk and other information will be assured. AMWA is
taking on responsibility for complex critical infrastructure
responsibilities. We are focused on nothing less than promotion of the
public's trust and confidence in the communities where we operate.
Sensitive information that is either voluntarily shared by utilities,
required by the government or is produced by the government must not
fall into the hands of those who wish to harm the nation. Likewise,
sensitive information developed by the government to assist water
systems in deterring threats and protecting their systems must also be
protected. Non-disclosure requirements and an exemption to the Freedom
of Information Act are solutions, but there are others. We look forward
to engaging in a dialogue on this important topic, because it is
essential that we avoid educating the enemy.
vulnerability assessments
Within the mission of the proposed department is the comprehensive
assessment of the vulnerabilities of America's critical
infrastructures, including water systems. Two weeks ago, Governor Ridge
asked Congress to give the new department the responsibility for the
water system assessments program--a proposal that we strongly support.
If DHS is going to be the primary assessor of critical infrastructure
vulnerabilities, then to separate water systems from the other sectors
would undermine DHS's goal to coordinate, consolidate and streamline
homeland security. This is particularly relevant given the
interdependencies among the various sectors, such as the reliance on
electricity supplies to treat and distribute water and the need for a
reliable water supply by hospitals and industry.
In the context of DHS legislation, we also urge the subcommittee to
revisit other provisions in the bioterrorism statute relating to the
assessments. Assessing vulnerabilities is the first step in securing a
water system, and many water utilities have already completed their
assessments. The drinking water community does not object to being
required to conduct vulnerability assessments. In fact, in mid-2000--
more than a year before the September 11 attacks--the Water Sector
began development of the vulnerability assessment methodology that
Boston Water and Sewer and other large systems have since used. But
under the bioterrorism law, EPA is required to collect hardcopies of
these vulnerability assessments--more than 8,000 of them. In spite of
non-disclosure provisions, the Water Sector is concerned that these
extremely sensitive documents could wind up, intentionally or
inadvertently, in the hands of malicious people. To avoid this, we
recommend that the government not be required to collect the
assessments. Instead, utilities could be subject to audits to ensure
compliance.
science and technology development
Under Title III (Chemical, Biological, Radiological, and Nuclear
Countermeasures), DHS would help fill in the gaps in research with a
national scientific research and development program. We believe that
DHS should be specifically authorized to conduct research into
methodologies and technologies to detect, prevent and respond to acts
of terrorism against drinking water systems. The need for new,
sophisticated science and technologies in water security is inarguable.
Congress and the President recognized this need in the recently enacted
bioterrorism law, which not only directed EPA to initiate a research
program, but also authorized EPA to disseminate research results via
the Water ISAC.
We also encourage the inclusion of cyber terrorism prevention and
response in DHS's research program. Water utilities increasingly rely
on information systems to control many aspects of water treatment and
distribution. It is essential that resources be invested now to design
information systems with fewer vulnerabilities, rather than spend
limited resources patching up those systems after installation.
This research must be funded, and the Water Sector has requested
the $15 million that Congress has authorized in the bioterrorism bill,
to initiate this all-important research program.
conclusion
Thank you for holding this important hearing and for inviting us to
testify. We would be happy to work with you on changes to the DHS
legislation that would further focus efforts to protect the nation's
water supply from terrorist attack--whether domestic or international.
We anticipate a close, mutually beneficial relationship with the
Department of Homeland Security, and we look forward to further
discussions with Congress.
Mr. Whitfield. Thank you, Mr. Sullivan.
Mr. Watson, you're recognized for 5 minutes.
TESTIMONY OF KENNETH C. WATSON
Mr. Watson. Thank you, Mr. Chairman and distinguished
committee members. I'm honored to testify before you today for
PCIS in support of the President's proposal for a Homeland
Security Department. A single Department with a clear line of
authority would not only consolidate efforts currently spread
over a hundred organizations but also provide needed national
emphasis to improve our preparedness.
Because networks are now integral to core business and
government practices, security has become the top or next-to-
top requirement for CEOs and corporate boards. Both the cyber
and physical aspects of security must be integrated into core
networking practices and environments, especially now that we
read in the Washington Post that al Qaeda is exploring the
Internet as a means for attack, mapping our vulnerabilities in
cyberspace and had detailed information on digital control
systems on a laptop recovered in Afghanistan.
Four years prior to the attacks of 9/11, the President's
Commission on Critical Information Protection identified eight
infrastructure sections critical to national and economic
security and the health and safety of American citizens.
Because there are no boundaries in cyberspace and because the
vast majority of the Nation's critical infrastructures are
privately owned and operated, the Commission recommended an
unprecedented partnership between private industry and
government. The PCIS was launched in December, 1999, in the
World Trade Center to fulfill that need. The private sector
portion of the PCIS was incorporated as a 501(c)6 nonprofit
organization in January, 2001.
We have eight member companies, representing all the
critical infrastructure sectors. In the cyber dimension,
private sector infrastructure companies represent the front
lines of defense against attacks that take an average of 1\1/2\
minutes to traverse multiple jurisdictions and countries at the
speed of light and cost the anonymous attacker no more than a
personal computer and downloaded free software.
The mission of PCIS is to coordinate cross-sector
initiatives and complement public-private efforts to promote
and assure reliable provision of critical infrastructure
services in the face of emerging risks to economic and national
security. This involves more than either physical or cyber
security alone, and it spans actions from prevention, planning
and preparation to business continuity recovery and
reconstitution.
Our top six initiatives this year are to coordinate the
private input at the National Strategy for Critical
Infrastructure Assurance; to serve as a clearinghouse for
security efforts to the public; to publish an Effective
Practices compendium in collaboration with CIAO; to provide
critical infrastructure awareness materials and references on
our website; to develop a risk assessment guidebook for use by
any region or sector; and facilitate cross-sector information
exchange.
As a public service to promote awareness of the need to
secure home and small business computers, another public-
private partnership was incorporated as a 501(c)3 within PCIS
earlier this year. The website www.staysafeonline.info, has
experienced over 5 million page views since February, and we
believe this campaign is helping to lower the risk that
America's growing broadband user base could be used to stage
attacks against our infrastructures.
I'd like to concentrate the remainder of my remarks on two
key areas we believe still need work: First, additional
emphasis on critical infrastructure assurance activities and,
second, the removal of barriers to help with private
information sharing.
Critical infrastructure services are interlinked and 85
percent of them are owned and operated by the private sector.
The line between physical and cyber assets is becoming even
more blurred by the widespread use of digital control systems;
as Sam Barco said, electronically controlled devices that
report on kilowatt hours transmitted, gallons per hour, cubic
feet of natural gas, traffic on smart roadways and can actually
control physical assets like floodgates, oil, gas and water
valves and flood controllers, ATM machines and the list keeps
growing.
After over 20 years as a marine officer, it is second
nature for me to relate everything I do to mission. Title II of
the Homeland Security Act establishes an Under Secretary for
Information Analysis and Infrastructure Protection. We believe
that these are two all-encompassing functional areas. The
information and analysis and warning function alone will be a
full-time job. The job of critical infrastructure assurance is
too vital to American commerce to be subsumed by the
intelligence gathering reporting mission.
However, similar to a corporate chief executive officer,
the Secretary should have the latitude to organize the
department to meet both the information analysis and warning
requirements and those needed to protect America's critical
infrastructures.
Information sharing is the key to solving problems
together. Both the private sector and the government agree that
the exchange of timely and e-cyber vulnerability and
countermeasure information will greatly benefit the cause of
protecting our critical infrastructures, and the private sector
wants to share this kind of information with the government.
Most critical infrastructures have established information-
sharing analysis centers to share information on cyber threats,
vulnerabilities, countermeasures, best practices and other
solutions. Some of these are strictly in the private sector,
while others include public and private participation. Some
have been sharing critical information for a number of years
and ISAC-type information to other normal reporting information
or exchange vulnerabilities established. As ISACs mature, their
effectiveness in sharing countermeasures within their
industries dramatically improve in both quality and timeliness.
However, even with all of the efforts toward public-private
information exchange, only rarely is the private sector sharing
most sensitive cyber vulnerability information with the
government. The main reason for this is that companies do not
believe Federal agencies can protect the information from
Freedom of Information Act requests.
Critical infrastructure threat and vulnerability
information voluntarily shared with the government should be
given similar protection as government classified information.
The PCIS supports a narrowly written exemption for
infrastructure threat and vulnerability information shared with
the government.
The other side of----
Mr. Whitfield. Mr. Watson, if you'll excuse me, you're over
about a minute. So if you could move ahead and summarize, we'd
appreciate it.
Mr. Watson. There's still much opportunity to work together
to remove redundancy and improve communication and clarify
roles. On behalf of the PCIS and our 80 member companies, I
would like to thank you for your time today. I'll be glad to
answer any questions you may have.
[The prepared statement of Kenneth C. Watson follows:]
Prepared Statement of Kenneth C. Watson, President, Partnership for
Critical Infrastructure Security
introduction
Chairman Greenwood and distinguished Committee Members, I am
honored to testify before you today in support of the President's
proposal for a Homeland Security Department. A single Department with a
clear line of authority would not only consolidate efforts currently
spread across over 100 Federal organizations, but also would provide
needed national emphasis to improve our preparedness.
Internet-based technologies are driving unprecedented productivity
increases and dependencies. As you know, the US government reported
that productivity in this country rose 8.4 percent in the first quarter
this year, even with the sluggish market.1 This is
unprecedented. In the past, productivity has been in the 1.5- to 2-
percent range during down market conditions. Emerging high-growth
``tornado'' markets such as IP telephony, storage networking, wireless,
optical, virtual private networking, and cable integration of voice,
video, and data are sweeping business sectors worldwide, bringing about
both evolutionary and revolutionary changes in the way businesses and
governments do business. These changes--increasing bandwidth, exploding
connectedness, integration of all types of applications into multi-
purpose devices, distribution of both processes and storage, and
erosion of physical boundaries--bring old and new vulnerabilities with
them. Because networks are now integral to core business and government
practices, security has become the top or next-to-top requirement of
CEOs and Boards. Both the cyber and physical aspects of security must
be integrated into core networking practices and environments,
especially now that we read in the Washington Post that al-Qaeda is
exploring the Internet as a means for attack, mapping our
vulnerabilities in cyberspace, and had detailed information on digital
control systems on a laptop recovered in Afghanistan.2
---------------------------------------------------------------------------
\1\ US Bureau of Labor Statistics, ``Productivity and Costs, First
Quarter 2002, Revised,'' USDL 02-318, May 31, 2002.
\2\ Barton Gellman, ``Cyber-Attacks by Al Qaeda Feared: Terrorists
at Threshold of Using Internet as Tool of Bloodshed, Experts Say,''
Washington Post, Thursday, June 27, 2002; Page A01
---------------------------------------------------------------------------
Four years prior to the attacks of 9-11, the President's Commission
on Critical Infrastructure Protection (PCCIP) identified eight
infrastructure sectors as critical to national and economic security
and the health and safety of American citizens. Securing the nation's
critical infrastructures goes well beyond the government's traditional
role of physical protection through defense of national airspace and
national borders. Because there are no boundaries in cyberspace, and
because the vast majority of the nation's critical infrastructures are
privately owned and operated, the commission recommended an
unprecedented partnership between private industry and government. The
Partnership for Critical Infrastructure Security (PCIS) was launched in
December 1999 in the World Trade Center to fill this need. The private-
sector portion of the PCIS was incorporated as a 501(c)6 non-profit
organization in January 2001, and I was elected its first President and
Chairman of the Board in March of that year.
The PCIS Board and I fully support the President's plan and look
forward to working with the Administration and the Congress to further
cement the public-private relationships we have forged to assure the
delivery of critical services to our citizens and customers. In the
cyber dimension, private-sector infrastructure companies represent the
front lines of defense against attacks that take an average of one and
one-half minutes, traverse multiple jurisdictions and countries at the
speed of light, and cost the anonymous attacker no more than a personal
computer and downloaded free software.
partnership for critical infrastructure security
The mission of the PCIS is to coordinate cross-sector initiatives
and complement public-private efforts to promote and assure reliable
provision of critical infrastructure services in the face of emerging
risks to economic and national security. This involves more than either
physical or cyber security alone, and it spans actions from prevention,
planning, and preparation to business continuity, recovery, and
reconstitution.
Presidential Decision Directive 63 followed the PCCIP
recommendations by establishing Sector Liaison officials in the
pertinent Federal Lead Agencies involved in critical infrastructure
assurance, to work with Sector Coordinators who were industry leaders
in the private sector in each of the critical sectors. We structured
the PCIS Board so that those Sector Coordinators always represent a
majority of Directors to ensure that the PCIS continues to meet the
needs of all the infrastructure sectors. The PCIS currently has over 80
corporate members from all the critical infrastructure sectors, plus ad
hoc representation from all pertinent Federal lead agencies and the
National Association of State Chief Information Officers.
To illustrate the level of support in industry for the PCIS, the
Board members are either presidents or chief operations or information
security officer equivalents in their organizations: Presidents:
Airports Council International--North America; Association of American
Railroads; Association of Metropolitan Water Agencies; Information
Technology Association of America; North American Electric Reliability
Council; and The Institute of Internal Auditors. COO/CISO or
Equivalent: Bank of America; BellSouth; Cellular Telecommunications &
Internet Association; Conoco; Consolidated Edison of New York;
Microsoft; Morgan Stanley; Union Pacific Corporation; US
Telecommunications Association; and Telecommunications Industry
Association.
Lead agencies, coordinated by the Critical Infrastructure Assurance
Office (CIAO) of the Department of Commerce, fully participate in PCIS
working groups and its public-private coordinating committee. Our
current ``top six'' initiatives are:
Coordinate private-sector input to the National Strategy for
Critical Infrastructure Assurance, especially those areas of
cross-sector interest and dependency;
Serve as a clearinghouse for digital control systems security
efforts, including research and development, exercises and
tests, and awareness;
Publish an ``Effective Practices'' compendium, in
collaboration with the CIAO, starting with lessons learned
during the recovery from the 9-11 attacks;
Provide critical infrastructure assurance awareness materials
and references for all PCIS members and the public;
Develop a risk assessment guidebook for use by any region or
sector, concentrating on cross-sector dependencies; and
Facilitate cross-sector information exchange, augmenting
efforts by the industry Information Sharing and Analysis
Centers (ISACs) and government cyber warning and information
organizations.
As a public service to promote awareness of the need to take steps
to secure home and small business computers, another public-private
partnership, the National Cyber Security Alliance, was incorporated as
a 501(c)3 educational foundation within the PCIS earlier this year. The
web site, www.staysafeonline.info, has experienced over 5 million page
views since February, and we believe this campaign is helping to lower
the risk that America's growing broadband user base could be used to
stage denial of service attacks against our infrastructures.
the president's proposal
After reviewing the President's proposal, we believe it provides a
clearer and more efficient organizational structure to accomplish
homeland security missions than currently exists in the Federal
government. Consolidating information analysis and warning; chemical,
biological, nuclear, and radiological countermeasures; emergency
preparedness and response; border and transportation security; and
critical infrastructure assurance is a much-needed, logical response to
the continuing threats of terror against the United States.
Additionally, Section 732 shows foresight in taking advantage of
current business practices such as ``other transactions'' for research
and development and prototyping, creation of employer-employee
relationships for contracting, authorization to invoke 40 U.S.C. 474,
and flexible acquisition and disposition of property. These practices
should encourage innovation, rapid procurement, advanced research, and
beneficial contracting relationships with industry, but will require
discipline and oversight.
I'd like to concentrate the remainder of my remarks on two key
areas we believe still need work: first, additional emphasis on
critical infrastructure assurance activities; and second, the removal
of barriers to public-private information sharing.
After over 20 years as a Marine officer, it is second nature for me
to relate everything I do to mission. In business as well as in
government, those organizations that structure themselves and order
their actions around their missions are the most successful. The
mission of critical infrastructure assurance is imbedded within the
overall mission of Homeland Security, but needs additional
organizational emphasis.
As critical infrastructure assurance has matured over the last five
years, those of us intimately involved recognize its strong suits:
public-private partnership, interdependency, and the recognition that
physical business operations of our critical infrastructures depend on
information systems and networks, far more so than in any other country
in the world.
The PCIS defined critical infrastructure assurance two years ago
as: ``efforts to promote and assure reliable provision of critical
infrastructure services in the face of emerging risks to economic and
national security.''
Economic and national security are important to assuring our
critical infrastructures, but the essence of the mission is assuring
the delivery of services over the infrastructures. Those services are
what our citizens and customers expect and need, especially in time of
crisis, and they include accurate and uninterrupted financial
transactions, on-time and safe transportation, reliable electric power,
available and dependable information and communications, safe and clean
drinking water, safe and available oil and natural gas, and timely
emergency services. All these services are interlinked in the Internet
Economy; they depend more and more on networks to carry out basic
business; and 85 percent of them are owned and operated by the private
sector. The line between physical and cyber assets is becoming even
more blurred by the widespread use of digital control systems--
electronically controlled devices that report on kilowatt hours
transmitted, gallons per hour of oil and water, cubic feet of natural
gas, traffic on ``smart roadways,'' and can actually control physical
assets like flood gates; oil, gas, and water valves and flow
controllers; ATM machines; and the list keeps growing.
Industry defines critical infrastructure assurance to include both
physical and cyber assets, but by ``physical'' we mean those assets
essential to the delivery of each infrastructure's critical services.
Cyber security also includes physical threats to critical
infrastructures such as intentional or unintentional interruptions of
the high-technology support to the infrastructures, like a backhoe
cutting a key fiber-optic line.
an effective critical infrastructure assurance organization
Title II of the Homeland Security Act establishes an Under
Secretary for Information Analysis and Infrastructure Protection. We
believe these are two all-encompassing functional areas. The
information analysis and warning function alone will be a full-time
job, especially considering the monumental task of merging the 100-plus
intelligence and law enforcement databases in order to effectively
administer national threat correlation and support the Homeland
Security Advisory System. The job of critical infrastructure assurance
is too vital to American commerce to be subsumed by the intelligence
gathering and reporting mission. Similar to a corporate Chief Executive
Officer, the Secretary should have the flexibility to organize the
Department to meet the requirements needed to protect America's
critical infrastructures.
The mission of Critical Infrastructure Assurance includes:
Coordinating vulnerability assessments of key resources and
critical infrastructures;
Development and maintenance of the National Strategy for
Critical Infrastructure Assurance;
Facilitating true partnerships with private industry and state
and local government to address critical infrastructure issues;
Taking or influencing measures necessary for securing key
resources and critical infrastructures;
Facilitating and defining requirements for cutting-edge
research and development to enhance long-term critical
infrastructure assurance;
Facilitating cross-sector and public-private sharing of
critical infrastructure threat, vulnerability, and
countermeasure information;
Promoting awareness and education at all levels of critical
infrastructure assurance issues, including public and private
roles and responsibilities; and
Coordinating with other executive agencies, state and local
governments, and the private sector regarding critical
infrastructure assurance.
coordination with non-federal organizations
Section 701 of the proposal requires the Secretary of Homeland
Security to coordinate with state and local officials and the private
sector in carrying out the mission of the Department of Homeland
Security. Since most of the critical infrastructures are owned and
operated by the private sector, coordination with the private sector
has become an established norm, led by the efforts of the Critical
Infrastructure Assurance Office (CIAO). The CIAO has developed working,
productive relationships with the infrastructure leaders, the audit and
other risk management industries, and now the National Governors'
Association and the National Association of State CIOs. It also has
facilitated the development of the PCIS and the various industry
Information Sharing and Analysis Centers (ISACs). The various Under
Secretaries should be given responsibility for coordinating with state
and local governments and the private sector in their respective areas
of responsibility, although it is understood and useful for the office
of the Secretary of Homeland Security to coordinate activities across
the entire Department.
removing information sharing barriers
Information sharing is key to solving problems together. The best
leaders know that the more their people know about the problems they're
trying to solve, the better they will be able to use their intellect,
creativity, and drive to solve them most effectively. Most critical
infrastructure sectors have established Information Sharing and
Analysis Centers (ISACs) to share information on cyber threats,
vulnerabilities, countermeasures, best practices, and other solutions.
Some of these are strictly in the private sector, while others include
public and private participation. Some have been sharing critical
information for a number of years, and some organizations added ISAC-
type information to other normal reporting or information exchange
responsibilities previously established. As ISACs mature, their
effectiveness in sharing both warnings and countermeasures within their
industries is dramatically improving, in both quality and timeliness.
They are developing a depth of knowledge that enables analysis and
trending, beneficial to their industries and member companies. To date,
these include: Financial Services ISAC, Telecom ISAC, Information
Technology ISAC, Energy ISAC (oil and gas), Electric Power ISAC,
Emergency Law Enforcement Services, and Surface Transportation ISAC.
The water, food safety, chemical and manufacturing, aviation, and
firefighting sectors are in the process of establishing ISACs.
Several government organizations have cyber information sharing
missions: FedCIRC (GSA), DoDCERT (DoD), NSIRC (IC), and NIPC (FBI).
