b"<html>\n<title> - HOMELAND CYBERSECURITY AND DHS ENTERPRISE ARCHITECTURE BUDGET HEARING FOR FISCAL YEAR 2005</title>\n<body><pre>[House Hearing, 108 Congress]\n[From the U.S. Government Printing Office]\n\n\n\n \n                     HOMELAND CYBERSECURITY AND DHS\n                     ENTERPRISE ARCHITECTURE BUDGET\n                      HEARING FOR FISCAL YEAR 2005\n\n=======================================================================\n\n                                HEARING\n\n                               before the\n\n                     SUBCOMMITTEE ON CYBERSECURITY,\n                       SCIENCE, AND RESEARCH AND\n                              DEVELOPMENT\n\n                                 of the\n\n                 SELECT COMMITTEE ON HOMELAND SECURITY\n                        HOUSE OF REPRESENTATIVES\n\n                      ONE HUNDRED EIGHTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                             MARCH 30, 2004\n\n                               __________\n\n                           Serial No. 108-44\n\n                               __________\n\n    Printed for the use of the Select Committee on Homeland Security\n\n\n Available via the World Wide Web: http://www.access.gpo.gov/congress/\n                                 house\n\n\n                               __________\n\n                    U.S. GOVERNMENT PRINTING OFFICE\n23-174                      WASHINGTON : 2005\n_____________________________________________________________________________\nFor Sale by the Superintendent of Documents, U.S. Government Printing Office\nInternet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512\xef\xbf\xbd091800  \nFax: (202) 512\xef\xbf\xbd092250 Mail: Stop SSOP, Washington, DC 20402\xef\xbf\xbd0900012005\n\n\n                 SELECT COMMITTEE ON HOMELAND SECURITY\n\n\n\n                 Christopher Cox, California, Chairman\n\nJennifer Dunn, Washington            Jim Turner, Texas, Ranking Member\nC.W. Bill Young, Florida             Bennie G. Thompson, MississPpi\nDon Young, Alaska                    Loretta Sanchez, California\nF. James Sensenbrenner, Jr.,         Edward J. Markey, Massachusetts\nWisconsin                            Norman D. Dicks, Washington\nW.J. (Billy) Tauzin, Louisiana       Barney Frank, Massachusetts\nDavid Dreier, California             Jane Harman, California\nDuncan Hunter, California            Benjamin L. Cardin, Maryland\nHarold Rogers, Kentucky              Louise McIntosh Slaughter, New \nSherwood Boehlert, New York          York\nLamar S. Smith, Texas                Peter A. DeFazio, Oregon\nCurt Weldon, Pennsylvania            Nita M. Lowey, New York\nChristopher Shays, Connecticut       Robert E. Andrews, New Jersey\nPorter J. Goss, Florida              Eleanor Holmes Norton, District of \nDave Camp, Michigan                  Columbia\nLincoln Diaz-Balart, Florida         Zoe Lofgren, California\nBob Goodlatte, Virginia              Karen McCarthy, Missouri\nErnest J. Istook, Jr., Oklahoma      Sheila Jackson-Lee, Texas\nPeter T. King, New York              Bill Pascrell, Jr., North Carolina\nJohn Linder, Georgia                 Donna M. Christensen, U.S. Virgin \nJohn B. Shadegg, Arizona             Islands\nMark E. Souder, Indiana              Bob Etheridge, North Carolina\nMac Thornberry, Texas                Ken Lucas, Kentucky\nJim Gibbons, Nevada                  James R. Langevin, Rhode Island\nKay Granger, Texas                   Kendrick B. Meek, Florida\nPete Sessions, Texas                 Ben Chandler, Kentucky\nJohn E. Sweeney, New York\n\n                      John Gannon, Chief of Staff\n\n        tephen DeVine, Deputy Staff Director and General Counsel\n\n           Thomas Dilenge, Chief Counsel and Policy Director\n\n               David H. Schanzer, Democrat Staff Director\n\n             Mark T. Magee, Democrat Deputy Staff Director\n\n                    Michael S. Twinchek, Chief Clerk\n\n                                 ______\n\n   Subcommittee on Cybersecurity, Science, and Research & Development\n\n                    Mac Thornberry, Texas, Chairman\n\nPete Sessions, Texas, Vice Chairman  Zoe Lofgren, California\nSherwood Boehlert, New York          Loretta Sanchez, California\nLamar Smith, Texas                   Robert E. Andrews, New Jersey\nCurt Weldon, Pennsylvania            Sheila Jackson-Lee, Texas\nDave Camp, Michigan                  Donna M. Christensen, U.S. Virgin \nRobert W. Goodlatte, Virginia        Islands\nPeter King, New York                 Bob Etheridge, North Carolina\nJohn Linder, Georgia                 Ken Lucas, Kentucky\nMark Souder, Indiana                 James R. Langevin, Rhode Island\nJim Gibbons, Nevada                  Kendrick B. Meek, Florida\nKay Granger, Texas                   Ben Chandler, Kentucky\nChristopher Cox, California, ex      Jim Turner, Texas, ex officio\nofficio\n\n                                  (ii)\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\n\n                               STATEMENTS\n\nThe Honorable Mac Thornberry, a Representative in Congress From \n  the State of Texas, and Chairman, Subcommittee on \n  Cybersecurity, Science, and Research and Development\n  Oral Statement.................................................     1\n  Prepared Statement.............................................     2\nThe Honorable Zoe Lofgren, a Representative in Congress From the \n  State of California, and Ranking Member, Subcommittee on \n  Cybersecurity, Science, and Research and Development...........     2\nThe Honorable Christopher Cox, a Representative in Congress From \n  the State of California, and Chairman, Select Committee on \n  Homeland Security..............................................    22\nThe Honorable Jim Turner, a Representative in Congress From the \n  State of Texas, Ranking Member, Select Committee on Homeland \n  Security\n  Prepared Statement.............................................     4\nThe Honorable Robert E. Andrews, a Representative in Congress \n  From the State of New Jersey...................................    33\nThe Honorable Donna M. Christensen, a Delegate in Congress From \n  the U.S. Virgin Islands........................................    27\nThe Honorable Jennifer Dunn, a Representative in Congress From \n  the State of Washington........................................    29\nThe Honorable Bob Etheridge, a Representative in Congress From \n  the State of North Carolina....................................    31\nThe Honorable Jim Gibbons, a Representative in Congress From the \n  State of Nevada................................................    25\nThe Honorable James R. Langevin, a Representative in Congress \n  From the State of Rhode Island.................................    36\nThe Honorable Kendrick B. Meek, a Representative in Congress From \n  the State of Florida...........................................    41\n\n                               WITNESSES\n\nMr. Robert Liscouski, Assistant Secretary for Infrastructure \n  Protection, Department of Homeland Security\n  Oral Statement.................................................     5\n  Prepared Statement.............................................     8\nMr. Steven Cooper, Chief Information Officer, Department of \n  Homeland Security\n  Oral Statement.................................................    14\n  Prepared Statement.............................................    18\n\n                                APPENDIX\n\nQuestions for Assistant Secretary Robert Liscouski:\n  Questions from Congressman Dave Camp...........................    45\n  Questions from Congressman Sherwood Boehlert...................    46\n  Questions from Congressman Mac Thornberry and Congresswoman Zoe \n    Lofregn......................................................    47\n  Questions from Congressman Jim Turner..........................    54\n\nQuestions for Chief Information Officer Steven Cooper:\n  Questions from Congressman Mac Thornberry and Congresswoman Zoe \n    Lofgren......................................................    56\n\n\n                     HOMELAND CYBERSECURITY AND DHS\n\n      ENTERPRISE ARCHITECTURE BUDGET HEARING FOR FISCAL YEAR 2005\n\n                              ----------                              \n\n\n                        Tuesday, March 30, 2004\n\n                          House of Representatives,\n             Select Committee on Homeland Security,\n                    Subcommittee on Cybersecurity, Science,\n                              and Research and Development,\n                                                   Washington, D.C.\n    The subcommittee met, pursuant to call, at 10:06 a.m., in \nRoom 2325, Rayburn House Office\n    Building, Hon. Mac Thornberry [chairman of the \nsubcommittee] presiding.\n    Present: Representatives Thornberry, Smith, Camp, Linder, \nGibbons, Cox (ex officio),\n    Lofgren, Andrews, (Del.) Christensen, Etheridge, Lucas, \nLangevin, Meek, and Turner (ex officio).\n    Also Present: Representative Dunn.\n    Mr. Thornberry. The hearing will come to order. I would \nlike to welcome our witnesses and guests to this hearing of the \nSubcommittee on Cybersecurity, Science, and Research and \nDevelopment.\n    Last year, we received a number of perspectives on \ncybersecurity from academia, think tanks, the technology \nindustry, government agencies, users, and others. All want the \nDepartment to succeed in its mission to protect our Nation. All \nemphasized the importance of cyberspace and the need for \nstronger cybersecurity in government, industry, academia, and \nat home.\n    Now, as we move into the second year of the Department of \nHomeland Security there remain many areas in cybersecurity in \nneed of improvement. Cyber is an area that can touch across \nvirtually every aspect of our lives, from electrical grids, \nairport control towers, manufacturing, banking, chemical \nplants, and many other areas.\n    With the creation of the National Cybersecurity Division \nlast June, I was pleased the Department acknowledged the need \nto consolidate the cyber mission into an organization that \ncould have one voice in dealing with international, Federal, \nState, local, and private sectors. However, over the course of \nrecent months I have been concerned that many of the \ncybersecurity resources within the Department remain fragmented \nand have not been integrated under the Cybersecurity Division.\n    Our Nation needs a seamless, well-functioning organization \nwithin the Department to work with industry, other government \nelements, academia, and the home user. That is part of the \nexternal cybersecurity mission of the Department.\n    But there is also an internal cybersecurity mission for the \nDepartment. The Chief Information Officer has responsibility \nfor protecting the Nation's most sensitive data that has been \nentrusted to the DHS to counter terrorism against the homeland. \nAs the Department develops its enterprise architecture, privacy \nand classified information are two areas that must be \nconsidered as the networks from the 22 agencies are brought \ntogether.\n    I also believe that the Department must be a role model for \nthe rest of government as well as the private sector in how \nthey secure their own information infrastructure. DHS needs to \n``walk-the-talk'' and achieve the highest standards within the \nFederal Government and cybersecurity. The creation of the \nDepartment should also result in efficiencies through \nintegration and also find the most effective use of resources.\n    I look forward to hearing about your progress in both areas \nover the course of the past year.\n\n Prepared Statement of The Honorable Mac Thornberry, Chairman, Select \n                     Committee on Homeland Security\n\n    I would like to welcome our witnesses and guests to today's \nhearing.\n    Last year, this subcommittee received a number of perspectives on \ncybersecurity, from academia, think tanks, the technology industry, \ngovernment agencies, users, and others. All want the Department of \nHomeland Security to succeed in their mission to protect our nation. \nAll emphasized the importance of cyberspace and the need for stronger \ncybersecurity in government, industry, academia, and at home.\n    As we move into the 2nd year for the Department of Homeland \nSecurity, there remain many areas in cybersecurity in need of \nimprovement. Cyber is an area that cross-cuts virtually very aspect of \nour lives. Electrical grids, airport control towers, manufacturing, \nbanking, chemical plants, and many other areas are dependent upon their \ncomputers, information, and networks to be reliable and secure from \nattacks.\n    With the creation of the National Cybersecurity Division (NCSD) \nlast June, I was pleased that the Department acknowledged the need to \nconsolidate the cyber mission into an organization that could have \n``one voice'' in dealing with international, federal, state, local and \nprivate sectors. However, over the course of recent months, I am \nconcerned that many of the cybersecurity resources within the \nDepartment remain fragmented and have not been integrated under NCSD.\n    Our nation needs a seamless and well-functioning organization \nwithin the Department to work across industry, other government \nelements, academia, and the home user. That is part of the external \ncybersecurity mission for the Department of Homeland Security.\n    There is also an internal cybersecurity mission for the Department. \nThe Chief Information Officer has the responsibility for protecting our \nnation's most sensitive data that has been entrusted to DHS to counter \nterrorism against the homeland. As the Department develops its \nenterprise architecture, privacy and classified information are two \nareas that must be considered as the networks from the 22 agencies are \nbrought together.\n    I also believe the Department must be a role model for the rest of \nthe government--as well as the private sector--in how they secure their \nown information infrastructure. DHS needs to ``walk the talk'' and \nachieve the highest standards within the federal government in \ncybersecurity. The creation of the Department should result in \nefficiencies through integration and also find the most effective use \nof resources. I look forward to hearing about your progress and plans \nfor the coming year.\n\n    Before we turn to our witnesses, let me yield to the \ndistinguished ranking member, the gentlelady from California.\n    Ms. Lofgren. Thank you, Chairman Thornberry.\n    The Select Committee on Homeland Security is in the process \nof tracking the first ever authorization bill through the \nDepartment of Homeland Security, and I believe that today's \nhearing before this subcommittee will serve as an important \npart of the authorization process. We will focus on \ncybersecurity activities of the Infrastructure Protection \nDirectorate and will explore the information technology and \nenterprise architecture issues facing the agency, and it will \ngive us an opportunity to understand resource and policy issues \npertaining to the budget request for the next fiscal year.\n    In addition, members may explore additional legislative \nissues relevant to the Director's activities for possible \ninclusion into the authorization bill.\n    Certainly, we have no shortage of issues to discuss with \nour witnesses today. Earlier this month President Bush and \nSecretary Ridge celebrated the first anniversary of the \ncreation of the Department of Homeland Security. At the event, \nthe President said, quote, one of the most important steps we \nhave taken to fight terrorism is creating the Department of \nHomeland Security combined under one room with a clear chain of \ncommand many agencies responsible for protecting our Nation. \nCreating the newest department of our Federal Government was a \ntough task that required a lot of hard work, changing some old \nhabits in order to merge into a new department. Unquote.\n    I think this assessment of the Department is pretty \noptimistic, and I know that while rank and file employees have \nworked very hard over this past year to get it up and running, \nI am not convinced that the leadership of the Department of \nHomeland Security should be celebrating at this time, \nparticularly in the area of cybersecurity.