The ISACs are developing an Inter-ISAC Information Exchange
Memorandum of Understanding, and some ISACs have signed MOUs with the
NIPC. PCIS is facilitating cross-sector information exchange by
developing a common taxonomy and co-hosting multi-ISAC and public-
private action meetings in conjunction with the President's Office of
Cybersecurity. Both the private sector and the government agree that
the exchange of timely cyber vulnerability and countermeasure
information would greatly benefit the cause of protecting our critical
infrastructures, and the private sector wants to share this kind of
information with the government.
However, even with all the efforts toward public-private
information exchange, only rarely is the private sector sharing its
most sensitive cyber vulnerability information with the government. The
main reason for this is that companies do not believe Federal agencies
can protect the information from Freedom of Information Act (FOIA)
requests. Under the current law, companies have no assurance that
information they share with a government agency will be treated
confidentially, and agencies are not required to commit to
confidentiality at the time of disclosure. Agencies are not even
required to initiate the FOIA exemption process until a FOIA request is
received. When it is received, the agency is asked to defend the
information's confidentiality, and is not required to inform the
originator if it believes it has enough information to proceed.
Critical infrastructure threat and vulnerability information
voluntarily shared with the government should be given the same
protections as government classified information. The PCIS supports
very narrowly written exemptions for infrastructure threat and
vulnerability information shared with the government.
Detractors claim that these new exemptions would provide walls
behind which companies could hide environmental accidents and hazards,
or that companies would use them to violate citizens' or employee
privacy. Neither claim is true. Industry wants the exemption language
written narrowly so as to cover only infrastructure threat and
vulnerability information, and welcomes specific exclusions covering
spills or other environmental accidents. Industry wants to share
critical information with the government in a trusted working
environment. Let's remove the exemption ambiguity in the current law
and start sharing information with each other so that we can deter a
digital 9-11 before it happens.
The other side of the information-sharing coin is information from
the government to the private sector. This process also needs work.
Industry is generally dissatisfied with the quality and timeliness of
cyber security information flowing from the government. One example
will serve to illustrate the problem. The Klez.H worm began
proliferating on April 17 this year. The IT-ISAC issued an advisory on
that day, and the Computer Emergency Response Center Coordination
Center at Carnegie Mellon University posted its alert on April 19. The
NIPC advisory was not issued until April 29, 12 days later, and there
was no new information in that alert. This does not mean that the NIPC
isn't doing everything it can to release information. On the contrary,
they participate in daily conference calls with at least two ISACs, and
strive to overcome their intelligence classification and law
enforcement sensitivity problems that are not present in the private
sector. Delays in NIPC reporting may be due to protecting intelligence
sources and methods, or because they decide not to repeat information
already disclosed by the private sector or CERT/CC. Removing the FOIA
barrier to information exchange will open up the private sector as an
unclassified source of valuable information for NIPC and others working
hard to protect the country.
Regarding intelligence and law enforcement agencies, the proposal
does not clarify jurisdiction issues between CIA, FBI, Secret Service,
and other organizations that could be involved in cyber investigations.
Private industry appreciates choice in its service suppliers. However,
many companies do not know under what circumstances nor whom to call
when they suspect cybercrime in their networks. Industry needs clear
information about the various agencies regarding their programs,
jurisdictions, competencies, and points of contact.
conclusion
The PCIS and I think the proposed Homeland Security Department is
vital to providing needed focus to the area of Critical Infrastructure
Assurance for America. There is still much opportunity, as we move
forward together, to remove redundancy, improve communication, and
clarify roles--organizing to support commerce is vital to our economic
and national security. It is vitally important to make progress in
developing processes and providing legislative support to facilitate
sharing of security information and alerts between government and the
private sector. It is also important to improve information sharing
from the government to industry, and to clarify jurisdiction among the
myriad intelligence and law enforcement agencies involved in cyber
security and cyber investigations. Finally, I encourage you to leverage
existing expertise in the National Security Telecommunications Advisory
Committee, the ISACs, and the PCIS as you shape this new, much-needed
Department. However the government organizes itself, we in the private
sector stand ready to assist any way we can.
On behalf of the PCIS and our 80 member companies, I would like to
thank you for your time today. I'll be glad to answer any questions you
may have.
Mr. Whitfield. Mr. Watson, thank you very much, and Mr.
Baumann, you're recognized for 5 minutes.
TESTIMONY OF JEREMIAH D. BAUMANN
Mr. Baumann. Thank you, Mr. Chairman, and members of the
committee, for the opportunity to testify before you today on
the important issue of the proposed Department of Homeland
Security. The U.S. Public Interest Research Group is the
Federal advocacy office for the State Public Interest Research
Groups, or State PIRGs, a network of advocacy organizations
with a 30-year record of working to protect public health and
safety and work with good government reforms.
My testimony will focus primarily on the issue of chemical
security, what needs to be done about this critical gap in
security improvements to date, and ways the Department of
Homeland Security as currently proposed could become an
obstacle rather than an asset in addressing this important
issue, specifically through its unclear designation of
authority addressing safety of particular industry sectors, its
lack of focus on protecting safety by reducing hazards and
vulnerabilities, and through its preference for secrecy rather
than safety.
While my testimony focuses on chemical plants, I think many
of these themes apply across industry sectors that face
significant vulnerabilities. Let me first talk about the need
for a Federal chemical security program.
Across America thousands of industrial facilities are using
and storing hazardous chemicals in quantities that put large
numbers of Americans at risk. The best summary of this risk is
that at almost 125 facilities, each of them put at least a
million people at risk in the event of a chemical release.
Unfortunately, security at these facilities ranges from
poor to nonexistent. A series in a Pittsburg Tribune Review 6
months after September 11 reported that an intruder could
freely enter and walk through more than 60 chemical facilities
not only in Pennsylvania but in Houston, Chicago and Baltimore
as well.
The Army Surgeon General has identified this threat as
second only to that of bioterrorism. However, unlike
bioterrorism, virtually nothing has been done to address this
issue since September 11.
A Federal chemical security program requires three basic
components, a vulnerability assessment, a hazard reduction plan
and increases in site security where significant threats
remain. At chemical plants the need for a focus beyond mere
assessment and even beyond traditional security is necessary,
because fortunately there are well-established measures for
reducing hazards at facilities using safer materials and
processes that could eliminate these terrorist targets in
communities.
The bill as currently proposed not only does not establish
any chemical security program, but could in some ways confuse
or delay progress on the issue of chemical security. First, the
bill does not clearly define what the new department's
authorities regarding critical infrastructure should be
generally, and chemical plant security specifically is left
completely unclear.
The committee should clarify two critical points regarding
the new department's authority. First, the role for the
Department of Homeland Security is one of coordinating security
programs and advising agencies whose functions are not being
transferred to the new department, not that their authority is
either being reestablished in a new department or being
transferred to the new department. This is particularly
important for an agency like EPA where chemical plants have a
much broader risk than just a security risk.
There's also a significant chemical accident risk. Accident
prevention as well as security could be undermined by removing
the authority from this long history of expertise and
experience in addressing this threat.
The committee should also clarify that the creation of the
new department does not delay, hinder or otherwise affect the
ability of other regulatory agencies to exercise their
authority, particularly regarding security and safety threats.
EPA has already been pressured not to move forward with any
chemical security program until the creation of a new
department has been addressed. Such a delay would be
irresponsible and potentially dangerous.
The critical infrastructure and research and development
sections of the bill as proposed have another potential
problem, which is they focus almost entirely on securing
infrastructure, with little attention to making infrastructure
safer in order to protect public health and safety.
Congress should ensure that the new department prioritizes
reducing hazards and reducing vulnerabilities, not simply
assessing them and not relying only on the traditional security
strategies and perimeter security access control, surveillance
and related measures.
As discussed above, public health and safety can best be
secured against a deliberate chemical release by reducing the
hazard itself and eliminating the chance that any chemical
release could harm the surrounding community.
Congress should direct the new department to establish
public health and safety as a priority and reducing hazards and
vulnerabilities as a priority strategy and working with
existing agencies to make sure that happens.
Finally, I'll address what is perhaps the proposed bill's
most threatening measure when it comes to protecting public
health and safety, which is the surprisingly broad loophole
proposed in the Freedom of Information Act. The public's right
to know about public health and safety and the ensuing public
accountability are safety tools that have a long record of
protecting public safety, and the new Department of Homeland
Security should treat information as such rather than
undermining current protections.
Restricting the public's right to know about hazards in
communities and industry or government actions to remedy those
hazards could hurt safety rather than help it. This information
in a lot of cases has been shown to help enable the public
communities, local emergency responders and other important
constituencies to understand, prepare for and respond to not
only accidents but potential terrorist attacks. It's also one
of the most effective incentives for public safety
improvements. Public disclosure has a long record of reducing
risk.
I'll wrap up briefly by just pointing out that the proposed
bill goes against the tradition of the Freedom of Information
Act. FOIA typically requires a concrete reason in the public
interest to withhold specific documents and a specific
definition of what documents need to be withheld in order to
protect public safety. The proposed bill doesn't even define
what documents could be exempt, explain why they wouldn't be
covered by current FOIA exemptions, much less explain why they
need to be exempt. The requirements are so vague that in theory
some currently mandated public information could be removed
from public view, because there are no definitions of voluntary
information or exactly what critical infrastructure
vulnerabilities could be included.
In concluding, I would recommend that Congress only create
FOIA exemptions for specific information and types of
information being required in the private sector by the
government, and since this bill does not do that, I would
recommend that the FOIA exemption be removed from this bill and
considered separate.
[The prepared statement of Jeremiah D. Baumann follows:]
Prepared Statement of Jeremiah D. Baumann, Environmental Health
Advocate
Thank you, Mr. Chairman and members of the Committee on Energy and
Commerce, for the opportunity to testify before you today on the
proposed Department of Homeland Security. My name is Jeremiah Baumann
and I am the Environmental Health Advocate for the U.S. Public Interest
Research Group (PIRG). U.S. PIRG is the federal advocacy office of the
state PIRGs, a network of state-based public interest advocacy
organizations with a 30-year history of advocacy for environmental and
public health protection, consumer protection, good-government reforms,
and other public interest issues.
My testimony will focus on the issue of chemical security, what
needs to be done about this critical gap in security improvements to
date, and ways that the Department of Homeland Security--as proposed--
could become an obstacle rather than an asset in addressing this issue.
In advance, however, I would like to make a few general observations
that I think pervade the proposed bill creating a Department of
Homeland Security beyond the realm of chemical security:
The proposed bill, and particularly the sections addressing
critical infrastructure, and chemical, biological, radiological,
and nuclear countermeasures, lacks a focus on protecting public
health and safety. Instead, the focus is on securing infrastructure
and protecting assets. While these are often closely related to
public health and safety, they need to be put in this context, and
the new Department of Homeland Security needs a mandate from
Congress to make public health and safety its priority.
The proposed bill tends to focus on securing existing
infrastructure when the first priority should be making
infrastructure safer. Some attributes of critical infrastructures
are inherently hazardous, but could be made inherently safer.
Making our infrastructure safer will require changes to the
infrastructure and investment in the near term. However, making
infrastructure safer will be less expensive in the long term
because the up-front investment will reduce or eliminate the
significant costs of making inherently dangerous facilities and
operations more secure, and of preparing for or responding to
attacks on infrastructure.
The proposed bill indicates a dangerous preference for
secrecy. This could undermine basic mechanisms of public
accountability, the public's right to know about threats to health
and safety, and is likely to hinder, rather than help, safety.
Examining the threats posed by the use and storage of highly
hazardous chemicals in facilities through out nation's industrial
infrastructure demonstrates why these three concepts are important.
Protecting against terrorist attacks on a chemical-using industrial
site requires a focus on protecting public health and safety using the
most effective strategies, not just securing industrial facilities and
protecting their assets. Furthermore, simply securing facilities as
they are, without making them inherently safer, will not protect public
health and safety from terrorist-related chemical incidents. Finally,
new secrecy measures will be an obstacle to protecting public health
and safety from chemical incidents, a category of hazard where a long
record of public safety improvements has demonstrated the value of
openness and of the public's right to know.
the need for an aggressive federal chemical security program
The Threat of Chemical Terrorism
Across America, thousands of industrial facilities use and store
hazardous chemicals in quantities that put large numbers of Americans
at risk of serious injury or death in the event of a chemical release.
One hundred twenty-five facilities each put at least 1 million people
at risk; 700 facilities each put at least 100,000 people at risk; and
3,000 facilities each put at least 10,000 people at risk.1
According to a 1998 report by U.S. PIRG, 1 in 6 Americans lives within
a vulnerable zone--the area in which there could be serious injury or
death in the event of a chemical accident--created by a nearby
industrial facility.2
---------------------------------------------------------------------------
\1\ James Belke, U.S. Environmental Protection Agency. ``Chemical
accident risks in U.S. industry--A preliminary analysis of accident
risk data from U.S. hazardous facilities,'' September 25, 2000.
\2\ U.S. Public Interest Research Group and National Environmental
Law Center. Too Close to Home. July 1998.
---------------------------------------------------------------------------
The threat of terrorism has brought new scrutiny to the potential
for terrorists to deliberately trigger accidents that until recently
the chemical industry characterized as unlikely worst-case scenarios.
Such an act could have even more severe consequences than the tens of
thousands of chemical accidents that kill 150 Americans and injure
5,000 every year.3
---------------------------------------------------------------------------
\3\ Mannan, Gentile, and O'Connor. ``Chemical Incident Data Mining
and Application to Chemical Safety Trend Analysis,'' Mary Kay O'Connor
Process Safety Center, Texas A&M University, 2001.
---------------------------------------------------------------------------
Frederick L. Webber, president of the American Chemistry Council,
has said ``No one needed to convince us that we could be--and indeed
would be--a target at some future date . . . If they're looking for the
big bang, obviously you don't have to go far in your imagination to
think about what the possibilities are.'' 4 The Agency for
Toxic Substances and Disease Registry said in 1999 that chemicals at
industrial sites provide terrorists with ``. . . effective and readily
accessible materials to develop improvised explosives, incendiaries and
poisons.'' 5
---------------------------------------------------------------------------
\4\ Eric Pianin. ``Toxic Chemicals' Security Worries Officials,''
Washington Post, November 12, 2001.
\5\ Pianin 2001 Ibid.
---------------------------------------------------------------------------
Unfortunately, that report found security at these facilities
ranging from poor to nonexistent. More recent investigations since
September 11th tell the same story. Just months ago, a series in the
Pittsburgh Tribune-Review reported that an intruder could freely enter
and walk through more than 60 chemical facilities in Pennsylvania,
Houston, Chicago, and Baltimore--completely unchallenged.6 A
recent report by the Department of Justice, made secret for unexplained
reasons, apparently confirms these findings.
---------------------------------------------------------------------------
\6\ Carl Prine. ``Lax Security Exposes Lethal Chemical Supplies,''
Pittsburgh Tribune-Review, April 7, 2002; and ``Chemicals Pose Risks
Nationwide,'' Pittsburgh Tribune-Review, May 5, 2002.
---------------------------------------------------------------------------
An Opportunity to make Communities Safe
Fortunately, there are well-established measures for reducing
hazards at facilities--and making communities safer. Reducing chemical
hazards at industrial facilities means making process changes that
reduce or eliminate the possibility of a chemical release by reducing
chemical use or switching to safer chemicals and processes. For many
chemicals and processes, there are readily available and safer
alternatives. A few examples demonstrate this simple concept:
In New Jersey, 553 water treatment facilities have stopped
using chlorine gas because of its notorious potential for
disastrous chemical releases.7
---------------------------------------------------------------------------
\7\ Information provided by R. Baldini, Bureau of Release
Prevention, New Jersey Department of Environmental Protection,
September 2001.
---------------------------------------------------------------------------
Here in Washington, DC, the city's Blue Plains Sewage
Treatment Plant has long recognized that a release of chlorine gas
or sulfur dioxide could blanket the downtown area, as well as
Anacostia, Reagan National Airport, and Alexandria.8
Over the course of eight weeks after September 11th, authorities
quietly removed up to 900 tons of liquid chlorine and sulfur
dioxide, moving tanker cars at night under guard. The city switched
to a hypochlorite process that dramatically reduces the safety
risk, virtually eliminating the chance of any off-site
impact.9
---------------------------------------------------------------------------
\8\ Radian Corporation. ``Air Dispersion Model Assessment of
Impacts From a Chlorine Spill at the Blue Plains Wastewater Treatment
Plant,'' 1982; See also Chlorine Institute, Pamphlet 74, April 1998.
\9\ Carol D. Leonnig and Spencer S. Hsu. ``Fearing Attack, Blue
Plains Ceases Toxic Chemical Use,'' Washington Post, November 10, 2001.
---------------------------------------------------------------------------
In response to the Pittsburgh Tribune-Review series on the
danger of chemical plants' lax security, Bethlehem Steel in
Pennsylvania is switching from hazardous sulfur dioxide to safer
materials and processes.10
---------------------------------------------------------------------------
\10\ Carl Prine. ``Companies Respond to Infiltration of
Facilities.'' The Pittsburgh Tribune-Review, May 5, 2002.
---------------------------------------------------------------------------
The threat of terrorism requires looking for ways to make
industrial facilities inherently safer when it comes to chemical use.
If terrorists continue to use airplanes or truck bombs, add-on security
measures such as safety guards and physical barriers cannot prevent a
chemical release. Similarly, secondary prevention or mitigation
measures, such as safety valves, would be decidedly inadequate in the
event of an attack like those seen on September 11th.
Inherent safety is an opportunity for policymakers to remove a
terrorist threat in many cases. This is an option that is not available
for all terrorist risks. Airline passengers have to rely on increased
security to make flying safer. For American industry, however, many
chemicals have readily available safer alternatives and many facilities
could re-design processes to be inherently safer.
Inaction on Chemical Security
Since September 11th, the Senate has introduced, held hearings, and
scheduled mark-up on a bill. But at this late date, little else has
occurred to address chemical security. The administration developed a
proposal on chemical security, but appears to have backed away from it.
An EPA presentation in May outlined an aggressive legislative proposal,
but later reports indicated that the proposal had been scaled back in
scope and potentially reduced to agency guidance with little
enforceability. News reports indicate that progress on the proposal
slowed in response to resistance from the industry and from within the
administration.
The Department of Justice has released its ``Sandia methodology,''
guidance on assessing site security at chemical facilities.
Unfortunately, this guidance has been issued with no indication that
facilities will be required to implement it. Also, the guidance relies
primarily on site security with only minimal mention of making
facilities inherently safer. Additionally, the guidance is quite
complicated and relies on sophisticated judgments on the relative risk
of different security threats; it is unlikely that the average plant
manager would have the expertise to implement this plan without
assistance from security experts.
The American Chemistry Council touts a voluntary program being
developed to increase site security at chemical plants. While the
American Chemistry Council is doing the right thing by beginning to
address the security risks at their facilities, their program is not
and cannot be sufficient, for three reasons:
1. The program is voluntary. In the wake of September 11th, airline
security, water supply security, and nuclear security have not been
allowed to happen on a voluntary basis. It makes no sense to allow
thousands of facilities with hazardous chemical stockpiles to
increase security on a voluntary basis. Furthermore, other
voluntary programs, particularly the industry's ``Responsible
Care'' program, to which the new security code is closely linked,
have too often been heavy on public relations and promotional
campaigns and light on substantive safety improvements. A 1998
survey of American Chemistry Council members showed that, despite
their on-paper commitment to the right-to-know principles of the
``Responsible Care'' program, citizens could not get basic
information about toxic chemical use and accidents at 75% of the
facilities.11
---------------------------------------------------------------------------
\11\ U.S. PIRG Education Fund. Trust Us, Don't Track Us. January
1998.
---------------------------------------------------------------------------
2. The program applies only to American Chemistry Council members,
which comprise 11% of the 15,000 industrial facilities that store
and use high enough quantities of hazardous materials to be subject
to EPA's chemical accident prevention program. With nearly 125
facilities in the country each putting 1 million Americans at risk,
increasing security at 10% of them is not enough.
3. The program focuses primarily on increasing site security and only
peripherally mentions reducing hazards. Reducing the hazards
themselves--potentially eliminating terrorist targets--must be at
the core of any program to make communities safer from a terrorist
attack on a chemical plant.
A Federal Chemical Security Program
The threat of chemical use and storage at thousands of industrial
facilities deserves the same attention to security as water treatment
facilities and nuclear plants. Three basic components are required: a
vulnerability assessment, a hazard reduction plan, and increases in
site security where significant threats of off-site consequences
remain.
The vulnerability assessment can follow methodologies laid out for
other industry sectors and by various federal agencies and industry
experts on a voluntary basis to date, with one critical difference:
accountability. EPA's proposals have not included a requirement that
vulnerability assessments be submitted to the federal government. This
basic accountability is critical to government's ability to increase
safety and protect against terrorist risks. Without the basic
requirement that facilities submit their vulnerability assessments (and
plans for reducing hazards and increasing site security) to the
government, a federal program would be hardly an improvement over a
voluntary program.
Requiring facilities to submit hazard reduction plans must be the
heart of a federal chemical security program. Reducing hazards means
reducing or eliminating terrorist targets in communities nationwide--
the most effective protection possible. A program can take two
approaches:
1. Mandate specific process changes to reduce the inherent dangers at
industrial plants. A federal security program could identify
technologies or materials that are highly hazardous and have
available alternatives and require that any facility using those
technologies or materials adopt the alternative. Examples include
chlorine used at wastewater treatment facilities and hydrogen
fluoride used at many oil refineries.