\n    I am concerned about cyber policy in the Department. I am \nnot convinced that cybersecurity is a priority within the \noverall Department of Homeland Security, and I am troubled by \nthe lack of concrete cybersecurity accomplishments over the \npast year.\n    The release of the National Strategy to Secure Cyberspace \nwas at the beginning of 2003. This policy paper established \ncybersecurity goals. At the end of 2003, the Department of \nHomeland Security convened a cybersecurity summit with major \nplayers in the technology industry in the Silicon Valley. Other \nthan these two events, I am just not familiar with the work \nthat is going on in DHS, and I think I am safe in saying that \nmembers of this subcommittee are somewhat frustrated.\n    The threat of a cyber attack is very real. In 2003, we saw \nincreasing worm and virus spreads, and Business Week estimated \nthat the damage from worms last year alone was over $13 \nbillion.\n    Today's witnesses are Mr. Robert Liscouski, Assistant \nSecretary for Infrastructure Protection, Information Analysis, \nand Infrastructure Protection Directorate, and Mr. Steven \nCooper, Chief Information Officer of the Department of Homeland \nSecurity. I hope that the witnesses today will be able to \nreassure this subcommittee that work is being done within the \nDepartment and that cybersecurity in fact is a priority for the \nadministration.\n    I would also like to note my frustration at the tardiness \nwith which the statements were delivered to the committee. The \nrules of the Homeland Security Committee prescribe that \nwitnesses who wish to submit a written statement shall file \nthem--not may, but shall file them 72 hours prior to the \nhearing. Mr. Liscouski's statement was filed 14 hours prior to \nthis committee and Mr. Cooper's statement was filed 45 minutes \nbefore the committee hearing, and I think that that is a real \ndisservice to every member of the committee as we obviously \nhave not had the time to really study Mr. Cooper's statement or \nMr. Liscouski's statement.\n    Before concluding, I would like to thank the chairman of \nthis committee, Mr. Thornberry, who has led our committee with \ngreat skill and intelligence, and I appreciate his leadership. \nThank you.\n    Mr. Thornberry. I thank the gentlelady, and let me echo her \nfrustration with the delays in having the statements before us. \nObviously, it makes it more difficult for all of us to do our \njob well.\n    Let me just, as a brief aside on timing. My understanding \nis that we will have votes roughly around 11:30. Mr. Liscouski \nalso has another hearing in the Intelligence Committee around \nthat time, and so I don't want to limit anything but the \nbriefer we can all be in our questions and responses we can \ncover more territory. I appreciate both of our witnesses. \nWithout objection, other members of course may submit opening \nstatements for the record.\n\n  Prepared Statement of the Honorable Jim Turner, a Representative in \n Congress From the State of Texas, and Ranking Member, Subcommittee on \n           Cybersecurity, Science, and Research & Development\n\n    Thank you Mr. Chairman.\n    Good Morning Gentlemen. Mr. Liscouski, it is a pleasure to have you \ntestify before our Committee again. Mr. Cooper, I believe this is the \nfirst time you have appeared before us--welcome.\n    The Department of Homeland Security's cybersecurity mission is two-\nfold. First, it is the key agency responsible for coordinating our \nnation's efforts to protect our computer networks and critical \ninfrastructures. Second, it must ensure that its own information \ntechnology systems are well-integrated and armed with appropriate \nsafeguards.\n    We recognize that these tasks are not easy but they must be done to \nhelp ensure the security of our homeland. The ever-changing nature of \ntechnology means that the Department must have the best expertise, \npersonnel, tools, and full authority to effectively accomplish its \nmission.\n    Unfortunately, the Department is not making the progress needed to \nsecure our nation from a cyber attack. It is also not moving quickly \nenough to integrate and protect its own information technology systems.\n    Mr. Liscouski, six months ago you appeared before this Subcommittee \nand told us that the Department, having finally found a Director to \nlead its cybersecurity efforts, was undertaking significant initiatives \nto further our country's efforts to secure cyberspace and prepare and \nrespond to network attacks. To date, however, the cybersecurity \ninitiatives that the have been unveiled have not gotten us much further \nthan we were before the creation of the Department. Indeed, some of the \ninitiatives appear to duplicate existing efforts.\n    Let me just mention a few specific areas in which I see the \nDepartment's efforts lagging.\n        <bullet> First, it is not apparent to me that the Department \n        has in place the ability and authority to direct other agencies \n        with specific expertise in the event of a cyber crisis.\n        <bullet> Second, the Department does not appear to have an \n        effective and meaningful public--private cybersecurity \n        partnership. Many in the private sector have little or no idea \n        what you are doing, what is expected of them, or how they are \n        supposed to integrate and coordinate with the Department.\n        <bullet> Third, the Department has not sufficiently moved \n        forward with the National Strategy to Secure Cyberspace \n        released by the Administration a year ago. Why haven't we yet \n        seen clear assignments of responsibilities and deadlines for \n        the Strategy's implementation? If it is because the strategy \n        won't work or is ineffective--we need to know that.\n        <bullet> Lastly, Mr. Liscouski, the Department's 2005 budget \n        does not clearly lay out what your directorate is planning to \n        do to further our cybersecurity efforts. We've only seen broad \n        assertions and categories of activities. There seems to be \n        lacking a clear vision on what the Department is doing to \n        secure cyberspace.\n    Mr. Cooper, I must say I am equally concerned about the state of \nthe Department's efforts to build robust information technology systems \nwithin the Department and secure its own internal networks. There are \nspecific areas, in particular, for which I am concerned.\n        <bullet> First, the Department's efforts to date have been too \n        slow. Just last week, I saw one official stating that simple e-\n        mail can't get passed to people in the same office and that it \n        takes hours for e-mail to bounce around the Department to reach \n        its destination. We won't win the war on terror if Homeland \n        Security officials can't even talk to each other.\n        <bullet> Second, good and consistent information technology \n        policies can help speed the integration of terrorist watch \n        lists, strengthen the security of our borders, and allow us to \n        ``connect the dots'' to find terrorists. It worries me, Mr. \n        Cooper, that you have publicly suggested that a consolidated \n        watchlist may not be necessary. In my view, achieving this goal \n        is critical for making our homeland security programs work.\n        <bullet> Third, it is not clear to me, Mr. Cooper, that you \n        have the sufficient authority to coordinate and direct the \n        divisional Chief Information Officers within the Department. If \n        this is a problem, I hope that you will be candid with us \n        regarding any additional authorities your position requires.\n        <bullet> Lastly, this past December, the Department received a \n        34--the lowest grade of any agency--in the Government Reform \n        Committee's annual grading of agencies on the security of their \n        computer systems. The Department should be setting an example \n        for the rest of government to follow--not trailing at the back \n        of the class.\n    Gentleman, I thank you for appearing before our Committee today to \naddress these important issues.\n\n    I appreciate both of our witnesses being here today. Let me \nfirst call on Robert Liscouski, Assistant Secretary for \nInfrastructure Protection at the Department of Homeland \nSecurity.\n\n    STATEMENT OF ROBERT LISCOUSKI, ASSISTANT SECRETARY FOR \n   INFRASTRUCTURE PROTECTION, DEPARTMENT OF HOMELAND SECURITY\n\n    Mr. Liscouski. Thank you, Mr. Chairman, and distinguished \nmembers of the subcommittee. I appreciate the opportunity to be \nhere this morning.\n    As you pointed out, I am responsible for infrastructure \nprotection at the Department of Homeland Security, and I am \npleased to be here before you today to discuss our progress \nthat we have made in the National Cybersecurity Division and to \ndiscuss the President's fiscal year 2005 budget request.\n    In today's highly technical and digital world, we recognize \nthat attacks against us may manifest themselves in many forms, \nincluding both physical and cyber attacks. And in addition, we \nrecognize the potential impact of collateral damage from any \none attack to a variety of assets. This interconnected and \ninterdependent nature of our infrastructure makes our physical \nand cyber assets difficult to separate, and it would be \nirresponsible to address them in isolation.\n    The integrated approach that DHS takes toward protection of \nphysical and cyber assets and responsive threats and protection \nof its vulnerabilities enables us to consider the full range of \nrisks to the Nation, including loss of life, destruction of \ninfrastructure services, economic impact, and national security \nimplications. Recognizing that future terrorist attacks may not \nbe limited to either physical or cyber acts but rather a \ncombination of the two to amplify the impact, my office is \norganized to examine and address threats and vulnerabilities \nacross the nation's infrastructure by using a five-step risk \nmanagement methodology that measures the Nation's risk profile \nin the context of and in the absence of threat information. \nThose major steps of the risk management methodology include \nthe identification of the critical infrastructure assets, the \nassessment of vulnerabilities, the normalization analysis and \nprioritization of protective measures, implementing protective \nprograms, and then finally the measurement of effectiveness and \nperformance outputs so we can determine whether what we are \ndoing is the right thing.\n    The National Cybersecurity Division was created in June of \n2003 to serve as a national focal point for the public and the \nprivate sectors to address the cybersecurity issues and to \ncoordinate the implementation of a national cyber strategy to \nsecure cyberspace.\n    Under that mandate, the National Cybersecurity Division has \nbeen working closely with our partners in the Federal \nGovernment, the private sector, and academia on a variety of \nprograms and initiatives to protect our information \ninfrastructure. We recognize that the challenge is vast and \ncomplex, that the threats are multi-faceted and global in \nnature, and that our strengths and our vulnerabilities lie in \nour interdependencies; that the environment changes rapidly, \nand that information sharing and coordination are crucial to \nimproving our overall national and economic security.\n    The activities of the National Cybersecurity Division then \nare based on this understanding and designed to address each of \nthe priorities set forth in the National Strategy to Secure \nCyberspace.\n    Priority one, a national cyberspace secure response system;\n    Priority two, a national cyberspace security threat and \nvulnerability reduction program;\n    Priority three, a national cyberspace security awareness \nand training program;\n    Priority four, securing the government's cyberspace; and,\n    Priority five, national security and international \ncyberspace security cooperation.\n    When I appeared before the committee--before the \nsubcommittee in September of 2003, I announced that Mr. Amit \nYoran was to become the Director of the National Cybersecurity \nDivision. Under his leadership, the division has aggressively \npursued partnerships and programs and is building a strong team \nto meet its objectives. I also announced the creation of the \nU.S. Computer Emergency Readiness Team, or the US-CERT. The US-\nCERT is a key component of our cyber strategy and readiness and \nresponse system and the National Cybersecurity Division's \noperational arm. The US-CERT provides a national coordination \ncenter that links public and private response capabilities to \nfacilitate information sharing across infrastructure sectors \nand to help protect and maintain the continuity of our Nation's \ncyber infrastructure.\n    On 28 January of this year, the Department of Homeland \nSecurity through the US-CERT unveiled the National Cyber Alert \nSystem. It is an operational system developed to deliver \ntargeted and timely and actionable information to Americans to \nsecure their computers. At the U.S. government, we have the \nresponsibility to alert the public of imminent threats and to \nprovide protective measures where we can, and minimally to \nprovide information necessary for the public to protect their \nsystems.\n    The day we inaugurated the system, the US-CERT site \nreceived more than 1 million hits. And today, from the first \nfew weeks of that site, we have more than 250,000 direct \nsubscribers who receive the National Cybersecurity Alert \ninformation to enhance their cybersecurity. And I urge you all \nto visit that site at www.US-CERT.gov, to subscribe to our \ninformation services.\n    To facilitate the preparation interagency and public-\nprivate cooperation coordination during and to recover from \ncyber incidents, we have created the Cyber Interagency Incident \nManagement group, or Cyber IIMG. The Cyber IIMG coordinates \nintergovernmental preparedness and operations to respond to and \nrecover from cyber incidents and attacks. The group brings \ntogether senior officials from national security, law \nenforcement, defense, intelligence, and other government \nagencies that maintain significant cybersecurity capabilities \nand that can bring to bear in response to an incident and, \nimportantly, possess the necessary statutory authority to act.\n    We have also broadened our interagency partnerships to \ncreate two new groups addressing the various challenges before \nus. The first is a Chief Information Security Officers Forum, \nCISO Forum, established to provide a trusted venue for our \ngovernment information security offices to collaborate and \nshare effective practices, initiatives, capabilities, \nsuccesses, and challenges.\n    The second group is the Government Forum of Incidents \nResponse and Security Teams, FIRST, a group of technical and \ntactical practitioners of security response teams responsible \nfor securing government information technology systems. GFIRST \nmembers work together to understand and handle computer \nsecurity incidents and to encourage proactive and preventive \nsecurity practices.\n    One of our most important constituencies of course is the \nprivate sector, because as you well know it is estimated that \n85 percent of America's critical infrastructure is owned and \noperated by the private sector, and technology developed by the \nindustry continues to fuel the growth and the evolution of the \nInternet.\n    In December 2003, the Cybersecurity Division co-hosted the \nfirst National Cybersecurity Summit, which allowed the \nDepartment to work side by side with leaders in industry to \naddress key cybersecurity issues facing the Nation. The Cyber \nDivision is also working closely with research and academic \ncommunities to better educate and train future cyber analysts, \nand we are participating in the National Science Foundation \nScholarship For Service, or the Cyber Corps program as well as \nthe National Security Agency's Information Assurance Centers \nfor Excellence, academic excellence in 26 States, for which \nthere are 50 centers.\n    The National Cybersecurity Division is only 9 months old, \nbut these initiatives represent considerable progress toward \nmaking cybersecurity a reality and reflect our collective \ncommitment to do much more. Each accomplishment fosters further \nactivity which we have outlined in our fiscal year 2005 budget. \nThe national cybersecurity budget for fiscal year 2005 request \nis $79 million, and it is based upon ongoing and future \nactivities necessary to meet our mission.\n    The division is positively exploiting the work of its \npredecessors and building crucial partnerships as part of DHS's \noverall efforts to enhance the protection of our Nation's \ncritical infrastructure. We have much to do and it will take \ntime, resources, dedication, energy, and hard work to succeed. \nWe are committed to that challenge, and we look forward to the \nopportunities to update the subcommittee on our progress.\n    We are also approaching the next National Cybersecurity \nDay, I would like to point out, which is this Sunday. And as \nAmericans turn their clocks forward, we also urge them to take \nthis opportunity to review and improve their cyber readiness.\n    Again, I thank you for the opportunity to testify before \nyou today, and I would be pleased to answer the questions at \nyour convenience.\n    [The statement of Mr. Liscouski follows:]\n\n          Prepared Statement of the Honorable Robert Liscouski\n\n    Good morning, Chairman Thornberry and distinguished Members of the \nSubcommittee. My name is Robert Liscouski, and I am the Assistant \nSecretary for Infrastructure Protection in the Department of Homeland \nSecurity (DHS). I am pleased to appear before you today to provide an \nupdate on the Department's National Cyber Security Division's efforts \nin coordinating cyber security initiatives since my appearance in \nSeptember 2003 and to discuss the President's FY 2005 budget request \nfor the Division. In my testimony today, I will share information on a \nnumber of initiatives that use diverse channels of communication to \nreach our government partners as well as our mutual constituents--home \nusers, small and medium-sized businesses, and corporations.\n\nIntroduction\n    March 1st marked the one-year anniversary of the Department of \nHomeland Security. In his remarks commemorating that day, Secretary \nRidge stressed the Department's goal to strengthen information sharing \nand infrastructure protection over the next year. We in the Information \nAnalysis and Infrastructure Protection Directorate (IAIP) take that \nmandate to heart in our collective efforts and activities to protect \nthe Nation. Established by the Homeland Security Act, the IAIP \nDirectorate leads the Nation's efforts to protect our critical \ninfrastructures from attack or disruption, and under the leadership of \nUnder Secretary Frank Libutti has made significant strides toward that \nobjective.\n    The IAIP Directorate includes the Office of Information Analysis, \nthe primary gathering and analytic center for threat information and \nintelligence within DHS, and the Office of Infrastructure Protection \n(IP), for which I am responsible. In today's highly technical and \ndigital world, we recognize that attacks against us may manifest in \nmany forms, including both physical and cyber attacks. In addition, we \nrecognize the potential impact of collateral damage from any one attack \nto a variety of assets. This interconnected and interdependent nature \nof our infrastructure makes our physical and cyber assets difficult to \nseparate, and it would be irresponsible to address them in isolation. \nThe placement of our two offices within the Directorate underscores \nthis linkage and enables us to work together to share intelligence and \nother information and coordinate our efforts to mitigate our \nvulnerabilities. Further, IP's component divisions work closely \ntogether to coordinate efforts regarding both physical and cyber \nthreats and vulnerabilities and to develop plans that address the \ninterdependencies between them.\n    Homeland Security Presidential Directive 7 (HSPD 7), released by \nPresident Bush on December 17, 2003, requires the development of a \nNational Infrastructure Protection Plan that sets out a roadmap for \nassessing both physical and cyber vulnerabilities and, once the \nvulnerabilities are determined, articulating the protective actions \nthat need to be taken. As such, IAIP takes a holistic view of critical \ninfrastructure vulnerabilities and works to protect America from all \nthreats by ensuring the integration of physical and cyber security \napproaches in the Directorate's Office of Infrastructure Protection.\n    This integrated approach to physical and cyber threats and \nvulnerabilities enables us to consider the full range of risks to the \nNation, including loss of life, disruptions of infrastructure services, \neconomic impact, and national security implications. Recognizing that \nfuture terrorist attacks may not be limited to either a physical or \ncyber act, but rather a combination of the two to amplify impact, IP \nincludes the National Cyber Security Division, the Protective Security \nDivision, the Infrastructure Coordination Division, and the National \nCommunications System and is organized to examine and address threats \nand vulnerabilities across the Nation's infrastructure by using a five-\nstep risk management methodology that measures the national risk \nprofile in the context, and absence, of threat information. The major \nsteps of our risk management methodology include:\n\n        <bullet> Identification of critical infrastructure\n        <bullet> Assessing vulnerabilities\n        <bullet> Normalizing, analyzing, and prioritizing protective \n        measures\n        <bullet> Implementing protective programs\n        <bullet> Measuring effectives through performance metrics\n    By performing each of these steps continuously across and within \neach critical infrastructure sector, and by integrating threat \ninformation, we are continually improving our national critical \ninfrastructure protection program--physical and cyber--and driving \nbetter correlation of protective programs to the dynamic threat \nenvironment.\n    National Cyber Security Division Mission: Coordinating our National \nCyber Security\n    In support of the broader IAIP mission, the National Cyber Security \nDivision was created in June 2003 to serve as a national focal point \nfor the public and private sectors to address cyber security issues and \nto coordinate the implementation of the National Strategy to Secure \nCyberspace released by the President in February 2003.\n    Under that mandate, the National Cyber Security Division has been \nworking closely with our partners in the federal government, the \nprivate sector, and academia on a variety of programs and initiatives \nto protect our information infrastructure. We recognize that the \nchallenge is vast and complex, that the threats are multi-faceted and \nglobal in nature, that our strengths--and our vulnerabilities--lie in \nour interdependencies, that the environment changes rapidly, and that \ninformation sharing and coordination are crucial to improving our \noverall national and economic security. The activities of the National \nCyber Security Division, then, are based on this understanding and are \ndesigned to address each of the priorities set forth in the National \nStrategy to Secure Cyberspace (``the Strategy''):\n        Priority I:A National Cyberspace Security Response System\n        Priority II: A National Cyberspace Security Threat and \n        Vulnerability Reduction Program\n        Priority III: A National Cyberspace Security Awareness and \n        Training Program\n        Priority IV: Securing Government's Cyberspace\n        Priority V:National Security and International Cyberspace \n        Security Cooperation\n\n    Meeting the Mandate: Readiness and Response\n    The National Cyber Security Division's primary overarching goal \nsince its creation has been to enhance the Nation's Cyberspace Security \n(Readiness and) Response System (Priority I) that will, where possible, \ndeter and prevent a cyber attack from occurring, limit its scope and \nimpact on the critical infrastructures, and expedite recovery. In \nOctober 2003, we participated in Livewire, the first ever national-\nlevel cyber exercise to baseline our capabilities and communication \npaths for responding to national attack. The exercise involved over 300 \nparticipants representing more than 50 organizations across federal, \nstate, and local governments and the private sector. Cyber attack \nsimulation scenarios were developed to stress cyber interdependencies \nacross our critical infrastructures and baseline our ability to \ncollaborate across the public and private sectors. The information \ngleaned from Livewire validated the National Cyber Security Division's \napproach and activities. In that context, I will outline the National \nCyber Security Division's accomplishments to date and discuss on-going \nand future programs that all serve to enhance our national cyber \nsecurity.\n    When I appeared before the Subcommittee in September 2003, I \nannounced the appointment of Mr. Amit Yoran as the Director of the \nNational Cyber Security Division. Under his leadership, the Division is \naggressively pursuing partnerships and programs and building a strong \nteam to meet its objectives. I also announced the creation of the U.S. \nComputer Emergency Readiness Team, or US-CERT. US-CERT is a key \ncomponent of our Cyber Security Readiness and Response System and the \nNational Cyber Security Division's operational arm. Through its initial \npartnership with the CERT Coordination Center (CERT/CC) at Carnegie \nMellon University, US-CERT provides a national coordination center that \nlinks public and private response capabilities to facilitate \ninformation sharing across all infrastructure sectors and to help \nprotect and maintain the continuity of our Nation's cyber \ninfrastructure. The overarching approach to this task is to facilitate \nand implement systemic global and domestic coordination of deterrence \nfrom, preparation for, defense against, response to, and recovery from, \ncyber incidents and attacks across the United States, as well as the \ncyber consequences of physical attacks. To this end, US-CERT is \nbuilding a cyber watch and warning capability, launching a partnership \nprogram to build situational awareness and cooperation, and \ncoordinating with U.S. Government agencies and the private sector to \ndeter, prevent, respond to and recover from cyber--and physical--\nattacks.\n    One direct impetus of the Livewire exercise was to validate the \nimportance of building a cyber information dissemination mechanism to \nreach our stakeholders. On January 28, 2004, the Department of Homeland \nSecurity through USCERT unveiled the National Cyber Alert System, an \noperational system developed to deliver targeted, timely and actionable \ninformation to Americans to secure their computer systems. As the U.S. \nGovernment, we have a responsibility to alert the public of imminent \nthreats and to provide protective measures when we can, or least \nprovide the information necessary for the public to protect their \nsystems. The offerings of the National Cyber Alert System provide that \nkind of information, and we have already issued several alerts and the \ninitial products of a periodic series of providing ``best practices'' \nand ``how-to'' guidance. We strive to make sure the information \nprovided is understandable to all computer users, technical and non-\ntechnical, and reflects the broad usage of the Internet in today's \nsociety. I am pleased to report that Americans are exhibiting a keen \ninterest in the alert system. On January 28th, the day we inaugurated \nthe system, the US-CERT site received more than one million hits. \nWithin the first few weeks, more than 250,000 direct subscribers \nreceived National Cyber Alerts to enhance their cyber security. For \nyour reference and for your constituents, I urge you to visit www.us-\ncert.gov to subscribe to a number of our information services to \nfacilitate protecting your computer systems. As we increase its \noutreach, the National Cyber Alert System is looking at other vehicles \nto distribute information to reach as many Americans as possible.\n    The Livewire exercise reiterated the critical need for government \nto share information and coordinate efforts at cyber incident \npreparation that enhance our effectiveness in responding to cyber \nactivity. To facilitate preparation and interagency and public-private \ncoordination during, and to recover from cyber incidents, we created a \nCyber Interagency Incident Management Group, or Cyber IIMG. The Cyber \nIIMG coordinates intra-governmental preparedness and operations to \nrespond to, and recover from, cyber incidents and attacks. The group \nbrings together senior officials from national security, law \nenforcement, defense, intelligence, and other government agencies that \nmaintain significant cyber security capabilities that they can bring to \nbear in response to an incident and, importantly, possess the necessary \nstatutory authority to act. By meeting monthly, the Cyber IIMG is \ndeveloping cyber preparedness and response plans that will help it to \nsupport the IIMG during national events with cyber implications, and \nensure that during a cyber crisis the full range and weight of federal \ncapabilities are deployed in a coordinated and effective fashion.\n    To enhance the level of communication among federal agencies in a \ncrisis, DHS' IP is continuing to widen the reach of the Critical \nInfrastructure Warning Information Network, or CWIN. For those who are \nnot familiar, CWIN is a technologically advanced, secure network for \ninfrastructure protection, communication and cooperation, alert, and \nnotification. As a private communications network, CWIN serves as a \nreliable and survivable network with no logical dependency on the \nInternet or the public switched network. In the event a significant \ncyber attack disrupts our telecommunications networks and/or the \nInternet, CWIN provides a secure and survivable capability for members \nto communicate. It is important for us to understand and prepare for \nany contingency. In this vein, DHS is extending the reach of CWIN's \nsurvivable architecture beyond federal agencies by working with \ncritical private sector companies to establish CWIN nodes at their \nNetwork Operations Centers. The goal is to increase the number of CWIN \nnodes to 100 by the end of 2004, making it a robust and resilient \ncapability that supports national cyber operations and response during \ntimes of crisis.\n    Key components of the National Cyber Security Division's efforts \nare laid out in Priority IV of the Strategy: Securing Government's \nCyberspace. Consistent with law and policy, the National Cyber Security \nDivision works with the Office of Management and Budget and the \nNational Institute of Standards and Technology regarding the security \nof federal systems and coordinates with federal law enforcement \nauthorities as appropriate. We have taken great steps to integrate \nexisting frameworks into the system, such as the continued \nfunctionality of the Federal Computer Incident Response Center \n(FedCIRC) is being transitioned within US-CERT, as well as to create a \nnew forum for coordination toward greater cyber security in the federal \ngovernment.\n    We have also broadened our interagency partnerships to create two \nnew groups addressing the various challenges before us. The first is \nthe Chief Information Security Officers Forum (CISO Forum), established \nto provide a trusted venue for our government information security \nofficers to collaborate and share effective practices, initiatives, \ncapabilities, successes and challenges. The second is the Government \nForum of Incident Response and Security Teams (GFIRST), a group of \ntechnical and tactical practitioners of security response teams \nresponsible for securing Government information technology systems. \nGFIRST members work together to understand and handle computer security \nincidents and to encourage proactive and preventative security \npractices. The purpose of the GFIRST peer group is to:\n\n        <bullet> Provide members with technical information, tools, \n        methods, assistance and guidance;\n        <bullet> Coordinate proactive liaison activities and analytical \n        support;\n        <bullet> Further the development of quality products and \n        services for the federal government;\n        <bullet> Share specific technical details regarding incidents \n        within a trusted U.S. Government environment on a peer-to-peer \n        level; and\n        <bullet> Improve incident response operations.