2. Require facilities to look for inherently safer technologies and
implement available alternatives. This approach allows more
flexibility to accommodate the significant differences between
plants. For this planning-based model to work, facilities must be
required to report to the government specifically what safer
alternatives were identified, which alternatives they plan to
implement and on what timeline, and the reasons for rejecting any
safer alternatives that were identified. The reasons permitted
should be strictly limited.
A federal chemical security program should be led by EPA. The
agency has the expertise and history with chemical plant safety, as
well as, appropriately, the regulatory authority. The new Department of
Homeland Security should play an advisory or coordinating role,
particularly on the site security components. Additionally, research-
and-development funding could be directed toward identifying and
promoting inherently safer technologies. It is critical that the new
Department help improve chemical safety and security, but it is equally
critical that the development of the new Department not stand in the
way of swiftly establishing a federal chemical security program.
As noted above, EPA's attempts to establish a chemical security
program have met obstacles in recent weeks. Congress should mandate a
chemical security program to ensure that the program moves forward
without delay. The Chemical Security Act, S. 1602, introduced in the
Senate, provides a good model. That legislation should be passed by
Congress, either as an amendment to the Homeland Security bill, or
separately on a similar or shorter timeline.
the proposed department of homeland security
The bill, as currently proposed, does not establish any chemical
security program and moreover could confuse or delay progress on
chemical security. It could do so because of its lack of clarity on the
Department's role in chemical plant security and because of its lack of
clear vision for how to address chemical security. Additionally, the
proposed bill could undermine existing chemical safety programs by
creating a sweeping exemption from the Freedom of Information Act that
could reduce government and industry accountability and limit public
access to information that could prove critical to protecting
communities.
Ambiguous Authority and Responsibility
The bill does not clearly define what the new Department's
authorities regarding critical infrastructure generally, and chemical
plant security specifically, would be. Section 201 provides the Under
Secretary for Information Analysis and Infrastructure Protection with
``primary responsibilities'' including:
``comprehensively assessing the vulnerabilities'' (paragraph
(2)) and ``developing a comprehensive national plan for securing''
(paragraph (4)) ``the key resources and critical infrastructure''
(paragraphs (2) and (4));
``integrating relevant information--to identify protective
priorities and support protective measures by the Department, by
other executive agencies--and by other entities'' (paragraph (3));
``taking or seeking to effect necessary measures to protect
the key resources and critical infrastructures . . . in
coordination with other executive agencies and . . . other
entities'' (paragraph (5)).
Section 301 provides the Under Secretary for Chemical, Biological,
Radiological, and Nuclear Countermeasures with ``primary
responsibilities'' including:Q02
``securing the people, infrastructures, property, resources,
and systems'' from acts of terrorism involving ``chemical,
biological, radiological, or nuclear weapons or other emerging
threats'' (paragraph (1));
``conducting a national scientific research and development
program'' including efforts to ``identify, devise, and implement
scientific, technological, and other countermeasures'' to the same
threats (paragraph (2)); and
``establishing priorities for, directing, funding, and
conducting national research, development, and procurement of
technology and systems . . . for detecting, preventing, protecting
against, and responding to terrorist attacks that involve
[chemical, biological, radiological, nuclear, and related] weapons
and material'' (paragraph (3) and (3)(B)).
These sections, examined together, create confusion and
contradictions about where various authorities and responsibilities
lie:
1. There are internal contradictions and confusion. What is the
difference (or relationship) between the responsibility of the Under
Secretary for Information Analysis and Infrastructure Protection for
``taking or seeking to effect measures necessary to protect'' critical
infrastructure and the responsibility of the Under Secretary for
Chemical, Biological, Radiological, and Nuclear Countermeasures for
``securing'' the people and infrastructures? Similarly, what is the
difference (or relationship) between the former and latter Under
Secretaries' responsibilities for identifying and establishing
priorities?
2. It is unclear how these new Under Secretaries' ``primary
responsibilities'' relate to those of other agencies whose functions
are not transferred to the new Department. In some cases the new
Department's responsibility seems to include ``securing'' people and
infrastructure, but in other cases ``taking or seeking to effect''
measures ``in coordination'' with other executive agencies.
Clarifying Authority, Assuring Effective Security
Congress should clarify that the role for the Department of
Homeland Security is one of coordinating security programs and advising
agencies whose functions are not transferred to the new Department, but
that new authority in these cases is not being transferred or otherwise
given to the new Department. EPA has the expertise and experience to
address chemical safety and security. Moreover, EPA has the authority
to address chemical safety and security, granted by the 1990 Clean Air
Act Amendments.12
---------------------------------------------------------------------------
\12\ Clean Air Act Section 112(r)'s general duty clause,
definitions, and particularly 112(r)(7)(a).
---------------------------------------------------------------------------
The agency which has the substantive expertise on safety
protections for the affected industry should retain the authority. This
is particularly true for the chemical industry, because deliberate or
criminal efforts to trigger chemical releases are only one of many
reasons a chemical release could threaten health and safety in a
community (as noted above, there are thousands of accidental and non-
terrorist related spills and releases every year), and because safety
improvements through hazard reduction must be the primary strategy for
securing public health and safety from chemical releases related to
terrorism.
Making Public Health and Safety a Priority
The bill, as proposed, focuses almost entirely on securing
infrastructure and resources with little attention to protecting public
health and safety. In fact, one of the few mentions of the public int
the bill is to the Department having primary responsibility for
``securing the people'' (Sec. 301, paragraph (3)). ``Securing'' people
hardly implies sound protection for public health and safety. While
protecting public health and safety are presumably an end for which
protecting critical infrastructure is a means, it is important that the
new Department's mandate reside explicitly in this context. Without a
clear mandate to protect public health and safety, the new Department
could expend time and resources on measures that are in the short-term
interest of protecting infrastructure and property but not in the long-
term interest of protecting public safety, or could expend time and
resources on security programs without a clear public benefit.
Without a clear definition of ``critical infrastructures'' or ``key
resources,'' there are few limits on or clear characteristics of what
types of industrial facilities or other private properties represent
resources whose protection is sufficiently in the public interest to
justify expending considerable public funds. Protecting undefined
assets could result in programs to protect private property and
resources without any requirement that such protections merit the use
of public resources. To help clarify what types of facilities or
properties may merit protection, Congress should make protecting public
health and safety a clear priority of the Department, its Secretary,
and each of the relevant Under Secretaries.
Beyond Assessment: Reducing Hazards and Vulnerabilities
Congress should ensure that the new Department prioritizes reducing
hazards and reducing vulnerabilities, not simply assessing them and not
relying only on traditional security strategies of perimeter security,
access control, and surveillance. As discussed above, public health and
safety can best be ``secured'' against a deliberate chemical release
from an industrial facility by reducing the hazard such that off-site
impacts of a release are reduced or eliminated.
Site security--perimeter security, access control, and
surveillance--are band-aid fixes that should only be relied on where
there is no way to reduce the inherent danger. The first question that
the new Department (and other agencies with whom it coordinates) should
ask is: Can the infrastructure be made safer? Reducing or eliminating
the possibility of a chemical release is the most effective and long-
term protection for public health and safety and also reduced (or
eliminates) the need for security measures, reducing costs to the
government and the affected industry.
Inherent safety can be applied across industry sectors. For
example, transporting nuclear waste throughout our country to move it
to the Yucca Mountain site will dramatically increase the inherent
dangers in our infrastructure. Since nuclear facilities will continue
to generate highly hazardous nuclear waste on site, regularly moving
waste across our highways and rails will expand, not reduce, the amount
of highly hazardous ``infrastructure'' in our country. This increased
hazard will require more costs for security than would leaving the
waste on site, where a fixed facility would be easier to secure than a
moving vehicle.
Fossil fuel energy offers another example. Securing the length of a
vulnerable pipeline would likely be extraordinarily expensive and
questionably effective. Removing pipelines from densely populated areas
would not only be less costly, but also dramatically (and inherently)
safer. Moving toward renewable energy, such as solar and wind, and
particularly distributed generation, such as on-site solar or wind
generators, would be inherently safer than expanding production from
fossil-fuel based energy sources that rely on highly vulnerable systems
for transporting energy.
Congress should make reducing hazards and vulnerabilities the
national policy of the United States, as the most effective threat
reduction strategy, and should direct the new Department to work toward
this end with the agencies that have current authority, rather than
providing new or redundant authority.
the public's right to know and public accountability as safety tools
The proposed bill shows a troubling request for secrecy by
proposing a sweeping and unprecedented exemption from the Freedom of
Information Act. Restricting the public's right to know about hazards
in communities and industry or government actions to remedy them could
hurt safety rather than help it. By restricting our right to know, even
through a well-intentioned effort to protect safety, government is
abandoning its duty to warn the public if a community is at risk. It is
limiting the ability of the public and communities to understand,
prepare for, and respond to threats to safety. And it is also removing
one of the most effective--and in a democratic society, substantively
important--incentives for public safety improvements: public
information.
There are three primary ways that restricting public access to
information can decrease public safety. First, secrecy without safety
provisions--which is the strategy proposed by the bill--does nothing to
address the threats except make them secret. Since September 11th, the
administration has regularly employed public warnings. Allowing new
secrecy could undermine efforts to provide due warning. Restricting
public access also makes the community less safe because the ability of
individuals and communities to participate in safety decisions ranging
from chemical management and hazard reduction to site security and
emergency response planning, is reduced and potentially eliminated. It
is for exactly this reason that the Congress has for several decades
used public disclosure and right-to-know laws--not secrecy provisions--
to protect public safety, particularly from chemical hazards.
Public disclosure is a strategy with a long record of reducing
risk. Public information empowers individuals and communities to work
for measures that will reduce risk by working directly with a company
locally or by advocating for policy changes to require risk reductions.
As importantly, right-to-know programs provide a public incentive for
relevant parties to be accountable to public values. The Toxics Release
Inventory, established under the 1986 Emergency Planning and Community
Right-to-Know Act, has been credited with contributing to a nearly-50%
reduction in toxic chemical releases. More robust right-to-know
programs have seen proportionally greater impacts. In Massachusetts,
where companies report not just chemical releases but also chemical
use, in products or in the workplace, chemical use is down
approximately 40% and chemical releases are down nearly 90%.
Restricting public access to information restricts opportunities for
these kinds of protections of public safety and health and removes
accountability for government and corporate actors.
Section 204 of the proposed bill would contradict these lessons by
creating an unprecedented and unwarranted loophole in the Freedom of
Information Act. This section runs counter to the fundamental principle
of FOIA: a presumption that the people of the United States have wide-
ranging access to their government and that a government of, by, and
for the people requires an open government. In the rare cases where a
compelling public interest requires secrecy, FOIA allows carefully
limited exceptions for specific documents.
The proposed bill runs almost exactly counter to this approach. It
does not even define what documents would be exempt from FOIA that
could not be covered by current FOIA exemptions (which already exist
for national security, trade secrets, and certain voluntarily provided
information), much less explain what compelling public interest
necessitates this exemption. The requirements for what information
could be made exempt are so vague that virtually any information on
American industry, including information required to be public under
other laws, could potentially be submitted to the new Department,
certified as ``relating'' to critical infrastructure vulnerabilities,
and permanently removed from public access. This would be a colossal
step backwards for open government, public accountability, and the
public's right to know about safety threats.
When Congress addressed the security of water supplies, it was
first determined that for vulnerability assessments being submitted to
the government, current FOIA law may require public disclosure and that
such disclosure could be a security threat. Congress then exempted only
these documents from disclosure under FOIA. This should be the model
for considering any exceptions from FOIA.
Because this bill creates no new vulnerability assessments and
requires no new information to be submitted to the government, Congress
should not consider creating any new FOIA exemptions. Section 204
should be struck from the bill.
______
Environmental Defense, Greenpeace, National
Environmental
Trust, Natural Resources Defense Council, OMB Watch,
U.S. Public Interest Research Group
July 8, 2002
Dear Congressman,
While almost ten months have passed since September 11, a
significant vulnerability has yet to be addressed. Across the U.S.,
thousands of industrial facilities use and store hazardous chemicals in
quantities that put large numbers of Americans at risk of serious
injury or death in the event of a chemical release.
Unfortunately, the administration's Homeland Security Act fails to
address these critical safety issues. Moreover, EPA efforts to address
the problem have encountered resistance within the administration as
well as from some Members of Congress. Under current law, EPA has the
expertise and legal authority 1 to address threats posed by
major chemical releases at industrial facilities. EPA should act
immediately and aggressively to require facilities that store toxic
chemicals to assess and reduce their vulnerabilities by eliminating
targets (for example, by converting to safer chemicals or processes)
and enhancing security. Congress must make it clear that immediate
action is expected from EPA to reduce this threat and should amend the
Homeland Security Bill to require oversight to ensure that EPA
implements a comprehensive hazard assessment and reduction program.
---------------------------------------------------------------------------
\1\ Section 112(r) of the Clean Air Act (CAA) authorizes EPA to
issue regulations ``to prevent accidental releases of regulated
substances,'' defining such a release as ``an unanticipated emission of
a regulated substance or other extremely hazardous substance into the
ambient air from a stationary source.'' Likewise, the CAA imposes a
``general duty'' of precaution on sources, directing them ``to design
and maintain a safe facility taking such steps as are necessary to
prevent releases . . .''
---------------------------------------------------------------------------
In its current form, the Homeland Security Act not only fails to
address chemical safety, but instead proposes to create new, far-
reaching secrecy provisions. These restrictions have the potential to
keep the American public in the dark about potential risks from
chemical facilities and hamper efforts to make communities safer.
Congressional precedent has been to establish only very limited
exemptions to the Freedom of Information Act (FOIA) for specific
documents (for example, the recent exemption in the Bioterrorism
Response Act of 2001 for water system vulnerability assessments).
Section 204 of the administration's HoomHmeland Security Act contains
an overly broad exemption from FOIA, not tied to any specific document
or mandate. This section should be dropped from the bill.
The lack of any action to address risks at chemical plants in
communities around the nation is an irresponsible omission. EPA's
proposed actions are long overdue--the agency should use its existing
expertise and authority to act immediately. Efforts to further delay
EPA action is unacceptable and contradicts the Administration's promise
to quickly address priority threats with existing resources.
We urge you to call on EPA to act immediately to require chemical
facilities to assess and reduce their vulnerabilities and to eliminate
the overly broad secrecy provisions in Section 204 of the Homeland
Security Act of 2002.
Sincerely,
Carol Andress
Environmental Defense
Rick Hind
Greenpeace
Andy Igrejas
National Environmental Trust
Alys Campaigne
Natural Resources Defense Council
Sean Moulton
OMB Watch
Jeremiah Baumann
U.S. Public Interest Research Group
Mr. Whitfield. Thank you, Mr. Baumann. Mr. Sobel, you're
recognized for 5 minutes.
TESTIMONY OF DAVID L. SOBEL
Mr. Sobel. Thank you, Mr. Chairman, for providing me with
the opportunity to appear before this subcommittee to discuss
the administration's proposed legislation to create a new
Department of Homeland Security. I will discuss proposals that
would ironically limit public access to crucial data in the
name of information sharing.
My comments will focus on proposals to create a new Freedom
of Information Act exemption for information obtained by the
Department of Homeland Security concerning infrastructure
protection and counterterrorism efforts, but I would also like
to share with the subcommittee some general observations that I
have made as the debate over critical infrastructure
information has unfolded over the last few years. I believe it
is essential to understand the broader context in which the
FOIA exemption proposal arises.
First, there appears to be a consensus that the government
is not obtaining enough information from the private sector on
vulnerabilities that could adversely affect the infrastructure.
It is equally clear that citizens, the ones who will suffer the
direct consequences of infrastructure failures, are also
receiving inadequate information about these vulnerabilities.
Second, there has not yet been a clear vision articulated
defining the government's proper role in securing the
infrastructure. Despite the emphasis on finding ways to
facilitate the government's receipt of information, it remains
unclear just what the government will do with the information
it receives. The administration's homeland security proposal
does not clearly define the new department's role in protecting
the infrastructure.
Third, rather than seeking ways to hide information,
Congress should consider approaches that would make as much
information as possible available to the public, consistent
with the legitimate interests of the private sector. This is
particularly critical in the context of the new department,
which will assume an unprecedented range of responsibilities
involving public safety.
A broad coalition of organizations has serious concerns
about various proposals, such as section 204 of the
administration's bill to create a broad new FOIA exemption for
information relating to security flaws and other
vulnerabilities in the infrastructure.
Section 204 would cast a shroud of secrecy over one of the
new department's critical functions, removing any semblance of
meaningful public accountability. If section 204 or a similar
secrecy provision such as Representative Davis' bill is
enacted, the public will be unable to hold the department
accountable should it fail to make effective use of the
information it obtains. What did DHS know and when did it know
it is a question that will go unanswered.
While section 204 is, in my view, exceedingly broad, I
would urge the subcommittee to approach more circumspect
exemption proposals with skepticism as well. Any new exemption,
unless extremely limited, is likely to remove important
information from public view and restrict public oversight of
critical government operations. Perhaps most importantly, any
new exemption designed to protect the voluntarily submitted
private sector information is simply not needed. Established
case law makes it clear that existing exemptions contained in
the FOIA provide adequate protection against harmful
disclosures of the type of information we are discussing.
Exemption 4, which covers confidential private sector
information, provides extensive protection. As my written
statement explains in detail, Exemption 4 extends to virtually
all of the infrastructure material that properly could be
withheld from disclosure.
In light of the substantial protections provided by FOIA
Exemption 4 and the case law interpreting it, I believe that
any claimed private sector reluctance to share important data
with the government grows out of at best a misperception of
current law. The existing protections for confidential private
sector information have been repeatedly--have been cited
repeatedly over the past 2 years by those of us who believe
that a new exemption is unwarranted.
Exemption proponents respond that the FOIA creates a
perceived barrier to information sharing. They have not cited a
single instance in which a Federal agency has disclosed
voluntarily submitted data against the express wishes of an
industry submittal.
It should be noted that we are discussing the desire of
private companies to keep secret potentially embarrassing
information at a time when the disclosure practices of many in
the business world are being scrutinized. If a company is
willing to fudge its financial numbers to maintain its stock
price, it would be similarly inclined to hide behind a critical
infrastructure FOIA exemption in order to conceal gross
negligence in its maintenance and operation of a chemical plant
or a transportation system.
In summary, overly broad new exemptions could adversely
impact the public's right to oversee important and far-reaching
governmental functions and remove incentives for remedial
private sector action.
I urge the Congress to preserve the public's fundamental
right to know as it considers the establishment of a Department
of Homeland Security, and I thank the subcommittee for
considering my views.
[The prepared statement of David L. Sobel follows:]
Prepared Statement of David L. Sobel, General Counsel, Electronic
Privacy Information Center
Mr. Chairman and Members of the Subcommittee: Thank you for
providing me with the opportunity to appear before the Subcommittee to
discuss the Administration's far-reaching proposed legislation to
create a new Department of Homeland Security. I will discuss the role
that the exchange of information plays in protecting our nation's
infrastructure and preventing terrorism, and focus on proposals that
would, ironically, limit public access to crucial data in the name of
``information sharing.'' The Electronic Privacy Information Center
(EPIC) has a longstanding interest in computer and network security
policy and its potential impact on civil liberties, emphasizing full
and informed public debate on matters that we all recognize are of
critical importance in today's inter-connected world.
My comments will focus primarily on proposals to create a new
Freedom of Information Act (FOIA) exemption for information obtained by
the Department of Homeland Security concerning infrastructure
protection and counter-terrorism efforts. But I would also like to
share with the Subcommittee some general observations that I have made
as the debate over ``critical infrastructure information'' has unfolded
over the past few years. I believe it is essential to understand the
broader context in which the FOIA exemption proposal arises.
There appears to be a consensus that the government is not
obtaining enough information from the private sector on security risks
and vulnerabilities that could adversely affect the critical
infrastructure. I hasten to add that citizens--the ones who will suffer
the direct consequences of infrastructure failures--are also receiving
inadequate information about these vulnerabilities.
There has not yet been a clear vision articulated defining
the government's proper role in securing the infrastructure. While
there has been a great deal of emphasis on finding ways to facilitate
the government's receipt of information, it remains unclear just what
the government will do with the information it receives. In fact, many
in the private sector advocate an approach that would render the
government virtually powerless to correct even the most egregious
security flaws. Despite its ambitious reach, the Administration's
homeland security proposal does not clearly define the new Department's
role in protecting the infrastructure.
The private sector's lack of progress on security issues
appears to be due to a lack of effective incentives to correct existing
problems. Congress should consider appropriate incentives to spur
action, but secrecy and immunity, which form the basis for many of the
proposals put forward to date, remove two of the most powerful
incentives--openness and liability. Indeed, many security experts
believe that disclosure and potential liability are essential
components of any effort to encourage remedial action. 1
---------------------------------------------------------------------------
\1\ See, e.g., ``Counterpane CTO Says Insurance, Liability to Drive
Security,'' InfoWorld (February 20, 2002), (According to
security expert Bruce Schneier, ``[t]he challenges and problems of
computer and network security won't be adequately addressed until
companies can be held liable for their software and the use of their
computer systems'').