\n    The National Cyber Security Division has taken on aggressive plans \nfor accelerated information sharing and collaboration efforts in both \nthe CISO Forum and GFIRST. Already, both groups have increased \ninformation sharing horizontally across previously somewhat stove-piped \norganizations and improved the overall cyber preparedness of the U.S. \nGovernment.\n\nMeeting the Mandate: Assessment and Analysis\n    A major component of the National Cyber Security Division's mission \nis our focus within the Office of Infrastructure Protection to \ncoordinate efforts on physical and cyber threat and vulnerability \nidentification and assessment, and the implementation of protective \nmeasures to reduce vulnerabilities that will enable IAIP to \nsystemically address the security status of U.S. networks and the cyber \ncomponents and dependencies of our critical infrastructures. This \neffort directly responds to the calls in the Strategy and HSPD 7 to:\n\n        <bullet> Develop a National Infrastructure Protection Plan;\n        <bullet> Complete and maintain a critical cyber asset \n        inventory;\n        <bullet> Implement and expand standard methodologies to perform \n        threat, risk, and vulnerability assessments;\n        <bullet> Develop and maintain an interdependency analysis \n        capability to systematically understand the relationships \n        between cyber and physical assets; and\n        <bullet> Identify and implement priority protective measures to \n        mitigate vulnerabilities.\n    The National Cyber Security Division currently houses a number of \noperational, data analysis, and other diagnostic tools to assist in \nassessing our vulnerabilities. The US-CERT is developing a \ncomprehensive Watch Operation that will provide a 24x7 single point of \ncontact for national cyber incident detection, evaluation, response, \ncoordination, and restoration. Some key tools that US-CERT funded and/\nor executed include:\n\n        <bullet> Common Vulnerability and Exposures (CVE), a dictionary \n        of standard names for vulnerabilities that makes it possible to \n        correlate information across vendor products\n        <bullet> Malware Analysis, a laboratory operation performing \n        detailed analysis and characterization of malicious code to \n        adequately notify the Government of specific dangers and \n        threats to the critical infrastructure\n        <bullet> Security Analysis Program (SAP), a set of analysis \n        tools and capabilities offered through US-CERT to (1) help \n        agencies better monitor network security activity; (2) assist \n        agencies in identifying configuration problems, unauthorized/\n        unnecessary network traffic, network backdoors, and routing \n        anomalies; and (3) gain better global situational awareness of \n        network health and malicious activity. The use of these tools \n        by the federal civilian agencies represents one way that we are \n        transferring technology used by the military to increase our \n        overall capabilities.\n    As part of our efforts to improve our situational awareness and \nanalysis capabilities, the National Cyber Security Division is \ncoordinating with the National Communications System (NCS) on the \nGlobal Early Warning Information System (GEWIS). GEWIS is an effort \nunderway within IAIP to find a wide variety of sources, including open \nsource and approved private information, which can be analyzed to \nprovide better situational awareness of the Internet and its underlying \ninfrastructures. GEWIS will allow DHS to assess the health of the \nInternet in a timelier manner and, as a result, coordinate with the \nappropriate stakeholders in responding to Internet events. GEWIS is \ncurrently being used by IP in conjunction with other resources to \nprovide the current situational awareness capability. GEWIS is \ncontinuing to evolve, and over time will provide enhanced \nfunctionality.\n\nMeeting the Mandate: Awareness, Outreach, and Cooperation\n    So far I have discussed the accomplishments we have made in \nreadiness and response, assessment, analysis, and warning efforts at \nthe National Cyber Security Division. Another major component of our \nwork lies in the outreach and awareness programs that support every \naspect of our efforts to improve and sustain cyber security. The \nStrategy clearly identifies the users and stakeholders in cyber \nsecurity in Priority III as home users and small business, large \nenterprises, institutes of higher education, the private sectors that \nown and operate the vast majority of the Nation's cyberspace, and state \nand local governments. In Priority V, the Strategy also emphasizes that \ninternational cooperation is crucial to protecting ourselves in a world \nwhere attacks cross borders at light speed. The following components \nmake up the National Cyber Security Division's outreach and awareness \nprograms and serve as the basis for our recently initiated Partnership \nProgram.\n    One of our most important constituencies is the private sector. It \nis estimated that eighty-five percent of Americas critical \ninfrastructure is owned and operated by private companies, and \ntechnology developed by industry continues to fuel the growth and \nevolution of the Internet. In December 2003, the National Cyber \nSecurity Division co-hosted the first National Cyber Security Summit in \nSanta Clara, California with the Information Technology Association of \nAmerica, TechNet, the Business Software Alliance, and the U.S. Chamber \nof Commerce. This event was designed to energize the public and private \nsectors to implement the National Strategy to Secure Cyberspace. The \nSummit allowed the Department of Homeland Security to work side-by-side \nwith leaders from industry to address the key cyber security issues \nfacing the Nation. Five interest areas were established to focus \nspecifically in the areas of:\n\n        <bullet> Increasing awareness\n        <bullet> Cyber security early warning\n        <bullet> Best practices for information security corporate \n        governance\n        <bullet> Technical standards and common criteria\n        <bullet> Security across the software development lifecycle\n    Perhaps most importantly, the Summit served as a call to action. It \nrepresented a logical transition point from developing a national \nstrategy to energizing the public-private partnership to implement \nconcrete, measurable actions to improve the security of America's cyber \nsystems. The efforts of these working groups as well as those of other \nindustry leaders will be vital as we move forward in implementing the \nNational Strategy.\n    In addition to the National Cyber Security Summit, the National \nCyber Security Division is working with a host of groups to better \nunderstand and address their cyber security issues and concerns. These \ngroups include, among others, the President's National Infrastructure \nAdvisory Council, the President's National Security Telecommunications \nAdvisory Committee, and the private sector Information Sharing and \nAnalysis Centers (ISAC). As a result of the working relationships that \nhave been developed among state and local cyber security \nrepresentatives, we are also facilitating a multi-state ISAC that will \neven further enhance information sharing at the state and local levels.\n    The National Cyber Security Division is also working closely with \nthe research and academic communities to better educate and train \nfuture cyber analysts. We are participating in the National Science \nFoundation's Scholarship for Service, or ``Cyber Corps'' program as \nwell as the National Security Agency's fifty Information Assurance \nCenters for Academic Excellence in twenty-six states. We are looking at \na number of additional ways to raise cyber security awareness in our \neducational and professional programs, including exploring the K-12 \ncurriculum with the Department of Education and exploring the \npossibility for the private sector to create independent information \ntechnology certification programs for IT security professionals.\n    A crucial role for the National Cyber Security Division is to \ncooperate and leverage expertise within the Department of Homeland \nSecurity. Within IP, the National Cyber Security Division coordinates \nwith the Protective Security Division (PSD) on our physical and cyber \ninterdependencies and activities. In addition, it works closely with \nthe National Communications System (NCS), which runs the CWIN program \nand the Global Early Warning Information System (GEWIS) described \nabove, and brings NCS's telecommunications system expertise to its \nefforts. Through its integrated approach to addressing the critical \ninfrastructure, the Office of Infrastructure Protection also \ncoordinates efforts with the 13 critical infrastructure sectors laid \nout in HSPD 7 and their respective Information Sharing and Analysis \nCenters (ISACs). The National Cyber Security Division coordinates \nclosely with IP's Infrastructure Coordination Division on the cyber \nelements of their efforts.\n    In addition to our coordinated work within IP, the National Cyber \nSecurity Division works with a number of other DHS organizations. Close \nlinkage between the Office of Infrastructure Protection and the Office \nof Information Analysis, led by Assistant Secretary Patrick Hughes, \npromotes the ability to map threat information with cyber \nvulnerabilities. This mapping allows for the effective prioritization \nof potential risks so agencies may implement remediation efforts as \nquickly as possible to limit the impact of computer incidents.\n    The technology that drives cyber security needs and product demands \ndevelops very rapidly in today's environment. Therefore, IAIP and the \nScience and Technology Directorate (S&T) are working together to \ncoordinate research and development activities in the important areas \nof critical infrastructure protection and cyber security. A program of \nregular, interactive meetings between the two directorates ensures a \ntwo-way flow of information and coordination of technical activities. \nS&T's cyber security portfolio scope and activities are driven by the \nthreats and issues that warrant national-level concerns, including \ncyber attacks by hostile adversaries against the Nation's critical \ninfrastructures, or attacks whose consequences are of sufficient \nmagnitude to cause widespread economic or social disruptions. The \nNational Cyber Security Division provides important input regarding the \nresearch and development requirements for S&T's cyber security \nportfolio based on its activities and insight into the needs for \ngreater protection of our cyber systems. Initial technical emphases for \nthe Cyber Security Portfolio include:\n\n        <bullet> Improving the security of Internet infrastructure \n        protocols and developing migration paths for these protocols \n        into commercial use;\n        <bullet> Research, development, testing, and evaluation \n        investments aimed at next-generation cyber security \n        technologies aimed at prevention of and protection against \n        attacks; threat identification and tracking; monitoring, \n        detection, and attribution of attacks; and immediate as well as \n        longer-term response to attacks;\n        <bullet> Economic assessment and modeling to support the \n        development of business cases for cyber security in addition to \n        providing a foundation for risk-based cyber security decision \n        making.\n    I have addressed many of our national efforts, but I want to \nemphasize our international partnership efforts as well. As the \nStrategy says, ``America's cyberspace is linked to that of the rest of \nthe world.'' Cyberspace is truly borderless, and our communications \nnetworks are inarguably interconnected. We need to defend our systems \nfrom the outside, but we can only do so with global cooperation and \ncoordination. Therefore, the National Cyber Security Division's \nPartnership Program includes outreach and advocacy efforts with our \nglobal partners, through US-CERT outreach activities and in bilateral \nand multilateral discussions in conjunction with the Department of \nState, the Department of Justice, and the Department of Defense.\n    The National Cyber Security Division is only nine months old, but \nthese initiatives represent considerable progress toward making cyber \nsecurity a reality and reflect our collective commitment to do more. \nEach accomplishment fosters further activity, which we have outlined in \nour FY 2005 budget request.\n\nNational Cyber Security Division Budget Request FY 2005\n    The National Cyber Security Division Budget Request of $ 79 million \nfor the fiscal year 2005 is based on the on-going and future activities \nnecessary to meet our mission. The budget plan is organized around \nNational Cyber Security Division's program initiatives in (1) Readiness \nand Response; (2) Strategic Initiatives; (3) Information Sharing and \nCoordination; and (4) Management and Administration. Please let me \nhighlight some key initiatives in the plan.\n\nReadiness and Response\n    The core building block for an effective National Cyberspace \nSecurity Readiness and Response System is the U.S. Computer Emergency \nReadiness Team (US-CERT).\n    US-CERT will require full funding of $59.3 million for its various \nexisting and projected programs, including sustaining and improving the \nGEWIS, CWIN, Watch, and other programs described above. In its \ninaugural year, US-CERT is making significant progress in establishing \ncritical operational capabilities and building key relationships within \ngovernment, private industry, and academia. To further these \nadvancements, FY05 will be a significant year for the US-CERT to \ncontinue building and enhancing present capabilities into even more \nresponsive and robust ones.\n\n    Strategic Initiatives\n    The National Cyber Security Division's Vulnerability Assessment and \nReduction Program in response to HSPD 7 is a central aspect of its \nStrategic Initiative endeavors, and the requested funding of $7.0 \nmillion will build upon the initial efforts undertaken in FY03 and \nFY04. Additional aspects of the Strategic Initiatives program include \nsoftware assurance efforts, continued awareness and training efforts, \nand a series of tabletop and other exercises including a second \nLivewire exercise, our participation in the National-Level Exercise \nProgram, and a planned set of cyber-specific tabletop exercises at the \nState and local level.\n\nInformation Sharing and Coordination\n    A critical aspect of the National Cyber Security Division's \nactivities is outreach to the public and private stakeholders in the \nU.S. and interaction with global partners. $8.7 million will be used to \nsupport a variety of public awareness campaigns and outreach efforts--\nsuch as continued support of the Stay Safe Online campaign--as called \nfor in the Strategy. IAIP will also build and expand international \npartnerships to raise cyber security awareness and cooperation to \npromote a global culture of security. Most importantly, it accomplishes \nthe operational partnership executive of information sharing and \ncollaboration.\n\nManagement and Administration\n    The National Cyber Security Division is building a significant team \nof technical and security experts and determining the infrastructure it \nneeds in support of its numerous initiatives toward greater national \ncyber security.