---------------------------------------------------------------------------
Rather than seeking ways to hide information, Congress
should consider approaches that would make as much information as
possible available to the public, consistent with the legitimate
interests of the private sector. This is particularly critical in the
context of the new Department, which will assume an unprecedented range
of responsibilities involving public safety.
As indicated, I would like to focus my comments on proposals to
limit public access to information concerning critical infrastructure
protection. EPIC is a strong advocate of open government, and has made
frequent use of the FOIA to obtain information from the government
about a wide range of policy issues, including (in addition to computer
security) consumer privacy, electronic surveillance, encryption
controls and Internet content regulation. We firmly believe that public
disclosure of this information improves government oversight and
accountability. It also helps ensure that the public is fully informed
about the activities of government.
I have personally been involved with FOIA issues for more than
twenty years and have handled information requests on behalf of a wide
range of requesters. In 1982, I assisted in the preparation of a
publication titled Former Secrets, which documented 500 instances in
which information released under the FOIA served the public interest. I
am convinced that an updated version of that publication would today
yield thousands of examples of the benefits we all derive from the
public access law that has served as a model for other nations around
the world.
EPIC and other members of the FOIA requester community have, for
the past several years, voiced concerns about various proposals to
create a broad new FOIA exemption, such as those contained in the Cyber
Security Information Act (H.R. 2435) and the Critical Infrastructure
Information Security Act (S. 1456), for information relating to
security flaws and other vulnerabilities in our critical
infrastructures. Section 204 of the Administration's proposed
legislation, as I will discuss in more detail, contains an exemption
provision that appears to be even more far-reaching than those
previously proposed. We collectively believe these exemption proposals
are fundamentally inconsistent with the basic premise of the FOIA,
which, as the Supreme Court has recognized, is ``to ensure an informed
citizenry, vital to the functioning of a democratic society, needed to
check against corruption and to hold the governors accountable to the
governed.'' 2 To accomplish that end, ``[d]isclosure, not
secrecy, is the dominant objective of the Act.'' 3
---------------------------------------------------------------------------
\2\ NLRB v. Robbins Tire & Rubber Co., 437 U.S. 214, 242 (1978).
\3\ Department of the Air Force v. Rose, 425 U.S. 352 (1976).
---------------------------------------------------------------------------
It is clear that, as we simultaneously move further into the
electronic age and confront the risks of terrorism, the federal
government increasingly will focus on the protection of critical
infrastructures. It is equally apparent that government policy in this
emerging field will become a matter of increased public interest and
debate. The proposal to create a vast Department of Homeland Security
raises that debate to a new level of urgency. While reasonable
observers can disagree over the merits of specific initiatives, I
believe we all agree that infrastructure protection and counter-
terrorism activities raise significant public policy issues that
deserve full and informed public discussion.
The issue is perhaps best illustrated by examining the latest
iteration of the ``critical infrastructure information'' exemption
approach--Section 204 of the Administration's proposed Homeland
Security Act. In what is surely among the most far-reaching one-
sentence statutory provisions ever drafted, Section 204 provides:
Information provided voluntarily by non-Federal entities or
individuals that relates to infrastructure vulnerabilities or
other vulnerabilities to terrorism and is or has been in the
possession of the Department [of Homeland Security] shall not
be subject to [the FOIA].
It should be noted that this provision would conceal from public
scrutiny a major component of the Department's statutory mission--the
information analysis and infrastructure protection functions set forth
in Title II of the Administration's proposed legislation. Indeed,
``information analysis and infrastructure protection'' is the first of
the Department's ``primary responsibilities'' enumerated in Section
101(b)(2).
Section 204 would cast a shroud of secrecy over one of the
Department's critical functions, removing any semblance of meaningful
public accountability. The tragic events of September 11th illustrate
the importance of such accountability mechanisms; the Congress, the
media and the public are currently engaged in an examination of
possible failures of intelligence or analysis that may have contributed
to the tragedy. Indeed, the legislation we are discussing today is a
direct outgrowth of that review process and public debate. If Section
204, or a similar secrecy provision, is enacted, the news media and the
public will be unable to hold the new Department accountable should it
fail to make effective use of information it obtains. ``What did DHS
know and when did it know it?'' is a question that will go unanswered.
Such insulation from accountability is clearly the wrong way to go as
we seek to create an effective new entity.
While Section 204 is, in my view, exceedingly broad, I would urge
the Subcommittee to approach more circumscribed exemption proposals
with skepticism as well. Any new exemption, unless extremely limited,
is likely to remove important information from public view and restrict
public oversight of critical government operations. And, perhaps most
importantly, any new exemption designed to protect voluntarily-
submitted private sector information is simply not needed.
It is clear that government activities to protect the
infrastructure will be conducted in cooperation with the private sector
and, accordingly, will involve extensive sharing of information between
the private sector and government. To facilitate the exchange of
information, some have advocated enactment of an automatic, wholesale
exemption from the FOIA for any information concerning potential
vulnerabilities to the infrastructure that may be provided by a private
party to a federal agency. Given the breadth of the proposed
definitions of the categories of information to be exempted, I believe
such an exemption would likely hide from the public essential
information about critically important--and potentially controversial--
government activities undertaken in partnership with the private
sector. It could also adversely impact the public's right to know about
unsafe practices engaged in by the private operators of nuclear power
plants, water systems, chemical plants, oil refineries, and other
facilities that can pose risks to public health and safety. In short,
critical infrastructure protection is an issue of concern not just for
the government and industry, but also for the public--particularly the
local communities in which these facilities are located.
If the history of the FOIA is any guide, a new exemption would
likely result in years of litigation as the courts are called upon to
interpret its scope. The potential for protracted litigation brings me
to what I believe is the most critical point for the Subcommittee to
consider, which is the need for a new ``critical infrastructure'' FOIA
exemption. FOIA caselaw developed over the past quarter-century makes
it clear that existing exemptions contained in the Act provide adequate
protection against harmful disclosures of the type of information we
are discussing. For example, information concerning the software
vulnerabilities of classified computer systems used by the government
and by defense contractors is already exempt under FOIA Exemption 1. A
broad range of information collected for law enforcement purposes may
be (and routinely is) withheld under Exemption 7. Most significantly,
Exemption 4, which protects against disclosures of trade secrets and
confidential information, also provides extensive protection from
harmful disclosures. Because I believe that Exemption 4 extends to
virtually all of the ``critical infrastructure'' material that properly
could be withheld from disclosure, I would like to discuss briefly the
caselaw that has developed in that area.
For information to come within the scope of Exemption 4, it must be
shown that the information is (A) a trade secret, or (B) information
which is (1) commercial or financial, (2) obtained from a person, and
(3) privileged or confidential.4 The latter category of
information (commercial information that is privileged or confidential)
is directly relevant to the issue before the Subcommittee. Commercial
or financial information is deemed to be confidential ``if disclosure
of the information is likely to have either of the following effects:
(1) to impair the government's ability to obtain the necessary
information in the future; or (2) to cause substantial harm to the
competitive position of the person from whom the information was
obtained.'' 5 The new FOIA exemption that has been proposed
seeks to ensure that the government is able to obtain critical
infrastructure information from the private sector on a voluntary
basis, a concern which comes within the purview of Exemption 4's
``impairment'' prong. The courts have liberally construed
``impairment,'' finding that where information is voluntarily submitted
to a government agency, it is exempt from disclosure if the submitter
can show that it does not customarily release the information to the
public.6 In essence, the courts defer to the wishes of the
private sector submitter and protect the confidentiality of information
that the submitter does not itself make public.
---------------------------------------------------------------------------
\4\ Getman v. NLRB, 450 F.2d 670, 673 (D.C. Cir. 1971), stay
denied, 404 U.S. 1204 (1971).
\5\ National Parks and Conservation Association v. Morton, 498 F.2d
765, 770 (D.C. Cir. 1974).
\6\ Critical Mass Energy Project v. Nuclear Regulatory Commission,
975 F.2d 871 (D.C. Cir. 1992) (en banc), cert. denied, 113 S.Ct. 1579
(1993).
---------------------------------------------------------------------------
In addition to the protections for private sector submitters
contained in FOIA Exemption 4 and the relevant caselaw, agency
regulations seek to ensure that protected data is not improperly
disclosed. Under the provisions of Executive Order 12600 (Predisclosure
Notification Procedures for Confidential Commercial Information) issued
by President Reagan in 1987, each federal agency is required to
establish procedures to notify submitters of records ``that arguably
contain material exempt from release under Exemption 4'' when the
material is requested under the FOIA and the agency determines that
disclosure might be required. The submitter is then provided an
opportunity to submit objections to the proposed release. The
protections available to private sector submitters do not end there; if
the agency determines to release data over the objections of the
submitter, the courts will entertain a ``reverse FOIA'' suit to
consider the confidentiality rights of the submitter.7
---------------------------------------------------------------------------
\7\ See GTE Sylvania, Inc. v. Consumers Union, 445 U.S. 375 (1980).
---------------------------------------------------------------------------
In light of the substantial protections against harmful disclosure
provided by FOIA Exemption 4 and the caselaw interpreting it, I believe
that any claimed private sector reticence to share important data with
the government grows out of, at best, a misperception of current law.
The existing protections for confidential private sector information
have been cited repeatedly over the past two years by those of us who
believe that a new FOIA exemption is unwarranted. In response,
exemption proponents have not come forward with any response other than
the claim that the FOIA creates a ``perceived'' barrier to information
sharing.8 They have not cited a single instance in which a
federal agency has disclosed voluntarily submitted data against the
express wishes of an industry submitter. Nor have they provided a
single hypothetical example of voluntarily submitted ``critical
infrastructure'' information that would not fall within the broad
protection of Exemption 4.
---------------------------------------------------------------------------
\8\ See, e.g., Letter from Daniel P. Burnham, Chair, National
Security Telecommunications Advisory Committee to the President, June
28, 2001 (``Real or perceived, barriers to [information] sharing must
be removed. Among those barriers are the Freedom of Information Act and
potential legal liabilities'') (emphasis added).
---------------------------------------------------------------------------
Frankly, many in the FOIA requester community believe that
Exemption 4, as judicially construed, shields far too much important
data from public disclosure. As such, it is troubling to hear some in
the Administration and the private sector argue for an even greater
degree of secrecy for information concerning vulnerabilities in the
critical infrastructure. As I have noted, shrouding this information in
absolute secrecy will remove a powerful incentive for remedial action
and might actually exacerbate security problems. A blanket exemption
for information revealing the existence of potentially dangerous
vulnerabilities will protect the negligent as well as the diligent. It
is difficult to see how such an approach advances our common goal of
ensuring a robust and secure infrastructure.
It should not go unnoticed that we are discussing the desire of
private companies to keep secret potentially embarrassing information
at a time when the disclosure practices of many in the business world
are being scrutinized. If a company is willing to fudge its financial
numbers to maintain its stock price, what assurance would we have that
it was not hiding behind a ``critical infrastructure'' FOIA exemption
in order to conceal gross negligence in its maintenance and operation
of a chemical plant or a transportation system?
In summary, the Freedom of Information Act has worked extremely
well over the last 36 years, ensuring public access to important
information while protecting against specific harms that could result
from certain disclosures. After monitoring the development of critical
infrastructure protection policy for the last several years, I have
heard no scenario put forth that would result in the detrimental
disclosure of information under the current provisions of the FOIA.
Overly broad new exemptions could, however, adversely impact the
public's right to oversee important and far-reaching governmental
functions and remove incentives for remedial private sector action. I
urge the Subcommittee and the Congress to preserve the public's
fundamental right to know as it considers the establishment of a
Department of Homeland Security.
Mr. Whitfield. Thank you, Mr. Sobel. The Chair at this time
will recognize the gentleman from North Carolina for 5 minutes.
Mr. Burr. I thank the Chair, and I will be briefer than 5
minutes. Let me ask you, Mr. Sobel, since you just finished, I
think we've heard testimony today calling for FOIA exemptions
for sensitive information and others have indicated the
concerns that currently there's too much information in the
public domain, and that that would be useful from the
standpoint of targeting and prioritizing--targeting the
manufacturing facilities for terrorist attacks. Is there any
information that is currently in the public domain via FOIA
disclosures or otherwise about private sector critical
infrastructure assets that you believe should not be in the
public domain because it provides too much information that
could be used by terrorists? And if so, what would it be?
Mr. Sobel. Well, Congressman, the answer is very simple. I
do not believe that as a result of the FOIA any material that
could create potential harms or problems has been released, and
as I indicated, the proponents of the FOIA exemption have not
in the last 2 years that this issue has been debated come
forward with a single example of such a disclosure. Their
entire case is hypothetical and, as I said, as far as I'm
concerned based on a misunderstanding and a misperception----
Mr. Burr. So there's nothing that you would remove today?
Mr. Sobel. That is correct, not information released as a
result of the FOIA.
Mr. Burr. Mr. Smith, what steps can we take to improve
information sharing between the Federal Government and the
private sector?
Mr. Smith. Before I answer that question, let me just
respond to a different point of view than an earlier answer.
One of the reasons why that material has not been presented is
because we haven't--we've refused to provide it. We have been
asked, for example, to provide a list of the 100 most critical
buildings in our network. Now, that would be tantamount to
providing a road map to terrorists to say if you really want to
hurt us, if you really want to take the telecommunications
infrastructure down, here are a hundred buildings to target. So
we refuse to do that.
Now, the problem is, that limits our ability to work with
agencies that we might cooperate with in developing preplanned
response in the event of that kind of instance such as what we
saw in Manhattan, but that is the reason why you don't see that
information released. We have chosen not to do that.
But to respond to your particular question, we think that
with respect to H.R. 4598, recently passed, the information
from the government to the private sector must really be
actionable, that it supports the sharing of information, but
sharing classified information or very limited sharing that we
can act on is only part of the way. So we think there is work
to do to improve that. And then certainly, as we've just said,
on the other direction we think that FOIA protections really
are critical for us to be able to share more information with
government agencies in order to respond to those kind of
threats.
Mr. Burr. Well, it clearly is an issue that I don't think
we will come to consensus based upon those who have sat and
testified today. But this body, along with this administration,
will be asked to move some very significant legislation that in
the end won't be perfect, but hopefully will give us a greater
degree of comfort in knowing that tools are in place to allow
whoever the Secretary is of Homeland security the ability to
carry out the job, to make assurances, but more importantly, to
make sure that the security of this country is in fact intact
in more ways than one.
I'd like to thank all of you for your willingness to come,
and I'd yield back.
Mr. Whitfield. The gentleman from Florida is recognized for
5 minutes.
Mr. Deutsch. Thank you, Mr. Chairman. You know, Mr. Smith,
I guess your comments were directly on point, and I guess this
is really the differences on this panel in terms of the
vulnerability assessments.
Mr. Sullivan, in terms of the area of water in the West 1
month ago the President signed the bioterrorism bill which
passed the House 425 to 1 and the Senate 98 to 0, and it
contained specifically this whole context of water issues in
terms of safety and security and the vulnerability assessments.
You testified that you believe the vulnerability assessments
provided to EPA, you're concerned that these documents could
wind up inadvertently in the hands of malicious people. The
bioterrorism law establishes criminal penalties for releasing
these documents. Do you have a basis for your concern or just
more information out there, not really understanding the
controls that they would have on that information?
Mr. Sullivan. Well, first of all, the water industry has no
objections at all to preparing vulnerability assessments.
You've got to understand that these are absolute blueprints of
how to take down a water system. It shows you the way. Now,
these vulnerability assessments currently are going to be
supplied, over 8,000 of them, in hard copy, but they're going
to be smaller books and smaller systems in volumes of pages.
And first, we are concerned that EPA, which is a regulatory
agency, where are they going to secure these? It's not truly
the ambition to be doing security of critical infrastructure.
So as we all learned, and Congress has done it many times, as
new information comes across, new opportunities come across,
there may be a better opportunity here to have DHS provide this
repository, if needed.
Our preference, of course, is that these vulnerability
assessments be kept in each utility and that access to them
through an audit process or DHS audit, local FBI, would be
dealt with in each utility itself so that we wouldn't be
sending hard copies to some spot that we don't know where they
go.
Mr. Deutsch. If I can just follow up on this, I understand
what you're saying, but my understanding of the law as passed
is you have to do it, and it's sort of our burden to try to
keep it secure. But it's your determination that you don't like
the way EPA is securing these vulnerability assessments?
Mr. Sullivan. We don't know how they're securing them yet.
What we're suggesting is that there's another location--there's
an improvement available to Congress now to house them under
DHS. It's a suggestion by the water industry.
Mr. Deutsch. There's nothing specific about EPA, but just
the way--your experience with EPA, I mean, you just don't feel
they have the ability to secure these documents?
Mr. Sullivan. They're a regulatory agency. We're looking at
DHS as the new secure critical infrastructure, that they can
house it. So we think it is a better opportunity.
Mr. Deutsch. Mr. Sobel, Mr. Watson seems to be raising a
salient point about sharing highly sensitive information
regarding cyber security owned and operated by the private
sector. The overwhelming bulk of critical cyber systems in the
United States today are usually not government owned. He says
the private companies are not sharing this information with the
public because of concerns that it's not protected from public
disclosure under FOIA.
Is he correct that information would not be protected under
current law?
Mr. Sobel. Congressman, I think clearly in my view that is
not a correct assessment of current law. Basically what the
courts have said is that if a disclosure of voluntarily
submitted information against the wishes of the submitter would
impede the government's ability in the future to get that kind
of cooperation, it's not going to be disclosed, and that is
precisely what we're talking about here.
If there would be any disincentive that resulted from
disclosure of voluntarily provided information, it is not
disclosable. So virtually by definition, information is not
disclosed against the wishes of the submitter of the voluntary
information. It's really as simple as that, and as I've pointed
out repeatedly, the proponents of this exemption have not
pointed to one disclosure that has been against the wishes of
an industry submitter.
Mr. Deutsch. Thank you.
Mr. Whitfield. Mr. Copeland, in your testimony, you call
for a greater emphasis on cyber security in the legislation,
and you even urge the creation of a Bureau of Cyber Security. I
was wondering if you would just elaborate on why you believe
that's important and why do you believe it should be separated
from the physical security issues and what the primary mission
of the new bureau should be.
Mr. Copeland. Thank you, Mr. Chairman. I would like to
clarify to the--I wasn't suggesting that it be separated from
the physical security issues and in fact pointed out that it
should be attending to physical attacks on cyber facilities.
So, for example, physical attacks on network nodes that might
cause a telecommunications outage are a serious concern. In
fact, today by far the most common form of outage that networks
experience, the back operators do more damage to our network
than terrorists do today, and that is a common physical
experience and fires and hurricanes and earthquakes caused the
kind of physical problems they are accustomed to dealing with.
One of the observations that our association has made and
many of its members have made is that since September 11
there's been an extremely enhanced level of awareness of
physical security issues and attention to them, and
unfortunately, we have been building a significantly high level
of interest and awareness in some of the developing cyber
security issues, and there was an attendant fall-off after
September 11, and the focus shifted to physical security.
Our concern is that the cyber security issues frequently
are more esoteric, more complex, more difficult to understand
because of the complexity, and if they tend to get mixed in
with other activities that are focusing on the physical
aspects, they tend to get lost in the shuffle.
We think it's important that they get the degree of
visibilities that are needed, that the resources necessary are
applied and that a single executive be accountable for those
particular aspects of the security and have to report to the
Congress with that accountability.
One needs only look at some of the experiences in the
Federal Government where they should be leading by example to
see that cyber security unfortunately has not been getting
traditionally the attention it should in the departments and
agencies. The score that has been given to information security
by Congressman Horn in his oversight is one example of that.
The reports that were submitted to the Congress under GISRA,
the Government Information Security Requirements Act, indicate
that most of the departments are at best achieving only barely
passing grades in that area. So anything that can help to focus
attention on that area is extremely important.
Mr. Whitfield. Thank you, Mr. Copeland.
Mr. Watson, some have argued that this public-private
partnership created by Presidential Directive 63 to build a
strong business model for ensuring the security and reliability
of our Nation's critical infrastructures is not an effective
model, and primarily because it does not include additional
regulatory directives to compel the private sector owners to
take additional steps. Do you agree with that argument, or do
you feel like the directive has been successful?
Mr. Watson. Mr. Chairman, I don't agree with the argument,
because the PCIS is represented by presidents and chief
operating officers, chief information security officers from
the companies and trade associations that represent the
critical infrastructures. There's enthusiastic participation.
It's more enthusiastic because the government has approached
industry eschewing the new regulation. So it creates an
atmosphere of trust.
One of the initiatives we took on last year was to look at
research and development requirements with the idea of defining
what the market could provide, identifying the gap between
market security provision and national security and then going
back to the government and saying we can come up to 80, 90
percent, whatever the market might produce, and then let the
government provide incentives for direct funding for research
to fill the remaining gap. We think that kind of participation
and partnership is new, and so we have a lot of work to do, but
we think the model is very sound and working well.
Mr. Whitfield. Thank you, Mr. Watson.