\n\nConclusion\n    The creation of the National Cyber Security Division reflects the \nrecognition that we as a Nation are utilizing sophisticated information \nnetworks to increase productivity, encourage innovation in products and \nservices, enhance daily lives, and communicate globally in an instant. \nImportantly, we are also using these innovations to enhance our \nnational and economic security, facilitate our law enforcement and \npublic safety efforts, and protect our individual privacy. As \ntechnology has developed, we have found more exciting ways to use it, \nand we have become increasingly dependent on it. But, we have also \nacknowledged that its proliferation across our critical \ninfrastructures--the very same proliferation that makes us more \nadvanced as a society and an economy--also makes us vulnerable to those \nwho would use it to harm us. IAIP, through the coordinated efforts of \nits component divisions including the National Cyber Security Division, \nis working diligently to address those vulnerabilities and provide \ngreater security without stunting the growth and benefits of the \ndigital economy for all Americans. We are approaching the next National \nCyber Security Day this Sunday, and as Americans turn their clocks \nforward, we will also be urging them take the opportunity to review--\nand improve--their cyber readiness.\n    In its short life, the National Cyber Security Division is \npositively exploiting the work of its predecessors, leveraging the \nexisting expertise around it, and building crucial partnerships as part \nof DHS' overall efforts to enhance the protection of our Nation's \ncritical infrastructures. We have addressed crucial operational \ncomponents of our program and are improving them, and we are developing \nstrategic plans for the future. We know we still have much to do and \nthat it will take time, resources, dedication, energy, and hard work to \nsucceed. We are committed to that challenge, and we look forward to \nfuture opportunities to update the Subcommittee on our progress.\n    Again, thank you for the opportunity to testify before you today. I \nwould be pleased to answer any questions you have at this time.\n\n    Mr. Thornberry. Thank you.\n    Now we turn to Mr. Steven Cooper, who is the Chief \nInformation Officer for the Department of Homeland Security.\n\n    STATEMENT OF STEVEN COOPER, CHIEF INFORMATION OFFICER, \n                DEPARTMENT OF HOMELAND SECURITY\n\n    Mr. Cooper. Mr. Chairman and members of the subcommittee, \ngood morning. I am Steve Cooper, Chief Information Officer for \nthe Department of Homeland Security. It is my pleasure to \nappear before the subcommittee, and I wish to thank the \nchairman and members for providing me the opportunity to update \nyou on our efforts and progress in integrating and securing \ninformation systems within the Department and to discuss the \nPresident's fiscal year 2005 budget for information technology. \nI would request that my written testimony be entered into the \nrecord.\n    Mr. Thornberry. Without objection, your testimony shall be \nin the record.\n    Mr. Cooper. Thank you.\n    The challenges facing those of us who comprise the \ninformation technology function of the Department of Homeland \nSecurity is complex. There are three major areas of focus.\n    The first is to ensure that the women and men on the front \nlines of the Department have all of the information technology \nenabled solutions and tools they need to safeguard the United \nStates and to deliver our safety and service-related \noperational functions and capabilities. The war on terrorism is \nreal, and we must deliver new mission solutions with quality \nand speed in a cost effective manner while maintaining already \nexisting mission solutions that we inherited when the \nDepartment was formed.\n    The second area addresses the integration of IT enabled \nsolutions. Guided by our enterprise architecture, we are \nidentifying opportunities to consolidate and streamline mission \nsolutions. In mission areas like threat identification and \nmanagement, identity credentialing, in collaboration we have \nidentified multiple solutions in use within the various \norganizational elements of the Department. Our goal is to help \nfacilitate and support the operators and subject matter experts \nin our business units, and determine the optimal number and \nnature of mission solutions needed.\n    And the third area is to realize efficiency and economies \nof scale that the President and Congress have set forward when \ncreating the Department of Homeland Security. Here, we must \nrapidly identify and eliminate existing overlap or redundancy \nwithin our IT infrastructure within the Department. However, we \nmust ensure that we do no harm to mission solutions while we \nrestructure and consolidate our infrastructure. In this case, \nwe really are changing the tires on the car while it is moving.\n    In order to guide the information technology function in \nachieving success in these three overarching focus areas, I \nhave, in concert with our Department of Homeland Security CIO \nCouncil, set eight priority force the IT function. I would like \nto share these with the committee.\n    Very quickly, they are: Information sharing, mission \nrationalization, IT portfolio management, information security, \ninfrastructure transformation, enterprise architecture, IT \ngovernance, and IT human capital.\n    These priorities are aligned with the strategic priorities \nof the Department set forth by Secretary Ridge and Deputy \nSecretary Loy. For each priority, we are in the process of \ndeveloping a case for change, the business case, a road map \nthat outlines the activities, tasks, and deliverables needed to \nachieve the desired objectives and metrics by which we will \nmeasure success. I would like to highlight two of these eight.\n    First is enterprise architecture. In my previous \ntestimonies, I have discussed the vision of strategy of DHS and \nhow that strategy must be supported by a disciplined capital \nplanning investment control process that is guided by business-\ndriven enterprise architecture. With the release of the first \nversion of enterprise architecture in September 2003, we made \nprogress toward the goal of achieving, one, Department of \nHomeland Security IT infrastructure. Version 1 of the \nenterprise architecture describes a target information \nmanagement infrastructure that will be dramatically different \nfrom the one we have today, one that will provide timely, \naccurate, useful, and actionable information to all individuals \nand stakeholders who require it all of the time. We believe \nthis effort was truly unique in the Federal Government, and \nthat we delivered a comprehensive and immediately useful target \nenterprise architecture in less than 4 months.\n    Version 1 of our enterprise architecture contributed to \nsome of our investment decisions for fiscal year 2005. Work is \ncurrently under way on Version 2 of the enterprise \narchitecture. This work will develop additional detail around \nthe target architecture and enhance the transition strategy \nfrom Version 1 into a more detailed transition plan that will \nspecifically enable the implementation of the target enterprise \narchitecture.\n    Version 2 is currently on track for completion by the end \nof this fiscal year. Along with continuing the hard work of \ndeveloping greater detail, we will continue reaching deeper to \nfind more opportunities to consolidation and begin to develop \nnew and improved mission support capabilities enabled by \ninformation technology.\n    Version 2 of the enterprise architecture, together with the \nassociated transition plan, will serve as the basis for further \nimproving DHS mission performance and facilitating information \ntechnology, alignment, integration, and consolidation.\n    DHS is a new organization formed a little over a year ago \nfrom 22 legacy agencies, each with their own culture, \nprocesses, and legacy information technology systems. Many of \nthese legacy agencies had developed their own enterprise \narchitectures prior to the establishment of the Department. The \nchallenge for us is to implement an integrated DHS enterprise \narchitecture, bringing together the good work that has been \ndone within each of the organizational elements and, during \nthat process, ensuring that the entire Department has the IT \ncapabilities needed to accomplish our mission capabilities \nevery day.\n    One challenge to achieving integrated homeland security \nenterprise architecture is having enterprise architecture that \nis sufficiently mature to support detailed alignment and \nanalysis for IT investment management decision making. We used \nVersion 1 to identify what we called quick hits, and these are \noutlined in release one of our enterprise architecture; we are \ncurrently developing Version 2 to support more detailed \ninvestment decision making.\n    Another potential challenge is overcoming resistance to \nchange and obtaining management and organizational buy-in into \nour enterprise architecture initiative. The Department has \nplaced a very high priority on our efforts. Deputy Secretary \nLoy has directed the major organizational components of DHS to \nparticipate in the development of Version 2. As we speak, there \nare more than five different business focus area teams \ncomprised of subject matter experts from across the Department \nworking in facilitated team sessions to make sure that the \nbusiness model for enterprise architecture Version 2 accurately \nand comprehensively captures the capabilities and requirements \nneeded to accomplish the Department's mission. The extent of \neach organizational element's participation in these business \narea focus teams is reported to the DHS Management Council and \nmonitored on a bi-weekly basis.\n    The development of an enterprise architecture is an \nenormously complex process requiring considerable resources and \na systematic methodology. However, DHS has already made good \nprogress in meeting the goals of our desired target enterprise \narchitecture. We are well on our way to consolidating many of \nthe management functions from each of the 22 agencies, \nincluding financial and human resources. We have reduced to 10, \n19 financial management service providers. We have moved from \n13 separate contracting offices to eight. We have moved from 22 \nhuman resource offices to seven. We have moved from eight \ndifferent payroll systems to three, and department experts \nexpect to reduce this to one by the end of the year. And we \nhave moved from 22 property management systems to three.\n    These are a few up-to-date examples of the progress we are \nmaking. It is, however, clear that we still have a long way to \ngo.\n    I would like to highlight our fiscal year 2005 budget \nrequest very quickly.\n    Information contributes to every aspect of homeland \nsecurity and is a vital foundation of the homeland security \neffort. My office has responsibility for providing IT \nleadership that will foster best management practices in \nmanaging IT, enhance efficiencies through shared services and \ncoordination of acquisition strategies, ensuring systems are \nproperly accredited and certified as secure, and being an \nadvocate for business transformation, all necessary toward \nensuring that our homeland is more secure. The leadership and \nfunding provided through the Department's IT investments are \ncrucial for maintaining an enterprise architecture that is \nfully integrated with other management processes, and for \nallowing the Department to participate in many of our e-Gov \ninitiatives across the Federal enterprise.\n    The President's budget request for fiscal year 2005 \nincludes a request for 226 million for departmentwide \ninformation technology investments. Included in the request is \n$95 million for information technology services, a portion of \nwhich will provide funding for the departmentwide geographic \ninformation system capability to improve the Department's \nenterprise portal. This funding provides for continuation of \nour enterprise architecture and planning efforts to address our \nevolving financial management system, eMERGE2, and funding to \nenable the development, the beginning of the development of our \nhuman resources information technology solutions.\n    Additionally, the request includes $31 million for \ninformation security-related activities.\n    Finally, the fiscal year 2005 budget request includes $100 \nmillion for wireless communications.\n    I would like to highlight some key things related to one of \nour eight priorities in closing, and that is information \nsecurity.\n    Since its creation, the Department of Homeland Security has \nmoved out aggressively to design and implement an information \nsecurity program that will not only ensure compliance with all \nappropriate standards and regulations, but to also ensure that \nthe entire Homeland Security community has a secure and trusted \ncomputing environment from which to operate. The heart of our \nreporting structure is built around the congressional \nrequirements expressed in FISMA, the Federal Information \nSecurity Management Act. In order to effect a comprehensive \ninformation security program, and in accordance with the \nprovisions of FISMA, I have designated a Chief Information \nSecurity Officer who manages and oversees all the internal \nHomeland Security Department's information systems security \nactivities. The FISMA report details compliance with Federal \nlaws and policies and DHS information security policies and \nstandards. DHS is in the process of implementing enterprise \nmanagement tools to ensure the accuracy and completeness of \nFISMA reporting across the Department.\n    FISMA requires each agency to perform for each program and \nsystem periodic testing and evaluation of the effectiveness of \ninformation security policies, procedures, and practices. We do \nfollow and will apply the Self-Assessment Guide for Information \nTechnology Systems from the National Institute of Standards and \nTechnology and as mandated by law. This self-assessment guide \nutilizes an extensive questionnaire which we have already begun \nusing in delivering our first Department of Homeland Security \nreport.\n    I have selected a commercial off-the-shelf product called \n``Trusted Agent FISMA''. This is an automated enterprise based \nmanagement tool that maintains FISMA reporting data from all of \nour components and their plans and activities that captures and \ntracks security weaknesses and associated corrective \nmilestones. In addition, it collects, processes, and stores all \nof the self-assessment information in accordance with the NIST \nguidance. We have deployed this system throughout DHS and have \ngenerated our first quarterly report. We expect this to improve \nthe timeliness and accuracy of our reporting as this \ninformation is available real-time to the Secretary and other \ncognizant officials.\n    I thank you again for the opportunity to testify before you \ntoday, and am pleased to answer questions that the committee \nmay have.\n\n Prepared Statement of Steven Cooper, Chief Information Officer, U.S. \n                    Department of Homeland Security\n\n    Mr. Chairman and Members of the Subcommittee:\n    Good morning, I am Steve Cooper, Chief Information Officer for the \nDepartment of Homeland Security (DHS). It is my pleasure to appear \nbefore the Subcommittee, and I wish to thank the Chairman and Members \nfor the providing me the opportunity to update you on our efforts and \nprogress in integrating and securing information systems within the \nDepartment and to discuss the President's FY 2005 budget request for \nInformation Technology. I will also update the Subcommittee on our \nEnterprise Architecture program efforts.\n\n    Enterprise Architecture\n    In his proposal for creating the Department over a year ago the \nPresident highlighted the use of enterprise architecture techniques to \nimprove both the sharing and use of information. The President stated \nthat the ``development of a single enterprise architecture for the \ndepartment would result in elimination of the sub-optimized, \nduplicative, and poorly coordinated systems <and processes> that are \nprevalent in government today. There would be rational prioritization \nof projects necessary to fund homeland security missions based on an \noverall assessment of requirements rather than a tendency to fund all \ngood ideas beneficial to a separate unit's individual needs even if \nsimilar systems are already in place elsewhere.''