Well, I'm going to thank this panel very much for your
patience today and for your testimony. The committee really
appreciates it. We appreciate the time and effort you put into
it, and at this time I'll dismiss this panel. Thank you very
much.
The Chair at this time recognizes himself for a unanimous
consent request and to offer a motion. Because of the sensitive
nature of this hearing, particularly its implications for
national security and after consultation with the minority, I
will soon offer a motion that the subcommittee go into
executive session. I yield to Mr. Deutsch for any comments on
this procedure.
Mr. Deutsch. I would agree with the Chair.
Mr. Whitfield. Thank you. The Chair moves that pursuant to
clause 2(g) of rule XI of the Rules of the House, the remainder
of this hearing will be concluded in executive session to
protect the information that might endanger national security.
Is there discussion on the motion? If there is no
discussion, pursuant to the rule, a recorded vote is ordered.
Those opposed say nay. The ayes appear to have it. The ayes
have it, and the motion is agreed to. So we'll go into
executive session at this time.
[Whereupon, at 2 p.m., the subcommittee proceeded in
Executive Session.]
[Additional material submitted for the record follows:]
Prepared Statement of Jayson P. Ahern, Assistant Commissioner, Field
Operations, U.S. Customs Service
Chairman Tauzin, Chairman Greenwood, members of the Subcommittee,
thank you for this opportunity to testify.
Mr. Chairman, I know that the Subcommittee has a great deal of
interest in the Administration's proposal for a new Department of
Homeland Security and the inclusion of the U.S. Customs Service in that
Department. I will tell you what Commissioner Bonner has told the
employees of the Customs Service: ``I fully support the President's
proposal and strongly believe that the new Department of Homeland
Security will play a key role in safeguarding the American people.''
For over 200 years, the U.S. Customs Service has defended our
country's borders and facilitated international trade and travel. Since
September 11th, at the direction of the President, the top priority of
Customs has been responding to the continuing terrorist threat at our
land borders, seaports, and airports. I would like to describe for you
some of our most significant efforts and initiatives on that front.
Since September 11th, Customs has been at a Level One alert across
the country--at all ports of entry. Level 1 requires sustained,
intensive anti-terrorist questioning, and includes increased
inspections of travelers and goods.
To help ensure that Customs forms a coordinated, integrated
counter-terrorism strategy for border security, Customs established a
new Office of Anti-Terrorism within the agency to coordinate Customs'
role within our national security architecture.
Customs agents are also working diligently under Project Shield
America to monitor exports of strategic weapons and materials from the
U.S. They are seeking to prevent international terrorist groups from
obtaining sensitive U.S. technology, weapons and equipment that could
be used in a terrorist attack on our nation.
To help Customs officers in the field, the Commissioner also
established the Office of Border Security. The mission of that office
is to develop more sophisticated anti-terrorism targeting techniques
for passengers and cargo in the seaport, airport, and land border
environments.
Customs has also created the Customs-Trade Partnership Against
Terrorism,``C-TPAT'', which is a partnership with some of the largest
U.S. importers to improve security along the entire supply chain, from
the loading docks of foreign vendors to our land borders and seaports.
We were very pleased to have Governor Ridge, Secretary O'Neill and
Commissioner Bonner announce C-TPAT at the Ambassador Bridge in
Detroit, Michigan on April 16, 2002. To date, there are over 250
signatories to this initiative.
To complement C-TPAT, Customs developed the Container Security
Initiative which places Customs enforcement personnel in major foreign
shipping ports. The Customs officers will establish international
security criteria for identifying high-risk cargo containers that
potentially pose a risk of containing terrorists or terrorist weapons.
In addition to having U.S. Customs officers in Halifax, Montreal and
Vancouver, Customs has recently signed an agreement that will place our
officers in Rotterdam, Antwerp and Le Havre. We anticipate other ports
will sign up in the near future.
Customs continues to deploy technology necessary to rapidly and
comprehensively inspect arriving and departing people, cargo and in all
port environments and across all modes of transportation. To date
Customs has deployed 87 large-scale non-intrusive inspection systems
along with other technologies that will assist inspectors in conducting
high-confidence, non-intrusive inspections quickly and efficiently.
In 1998, Customs began deploying technology to detect radiological
sources. Since that time, we have deployed over 4,000 personal
radiation detectors and over 200 x-ray van mounted radiation detection
units. This year we ordered over 4,000 additional personal radiation
detectors and have funding for 172 portal radiation detectors and 128
isotope identifiers for our ports of entry.
Customs is working closely with the Department of Energy to
investigate systems and technology to detect radiological and nuclear
materials to enhance our detection capabilities. Specifically, we are
working with the Pacific Northwest National Laboratory, the Lawrence
Livermore National Laboratory and the Special Technology Laboratory. In
addition, Customs is engaged with the Department of Transportation in
the Container Working Group, with the U.S. Coast Guard for targeting
sea containers and with the Federal Aviation Administration for
detection technology for cargo and baggage.
We are currently conducting operational field tests of portal
radiation detection systems to determine system capabilities and to
develop procedures and response protocols. A challenge will be our
ability to differentiate between the numerous consumer goods such as
cement, porcelain, potash, and bananas that may give off radiation, as
well as medical isotopes given to humans for detection and treatment of
disease and the attempt to smuggle and/or conceal a second radioactive
source.
Concerning other possible weapons of mass destruction, Customs, in
partnership with Johns Hopkins University, is working to establish a
chemical/biological project to investigate systems and technologies to
augment and enhance our existing chemical/biological detection
capabilities.
The effective use of technology depends on good targeting, for
which we require advance information. The Automated Manifest System, in
conjunction with our advanced targeting systems allow Customs to sort
through the cargo manifests provided by shippers and carriers, and pick
out those that appear unusual, suspect, or high-risk.
Legislation currently under consideration mandates the advance
electronic transmission of cargo manifest information. This will
significantly increase the amount and timeliness of information input
into the Customs database, thus enhancing our ability to identify
anomalies. We appreciate the support the House and Senate have shown
for making the advance filing of electronic cargo manifest information
mandatory.
Thank you again, Mr. Chairman and the members of the Subcommittee,
for this opportunity to testify. We look forward to working with your
Subcommittee on this important legislation. I would be happy to answer
any questions you may have.
______
Prepared Statement of Linton F. Brooks National Nuclear Security
Administration, U. S. Department of Energy
introduction
Thank you, Mr. Chairman for having me here today. This is an
important topic: the establishment of a new Government Agency that will
have sweeping responsibilities. The new Department of Homeland Security
will enable us to more effectively respond to today's threats, through
a streamlined and dynamic institution that will greatly enhance our
ability to respond quickly, decisively, and where necessary, before
threats against our homeland materialize. We are on the verge of making
history. It's critical that we get it right.
The Department of Energy and the National Nuclear Security
Administration are fully committed to the homeland security mission,
and the successful establishment of the Department of Homeland
Security. We recognize that this will require restructuring and
relocation of critical assets now under the stewardship of the NNSA. We
are prepared to support these shifts in responsibilities, and indeed,
to do what is necessary to make any transfer of responsibilities as
smooth and painless as possible.
There is an enormous amount of experience and expertise now
residing in DOE/NNSA that will be vital to the success of the new
Department. Our Technology Research and Engineering assets have been
applied to homeland security problems long before last September; since
then, such contributions became even more focused and accelerated.
We've conducted the PROTECT subway demonstration, which will help
provide chemical protection to the U.S. population. We deployed a
prototype biodetection capability at the winter Olympics. We have
greatly increased our work with the U.S. Customs and US Coast Guard
with radiation and nuclear technology--specific technical support that
will directly benefit the new Department. DOE/NNSA is committed to
ensuring that its assets can continue to provide enabling science and
technology to support homeland security and counter-terrorism mission
needs.
There are a number of capabilities currently residing in the
Department of Energy that will support or be transferred to the new
Department. Today I want to focus on those relevant to Title III of the
legislation--those germane to technology research and development in
support of the Homeland Security mission.
Before beginning that discussion, let me briefly mention a few
things that the Homeland Security Act does not do. It will not affect
our ability to conduct our principal missions of stockpile stewardship,
nuclear nonproliferation, naval nuclear propulsion, and, just coming to
NNSA, emergency response. NNSA will retain all of its programs and
responsibilities that contribute to our ability to assure the safety,
security, and reliability of the nation's nuclear weapons stockpile.
With respect to nuclear nonproliferation, the Administration
proposes to transfer the core of our chemical-biological WMD work and
certain nuclear programs related to the domestic threat. This is
largely self-contained work and primarily supports domestic
preparedness programs.
NNSA has unique assets and capabilities, developed primarily from
our work with nuclear weapons and with nonproliferation, that have been
applied to homeland security problems long before last September.
Some of these initiatives have long timelines; Long before 9/11,
DOE has led USG efforts to support ``first responders'' with our
chemical, biological, and nuclear research programs. We've worked
closely with the FBI and other agencies to ensure that cutting edge
detection and identification technologies are available to those that
would need them first. And we began this work long before there was a
recognized need to do so--we took the initiative because we anticipated
the requirement. It is as good an example as any of why long-range
research is so critical to the security of this country.
We have aggressively pursued these efforts since last 9/11. But
it's time for a more focused organization and we are committed to that
change and to continuing to provide enabling science and technology in
support of homeland security and counterterrorism mission needs.
nonproliferation and verification research and development
The NNSA Nonproliferation and Verification Research and Development
Program conducts applied research, development, testing, and evaluation
of technologies that lead to prototype demonstrations and resultant
detection systems. As such, the program strengthens the U.S. response
to current and projected threats to national security worldwide posed
by the proliferation of nuclear, chemical, and biological weapons and
the diversion of special nuclear material. The R&D program provides
operational organizations with innovative systems and technologies to
satisfy their nonproliferation and counter-terrorism mission
responsibilities. The program's three main elements are:
Nuclear explosion monitoring, which will remain within the
Department of Energy
Chemical and Biological National Security, which will be
transferred in its entirety to the Department of Homeland
Security
Proliferation Detection
Proliferation Detection sponsors a high-risk research on detection
technologies that can support both nonproliferation and homeland
security. Those elements that can be disaggregated and identified as
supporting homeland security will be transferred to the new Department.
At a minimum, we will transfer our research and development to counter
nuclear smuggling. Where the activity supports both the homeland
security and non-proliferation functions, we will examine arrangements
as joint programs. The Administration's proposed legislation gives the
President the necessary flexibility to provide for joint operation.
Let me describe those functions that will be transferred, after
which I will return to the subject of long-term coordination.
Major Activities Identified for Transfer
Within, the Nonproliferation and Verification Research and
Development Program, the Chemical and Biological National Security
Program and the nuclear smuggling detection activity fall squarely into
the Homeland Security mission and thus have been designated for
transfer in their entirety.
Chemical and Biological National Security Program
The Chemical and Biological National Security Program works to
develop technologies and systems to improve the U.S. capability to
prepare for and respond to domestic chemical and biological threats
against civilian populations, complementing DOD's focus on the
battlefield and military installations. As part of its primary nuclear
science and technology mission, NNSA and the National Laboratories have
developed extensive capabilities in chemistry, biology, and materials
and engineering sciences that form the basis for the NNSA chemical and
biological national security program. We have conducted research on the
biological foundations necessary to establish signatures of biological
threat agents and develop assays certified by the Centers for Disease
Control for those agents, which are applied to develop detectors.
NNSA has conducted demonstration projects of prototype detector
capabilities in partnership with other agencies to support their
operational missions, such as the systems I just mentioned that have
been developed and applied for the Olympics and the Washington Metro,
to illustrate possible system approaches for population protection. We
are now working to expand the number of signatures and assays of
biological agents that we can detect with increased sensitivity, and to
improve public health response through the CDC. The next generation of
bio-detectors will detect a much wider range of agents, which will
enable public health agencies to more rapidly treat affected people.
Homeland Security Nuclear Smuggling Activities
The nuclear smuggling component of our proliferation detection
program also squarely fits within homeland security and will be
transferred. NNSA and the National Laboratories have unique insight
into nuclear proliferation activities--the facilities and
infrastructure, as well as the observable signatures of nuclear weapon
development activity. We also have the capability to develop technical
solutions for the U.S. government to detect and characterize such
proliferation activities in their early stages. NNSA has worked closely
with homeland security agencies, including U.S. Customs, U.S. Coast
Guard, and the Departments of Transportation and Justice to apply this
technical base to detection of nuclear weapons and materials at U.S.
borders. With these agencies, we have previously conducted
demonstrations of radiation detection methods at international border
crossings, including a port, a rail yard, and airport personnel and
baggage handling facilities. With many of these agencies becoming part
of the new Department, it is a good fit for the R&D applications to
counter nuclear smuggling to be transferred to the Department of
Homeland Security.
Nuclear Threat Assessment and Trafficking in Nuclear Materials
In addition to the transfer of research and development, Title III
of the proposed legislation provides for the transfer of the Department
of Energy's Nuclear Assessment Program to the new Department of
Homeland Security. This program provides a national capability to
assess accurately and swiftly the credibility of communicated threats
of nuclear terrorism. The Lawrence Livermore National Laboratory (LLNL)
leads this unique effort. Since September 1978, the Nuclear Assessment
Program has been used to assess the credibility of over 60 nuclear
extortion threats, 25 nuclear reactor threats, 20 nonnuclear extortion
threats and approximately 650 cases involving the reported or attempted
illicit sale of nuclear materials.
When activated, DOE-based threat credibility assessment teams
perform comprehensive technical, operational and behavioral assessments
of communicated nuclear threats at the start of an actual or perceived
emergency. Since communicated nuclear threats are a serious violation
of federal law, the FBI is the lead federal agency. Since the Program's
inception in 1977, the Nuclear Assessment Program has developed close
and working relationships with its counter-terrorism counterparts in
Customs, State, FBI, DIA, CIA, and others in the nonproliferation
community. The Program also provides expert technical support to law
enforcement and others for Special Event Preparedness, on-scene
technical support, and national and international training.
Since 9/11 the Nuclear Assessment Program has performed
approximately 70 assessments involving communicated nuclear threats,
reports of illicit trafficking of nuclear materials, and special
analysis reports for law enforcement and intelligence components. This
national asset provided immeasurable support to all government agencies
tasked with separating critical from non-critical information in the
aftermath of 9/11.
Observations
With the transfer of these programmatic responsibilities to the
Department of Homeland Security, it will be critically important that
the new Department assume the leadership to maintain the technical base
at the National Laboratories. Upon this foundation is built our future
technical capability. The multidisciplinary scientific environment of a
national laboratory is ideally suited to pursue high risk, long-term
research, in spite of the need to focus on short-term requirements for
homeland security. It is the ability to pursue such research that makes
our national laboratories a national treasure--and a unique asset with
unmatched capabilities. Only through such investment will the
scientific and technical capability exist to meet the needs for
innovative solutions to future homeland security problems.
With respect to the remainder of the proliferation detection
program, no matter how the responsibilities are finally apportioned,
the research will be of value to both departments. For that reason, it
is critical that we work together closely. By so doing, our
nonproliferation and homeland security efforts will continue to benefit
from the unparalleled capabilities of the National Laboratories.
I support fully the concept of locating the new Department's main
research facility at Lawrence Livermore, with satellite centers of
excellence located at other national laboratories. It will create a
campus-like environment where scientists will be dedicated, full-time,
to thinking about homeland security, and it will allow for direct
interaction with the expertise that resides at the other DOE labs as
well as other labs throughout the federal government. It's good for DOE
and it's good for the Department of Homeland Security.
conclusion
I want to reiterate in no uncertain terms: The National Nuclear
Security Administration supports fully the transfer of the programs
noted in Section 302(2) of the bill under discussion. The details of
what would be included in the legislative package were worked out
directly with my office. These programs are a natural fit for the
Department of Homeland Security, whose primary mission is the critical
task of protecting the United States from catastrophic terrorism. DOE/
NNSA will also work to ensure that its assets can continue to
contribute enabling science and technology in support of DHS mission
needs.
Obviously, that is a goal that I am pleased to support
wholeheartedly. I believe that the Administration's proposed
legislation represents a major step toward its realization.
Thank you, and I look forward to any questions you may have.
______
Prepared Statement of Robert A. Bryden, Staff Vice President of
Security, FedEx Corporation
Mr. Chairman and Members of the Committee,
My name is Robert A. Bryden, Staff Vice President of Security for
FedEx Corporation, the parent corporation of FedEx Express. It is an
honor for me to address this committee and speak about the very
important topic of cargo security, particularly the prevention of the
importation of unauthorized radiological materials into the United
States. As you know, for at least six months FedEx has been in close
contact with members of the staff of this committee on this subject. We
have had several meetings with Ray Shepard and Chris Nauer, and have
allowed them to tour our facilities at Charles DeGaulle Airport in
Paris, and our National Hub at Indianapolis. We have fully cooperated
with staff, and trust that they have provided you with the information
you need and desire.
I would like to discuss some of the measures that FedEx utilizes in
the detection and handling of radioactive materials. FedEx has a multi-
layered security program in place to detect the presence of unapproved
dangerous goods, including radioactive materials, and prevent their
movement in the FedEx worldwide system. These include, but are not
limited to, employee training and awareness programs, physical
screening of packages originating at certain security-sensitive areas
of the world, and radioactive monitoring devices aboard FedEx aircraft
and on FedEx employees. In addition, our ability to track and trace
shipments back to the place of tender constitutes a significant
deterrent to utilizing the FedEx system for the shipment of illegal
materials. While we are confident that these measures exceed those of
any other transportation company in the world, the events of 9/11 have
shown us that the state-of-the-art must be advanced. To that end, we
have deployed, on a trial basis, advanced radioactive monitoring
sensors at our Indianapolis Hub. This is a much more difficult endeavor
than one might initially think. Because of the normal volume of
radioactive shipments that FedEx routinely transports, such as
pharmaceuticals, it is difficult to calibrate the sensors to detect
undeclared shipments while at the same time not creating ``false
alarms'' for legal shipments. The Indianapolis sensing equipment is
very sophisticated, and can be finely tuned. In addition, it measures
different types of radiation, and appears to be up to the task of
adding a significant, additional layer of security to the FedEx system.
We would be happy to update you periodically as we gather more data. If
the trials continue to be successful, we intend to deploy the equipment
at significant FedEx facilities throughout the world.
Again, I would like to thank you for the opportunity to address the
committee. Security is a shared responsibility, and I want you to know
that FedEx has committed its time, expertise, and money to ensure that
its worldwide express delivery system is not employed as a tool of
wrongdoers. I would be happy to answer any questions that you may have
at this time.
______
Prepared Statement of Frank Panico, Manager, International Networks and
Transportation, United States Postal Service
Good morning, Mr. Chairman and members of the Subcommittee. Thank
you for this opportunity to speak with you today about in-bound
international mail.
We share your concerns about the possible use of the mail to ship
radioactive materials and other potentially dangerous substances. As
events of the past year have demonstrated, the United States Government
must be more vigilant than ever in regard to both international and
domestic terrorism.
Needless to say, compromising the U.S. Mail system has the
potential to adversely impact the entire nation through a single
terrorist act, so we take threats to this system very seriously.
Last year, Congress provided the Postal Service with $500 million
in the Fiscal Year 2002 Department of Defense Appropriations bill. The
conference report required that the Postal Service prepare a
comprehensive Emergency Preparedness Plan. The Emergency Preparedness
Plan was submitted to Congress on March 6, 2002.
The Postal Inspection Service provided the Postal Service with a
threat assessment, which serves as a basis for our Emergency
Preparedness Plan. The Postal Inspection Service maintains a continuous
liaison with all appropriate federal law enforcement agencies and
monitors threats to the nation and its mail.
The threat assessment concluded, ``Accordingly, the Postal Service
believes, and is acting on the assumption that the threat for the
inappropriate use of the mails continues.'' The threat assessment also
notes, ``The greatest opportunities to limit the damage of covert NBC
[nuclear, biological, or chemical] attacks, or prevent them entirely,
exist during the first phases of the incident.''
Therefore, our Emergency Preparedness Plan places a premium on
threat identification, combined with protection to both employees and
customers of the Postal Service at the earliest feasible point in our
distribution system.
Unfortunately, the Postal Service has had to deal with the issue of
bombs in the mail for a number of years. The most widely reported case
was the Unabomber, but there have been other incidents over the years.
As a result, we continue to educate our employees about identifying
suspicious packages, particularly package bombs. Beyond education, we
make responsible changes to our processes as necessary to meet new
threats.
For example, in 1996, the Postal Service revised our procedures for
accepting domestic and international parcels for mailing. Since that
time, all domestic stamped parcels and all international and military
mail weighing 16 ounces or more must be presented in person to a postal
retail clerk or letter carrier. As a result, the number of package
bombs in the mail system dropped from 18-20 per year to an average of
about 3-5 per year.
The Postal Service is looking at a variety of process changes and
technology initiatives that could be applied to the threat of chemical,
biological and radiological hazards in the mail.
As described by the plan, the Postal Service is currently testing
bio-detection technology on the automated processing equipment at one
of our mail processing plants. This equipment has already passed tests
at Edgewood Arsenal. In addition, we are testing filtration devices to
improve our employee safety and to minimize cross-contamination of the
mail. We anticipate a contract award by the end of September.