\n    In my previous testimonies, I've discussed the vision and strategy \nof DHS and how that strategy must fulfill the President's vision. \nAdditionally, it must be supported by a disciplined capital planning \nand investment control process that is guided by business-driven \nenterprise architecture. With release of the first version of the \nenterprise architecture in September 2003, we made progress toward the \ngoal of one DHS infrastructure. Version 1 of the enterprise \narchitecture describes a target information management infrastructure \nthat will be dramatically different from the one we have today, one \nthat will provide timely, accurate, useful and actionable information \nto all individuals who require it all the time. We believe this effort \nwas truly unique in the federal government in that we delivered a \ncomprehensive and immediately useful target enterprise architecture in \nless than four months.\n    However, Version 1 of the Homeland Security Enterprise Architecture \n(HLS EA) defines the enterprise architecture at a conceptual level and \noutlines a general transition strategy that must be broken down further \nfor the architecture to be implemented. Version 1, which was published \nat the end of September 2003:\n        <bullet> Identified common activities\n        <bullet> Proposed conceptual projects\n        <bullet> Proposed reusable business components\n        <bullet> Proposed Technology Patterns\n        <bullet> Began communications effort\n                <bullet> Increased understanding of EA planning and \n                integration\n                <bullet> Increased the knowledge of the target \n                architecture\n    Work is currently under way on Version 2 of the enterprise \narchitecture. This work will develop additional detail around the \ntarget architecture and enhance the transition strategy from Version 1 \ninto a more detailed transition plan that will more specifically enable \nthe implementation of the target enterprise architecture. This effort \ncurrently consists of 5 business teams composed of about 45 business \npeople charged with the responsibility of decomposing the common \nbusiness activities. During this effort for Version 2, we will:\n        <bullet> Verify and augment transitional projects\n        <bullet> Verify and augment reusable business components\n        <bullet> Verify and augment technology patterns\n        <bullet> Prepare an HLS-EA Framework that identifies the \n        products that will be produced by the department and that are \n        expected to be produced by the Transitional Project Managers\n        <bullet> Prepare governance procedures and bodies to ensure \n        alignment with the HLS-EA\n        <bullet> Ensure the integration of the transitional projects\n    Concurrently with the Version 2 effort, the enterprise architecture \nteam is working with several large project offices, e.g., ACE and US-\nVISIT, to determine alignment to the transition strategy so that these \nproject offices can immediately begin building to the target \narchitecture.\n    Version 2 is currently on track for completion early in the 4th \nquarter, FY04. Along with continuing the hard work of developing \ngreater detail, we will continue reaching deeper to find more \nopportunities for consolidation and opportunities to develop new and \nimproved mission support capabilities enabled by information \ntechnology. Version 2 of the enterprise architecture, together with the \nassociated transition plan, will serve as the basis for further \nimproving DHS mission performance and facilitating IT alignment, \nintegration, and consolidation.\n\nTechnical Reference Model Status\n    In Version 1 of the EA, we developed the DHS Technical Reference \nModel (TRM) by extending the TRM from the Office of Management and \nBudget Federal (OMB) Enterprise Architecture (FEA). The value of the \nTRM is to provide a common set of terminology for describing and \norganizing technology. We are currently working on further developing \nthe DHS TRM by improving the structure of technology categories so that \nthey promote consistency and are more meaningful across the Department.\n    In addition, we have made progress on filling in the Standards \nProfile (SP). The Standards Profile provides guidance to the components \nand major programs on what technologies to use to implement solutions \nto ensure consistency and interoperability with other solutions within \nthe Department and the homeland security community. Our approach is to \ncollect all of the technology standards from the component CIO offices \nand to organize them into the revised TRM for analysis. In many cases, \nthe standards in place are consistent across the components and these \nconsensus standards will be adopted as the Departmental standard. \nStandards that are adopted fall, generally, into four categories: Move-\nto, Divest, Hold, or Contain. As part of the process, we have assigned \n``stewardship'' of specific standards to individuals within my CIO shop \nor to other appropriate individuals in the Department. As the standards \nare developed, they reviewed by the Applied Technology Working Group, \nin accordance with the EA Governance Process as a part of the IT \nstrategic management framework, and are adopted by the Enterprise \nArchitecture Board (EAB).\n    One particular area where the TRM from the EA Version 1 has been \nuseful is in guiding investment in IT is in the area of ``technology \npatterns.'' Patterns are repeatable solutions to recurring technical \nchallenges that are based on best practices, typically from industry. \nIn Version 1 of the EA, we identified over a dozen patterns that have \nsignificant applicability within the Department. As a result, one of \nthe major business/IT initiatives within the Department, the \neMERGE<SUP>2</SUP> program of the Resource Management Transformation \nOffice (RMTO) has adopted the pattern approach and is in the process of \nacquiring technologies that implement several of the patterns \nidentified. These patterns and technologies will form a technology \nfoundation for other programs to leverage.\n\nImplementation of ``Quick Hits''\n    Definitions for the Quick Hits, foundational elements and \nactivities that had to be in place to support achievement of an \nintegrated enterprise architecture, have been completed and stewards \nhave been recommended. The Quick Hits have begun to be integrated into \nexisting projects. For example, RMTO will soon begin implementing some \nof the technology patterns included in the Technology Patterns Quick \nHit. The Consolidated Enforcement Environment (CEE) project has formed \na case management working group and is incorporating the Standardized \nInvestigation Case Management Quick Hit into their plans and will be \ncoordinating with the Department of Justice on a long term solution. \nThe One Face at the Border initiative met the requirements for the \nIntegration POE Workforce Quick Hit. The Office of Infrastructure \nManagement, within the DHS CIOs office, is working toward Network \nIntegration as part of their One DHS Infrastructure project.\n\nChallenges Achieving an Integrated Enterprise Architecture, Timelines \nand Implementation\n    DHS is a new organization, formed a little over a year ago from 22 \nlegacy agencies, each with their own culture, processes, and legacy IT \nsystems. Many of these legacy agencies had begun development of their \nown Enterprise Architectures prior to the establishment of DHS. The \nchallenge for DHS is to implement an integrated DHS Enterprise \nArchitecture while ensuring that, during the process, the entire \nDepartment has the IT capabilities needed to accomplish the mission.\n    One challenge to achieving an integrated HLS EA is having an EA \nthat is sufficiently mature to support detailed alignment and analysis \nfor IT investment management decision-making. As I've noted previously, \nDHS developed Version 1 of the DHS EA in 4 months ending in September \n2003. We also used Version 1 to identify Quick Hits and we are \ncurrently developing the HLS EA version 2, to support IT investment \nmanagement.\n    Another potential challenge is overcoming resistance to change and \nobtaining management and organizational buy-in into the EA. The \nDepartment has placed a very high priority on the HLS EA. Deputy \nSecretary Loy has directed the major organizational components of DHS \nto participate in development of Version 2 of the DHS EA. As we speak, \nthere are more than 5 different Business Focus Area Teams, composed of \nsubject matter experts from across the Department, working in \nfacilitated team sessions to make sure that the business model for EA \nVersion 2 accurately and comprehensively captures the capabilities \nneeded to accomplish the Department's mission. The extent of each \norganizational element's participation in these Business Area Focus \nTeams is reported to the DHS Management Council and monitored on a bi-\nweekly basis.\n    The development of an EA is an enormously complex process. The goal \nwas to produce a foundation for enabling DHS to make decisions about \nDHS investments immediately and to begin to direct its resources away \nfrom stove-piped, duplicative systems and move to interoperable, \nenterprise wide systems providing improved mission capability. Although \nVersion 1 of the EA is relatively conceptual in nature, it does provide \na foundation for implementation. As noted, DHS has been using the \nprinciples and transition strategy as a basis for beginning to redirect \nresources from current investments.\n    As we speak, DHS is working on Version 2 of the EA. This version \nwill include a transition plan that will be completed in June 2004. \nVersion 2 will continue to build on the hard work of the first version \nby developing greater detail, reaching deeper to find more \nopportunities for consolidation, and establishing a consolidated \nframework for meeting mission need.\n    One of the difficulties in expediting implementation of such a \nmajor change, such as EA, is the degree to which that change can be \nmanaged and accepted by an organization. However, DHS has already made \nsignificant progress in meeting the goals of the EA. We are well on our \nway to consolidating many of the management functions from each of the \n22 agencies, including financial and human resources systems.\n        <bullet> 19 financial management service providers were reduced \n        to 10\n        <bullet> separate contracting offices were reduced to 8\n        <bullet> 22 human resource offices were reduced to 7\n        <bullet> 8 different payroll systems were reduced to 3 and DHS \n        expects to reduce this to one by the end of the year.\n        <bullet> 22 property management systems have been consolidated \n        to 3.\n    These are just a few of the examples of progress. And it is clear \nwe still have a long way to go.\n    One of the first things we need to do is implement a full \ngovernance structure with enforcement authority to ensure that \ninvestments are aligned with the strategic goals. We have already made \nprogress in this area. This week the DHS Enterprise Architecture Board \n(EAB)is open for business. The EAB is charged with the responsibility \nof reviewing all investments for their alignment to our EA. What this \nmeans is that all investments going through the FY06 budget process \nwill have to demonstrate that it is achieving the goals of our \ntransition strategy and that it is aligned to the technology standards \nidentified in the EA. This will mean that the EAB will be responsible \nfor reviewing nearly 300 investments this year. That is a daunting task \nfor an organization.\n    Another area we could focus on to expedite the implementation is to \nincrease the number of working groups focusing on specific areas within \nDHS that support the DHS mission. Currently, DHS has the Resource \nManagement Transformation Office (RMTO), which is consolidating an \nenterprise solution for DHS administrative functions, such as \naccounting, acquisition, budgeting, grants, and procurement.\n\nDepartment-wide Information Technology Investments Budget Request FY \n2005\n    Information contributes to every aspect of homeland security and is \na vital foundation for the homeland security effort. My office has \nresponsibility for providing IT leadership that will foster best \nmanagement practices in managing IT, enhance efficiencies through \nshared-services and coordination of acquisition strategies, ensuring \nsystems are properly certified and accredited as secure, and being an \nadvocate for business transformation, all necessary toward ensuring the \nhomeland is made more secure. The leadership and funding provided \nthrough the Department's IT investments are crucial for maintaining an \nenterprise architecture that is fully integrated with other management \nprocesses, and for allowing DHS to participate in many E-Gov \nInitiatives.\n    The President's budget request for FY 2005 includes a request for \n$226 million for Department-wide Information Technology Investments. \nKey strategic issues in FY 2005 will be to build and expand upon the \nfoundational work completed in FY 2003 and FY 2004; to facilitate \nconsolidation of management function capabilities; to lead the \nimplementation of the Department's Enterprise Architecture; and, to \ncontinue to coordinate information integration efforts within DHS.\n    Included in the request is $95 million for Information Technology \nServices, a portion of which will provide funding for the Department-\nwide Geographic Information System (E-GIS) capability; to improve the \nDepartment's Enterprise Portal; this funding provides for continuation \nof the DHS Enterprise Architecture and planning; evolving the Financial \nManagement System, eMERGE<SUP>2</SUP>; and, development of the Human \nResources information technology solution.\n    Additionally the request includes $31 million for Security \nactivities, which will provide funding for continuation of the Homeland \nSecurity Information Technology and Evaluation program; and for \ncontinued support of terrorist information integration and sharing.\n    Finally, the FY 2005 request includes $100 million for Wireless \nCommunications, which includes funding for enhancement of the \nIntegrated Wireless Network (IWN) and Tech Ops Support. The Expanded \nIWN initiative expands to other DHS agencies the pre-existing Justice-\nTreasury IWN partnership established prior to the inception of the \nDepartment of Homeland Security (DHS), and which includes mobile radio \n(MR) and the application of emerging technologies as it pertains to \ndomestic law enforcement and counter/anti-terrorist operations \n(including missions in the U.S. Territories), tactical communications, \nlegacy systems support, and airborne and non-Coast Guard marine \ncommunications. It also continues the funding for the SAFECOM project.\n\nInformation Security\n    Since it's creation, the Department of Homeland Security has moved \nout aggressively to design and implement an Information Security \nProgram that will not only ensure compliance with all appropriate \nstatutes and regulations, but to also ensure that the entire Homeland \nSecurity community has a secure and trusted computing environment from \nwhich to operate. The heart of our reporting structure is built around \nthe congressional requirements expressed in the Federal Information \nSecurity Management Act known as FISMA. In order to effect a \ncomprehensive Information Security Program and in accordance with the \nprovisions of FISMA, I have designated a Chief Information Security \nOfficer (CISO) who manages and oversees all of the internal Homeland \nSecurity Department's Information Systems Security activities.\n    Due to the comprehensive nature of the FISMA reporting \nrequirements, and to avoid duplication of effort, DHS uses the FISMA \nreports to satisfy the annual requirement to verify to the Secretary \nthe status of the Information Security Program. Additional mechanisms, \nsuch as program briefings, status information and incident reports \nensure continuous visibility to the Secretary throughout the year.\n    The FISMA report details compliance with Federal laws and policies \nand DHS information security policies and standards. DHS is in the \nprocess of implementing enterprise management tools to ensure the \naccuracy and completeness of FISMA reporting across the Department.\n    FISMA requires each agency to perform for each program and system \n``periodic testing and evaluation of the effectiveness of information \nsecurity policies, procedures, and practices'' annually. NIST SP 800-\n26, Self-Assessment Guide for Information Technology Systems, is the \nrequired self-assessment guide required by OMB policy. This, self-\nassessment guide utilizes an extensive questionnaire (containing \nspecific control objectives and suggested techniques which the security \nof programs and systems can be measured. OMB's FISMA implementing \nguidance also requires agencies to maintain a Plan of Action and \nMilestones process that captures and tracks security weaknesses, and \nassociated corrective milestones.\n    I have selected a Commercial off the Shelf Product called ``Trusted \nAgent FISMA''. This is an automated enterprise based management tool \nthat maintains FISMA reporting data from all our components and their \nPOA&M's that will capture and track security weaknesses and associated \ncorrective milestones; in addition it will collect, process and store \nself-assessment information in accordance with NIST SP 800-26. We have \ndeployed this system throughout DHS and have generated our first \nquarterly report. We expect this to improve the timeliness and accuracy \nof our reporting as this information is available real-time to the \nSecretary and other cognizant officials.\n    With this tool we will be able to focus our compliance and as well \nas leverage the effort of the DHS Inspector General to corroborate the \naccuracy of the FISMA information and improve the compliance stature of \nthe department.\n    I thank you again for the opportunity to testify before you today \nand I am pleased to answer any questions you may have.\n\n    Mr. Thornberry. Thank you.\n    I will yield my time to the chairman of the full committee, \nChairman Cox.\n    Mr. Cox. Thank you, Mr. Chairman. I take it that you mean \nyou are simply postponing your own opportunity?\n    Mr. Thornberry. There may be another chance.\n    Mr. Cox. I hope you do not yield your time entirely.\n    I want to join in welcoming our witnesses, and thank you \nvery much for your leadership in the Department, for being up \nhere today, and for keeping us apprised of what you are doing. \nAs you know, we are keenly interested, in fact most members of \nthe subcommittee have been keenly interested in cyber as a \npriority since we were developing the Homeland Security Act in \nCongress. And we want to make sure that it gets all the \nattention that it deserves, and I know that you are doing that.\n    Let me begin by asking just what I hope is a trivial \nquestion. I am just trying to do the math in the testimony: \nThat the $79 million dollar request for cyber; of that, 75 \npercent is going to the program, 59.3. Then there was another \n8.7 that goes to outreach and public awareness, and 7 million \nthat goes to vulnerability assessments and reduction. That \nleaves, by my math, 4 million unaccounted for, and I just \nwondered where it went.\n    Mr. Liscouski. Sir, if you would permit me to get back in \nwriting on that so I can do the math myself, I am sure we can \nprovide to you the balance of where that $4 million is.\n    Mr. Cox. It may be undistributed overhead. I don't know.\n    Mr. Liscouski. I could look through this, but I would \nprefer to get back to you in writing, if I may, sir.\n    Mr. Cox. Okay. Given the important role, as you outlined, \nMr. Liscouski, in your testimony for the Computer Emergency \nReadiness Team, the CERT, the component of your efforts, how \nshould we assess the other watch centers within DHS? There are \nseveral of them. If we are interested in consistency and \noverall cyber spec reporting, shouldn't we be concerned? Or \nshould we welcome the fact that we have, for example, the IP \nNational Communications System operating a 24/7 \ntelecommunications watch center; we have also within IP \nCybersecurity Division operating a 24 by 7 cyber watch center; \nwe also have within IP the Infrastructure Coordination Division \noperating a 24/7 watch for physical and cyber reporting. We \nhave within IA a 24/7 Homeland Security Op Center with a \ndedicated cyber watch desk. We have Mr. Cooper, in your shop, a \nCybersecurity Incident Response Center. And, we have at Secret \nService a 24/7 watch operation for electronic crimes.\n    Mr. Liscouski. Sir, and thank you for the question. Let me \nget some clarity to the operations overall in terms of how the \nintegration of the watch centers is being performed.\n    The legacy organizations that came in to us from Secret \nService, from NCS that--and the Fed CIRC, that represent some \nof the watch centers you just articulated. With respect to the \nFed CIRC, the NCC, the ones we have created with the HSOC, I \nwill just quickly try to outline what those capabilities and \nmission requirements are and tell you how they are integrating.\n    The HSOC, the Homeland Security Operations Center is a 24 \nby 7 watch center that on behalf of DHS or at large it provides \nsituational awareness across all of our enterprise, across the \nentire United States, integrates information to ensure that we \nunderstand from all hazards what is going on at any given point \nin time. Information piped into that HSOC is analyzed, \nunderstood in the context of is it threat information, is it \nincident data? And then we share with the respective elements \nof DHS to ensure that the appropriate actions are followed \nupon.\n    In the context of other situational awareness types of \nwatch centers, the ICD, the Infrastructure Coordination \nDivision, is ultimately responsible for the coordination of \nactivities as it relates to infrastructure protection and \nmonitoring what is going on across all of our infrastructure \ncomponents irrespective of incidents.\n    The distinction there is ICD is going to be creating--I \nwill add one more acronym to you-- the NICC, the National \nInfrastructure Coordination Center, which is going to be the \namalgamation of all these watch centers. This is just an \nevolutionary process to the comment of not breaking it as we \nare building it. We do not want to denigrate the capability we \nhave with existing watch centers as we are building the one \namalgam capability that is going to respond to our situational \nrequirements, very large infrastructure protection, which will \nmean the incorporation of the NCSD's watch center, the NCC, the \nNational Communication Coordination Center, and other elements \nfor infrastructure coordination, all under the ICD.\n    The interconnectedness between the Homeland Security \nOperation Center and the NICC is paramount for us. We are \nlooking to augment the capabilities of the HSOC. We have NCSD \nand as well as other infrastructure protection components on \nthe HSOC which are responsible for doing incident management \nreal-time.\n    The reach-back capability to determine what the impact of \nan incident may be is going to be through the Infrastructure \nCoordination Division and, through that center, the NICC. And \nit is really reflective of the complex nature of all of our \ninfrastructure components. Instead of creating one gigantic \ncoordination center, we are really looking to leverage the \ncapabilities that we have established through DHS to ensure \nthat we have got the right expertise coming to the table at the \nright times to provide the answers as necessary.\n    So it is not a redundant capability, sir, it is clearly an \naugmentation of the capability, depending on what function they \nare serving at a given point in time.\n    Mr. Cox. But I heard in what you said that you also are \nanticipating further consolidation.\n    Mr. Liscouski. That is correct, sir. We are consolidating \nthe watch centers, the national, the NCS, the National \nCommunications System. The NCD's watch center will be \nincorporated into the NICC. That is correct.\n    Mr. Cox. How is my time, Mr. Chairman?\n    Mr. Thornberry. The gentleman's time has expired.\n    Mr. Cox. All right. I thank the CHAIRMAN.\n    Mr. Thornberry. Although the Chair is trying to be lenient.\n    The gentlelady from California.\n    Ms. Lofgren. Thank you, Mr. Chairman.\n    I have had a chance to--although I didn't have a chance to \nread your testimony, Mr. Cooper, I did have a chance to review \nyour comments to the House Government Reform Committee in \nOctober of last year. And in that testimony, you had given your \nfirst draft of the Department Enterprise Architecture Plan, and \nyou provided what I think you called a Quick Hit Project that \nyou thought could be accomplished within 6 months. And some of \nthose quick hits were integrating watch lists, network \nintegration, developing external information sharing strategy, \ncompleting a feasibility study on integrating Immigration and \nCustoms case management systems, and a number of others.\n    Now, we don't have teams of people auditing your \ndepartment, but I don't believe we yet have a unified watch \nlist data base. And the Inspector General has told us that the \nlack of an agreed-upon IT infrastructure prevents the Office of \nInformation Analysis Risk Assessment Division from \ncommunicating with State, local, and private sector partners, \nand that inhibits the exchange of information. And the IG also \nsays that there is concern that the IAIP lacks connectivity to \naccess sensitive data bases maintained in other Federal \nagencies, which hampered their efforts to conduct business. \nAnd, you know, you can't always believe what you read in the \npress, but Information Week has reported that your office has \nhad problems handing over and receiving secured e-mail.\n    Can you provide us with an update and where we are on all \nthe quick hits that you were going to get done by now?\n    Mr. Cooper. I can give you an initial update, and I would \nlike to also provide information in writing on all of the quick \nhits represented in the first release of enterprise \narchitecture. But let me address a couple that I think are \nvery, very relevant to the points that you made.\n    With regard to an integrated watch list and with regard to \ninformation sharing, the Secretary and the Deputy Secretary \nhave already initiated an information sharing program that is \nnow under way within the Department. The business owner is \nGeneral Frank Liboutti, who is our Under Secretary for \nInformation Analysis and Infrastructure Protection. Under his \nguidance, he has named a program director, and a team has been \nestablished that has already begun work in addressing how we \nwill move forward to better improve our connectivity and our \nability to put in place a two-way exchange of information with \nall of our stakeholders, both internal and external.\n    Ms. Lofgren. Can I interrupt to try to understand?\n    Mr. Cooper. Yes, ma'am.\n    Ms. Lofgren. So this information sharing effort is only \nwithin the Department? Does it include the FBI and those \nagencies that are outside the Department?\n    Mr. Cooper. Yes, ma'am. It will address the full national \nscope.\n    Ms. Lofgren. It will but it does not currently?\n    Mr. Cooper. It does not currently. We are in the early \nstages of formation, and the team exists and is now working \nthrough the various requirements for the different communities \nwith which we must interact.\n    Ms. Lofgren. When do you think that will be done?\n    Mr. Cooper. Our expectation is to hit the deadline set for \nus by Under Secretary Liboutti, and that means that we will \nhave a significant amount of this in place operational and done \nby the end of this calendar year.\n    I also want to highlight that in the quick hits we have in \nplace and operational what we are now calling our Homeland \nSecurity Information Network. We built off a program called \nJRIES, Joint Regional Information Exchange System, that is \noperational. It is in place. And we are rapidly expanding \nmembership in that system and as part of our Homeland Security \nInformation Network. In the next several months, we will expand \nfrom the current about 50 participating State, local, and \nFederal partners who are already connected to probably about \nfive times that number in the next several months. And, again, \nI will be more than happy to provide detailed program plans \nrelated to information sharing and building upon what is \nalready operational.\n    Ms. Lofgren. I see that I am just about to run out of time. \nBut I would like to get, I am sure every member of the \ncommittee would want, a report on each one of the quick hits \nand the current status. Before--I guess my time has completely \nexpired, so I will yield back to the chairman. I expect we will \nhave a second round.\n    Mr. Thornberry. I thank the gentlelady.\n    The gentleman from Nevada.\n    Mr. Gibbons. Thank you very much, Mr. Chairman.\n    Gentlemen, welcome to the committee. We are happy to have \nyou. Your information has been extremely helpful to us.\n    Cybersecurity is not new. It is something that not only \nyour agency but other Federal agencies have been working on for \ndecades in some cases. If you could help us better understand \nhow agencies like the NSA, National Security Agency, NGA, \nNational Geospatial Intelligence Agency, the CIA, the DOD, all \nof those other agencies' efforts have been or have not been, I \ndon't know what the answer will be, integrated into your effort \nin cybersecurity. How do you leverage their experience, their \nefforts, their work product over these many years to help you?\n    Mr. Liscouski. Thank you, sir. And there is a couple of \ndifferent perspectives on the roles and responsibilities within \nthose agencies and how they would integrate and how we partner \nup.\n    DHS has got a protective mission and the protective mission \nwe have in terms of looking at how we should best protect our \ncritical infrastructure, the partnerships that we have got \nthere clearly within the Intelligence Community and the NSA and \nthe DOD specifically are we actively leveraging those. We have \ngot a very strong partnership with NSA across a number of \nfronts. Up until just recently, until a recent transfer, the \nDeputy Director of the NCSD was in fact an NSA detailee, and it \nprovided tremendous opportunity for us to leverage the \nexperience that they have over the years of being able to gain \nan understanding of how to best protect those systems, and we \nare actively looking or looking forward to his replacement to \ncome on board very shortly. Similarly, within DOD, who also has \na protective mission for their dot-mil domain, we partner up \nwith the Joint Task Force For Computer Network Operations. We \nhave a very robust exchange of information between our US-CERT \nand their operations center. We have got very good personal \nrelations as well as operational relationships with that \nagency.\n    On the offensive side, clearly within the domain of that \nrealm, I speak at a very high level here, we are able to \npartner up with CIA and other Intel Community efforts to \nunderstand how they best look at their offensive mission to \nunderstand how we best need to look at our defensive mission \nbased upon what the capabilities are out there.\n    On the intel side, in terms of the threat assessments, as \nyou may know, through our Information Analysis Office we use \nthem as the portal back into the Intelligence Community. We \nregularly drive requirements into the Intel Community to better \nunderstand how we can best protect our networks and our \nNation's infrastructure from cyber threats.\n    So it is really a multifaceted approach. I would say it is \nhighly integrative from the standpoint of either through \npeople, exchange of people, or through active exchange of \ninformation.\n    Mr. Gibbons. Very quickly, who establishes the standards by \nwhich you integrate and take advantage of all of these multiple \noperations? Is there a common standard which is being \nestablished, and are you part of that? Do you control it, or is \nsome other agency in control of the standard and definitions \nabout how this cybersecurity program that you just described \ntakes place?