Careful review and consideration is being given to all currently
available processes and technologies. The paramount conclusion is that
no single solution exists to solve the complex problem of using the
mail as a tool of terrorism. Further, no solution or even series of
solutions can totally eliminate the threat.
To assist us in this review, we have contracted with Mitretek
Systems to perform a comprehensive threat analysis. Mitretek is a well-
respected, nonprofit systems-engineering company that provides
programmatic and technical support on chemical, biological,
radiological, and conventional weapons threats to the U.S. defense and
intelligence communities.
In fact, Mitretek's President and CEO, Dr. Lydia W. Thomas, has
been appointed to serve on the recently established Homeland Security
Advisory Council by President Bush.
This assessment will review threats that may impinge on the mail,
including the full spectrum of biological, chemical, explosive, and
radiological threats. The assessment considers threats that may be
directed at the Postal Service or may use the Postal Service as a
vehicle.
As a result of this assessment, we will propose steps that may be
taken to counter the threats and develop an overall risk/cost/benefit
analysis, including an estimate of system effectiveness for protecting
employees and customers, and for ensuring the continuity of postal
operations in the event of a terror attack.
The viability of the Postal Service, and its value to the American
people, is dependent upon an open and accessible system. Extreme
procedural changes could reduce threats, but would significantly damage
the usefulness of the mail to the American people--and the American
economy.
Since the anthrax attacks, the Postal Service has worked closely
with both the Office of Homeland Security and the President's Office of
Science and Technology Policy. We provided both of these organizations
with copies of our Emergency Preparedness Plan and followed up with
briefings to their staffs.
Building upon our Emergency Preparedness Plan, we worked with
Homeland Security in the development of a national Critical
Infrastructure Plan. The Office of Science Technology and Policy has
established the Inter-Agency Working Group for the protection of
vulnerable systems, a group on which our Vice President of Engineering
sits. He chairs the Mail and Package Working Group. This group is
evaluating existing technology, as well as providing guidance as to
where research and development efforts should be best directed.
We also continue to coordinate with all appropriate agencies about
mail security, including the US Customs Service. The USPS and the
Inspection Service have met with Customs and discussed the potential
for radiological, chemical and biological hazards in foreign-
originating mail.
Most of our previous discussions have centered on the examination
of outbound mail, as the Customs Service has the authority and
responsibility for the examination of all in-bound mail and cargo.
In addition, the Dangerous Goods Subgroup of the Universal Postal
Union's Postal Security Action Group (PSAG) is working closely with the
International Atomic Energy Agency (IAEA) to address the issue of
radioactive materials in the mail. PSAG has worked with some of the
international posts that have experimented with screening mail.
While these experiments have identified low-level radioactive
materials, such as smoke detectors and medical equipment, there have
been no instances of suspicious radioactive mailings.
As for international mail, we believe that the Customs Service is
the agency with the responsibility and authority to detect radiological
material imported into the country. And Customs has assured us that it
is working on the issue. We believe Customs would be the most effective
and efficient agency to perform this duty and we will continue to work
with them, and all appropriate agencies at home, and abroad, to assure
the safety of America's mail system.
To that end, we would be pleased to work with this Committee in any
way possible to preserve the security and the usefulness of the United
States mail.
Thank you, Mr. Chairman. I would be happy to respond to any
questions or suggestions you might have.
______
Prepared Statement of Wayne J. Shotts, Associate Director for
Nonproliferation, Arms Control, and International Security, Lawrence
Livermore National Laboratory
Mr. Chairman and members of the committee, thank you for the
opportunity to appear before you today. I am Wayne Shotts, the
Associate Director for Nonproliferation, Arms Control, and
International Security at the Lawrence Livermore National Laboratory
(LLNL). I am responsible for managing the work being conducted at the
Laboratory that pertains to homeland security. The urgency of our
efforts has increased dramatically in the wake of September 11. The
events of that day tragically make clear that the United States is not
immune to the scourge of terrorism, and they call for the nation's
leaders and technical community to take dramatic steps to improve
homeland security.
Enactment of legislation to form a Department of Homeland
Security--an idea supported by the President and the Congress--will
fundamentally change for the better the nation's approach to preventing
terrorist attacks on the United States, reducing the nation's
vulnerability to terrorism, and managing the aftermath of any attack.
The mission is complex and daunting in scope. One major challenge for
the new department will be effective integration of relevant
activities, which are currently dispersed among many government
organizations. Another challenge will be focusing the unsurpassed
scientific and technical talent of this nation to improve capabilities
to deal effectively with threats, those most critical today and as well
as those emerging in the future.
I support formation of a Department of Homeland Security and I am
here to comment from a technical perspective on both the needs of the
new department to pursue a sustained research, development, testing,
and evaluation (RDT&E) program and the capabilities available to it to
do so. Currently, RDT&E capabilities are dispersed, but there is an
important concentration of them--particularly related to chemical,
biological, radiological and nuclear threats--in the Department of
Energy's National Nuclear Security Administration (NNSA) and its
laboratories and other sites. I will discuss relevant capabilities at
LLNL and some of the important programs and partnerships we have in
place. They illustrate LLNL's approach to developing and deploying
technologies and systems to strengthen homeland security and the
success we are having in placing the right tools in the hands of the
right people.
Effective partnerships among the various sources of expertise and
with the users of new capabilities are required to make necessary
improvements in homeland defense to cope with today's dangers and
prepare for the threats of tomorrow. Focus on the most effective
approaches to the highest priority issues is also required. At LLNL, we
are anxious to contribute to homeland security to the best of our
abilities and confident that we can help make the Department of
Homeland Security a success.
llnl's contributions to homeland security
Lawrence Livermore National Laboratory was established 50 years ago
to pursue innovative solutions to the nation's pressing needs to
advance nuclear weapons science and technology. Since then, the
Laboratory has continually adapted to address the evolving challenges
of the day and anticipate future needs, keeping a central focus on
national security. As one of NNSA's three national laboratories, LLNL
is a principal participant in the Stockpile Stewardship Program to
maintain and enhance the safety, security, and reliability of the
nation's nuclear weapons stockpile. The Laboratory is also engaged in
vital national programs to reduce the threat posed by the proliferation
of weapons of mass destruction (WMD) and to provide for homeland
security. These complementary missions--stockpile stewardship and
countering WMD threats--are integrally connected in terms of their
overarching goal of enhancing security, and the research activities
largely draw on the same base of scientific and technical capabilities
and expertise.
Because Livermore and our sister NNSA laboratories (Los Alamos and
Sandia) have long been working to develop technical capabilities to
detect, counter, and mitigate WMD proliferation and terrorism, we were
able to respond rapidly and effectively to the events of September 11
and its aftermath. Although those investments are paying great
dividends in the newly declared war on terrorism, substantial sustained
investment is needed to develop vastly improved warning and response
capabilities to protect the U.S. against these threats, now and in the
future. We are fully committed to this long-term national security
endeavor and are well positioned to provide RDT&E support to the
Department of Homeland Security.
Lawrence Livermore is contributing widely and effectively to the
war against terrorism with capabilities and partnerships and through
RDT&E programs directly relevant to the Department of Homeland
Security's mission. The provided examples illustrate three major points
about the Laboratory:
LLNL has demonstrated the capability to work problems from
end-to-end--starting with an understanding of the threat and
the users' needs, devising a systems solution, developing the
enabling technology advances, testing both the component
technologies and systems solution in cooperation with users,
moving the new technologies to U.S. industry, and working with
the user community to ensure effective deployment and training.
LLNL has strong capabilities and active programs in each of
the WMD areas--chemical, biological, radiological, and nuclear.
In addition, the Laboratory has major programmatic activities
in threat assessment and intelligence support as well superb
supercomputing capabilities. Accordingly, we have a ``critical
mass' of programs and capabilities that provides the Laboratory
an excellent overall perspective of threats, technical
opportunities, and user needs.
LLNL has many strong ties to research partners and the user
community--including sister laboratories, the Nevada Test Site
for remote testing, a wide range of universities, and many ties
at the local- and state-government level.
the capability to work problems from end-to-end--basis as an example
A research and development program particularly focused on the area
of WMD terrorist threats is an integral part the legislative proposal
for a Department of Homeland Security for good reason--the nation faces
a dire immediate threat that unquestionably will grow more
sophisticated over time. The nation's vulnerabilities vary widely in
their significance and their potential for being ameliorated by new
capabilities and/or changes in operations. What is needed is a
comprehensive perspective of the issues, a vision where one wants to
go, and a pragmatic approach to problem solving to put products in the
field expeditiously.
At LLNL, we take a systems approach to the overall problem and
determine what priority items can be dealt with expeditiously with
existing equipment or modest improvements in technology and where
investments in longer-term research and development will be necessary.
In those areas where a new system based on existing or emerging
technologies can make a substantial difference, it is important to work
the problem comprehensively with the end user in mind.
The development of the Biological Aerosol Sentry and Information
System (BASIS) by Livermore and Los Alamos exemplifies this approach
and serves as model of how the Department of Homeland Security could
most rapidly and effectively take technology from the conceptual stage
through to actual deployment. The process is more than R&D, it is
RDT&E--research, development, testing, and evaluation.
In late 1999 we were challenged by the Secretary of Energy to
develop and field a biological detection system in time for the 2002
Salt Lake City Olympics. At the time, there was no system suitable for
civilian use for broad-scale biological environmental detection and
monitoring. Early detection and rapid response are the keys to reducing
the human health consequences of a biological agent attack. Over the
next three years, we and our colleagues at Los Alamos developed and
demonstrated a successful system to meet this challenge. BASIS was
fielded at Salt Lake City in February 2002 as part of the overall
security strategy for the Olympic Games where it performed exactly as
designed. The goal-oriented approach used in this program greatly
contributed to its outstanding achievement. In particular, BASIS
benefited from:
A Clear Objective at the Outset. For BASIS, clear, top-level
objective was established at the beginning of the project with
respect to the desired cost and performance attributes of the
system. The objective was based on an understanding of the
threat, technical possibilities, and user needs. After this,
the management of the program and the technical details were
left to the technical team.
Close Interactions between Users and Technology Developers.
There were extensive direct interactions with the Salt Lake
Olympic Committee, local, state, and federal response agencies,
the public health system, and the technology developers from
conception through implementation and operation.
Problem-Solving Systems Approach. The sponsors, users, and
technologists recognized the need for a system-level solution,
not a single technological widget, and for the system to work
in conjunction with other equipment (e.g., medical surveillance
systems). LLNL and LANL brought together a team of engineers,
biologists, computer scientists, and operations specialists to
execute the program.
Advanced Technology Developed by Labs, Transferred to and then
Procured from Industry. The system used the most advanced
biological detection technologies available (i.e., PCR). The
best biological detection instrument for this application was
from a commercial entity (Cepheid) that had earlier licensed
the technology from LLNL.
Testing and Evaluation against Standards by Recognized
Authority. The biological assays were co-developed by LLNL and
the Center for Disease Control's (CDC) Bioterrorism Laboratory.
The testing regimen was established with law enforcement and
public health, assuring a high level of confidence in the
system.
Transfer of Operations to Contractors. Local contractors
provided the bulk of the staff for all aspects of the system
operations at the Olympics. LLNL/LANL staff were used in
supervisory roles and for technical support.
strong capabilities and active programs--nuclear and radiological
threats
As one of NNSA's three national laboratories, LLNL is fully engaged
in the Stockpile Stewardship Program and has a very large science and
technology base supportive of work on nuclear weapons, nuclear
materials, and nonproliferation that can be leveraged to support
homeland security. The Laboratory is home to one of the nation's two
research facilities for special nuclear materials. It operates a remote
test site and has a close working relationship with the Nevada Test
Site where work that requires even greater isolation is carried out.
Several activities that contribute to homeland security merit special
mention:
Nuclear Threat Assessment Program. The NNSA's Nuclear Assessment
Program was established in 1977 to provide a national capability for
correctly and expeditiously assessing the credibility of communicated
nuclear threats. Shortly after its inception, the Nuclear Assessment
Program became the central point of contact and action office within
the NNSA for assessing and monitoring illicit nuclear material
trafficking incidents worldwide. Selected elements of the program are
routinely used to provide NNSA technical support to the law
enforcement, diplomatic and intelligence communities. The major support
activities include real-time assessments of nuclear threats and black
market transactions, participation in FBI designated Special Events,
and providing NNSA courses on nuclear crime at various national and
international training venues. Since the terrorist attack on September
11, there has been dramatic increase in requests for our services; we
have assessed 25 nuclear threats, 90 illicit trafficking cases, and 51
other nuclear related incidents.
The operational capability consists of a small group of
professionals who are collectively knowledgeable in nuclear explosives
design and fabrication, nuclear reactor operations and safeguards,
radioactive materials and hazards, linguistics analysis, behavioral
analysis and profiling, as well as terrorist tactics and operations.
The assessor teams are organized into specialty teams and operate in
secure facilities at the three participating NNSA contractor sites. An
Assessment Coordinating Center at LLNL directs credibility assessment
operations for the NNSA and provides a single point of contact for
federal crisis managers during emergency operations.
Nuclear Incident Response. The Laboratory is a key participant in
the national nuclear incident response groups, including the Joint
Technical Operations Team (which deals with nuclear terrorism or
extortion threats), the Accident Response Group (which responds in the
event of an accident involving U.S. nuclear weapons) and the
Radiological Assessment Program (which assists state and local
agencies). Livermore maintains a deployable response capability, called
HOTSPOT, which can be transported to any location by military aircraft
to provide local radiological field support.
Specifically, the Radiological Assessment Program (RAP) provides
technical and operational expertise to state and local agencies to
mitigate the consequences of a radiological incident or emergency. It
uses DOE and national laboratory experts with skills in assessing
radiological and toxic contamination and the attendant risks to human
health. The Livermore RAP teams have primary responsibility for
California, Nevada, Hawaii, and the U.S. Pacific Rim territories. They
are called upon, on average, three to five times per year. In 2001,
they responded to three requests for assistance along with normal
exercises and training. Typically, RAP investigates containers
suspected of housing radioactive materials, seeks the location of lost
industrial or medical radioactive sources, and advises federal, state,
and local authorities on the consequences of a radioactive release or
personnel contamination. RAP regularly drills with similar teams from
other federal agencies, state, local, and tribal governments as well as
private companies and organizations.
To deal with the latest emerging threats, LLNL now maintains a home
team capability to assist response workers at all levels. The home team
is trained to recognize and respond to nuclear terrorism. Included
within this umbrella is the ability to supply timely interpretation of
signals from field instruments (the so-called ``nuclear triage' program
being developed at NNSA headquarters).
Search and Inspection Technologies. There is a pressing need for
technologies to improve the screening of passengers, baggage, and
cargo. Candidate technologies, in various stages of development at
Livermore, include computed tomography (CT), x-ray scanning, gamma-ray
imaging, neutron interrogation, and ultrasonic and thermal imaging.
These efforts build on projects and expertise in the Stockpile
Stewardship Program to develop improved sensors for non-destructive
evaluation of the condition of weapons and weapon components in the
stockpile. NNSA has assigned LLNL the responsibility to establish a
national test bed for the inspection of cargo containers (discussed
further below).
Two Laboratory-developed search technologies demonstrated their
applicability to counterterrorism response when they were deployed to
the World Trade Center. The first, a micropower radar, can ``see' many
feet into concrete rubble and could be a valuable tool for search and
rescue operations. The other, a remote monitoring instrument that uses
hyperspectral data to detect and identify trace gas emissions, was
flown over Ground Zero to characterize hazardous gases emanating from
the rubble.
Sensor Networks. Livermore has developed a concept for correlated
sensor networks for detecting and tracking ground-delivered nuclear
devices or nuclear materials, the Detection and Tracking System (DTS).
A novel algorithm integrates data from the various sensors, together
with information from other sources (e.g., an intelligent traffic
system) to identify sources of concern, track their movement through
the road network, and guide responders in intercepting the suspect
vehicle. Since September 11, DTS development was accelerated and a
prototype system was demonstrated in an urban environment. We are
preparing for further, larger scaled demonstrations of this system with
added capabilities.
strong capabilities and active programs--biological and chemical
threats
Bioscience research at the Laboratory traces its root to 1963, when
a program was established to study how radiation and chemicals interact
to produce adverse consequences to humans. Research activities at LLNL
and LANL led to a focus on DNA and technology development that led to
DOE's decision to launch its Human Genome Initiative in 1987. Both
laboratories are part of DOE's Joint Genome Institute, which includes
Lawrence Berkeley National Laboratory and is located in nearby Walnut
Creek, California, and have contributed to deciphering the human
genetic code. We are applying our expertise in genomics to counter the
threat of bioterrorism. In addition, in support of Livermore's national
security and other programs, the Laboratory also has outstanding
capabilities in chemistry and materials science.
Biological Agent Detectors. The biodefense capabilities that have
been deployed in the wake of September 11 have, at their core, advances
in biological detection instrumentation developed at Livermore. We have
made technology breakthroughs in biodetection instrumentation,
pioneering the miniaturization and ruggedization of both flow cytometry
and DNA identification devices. Our miniature thermal cycler unit makes
possible DNA amplification via polymerase chain reaction (PCR) and
identification in minutes rather than the hours and days previously
required. Livermore's miniaturized PCR technology has been licensed to
private industry and forms the basis of today's most advanced
commercial biodetection instruments (e.g., Cepheid's Smart Cycler,
Environmental Technology Group's handheld biodetector).
Cepheid Smart Cyclers are the heart of the field laboratory of the
Biological Aerosol Sentry and Information System (BASIS), developed
jointly by Livermore and Los Alamos and previously discussed. In
developing BASIS, the two laboratories worked closely with the many law
enforcement, emergency response, and public health agencies that would
be involved in dealing with a bioterrorism event to develop appropriate
sample handling (chain of custody), communications, and response
protocols.
DNA Signatures. Biodetectors depend on unique antibodies or DNA
sequences to identify and characterize biological pathogens. Livermore
is developing gold-standard DNA signatures of top-priority threat
pathogens (anthrax, plague, etc.) and are working with the Centers for
Disease Control and Prevention (CDC) to validate these signatures and
distribute them to public health agencies nationwide. We are also
working with the Federal Bureau of Investigation, CDC, Department of
Defense, and U.S. intelligence agencies to develop detailed biological
``fingerprints' and data to support forensic analysis of any act of
biological terrorism.
Chemical Analysis for Forensic Attribution. Timely and complete
analysis of suspect chemicals can answer important questions related to
nonproliferation, counterterrorism, and law enforcement. Our Forensic
Science Center has assembled a unique capability for detecting and
characterizing ultratrace levels of virtually any compound in any
sample matrix. Expertise and instrumentation are available for complete
chemical and isotopic analysis of nuclear materials, inorganic
materials, organic materials (e.g., chemical warfare agents, illegal
drugs), and biological materials (e.g., toxins, DNA). The Forensic
Science Center also develops advanced laboratory and field capabilities
for ultratrace analysis, including a portable (55-pound) gas
chromatograph/mass spectrometer, field kits for thin-layer
chromatography, and novel sample collectors using solid-phase
microextraction.
The Forensic Science Center has begun the rigorous testing required
to become the second U.S. laboratory certified by the Organization for
the Prohibition of Chemical Weapons (OPCW), which is responsible for
implementing the Chemical Weapons Convention (CWC). Under the terms of
the CWC, all samples collected from inspected facilities must be
analyzed at two OPCW-designated laboratories. The U.S. Congress
mandates that all U.S. samples be tested in the U.S. Currently, the
U.S. has only one designated laboratory, the Edgewood Chemical and
Biological Forensic Analytical Center. Livermore will provide the
second required facility.
strong capabilities and active programs--underpinning capabilities and
facilities
Several special capabilities at Livermore merit special mention
because they provide broad yet critical support to homeland security:
our International Assessments Program, the National Atmospheric Release
Advisory Center (NARAC), the Counterproliferation Analysis and Planning
System (CAPS), high-performance computations, and the Computer Incident
Advisory Capability.
Intelligence Analysis and Threat Assessment. One of the most
critical, yet difficult, elements of homeland security and
counterterrorism is gaining insight into the capabilities, intentions,
and plans of persons, groups, or states hostile to the U.S. Our
International Assessments Program (Z Division) is one of the strongest
capabilities in the country for analysis and research related to
foreign nuclear weapons and other weapons of mass destruction,
including early-stage foreign technology development and acquisition,
patterns of cooperation, and foreign cyber threats. Such intelligence
analyses serve as the foundation for homeland defense against WMD
threats. Intelligence provides an essential input to threat analyses
that, in turn, provide the basis for defining functional requirements
for technical homeland security systems. Furthermore, intelligence can
provide ``indications and warning' of an imminent attack, thus guiding
further deployment of defensive assets. Thus there is a critical need
for both long-term, in-depth intelligence analysis and timely,
responsive indications and warning.
Z Division regularly provides analysis products to our
intelligence, defense and policy-making customers. Our assessments of
foreign weapons programs and activities provide important input to
policy makers and diplomats as they develop strategies for U.S.
responses to events affecting national security. The capabilities in Z
Division also support our Nuclear Threat Assessment Program (previously
discussed), which analyzes nuclear terrorist threats and smuggling
incidents.
In addition to filling a critical niche by providing all-source
intelligence analyses of foreign nation-state programs to acquire WMD,
we develop data analysis tools and data integration methods to aid
intelligence collection and assessment and avoid the pitfalls of
information stovepiping. Some of these tools are currently being
evaluated by our analysts as well as end-users across the Intelligence
Community, while many others are under intense development and will be
applied to the counter-terrorism problem. In the aftermath of September
11, we provided intelligence analysts and assessments as well as
information-operations tools and expert personnel to the U.S.
Intelligence Community.
Atmospheric Modeling for Consequence Management. The National
Atmospheric Release Advisory Center (NARAC), located and operated at
the Laboratory, is a national emergency response service for real-time
assessment of incidents involving nuclear, chemical, biological, or
natural hazardous material. NARAC can map the probable atmospheric
spread of contamination in time for an emergency manager to decide
whether protective actions are necessary. NARAC is on call to respond
to real incidents and can also be used to evaluate specific scenarios
for emergency response planning, such as optimizing the siting of
bioaerosol samplers or determining evacuation routes.
Since it was established in 1979, NARAC has responded to more than
70 alerts, accidents, and disasters and has supported more than 800
exercises. In addition to accidental radiological releases (e.g.,
Chernobyl, 1986; Three Mile Island, 1979), NARAC has assessed natural
and manmade disasters (Mt. Pinatubo volcanic ash cloud, 1991; Kuwaiti
oil fires, 1991). NARAC has also provided assessments to state and
local responders to toxic chemical accidents (e.g., Richmond sulfuric
acid cloud, 1993; Sacramento River Spill, 1991). State and local
agencies can request NARAC support for actual releases or planning by
contacting DOE's Office of Emergency Response or the NARAC program
office at Livermore.
The Counterproliferation Analysis and Planning System (CAPS).
Developed continually updated by LLNL, Counterproliferation Analysis
and Planning System (CAPS) is a versatile and powerful modeling system
for analyzing, end-to-end, a proliferator's WMD production processes
and for assessing interdiction options and their corresponding
consequences. CAPS is as easy to use as a Web browser, with its
powerful and complex science (spectral analysis, toxic release
modeling, etc.) invisible to the user. CAPS is widely accepted by the
military's mission planners and is the Department of Defense's
preferred counterproliferation planning tool.
High-Performance Computing. With supercomputers acquired as part of
NNSA's Advanced Simulation and Computing (ASCI) program and additional
institutional investments in massively parallel computers, Livermore is
an international leader in high-performance computing. Many
groundbreaking applications are being developed. An example directly
relevant to homeland security is our computational biology work
directed at genomics--the development and use of bioinformatics tools
and databases.
We have developed computational tools to automatically identify
regions of bacterial and viral pathogen genomes that have a high
probability of being unique to that genome. We can now process any
draft or finished pathogen genome in a few hours and confidently detect
all regions that are not ``matched' in any other known sequenced
genome. This capability has been tested on numerous bacterial and viral
pathogens both at LLNL and with collaborators such as the Centers for
Disease Control, the U.S. Army Medical Research Institute of Infectious
Diseases, and the Department of Agriculture. We are currently using
this unique computational capability to satisfy pathogen detection
needs of these and other federal and state agencies.
Building on the approach we are taking, we will attempt to tackle
more complex problems such as automatically determining all protein
signature targets in a genome and determining the ``pathomics' of
virulence across all pathogens (i.e., the molecular mechanisms of
virulence itself). The computational needs to address these problems
will require use of cutting-edge supercomputer resources such as those
at LLNL.
Computer Incident Response. LLNL is home to DOE's Computer Incident
Advisory Capability (CIAC), which was formed in 1989. We assist any DOE
facility that experiences a computer security incident with analysis,
response, and restoration of operations. CIAC serves as DOE's watch and
warning center, notifying the complex of vulnerabilities that are being
exploited, specifying countermeasures to apply, and providing a picture
of the attack profile. The center also develops science and technology
solutions in support of computer network defense and products such as
SafePatch, which earned its developers a Government Technology
Leadership Award. CIAC's list of clients has grown to encompass other
government agencies, and there have been several incidents where the
team worked with the Federal Bureau of Investigation.
strong ties to research partners and the user community
One key attribute of LLNL is the Laboratory's proximity to
important assets--potential major partners in RDT&E and
commercialization as well as key customers for homeland security. The
San Francisco Bay Area is home to three international airports, two
seaports, an FBI field office, Customs and INS headquarters, Silicon
Valley, area biotechnology firms and health-care providers, mass
transit and rail systems, and high-visibility targets (e.g., Golden
Gate Bridge). In addition, as part of University of California, LLNL
has close ties with the many UC campuses in the area (Berkeley, San
Francisco, Davis, and Santa Cruz) as well as Stanford University (and
associated medical schools). We are also right next to Sandia-
California. Almost every aspect of the homeland security equation is
just minutes away from Livermore.
Many of our various research partners are cited throughout my
testimony. An often overlooked--yet important--aspect of a successful
research and development program is understanding the users' needs.
Additional examples of our connections and work with the user community
follow.
Expert Personnel Assisting in Homeland Security. Livermore
scientists serve on various task forces, committees, and advisory
groups dealing with aspects of homeland security and counterterrorism.
For example, a Livermore expert on x-ray imaging is a member of the
National Academy of Science Committee on Assessment of Technology
Deployed to Improve Commercial Aviation Security. Other Laboratory
scientists serve as technical advisors to the U.S. Customs Service, the
National Guard, and the Los Angeles Emergency Operations Center, and as
members or advisors to various Defense Science Board task forces
addressing homeland defense. Still others are assisting the California
Highway Patrol and the California State Office of Emergency Services
(OES) with training related to weapons of mass destruction and serving
as members of the California Council on Science and Technology, which
is providing technical advice to the OES's State Strategic Committee on
Terrorism.
Forensic Science Support to Law Enforcement. Over the years,
Livermore's Forensic Science Center (previously discussed) has
responded to many requests from law enforcement for assistance in
forensic analysis of unique samples. Since September 11 and the
subsequent anthrax scare, hundreds of samples of concern have been
analyzed for local and federal law enforcement and government
officials. Previously, the Center has been brought in to analyze
Supernote counterfeit bills, methamphetamine samples, biotoxins,
suspect chemical-warfare specimens, and nuclear contraband. It has
characterized explosive traces from the 1993 World Trade Center
bombing, the Unabomber case, and the Fremont serial bomber; performed
forensic sleuthing related to the Riverside ``mystery fumes' case;
analyzed samples for the Glendale ``Angel of Death' case; and analyzed
Capitol Hill offices as requested following anthrax decontamination.
Locally, the Center assisted Livermore police by rapidly identifying a
vapor that sickened response personnel at the scene of a suicide; once
the chemical was identified (malathion), law enforcement agencies were
able to take appropriate personnel-protection measures and complete
their investigation.
LINC for Improved Emergency Preparedness. Through the LINC program
(Local Integration of the National Atmospheric Release Advisory Center
with Cities), we are currently working with local agencies in the
Seattle area. A LINC pilot project is testing and evaluating the
effectiveness of an approach to emergency preparedness that offers the
potential for dramatic improvements. Sponsored by NNSA's Chemical and
Biological National Security Program, LINC integrates capabilities at
LLNL's NARAC (previously discussed) with local emergency management and
response centers. Ultimately, LINC's goal is to provide continuous
operation of an integrated, nationalwide system that aids emergency
preparedness and response at all levels of government.
A National Test Bed for Standards, Test, and Evaluation. One key
function of the Department of Homeland Security will be the setting of
standards for technical homeland security systems. To set such
standards will require practical, technical judgment, with
consideration of the threats that the technology is intended to
address, a concept of operations for its use, and the infrastructure
necessary to use it effectively. This process must involve the
Intelligence Community, end users in federal, state and local
government, and technical experts. Candidate technologies must undergo
objective testing and evaluation to determine how well they satisfy the
standards, as input to acquisition decisions by those with operational
responsibilities.
NNSA has assigned LLNL the responsibility to establish a national
test bed for the inspection of cargo containers for chemical,
biological, radiological, and nuclear weapons and materials. To meet
this responsibility, we have initiated threat analyses to establish the
range of threat scenarios that such inspection systems should address.
We have also begun a research program, based on calculations and
experiments, to characterize the relevant ``observables' for successful
detection. We have engaged federal, state and local organizations with
operational responsibilities in this area to factor in their practical,
operational constraints. We have set up a test facility where exemplar
containers are loaded with surrogate materials, as well as typical
cargo, so that commercial equipment and research prototypes can be
tested in meaningful scenarios. We believe that this methodology should
be extended to other terrorist scenarios of concern.
Risk and Vulnerability Assessments of Critical Facilities. Through
our participation in DOE's Vulnerability and Risk Assessment Program,
we have made systematic assessments of the threat environment, cyber
architecture, physical and operational security, policies and
procedures, interdependencies, impact analysis, risk characterization,
and possible mitigation measures for the 2002 Winter Olympic Games in
Salt Lake City, eleven electric and gas infrastructures, and several
independent service operators (ISOs), including the California ISO
during the electrical energy crisis. We have also analyzed the
vulnerability of buildings, dams, and other structures to catastrophic
damage from earthquakes and explosive events. Projects have included
evaluation of the earthquake vulnerability of major bridge structures
(including the Golden Gate and San Francisco-Oakland Bay bridges), the
structural integrity of nuclear material shipping containers for a
variety of impact scenarios, and the likely damage resulting from the
explosion of natural gas storage tanks in a suburban environment.
More generally, LLNL has applied risk and decision theoretic
methodologies to a wide range of hazardous endeavors, both internal to
the Laboratory and for the public sector, and we can be considered a
major scientific contributor to the discipline of risk assessment and
risk management. We have developed methodologies for and conducted risk
assessments of nuclear power generation, nuclear explosive operations,
information systems, transportation systems and hazardous material
protection (called vulnerability analyses) to identify and enhance
safety, safeguards and security. In addition, LLNL has assisted other
federal agencies in the application of risk management.
Engineering a Novel Truck-Stopping Device. In October 2001, the
Governor of California contacted Livermore requesting assistance to
develop a means of stopping tanker trucks, to keep hijacked trucks from
becoming motorized missiles. The objective was to make it possible to
stop these large trucks using equipment readily available to peace
officers, namely their vehicles and their weapons. A retired Livermore
engineer and consultant teamed with Laboratory engineers, technicians,
and heavy equipment operators to develop a simple mechanical device to
accomplish this. It can be readily attached to the back of a tanker
truck. When bumped from the rear by the patrol vehicle, the device
would cause the trailer braking system to lose air pressure
automatically locking the trailer brakes. A prototype was demonstrated
in Oakland in late November 2001, and testing at high speeds was
conducted at the Nevada Test Site in February and March 2002. We are
currently developing a portable remote-controlled system and working
with the California Highway Patrol and a major California trucking
company on implementing a field trial program.
closing remarks
In its efforts to combat terrorism and ensure homeland security,
the nation can build on an attribute that has made the United States
the world leader that it is--the remarkable capability of the American
people to focus extraordinary energy on achieving important objectives
in a time of need. Establishing a Department of Homeland Security can
fundamentally change for the better the nation's approach to preventing
terrorist attacks on the United States, reducing the nation's
vulnerability to terrorism, and managing the aftermath of any attack.
As the Administration and many leaders in Congress have already
stated, to succeed the new department will need to pursue a sustained
RDT&E program--particularly related to chemical, biological,
radiological and nuclear threats--that is prioritized to meet prudently
established objectives. These threats are significant and will grow
more sophisticated over time. At Livermore, we are fully committed to
this long-term national security endeavor to improve homeland security
and are well positioned to provide effective RDT&E support to the
department. LLNL brings to the Department of Homeland Security relevant
existing mission responsibilities and programs, experience working with
a wide range of research partners and users, and a track record of
taking technologies from concept to prototype development and
deployment.
______
Prepared Statement of Steven W. Martin, Director, Homeland Security
Programs, Pacific Northwest National Laboratory
introduction
Mr. Chairman, members of the House Energy and Commerce Subcommittee
on Oversight and Investigations; my name is Steve Martin, and I am the
Director of Homeland Security Programs at the Department of Energy's
Pacific Northwest National Laboratory (PNNL). On behalf of the
Laboratory Director, Dr. Lura Powell, I am pleased to provide testimony
today.
In this statement I begin with a brief overview of Pacific
Northwest National Laboratory. This is followed by some comments
regarding the nature of our homeland security challenges and some
examples of ways in which PNNL is contributing to help meet the needs
for securing our homeland. I close with comments on the role of the
national laboratories managed by the Office of Science and the National
Nuclear Security Administration in the Department of Energy.
pacific northwest national laboratory
Pacific Northwest National Laboratory (PNNL) is a Department of
Energy (DOE) multi-program laboratory, managed by DOE's Office of
Science. Since 1965, the Pacific Northwest Division of Battelle
Memorial Institute, a not-for-profit entity based in Ohio, has operated
PNNL for the DOE. PNNL employs approximately 3,500 staff and maintains
a business volume in excess of $500M annually, $230M of which is
related to national security work for a number of government clients in
areas such as combating terrorism, homeland security, proliferation
detection and monitoring, underground nuclear test detection, nuclear
weapon dismantlement, nuclear materials safeguards and security,
environmental and waste characterization, and fundamental science.
our homeland security challenges
Terrorism is not a new phenomenon and for decades PNNL has
performed work for government agencies with missions designed to combat
terrorism. Recent events serve to remind us of the vulnerabilities to
the security of our homeland and it is becoming even more evident that
there are terrorist elements with a willingness to deploy weapons of
mass destruction against U.S. interests--both abroad and at home.
The threat we face is dynamic and complex. We need to be as
flexible and adaptable as are the adversaries who would threaten us. As
we organize around the need to manage the risks associated with the
threats posed by weapons of mass destruction (WMD), we must do so in a
reasonable and systematic manner. The actual financial costs of
developing and implementing mitigating strategies and countermeasures
are only one consideration of a comprehensive risk management strategy.
We must also ensure that the solution is implemented in a manner that
considers negative consequences such as reduced operational
efficiencies or productivity that currently give U.S. industry and the
U.S. economy a competitive advantage.
Finally, it is imperative that organizational and technological
standards evolve that ensure solutions can be integrated across the
various functions and responsibilities outlined for the new Department
of Homeland Security (DHS). Solutions must facilitate integration of
operations and functions, information sharing, and interoperability.
pnnl contributions to homeland security
PNNL participated, along with other DOE and NNSA laboratories, in a
demonstration of national laboratory science and technology with
potential for application within the Office of Homeland Security. At
that demonstration PNNL profiled several of the following technologies.
These are but a few examples that demonstrate that capabilities at PNNL
span the entire WMD threat spectrum.
Millimeter Wave Holographic Imaging System: This system,
developed for the FAA for personal security checkpoint screening, is
capable of detecting all threats and contraband.
Acoustic Inspection Device: This handheld system was
originally developed by PNNL for inspection of chemical weapon
stockpiles in Iraq following the 1991 Gulf War. It can be used by Law
Enforcement Officials to Detect concealments, hidden compartments or
anomalies in liquid-filled containers and solid form commodities; Sort
material types into groups of like and unlike, and Identify liquids and
solid materials over a wide range of temperatures. It has recently been
commercialized by U.S. Customs as an inspection and screening tool.
Biodetection Enabling Analyte Delivery System (BEADS): It
is necessary to process large environmental samples to obtain traces of
threat biomaterial and deliver that material in a small volume to a
sensor. BEADS enables automated sample preparation for biodetection
systems.
Plutonium Measurement and Analysis (PUMA): A radiation
monitoring system that uses glass fibers to detect the presence of
radionuclides, such as plutonium. This technology offers flexible,
lightweight, low-power detection capability.
Hazardous Material Chemical Agent Detector (HAZMATCADtm):
This commercially available tool takes advantage of special (sensitive
and selective) polymers developed by PNNL and allows faster response
times to lower concentrations of hazardous chemicals and agents.
WMD Interdiction Training for International and Domestic
Border Security Officials: In 1997, Congress provided for the U.S.
training of international border security officers in detecting,
identifying, and interdicting the smuggling of WMD materials and items.
Since then, Border Officers from 17 nations have been trained as part
of the International Border Security Training Program. PNNL is
responsible for conducting this highly successful training known as
Interdict/RADACAD at the Hazardous Materials Management and Emergency
Response (HAMMER) Training Center, a $30M facility located near PNNL at
the Hanford Site. The value of this program has been demonstrated by
seizures of sensitive materials in Eastern Europe, including nuclear
reactor components destined for Iran and a quantity of Uranium-235. The
border security officials responsible for both of these seizures
attribute their success to the training they received in this program
from PNNL at HAMMER.
PNNL initiated training of U.S. Customs Officers this year. Thus
far, two 3-day courses in radiation detection and protection and the
use of advanced detection equipment have been completed. For the
foreseeable future, one U.S. Customs class per month is scheduled.
The practical operational environment of HAMMER is enhanced by
props that include a mock border crossing, a Port of Entry building
with a loading dock, inspection pit and radiation portal monitor, as
well as intermodal shipping containers and transport vehicles with
concealment compartments and traps commonly used by smugglers.
International Emergency Preparedness for WMD: PNNL
supports a US government-sponsored training program that teaches
international first responders how to recognize, respond to and manage
an incident involving a WMD. In addition to the operations training at
HAMMER, PNNL also supports a course for international mail handlers on
Postal Chemical/Biological Incident Management. In the same way the
international WMD interdiction training eventually expanded to
accommodate U.S. Customs Officers, consideration should be given to
leveraging this training capability and facility to accommodate the
government's articulated desire to train U.S. first responders to
handle WMD incidents.
Federal Emergency Management Information System and EMAD
VANTAGE: Decision support and command and control tools have been
developed for both emergency managers and emergency responders. These
tools provide an automated decision support architecture that applies
to situation planning and response capabilities for large multi-user
environments.
National Counterdrug Center (NCC): Operational
coordination (or interoperability) across multiple agencies, missions,
or functions is a known limiting factor impacting interdiction efforts.
The NCC is a simulation-based interoperability training system that can
improve multi-agency operational planning and execution in a virtual
environment. While the current focus is drug interdiction, this
national capability can be readily leveraged to accommodate training
and planning capability for all-threat interdiction to include weapons
of mass destruction. In addition, since the underlying objectives are
to support interoperability, it is plausible that the capability and
concept of simulation-based interactive environments can support the
needs of first responders (police, fire, and emergency medical) as
well.
Information visualization and knowledge management: For
over a decade PNNL has been conducting research that helps government
analysts deal with the overwhelming amount of information they must
process. PNNL has developed and successfully deployed tools for
exploiting large and diverse sets of information and analysts within a
number of government agencies are currently taking advantage of PNNL
tools like SPIRE and Starlight to help them connect the dots.
Critical Infrastructure Protection: PNNL is one of many
DOE laboratories tasked to assure the integrity of energy
infrastructures by conducting vulnerability assessments and
recommending risk-mitigating strategies. The bulk of this work has
focused on the electrical power infrastructure, an area wherein PNNL
has recognized capability.
Radiological Detection Expertise: Even though PNNL has
existed for nearly four decades, there are over 50 years of history
related to radiation detection technology development and deployment as
a result of the legacy from the Hanford site's involvement in the
Manhattan project. Instruments incorporating PNNL radiation detection
technologies have been fielded in a number of locations, including:
outer space, deep undersea, within the core of both naval and civilian
reactors, border crossings, international nuclear test detection
networks, high altitude aircraft, nuclear accident sites such as Three
Mile Island and Chernobyl, U.S. nuclear complex sites, and deep
underground. In addition, PNNL staff participate in a number of U.S.
Government or international policy working groups including the
Radiation Detection Panel (DOE), the Nuclear Smuggling Working group
(IAEA), and the Radiation Instrumentation Steering Committee (IEEE.)
PNNL currently holds leadership positions in the International Nuclear
Materials Management Association.
Radiation Portal Monitoring Support to US Customs: The
U.S. Customs Service, Office of Information and Technology (OIT),
Applied Technology Division (ATD), working with the Department of
Energy (Pacific Northwest National Laboratory-PNNL), has established a
terrorist radiation/nuclear detection project to investigate systems
and technologies to augment and enhance their existing radiological
detection capabilities. This project addresses the maritime, aviation,
land crossing, and rail USCS inspection environments.
the role of science and technology and our national laboratories
The science and technology response to our homeland security
challenges must draw broadly on the talent and expertise resident in
our research universities, our industry, and in all the government
laboratories managed by multiple agencies. The national laboratories
managed by DOE's Office of Science and the National Nuclear Security
Administration will play a very substantial role, particularly on
weapons of mass destruction issues. These laboratories have specialized
capabilities in several areas of science and technology, such as the
control and detection of nuclear materials, and expertise pertinent to
radiological, chemical and biological threats. The national
laboratories maintain the interdisciplinary approach and scientific and
engineering breadth necessary to take a broad systems view of these
problems, and have the ability to deliver solutions in a secure
environment.
I very much appreciate the opportunity to provide this testimony
and will be pleased to answer questions or provide any additional
information that would be helpful.
______
Prepared Statement of Barry S. Howe, Vice President, Thermo Electron
Corporation
Thank you Mr. Chairman and members of the subcommittee for this
opportunity to submit testimony on behalf of my company, Thermo
Electron Corporation (NYSE:TMO), a technology company based in Waltham,
Massachusetts. As a senior executive at a major technology firm, my
role here today is to offer some ideas on how companies like Thermo
Electron can be a partner with government to apply proven technological
solutions to the serious homeland security challenges facing our
nation--solutions that are already available and in use successfully at
border checkpoints and in multiple other applications around the world
today.
Improving security at the nation's borders, airports, and seaports
has become a top national priority. Recent events have heightened
concerns about the potential use of weapons of mass destruction and so-
called ``dirty'' bombs. Given, for example, that the U.S. Customs
Agency is currently equipped to screen a small percentage of the large
cargo containers that enter the United States, there are clearly gaps
in our nation's security system that threaten our country's safety. But
current technology is available to help mitigate these risks.
We at Thermo believe that three points are particularly important
to this hearing: First, when properly installed and operated, current
radiation-detection systems work very well. They can and have
successfully thwarted attempts to illegally transport nuclear
material--regardless of the mode of transport. Second, the United
States should monitor for radiation in non-traditional locations.
Third, we should protect our shipping infrastructure against
terrorists.
thermo electron background and qualifications
Thermo Electron offers a comprehensive range of security-related
instruments--supporting chemical, explosive, radiological, and
biological-detection capabilities--to help ensure the safety of public
places and people. Many of these products have and will continue to be
critical in the detection and prevention of terrorist acts, as well as
for the emergency and forensic response to such events.
Our instruments have played an important role in the aftermath of
September 11th. Authorities in New York and Washington D.C. deployed a
variety of Thermo instruments to understand the nature and extent of
the post-attack hazards. For example, Thermo's gas and particulate
monitors were deployed at Ground Zero and at the Pentagon to assess
levels of asbestos, carbon monoxide, carbon dioxide, formaldehyde, and
ammonia to determine whether it was safe for residents and workers near
the disaster sites to return to their homes and offices. In addition,
our monitors are in continuous use near the Fresh Kills landfill in
Staten Island (where Trade Center debris has been transported) to
ensure that environmental conditions remain safe.
In the November 2001 anthrax contamination of the Senate Office
Building, officials used Thermo's sophisticated sampling equipment to
assess the anthrax threat, monitor the cleanup, and evaluate when it
was safe to re-occupy the building.
Thermo also produces the EGIS explosive trace systems, which can
detect and identify in seconds plastic, commercial, and military
explosives, as well as ICAO taggants--chemical markers added to
military explosives in the manufacturing process to assist detection.
The EGIS system has been approved by the Transportation Security
Authority (TSA) and we are in current discussions as to how it will be
deployed in the U.S. to support the Congressional mandate to have 100
percent of checked baggage screened for explosives by the end of the
year.
The EGIS has become the trace-detection standard throughout Europe
for airport screening of bags and electronic items. It has been used to
protect embassies in trouble spots worldwide, deployed to screen
British Rail freight traveling through the Channel Tunnel, used in
Israel to ensure maximum security at border crossings, and installed in
mailrooms to screen suspicious packages.
As part of the unprecedented levels of security at the 2002 Olympic
Games, the Federal Bureau of Investigation (FBI) used EGIS to search
for explosives to ensure the safety of athletes and spectators. In
addition, law enforcement agencies, such as the FBI and the Bureau of
Alcohol, Tobacco and Firearms (ATF), and forensic laboratories use EGIS
routinely on-site and in the lab for post-blast investigation to
determine the type and origin of explosives.
However, it is our radiation, nuclear-material detection and
radiological protection products that are most relevant to today's
hearing. Thermo produces a full range of monitoring systems from hand-
held, mobile, and environmental monitors for first responders to
complete systems suitable for use in airports and other large public
venues, as well as tunnels, border crossings, and other checkpoints.
thermo electron radiation measurement and protection group
Thermo's Radiation Measurement and Protection group is a world
leader in its field. Current brand names include Bicron, Eberline, ESM,
Harshaw, Mini, NE, and NNC. We have been manufacturing and supplying
equipment to customers worldwide for more than 50 years. Included in
the Radiation Measurement and Protection staff of approximately 350 are
mechanical, electrical and software engineers, health physicists, and
nuclear power plant operators. Their experience ranges from research
environments, such as NASA, to nuclear submarines. This combination of
technical prowess and real-world applications expertise is critical to
our mission of designing and manufacturing sophisticated and
technologically advanced equipment that is foolproof, yet extremely
easy to use.
ISO 9001 certified, Thermo's Radiation Measurement and Protection
manufacturing facilities have been tested and have been approved by the
Czech Metrological Institute (Prague Test), German TUEV, PTB, CE,
International Atomic Energy Agency's (IAEA) Illicit Trafficking
Radiation Detection Assessment Program (ITRAP Test), American National
Standards Institute (ANSI), and the Health Physics Instrumentation
Committee (HPIC), among others.
In 1987, we began development of a large-scale vehicle radiation-
monitoring system at the request of the steel industry, following the
inadvertent and widely publicized melting of radioactive sources at
various facilities. Since then, we have manufactured and installed more
than 1,400 of these state-of-the-art systems, which we continue to
update and improve.
We also manufacture small-scale and pedestrian monitors for a
variety of applications. End users cover the gambit of national
laboratories, nuclear power plants, states (both domestic and
international), steel mills, foundries, metal-recycling facilities,
solid waste facilities/transfer stations, waste-to-energy plants, and
most recently, the International Atomic Energy Agency (IAEA) at the
Vienna International Centre (VIC) in Austria.
Our systems have been tested again and again the world-over by
various entities for compliance against rigorous standards as well as
to evaluate their ultimate level of reliable detection. Through the
course of this testing, we have consistently met all requirements.
In 1997, we were invited and successfully participated in the
Illicit Trafficking Radiation Assessment Program (ITRAP), sponsored by
the IAEA, INTERPOL, and the World Customs Organization. Our Automobile
and Personnel Monitor (APM), hand-held FH40G, FieldSpec (isotope
identifier), and pocket/pager devices (PM1401GN/PM1703GN), products
developed for this application, have not only surpassed the ITRAP
requirements for overall performance--sensitivity, usability, and
reliability--but have proven to be a very cost-effective solution for
the interdiction of radioactive materials. The Weapons of Mass
Destruction Civilian Support Team (WMDCST) has equipped their 35 teams
around the country with our FieldSpec devices.
security at international borders
Since 1992, the U.S. government has spent $86 million on radiation-
detection equipment and personnel training in 30 countries of the
former Soviet Union and Central and Eastern Europe as part of the
Second Line of Defense, a Department of Energy initiative. In a study
released just last month, the General Accounting Office assessed these
efforts to stop the smuggling of radioactive materials. The report
detailed a number of problems with the deployment overseas of
radiation-detection equipment. However, the GAO also recounted
noteworthy success stories. Over the past 10 years, according to the
GAO, 181 attempts to smuggle nuclear material have been foiled at
international borders.
Thermo Electron has placed 80 radiation-monitoring systems at
border crossings in 15 countries around the world, including Argentina,
Austria, Canada, China, the Czech Republic, Estonia, Finland, Germany,
Latvia, Poland, Slovakia, Spain, United Kingdom, and the United States
(summarized in Appendix B). They comply with existing international
standards, and are proof that current, readily available technology can
make a difference.
We believe it continues to be an important priority to stop
smuggling at its source. However, as the GAO report demonstrates, the
United States government has had little control over other countries'
use of the radiation-detection equipment that our taxpayer dollars have
funded. Fortunately, we have designed our equipment to work with
remote-monitoring capabilities so that any alarm can notify supervisory
personnel as appropriate. The equipment can also be monitored remotely
to verify status, review history, and prepare reports detailing any
alarms, equipment failures, and downtime--which can be a vital part of
any follow-up program to help ensure the Second Line of Defense program
increases its effectiveness.
Ultimately, it is clear from the GAO findings that we cannot rely
on other nations to prevent the illicit export of radioactive material
to our shores. We should control our own destiny by having a
comprehensive radiation-detection program in place at our own borders,
airports, and seaports.
monitoring for radiation in non-traditional locations
Protecting military installations, government buildings, and other
government facilities remains a critical radiation-detection priority.
However, the obvious aim of these terrorists is to target our symbols
and our citizens. Some of the clearest threats today involve large
gatherings of everyday people at national holiday celebrations,
parades, protests, and sporting events.
We believe the federal government can provide protection at these
venues that is flexible, effective, and a prudent use of public funding
using mobile systems, including handheld devices, described in Appendix
A, the product section of this document.
protecting the nation's shipping infrastructure against terrorists
Courier services and the postal system are obvious areas of
vulnerability. Recent anthrax incidents have taught us that terrorists
can send their packages of destruction using our own infrastructure.
Thus, the same detection systems that the United States should put
in place at our borders, seaports, and airports should also be
installed at courier and shipping locations around the world.
A leading worldwide courier service has been testing a radiation-
monitoring program with Thermo Electron equipment at a U.S. facility.
We are also in discussions with other commercial vendors to determine
their needs at locations around the world. We believe a comprehensive
system of radiation-monitors at courier sites would go a long way in
defending this nation and others against terrorism.
standards
One topic that may be discussed today is whether the U.S. should
delay deployment of radiation-detection systems to develop new, U.S.
standards for these devices. Thermo has participated in the development
of existing standards and would be willing to offer expertise again in
the ongoing development of any new standards.
Thermo's devices already comply with the existing international
standards that were developed with extensive involvement of American
experts. An integral part of the standards requires manufacturers to
have all products independently tested. These standards were approved
by two highly respected, multi-national organizations--the
International Atomic Energy Agency and the International
Electrotechnical Commission. They are also the basis for American
Society for Testing and Materials standards, now in draft form. We
believe the existing international standards, and the ASTM draft rules
modeled on them, do constitute a well-considered and effective system
of protection.
One critical issue for the committee is how our government can
fully leverage the capability of the nation's technology providers and
expedite the deployment of proven equipment that can effectively detect
radiation today.
September 11th and its aftermath have brought the threat of nuclear
and radiological terror to the national consciousness. But we at Thermo
have been working successfully to develop solutions for a robust and
reliable security system for years--in close partnership with entities
like the Department of Energy, the Department of Justice, U.S. Customs,
the national laboratories, as well as city and state emergency response
teams and first responders.
Of course, terrorists will always try to defeat any security system
to accomplish their destructive goals. That is why United States
government agencies and the nation's technology companies should
continue to work in partnership to develop even better technologies for
tomorrow. We at Thermo continue to invest R&D resources to leverage our
current technologies as platforms for the next generation of advanced
products, including looking at ways to integrate our multiple, proven
detection capabilities--radiation, explosives, chemical, and
biological--into a comprehensive solution.
But products that are effective and available today can be put in
place immediately to ensure the security of our nation, and the safety
of our citizens.
Thank you Mr. Chairman for this opportunity to testify on behalf of
Thermo Electron Corporation.
______
Prepared Statement of Jim Holsen, Vice President of Engineering, United
Parcel Service, Inc.
Good morning Mr. Chairman and members of the Subcommittee. My name
is Jim Holsen and I am Vice President of Engineering for United Parcel
Service.
I have responsibility to oversee the project that UPS has
undertaken to place radiation-detection equipment at key international
locations. We made this decision, as we do with all of our security
measures, based on an ongoing assessment of the risks. We have had
discussions with a number of governmental agencies and with staff of
this committee as we have assessed the current risks, and we have
determined that deploying the equipment at this time is a prudent
decision.
We think our experience provides some useful lessons in how the
private sector and governmental agencies could improve their
cooperation to enhance the efficacy of the security-related activities
of both. The new Department of Homeland Security should foster
appropriate relationships between government and the private sector
that encourage cooperation.
Because UPS operates all over the world, we have been dealing with
international security threats for many years. The multi-faceted
security measures we employ are developed based on our continuing risk
assessment. Certainly, since September 11, our threat assessments have
taken on new dimensions. These decisions have to be made in the context
of a business that involves the delivery of millions of packages every
day, with time commitments that require an extremely efficient and
time-sensitive system, which is crucial to the flow of commerce. Our
system includes many inherent security measures.
In developing the radiation-detection equipment deployment
strategy, we evaluated our system and the available equipment. We
discussed the technology with a number of governmental agencies,
vendors and other private sector entities. Our plan is based on the
best information available to us at this time. As with all threats, we
plan to continue to monitor this risk and may modify our approach if
new information indicates that such modification is needed.
I want to emphasize that we have had very cooperative and helpful
discussions with the various government agencies we have consulted
while developing this strategy. However, issues have arisen that have
made the process difficult, inefficient, and perhaps less effective
than it could otherwise be. These issues go beyond any one of those
agencies, and we believe are as frustrating to the governmental
officials we spoke to as they are to us.
The first issue relates to the number of different agencies
involved in radiation monitoring. We have consulted with the Customs
Service, the Department of Energy, and the Transportation Security
Administration. In addition, we have met with the White House Office of
Science and Technology Policy and the Office of Homeland Security. We
have found that each of these agencies approaches the issues
differently. We have also found that these agencies are working with
different outside labs and experts. While we have found all of these
agencies helpful, it would have been preferable to have one
authoritative voice speaking for the federal government. We are put in
the position of making decisions about our deployment strategy without
consistent, definitive knowledge. To wait until such information may be
available leaves the risk unabated.
The second issue of concern is related to the first. We need
guidance on the nature of the threats we are trying to address and have
been unable to obtain such information from the experts within the
agencies with whom we have talked. The government experts have been
cooperative and helpful, but their ability to respond to our inquiries
has been limited by the restrictions on the information we need.
Recognition of the appropriate level of information sharing needed is
critical.
While we are willing to work appropriately with governmental
agencies to address threats--a role we have played for some time--we
cannot do so in the absence of appropriate intelligence information. If
the government is unwilling to share information with us, we cannot
adequately assist the government in addressing the threats.
In conclusion, we believe that the deployment of this equipment is
a prudent step in light of the information available to us at this
time. We will continue to evaluate the nature of the threats with the
best available information. We will continue our cooperation with the
interested governmental agencies and hope that our concerns regarding
coordination and intelligence sharing will be addressed. The new
Department of Homeland Security should foster appropriate relationships
between the government and the private sector.
Again, thank you for the opportunity to meet with you today, and I
am prepared to answer any questions that you may have.
______
Prepared Statement of K. David Nokes, Sandia National Laboratories
Mr. Chairman and distinguished members, it is my pleasure to appear
again before this committee. I am David Nokes, Director of the Systems
Assessment and Research Center and Coordinator for Sandia National
Laboratories' homeland security and combating terrorism activities. My
statement is an addendum to the one I provided at your June 25 hearing.
I would like to provide Sandia's views on the role of Science and
Technology (S&T) within the new Department of Homeland Security (DHS)
and some thoughts on how S&T might be organized.
We believe that a robust and comprehensive S&T portfolio within DHS
is absolutely essential if this country is to achieve the breakthrough
improvements that it must achieve in homeland security performance.
Furthermore, the S&T program must address a range of very different
needs. It is important to recognize that the S&T needs of DHS are a
continuum ranging from off-the-shelf items to the fundamental research
necessary to solve exceptionally difficult problems.
We must first address the urgent, pressing problems that can at
least be partially solved by putting existing, known technology into
the hands of the people in the field who have the day-to-day
responsibility for homeland security. This task is largely one of
quickly establishing performance requirements and then transferring the
technology to commercial entities for efficient production.
An example of this class of problem is the detection of clandestine
nuclear weapons and Radiological Dispersal Devices (RDDs), so-called
``dirty bombs,'' crossing into the United States at legal points of
entry. Sandia has demonstrated equipment that, within this constrained
environment, has a very high probability of detecting such devices,
even when shielded, and alerting officials in real time. We have
demonstrated a very low rate of false and nuisance alarms. I believe
that we are well-positioned to move beyond the demonstration stage and
implement widespread deployment at ports of entry.
Among the challenges that require substantial additional work are
detection systems for chemical and especially biological attacks.
Although point sensors for some agents exist and limited demonstrations
of area sensors have been performed, much developmental work will be
required to broaden the spectrum of agents that are detectable, lower
the false alarm rate, and ensure continuous operation. In addition, the
command and control architecture to network these sensors into an
effective and affordable system that can protect large urban areas has
not been designed.
Detecting clandestine nuclear weapons or RDDs in large urban areas
(as opposed to ports of entry) is a problem that also needs substantial
research. Although, unlike chemical or biological devices, radiological
weapons all have a detectable signature prior to use, the limitations
of physics prevent individual sensors from affording a large detection
range. The problem becomes command and control of networks of sensors
and developing a strategy that optimizes performance and cost.
An essential first step for the S&T portfolio at DHS will be
developing strategic planning and prioritization of the S&T investments
of the Department. This must be driven by threat and vulnerability
analyses that identify the areas with greatest need.
The S&T needs of the DHS are exceptionally diverse because of the
great variety of the individual elements of its mission. Each Under
Secretary of Homeland Security will have unique R&D requirements.
Clearly, the Under Secretary for Chemical, Biological, Radiological,
and Nuclear Countermeasures will need access to a substantially
different set of R&D resources than the Under Secretary for Border and
Transportation Security.
We recommend that each Under Secretary create a laboratory network
tailored for his or her missions by directly tasking existing
institutions that possess the required competencies. We call this
entity a ``Virtual National Laboratory,'' and it has already been tried
and proven as an effective model for multi-institutional programs
involving research and technology development. Virtual national
laboratories may be of permanent or limited duration and can be
reconfigured as necessary for evolving requirements.
To illustrate, the Under Secretary for Chemical, Biological,
Radiologcial, and Nuclear Countermeasures may design one or more
matrixed laboratory systems specific to his needs that include
representation from the National Institutes of Health, some DOE/NNSA
labs, leading research universities, and the pharmaceutical industry.
The Under Secretary for Border and Transportation Security may design
one or more matrixed laboratory systems specific to her needs that
include representation from the Naval Research Laboratory and other DoD
labs, DOE/NNSA, industry, and universities.
Each of these ``virtual national laboratories'' would have a
defined organizational structure with a laboratory director and program
directors, although it would own no real property. The laboratory
director would manage a Laboratory Liaison Council (LLC) with
representation from the constituent institutions. The LLC would be the
Under Secretary's vehicle for direct access to the national laboratory
system. He would not have to go through each institution's sponsoring
federal agency in a ``work-for-others'' procurement process. This
structure is illustrated in the diagram attached as supplemental
material to my statement.
A significant advantage of this concept is that it encourages
competition of the right sort--competition of ideas (not direct
competition of labs for money)--and cooperation on results, pulling
together the right resources for a particular mission focus. It
encourages rapid transition of the fruits of research into application,
and helps avoid the ``valley of death''' that often prevents promising
research from being developed and deployed.
Specific suggestions follow:
Each Under Secretary should have authority for ``conducting a
national scientific research and development program to support
the missions of the Department'' for which he or she is
responsible, ``. . . including directing, funding, and
conducting research and development relating to the same'' (as
per Sec. 301 (2) of the President's bill).
In addition, each Under Secretary should appoint a Director of
Research and Development with authority to immediately create
networked laboratory systems (virtual national laboratories)
through cooperative arrangements with federal, academic, and
private research institutions. Appropriate funding will be
required.
Directors of Research and Development will be assisted by
Laboratory Liaison Councils with representation from the
institutions of the virtual national laboratory.
Directors of Research and Development should have authority
and appropriated funding to originate and award Cooperative
Research and Development Agreements (CRADAs) and other
technology transfer mechanisms between virtual national
laboratories and industry on an expedited basis.
DHS legislation should authorize all relevant federally funded
R&D institutions to accept direct tasking from the DHS and
should instruct ``landlord'' agencies to facilitate DHS
taskings of institutions under their sponsorship.
At least initially, DHS should rely on the established great
laboratories of the nation rather than creating new ones for
its science and technology (S&T) program. There is insufficient
time to establish a ``green field'' laboratory that can make
contributions on the scale required in a timely manner.
Thought must be given to ensure that S&T activities are agile
and not encumbered with bureaucratic processes that stifle the
imaginative and innovative work required if we are to be
successful. New processes will be necessary in some cases,
rather than importing existing ones from organizations brought
into the new department.
As recommended by the National Research Council in their
recent report, Making the Nation Safer: The Role of Science and
Technology in Countering Terrorism, an office of ``Under
Secretary for Technology'' should be created, reporting to the
Secretary (p. 12-6). This office will manage a strategic, peer-
reviewed research program with universities, national
laboratories, and industry. Sustained funding at the mission
level will be required.
Also as recommended by the National Research Council (p. 12-
7), a Homeland Security Institute should be established as a
Federally Funded Research and Development Center (FFRDC) under
the direction of the Under Secretary for Technology. This
entity should perform policy and systems analysis, help define
standards and metrics, and assist agencies with evaluating
technologies for deployment.
The creation of the new DHS will be an enormous undertaking, and we
appreciate your hard work helping to achieve an effective structure for
securing our homeland. Sandia is committed to contributing to this
urgent undertaking.
Thank you, Mr. Chairman. I look forward to your questions.
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