\n    Mr. Liscouski. Well, we have got the benefit of the \nHomeland Security Presidential Directive 7, which was signed by \nPresident Bush on December 17th of 2003, which provides us the \nframework for integration of all of the--real large for \ninfrastructure protection, not just for cyber, to ensure that \nwe have appropriate roles and responsibilities laid out for \nthat protection. We are actively engaged in framing out not \njust the strategy but the implementation of that strategy. It \nis a work in progress as we develop the plan we are \nimplementing. But we are able to negotiate with respective \nsister agencies in the Federal Government as well as State and \nlocal and the private sector to understand how we have to, \nagain from the total infrastructure protection picture, flesh \nout the responsibilities. Who is going to do what? What \nprograms are necessary to be done? Where the gaps are? And, \nmost importantly, from the perspective of outcomes, how do we \nmeasure the outcomes to ensure that we have effectiveness? That \nfalls under the auspices of HSPD-7. I have direct \nresponsibility for that. I have got a program office in my \noffice to do this, and we are actively engaged in fleshing it \nout.\n    Mr. Gibbons. One final quick question. What degree does the \nDHS enterprise architecture plan to marry up with the Federal \nenterprise architectural efforts as well?\n    Mr. Liscouski. I will defer to Mr. Cooper for that. But I \nwill just, as a segue into that, is we are wholly dependent on \nMr. Cooper's efforts to provide us the backbone enterprise \narchitecture for our operations.\n    Mr. Cooper. It is aligned. Even before the Department was \nformed, we actually began working with the Federal enterprise \narchitecture framework to both work with Dr. Haycock, who was \nguiding the charge under Norman Ranscript of the Office of \nManagement Budget, and we have continued that relationship \nsince. So it is very much alive.\n    And in those business areas that are critical to Homeland \nSecurity, we become, if you will, the lead agency. So as the \nwork we do to populate the business processes, the \ninformational requirements and then supporting technology, that \nflows into the Federal enterprise architecture.\n    Mr. Gibbons. Thank you, Mr. Chairman. My time has expired.\n    Mr. Thornberry. I thank the gentleman.\n    The gentlelady from the Virgin Islands.\n    Mrs. Christensen. Thank you, Mr. Chairman, and I would like \nto welcome our two witnesses, also.\n    Mr. Cooper, do you feel that your office has the sufficient \nauthority to drive IT integration within the Department of \nHomeland Security, even though you don't have direct line \nauthority over divisional chief information officers? And, if \nnot, is there anything that we can do to strengthen that \nposition, the position you hold within the Department of \nHomeland Security?\n    Mr. Cooper. What I have done is to have created a \nDepartment of Homeland Security CIO Council, which is comprised \nof all of the named or titled CIOs who came into the Department \nwith their respective agencies that now comprise the full \nDepartment. Additionally, I have asked the Chief Financial \nOfficer and the Chief Procurement Officer to participate with \nus as full members of that council. Together, we have been \nparticipating in the investment review process of the \nDepartment. That is under the guidance of the Under Secretary \nfor Management and Under Deputy Secretary Loy. I believe that \nin concert we have been appropriately bringing forward the \nproper recommendations, the proper decision-making framework so \nthat we can make adjustments, if necessary, in some of the \nalignment that we inherited with regard to legacy applications \nand/or infrastructure investment. We will continue to learn, we \nwill continue to grow, we will continue to refine these \nprocesses as rapidly as we can.\n    Mrs. Christensen. And to what extent also does your office \ninteract with other Federal agencies outside of DHS?\n    Mr. Cooper. I personally participate in the Federal CIO \nCouncil. So there are regular meetings. I am also a member of \nthe Executive Committee of the Federal CIO Council. We draw \nupon the Federal CIO Council for a lot of that interaction. \nAdditionally, our Chief Technology Officer and our Deputy Chief \nInformation Officer are also members of that committee. So the \nthree of us participate very actively.\n    Mrs. Christensen. Do you provide standards for the other \nagencies that are outside?\n    Mr. Cooper. My office actually does not provide standards \nfor other Federal agencies. But let me give you a real example \nof how it works. We, like other Federal Cabinet agencies, \nreceive the direction and guidance that are set by Mr. \nLiscouski's area of responsibility, and we then apply, as all \nFederal CIOs would do, we apply that guidance and those \nstandards, those accompanying standards within the Department \nof Homeland Security.\n    Mrs. Christensen. Assistant Secretary Liscouski, last week \nwe had a briefing from two of the private infrastructure \norganizations, the financial and telecommunications sectors. \nCould you tell us how your office interacts with the private \nsector? And early on, in the early days of the Department there \nseemed to be not an easy relationship, or there were problems \nthat needed to be resolved. Could you talk about the \nrelationship within your office and those private sector \nagencies?\n    Mr. Liscouski. Yes, ma'am. We have a very aggressive \noutreach program with the private sector, and you are \naccurately portraying the relationships in the beginning. The \nlegacy relationships that we inherited from the PDD-63 effort \nthat ultimately authorized the establishment of the ISACs, the \nInformation Sharing Analysis Centers, didn't allow for \nsufficient leadership and engagement at the private sector \nlevel to allow them to mature to a level of capability that \nwould ensure that we had robust information sharing going both \nhorizontally across information or industries as well as \nvertically back up to the government.\n    The first couple of months we were engaged with the private \nsector, we actively looked at that model to see how we could \nbest leverage it, and the first part of that was to determine \nthe validity or the value of those information sharing analysis \ncenters. And I can tell you from my private sector experience, \nI looked hard at the efficacy of that effort.\n    To be candid with you, when I looked real hard at it. I saw \nthere was a lot of opportunity there that we could leverage \nvery well into a success story by enabling and empowering the \nprivate sector through the ISACs to develop their horizontal \nrelationships, how they integrate and how they collaborate \ninformation. And that was the road that we embarked upon to \nensure that we could establish that.\n    We have got a very good story to tell. I hope you heard \nthat last week between the FS ISAC specifically.\n    Mrs. Christensen. What exactly is your current relationship \nwith the ISAC Council?\n    Mr. Liscouski. Well, we have got an excellent relationship \nwith the ISAC Council. They have stepped up to the leadership \nplate and they have provided what has been necessary and has \nbeen previously missing with the private sector, and that is \nthe private sector leadership going back down into the private \nsector. They are actively engaged with my office both through \nthe Infrastructure Coordination Division, which is responsible \nfor managing ISACs and funding ISACs, as well as directly \nthrough my office I actively engage with them minimally once a \nmonth on a council level and much more frequently on an \nindividual level. So I think we have got a very robust and a \nvery successful story to tell as it relates to our private \nsector partnership there.\n    Mrs. Christensen. Thank you. I think my time is up.\n    Mr. Thornberry. I thank the gentlelady.\n    The gentlelady from Washington, the Vice Chair of the \ncommittee.\n    Ms. Dunn. Thank you very much, Mr. Chairman, and welcome, \ngentlemen. It is very interesting as we begin to tie some of \nthese responsibilities together to get a clear view from your \npoint of view on how things are working.\n    Secretary Liscouski, in your written testimony and in your \ntestimony before our panel today, you identified a couple of \nmajor steps in your management methodology that were \ninteresting to me. One was the identification of critical \ninfrastructure. Another was the assessment of vulnerabilities. \nI am especially interested in knowing how you work together \nwith local government bodies and State government bodies and \nthe private sector, what kind of input they have into these \nassessments, and whether they have a direct pipeline to you to \nknow what you decided on.\n    Mr. Liscouski. Yes, ma'am. Thank you, and I appreciate the \nquestion.\n    As I pointed out, our partnership with the private. \nsector--and coming from the private sector, my bias is that we \nhave to work closely with the industry to determine what they \nbelieve their priorities are, and we have to normalize those \npriorities with what we believe are our national level \npriorities.\n    We accept ready input from both the private sector, the \nassociations and, importantly, the State and local and tribal \ngovernments to ensure that we have got their perspective on \nwhat has to be protected and how it can best be protected. We \ndevelop common vulnerabilities assessments, common best \npractice methodologies, which are vetted through our State and \nlocal and tribal contacts as well as the private sector to \nensure that we have got, in terms of our achieving \ninfrastructure protection at large, consistent, effective, \nsustainable, and measurable capabilities and results across all \nof our critical infrastructures.\n    Now, as a general statement, I will tell you that we are \nsucceeding in that very well. The methodology that we have \noutlined is that, at a national level, is scalable right down \nto an individual company level. It is the type of methodology \nwhich is being adapted to ensure that we help the industry at \nthe single entity level as well as those that are highly \ninterconnected to ensure that we can identify those \nvulnerabilities, the assets that need to be protected, the \nvulnerabilities, and the appropriate levels of programs.\n    The reason integration is so important to us, not just \nwithin the Infrastructure Protection Office as it relates cyber \nand physical, but clearly as it relates to State and local \ninvolvement, is because these efforts cannot be done \nunilaterally. The private sector cannot afford to protect \nitself nor does it have the wherewithal to protect itself that \nthe State and local governments do in their law enforcement and \nprotective authorities. So all the programs that we have \ndeveloped and designed have been in collaboration and \ncoordination with all those stakeholders to ensure that we have \nboth a rational approach and an effective approach, and one \nwhich is dynamic enough to be molded against the current threat \nat any given point in time.\n    As you know, it is a very dynamic threat environment, so it \nis a work in progress. Clearly, the engagement we have with the \nprivate sector, we are constantly being fed with new \ntechnologies and new ideas on how to best implement programs \nthat can be effective. At the end of the day, it is the private \nsector who is responsible for ensuring that they are doing what \nthey need to be doing to protect that critical infrastructure. \nSo we have a significant effort there.\n    Ms. Dunn. The State and local governments are satisfied \nwith the relationship they have with you?\n    Mr. Liscouski. At a general level, I would say they are, \nbut as everything, I think there are different opinions.\n    We have clearly a lot of room for improvement across the \nboard. We are not satisfied with where we are today. We are in \nthe very early stages of building this program. It is a long-\nterm approach, but I think we are satisfied with the approach \nwe are taking.\n    Over the recent holiday threat period, we were actively \nengaged, and I am sorry to see Mr. Gibbons go because I had the \nopportunity to be out with Mr. Gibbons in Las Vegas during that \nperiod of time in which we had very robust meetings with the \nprivate sector, State and local governments. To be candid with \nyou, I wasn't quite sure what kind of reception we were going \nto get, but we worked through many very difficult issues and \ncame up with some very successful solutions to a response of \nthat holiday threat period; and I think it is representative of \nthe types of efforts we have out there that do tell a good \nstory.\n    Ms. Dunn. That is good.\n    I think it is very useful that both of you have been in and \nout of the private sector, so you understand the value of what \nthey can contribute and the kinds of communications that they \nneed in order to be part of this whole thing. I think it makes \nus all stronger.\n    Let me ask you, Mr. Cooper, one question. The enterprise \narchitecture team that you have started is going to come up \nwith a plan to connect networks within the Department of \nHomeland Security. At the same time, you have new programs \nbeing started up, like U.S. VISIT. Do you believe that you are \nin contact with them to the extent that you know what sort of \ninformation-sharing requirements they have and is it working \nwell together?\n    Mr. Cooper. Yes, ma'am. I am actually a member of the \nexecutive advisory committee of U.S. VISIT in that specific \nexample and also participate in the advisory committees of all \nof our major programs. We are deliberately looking for major \nprograms to leverage whatever capability is being established. \nFor example, within U.S. VISIT, as we roll out new biometric \ncapability at the borders and ports of entry, that requires \nsome new underlying infrastructure. We are actually leveraging \nthat new investment as part of the U.S. VISIT program to ensure \nthat infrastructure enhancements that we are making become the \nfoundation of the direction that our infrastructure requires \nand--as represented in our enterprise infrastructure \narchitecture.\n    We are doing the same thing with Customs and Border \nProtection's ACE program. We are leveraging the legacy \nImmigration and Naturalization Service's Atlas program for \nwhich there is appropriated funding to better establish \ninfrastructure, and we are working to coordinate all of those \ninvestments within our enterprise architecture activities.\n    Ms. Dunn. Are you going to be able to get the FBI and CIA \nto come together so the U.S. VISIT can use their information in \na way that is consistent?\n    Mr. Cooper. I am confident we will do that. I am afraid \nwhere we might have a difference of opinion is the timing that \nit might take.\n    Mr. Thornberry. So the question is, are any of us going to \nbe alive when it happens?\n    Gentleman from North Carolina.\n    Mr. Etheridge. Thank you, Mr. Chairman, and let me thank \nyou gentlemen for being here this morning.\n    Mr. Cooper, I know--I think a question has been asked in \none way on the testimony previously before the Government \nReform Committee, and let me go back to that and ask my \nquestion a little different way, to some extent on the same \nsubject as it relates to the 18 projects. Let me talk about two \nof them and one very specifically, I think, because right now, \nas you are trying to pull these together, and I guess I am very \ninterested in particular--first, as you talk about the State \nand local industry needs survey, what do you hope to gain and \nwhat is its status is what I would like to know.\n    And let me go to another one that is very specific that I \nknow my office and, I assume, many offices have problems with. \nThis is an ongoing problem of getting information out of the \nCitizens Immigration Services, or CIS, because for my \nconstituents they are constantly blaming the computer system. \nWe call them, and they keep saying it is the computer system's \nproblem. Well, garbage in, garbage out. You know what I am \ntalking about in computer language.\n    And I am very interested in hearing about the feasibility \nstudy on integrating immigrations and Customs case management \nsystems. Specifically, don't we need to fix the immigration \ncomputer problems first before we integrate those with Customs? \nBecause if we don't get them fixed and integrate them, we are \ncompounding the problem. I hope you will help me understand \nthat so I can share that back with my staff who are quite upset \nabout it.\n    Mr. Cooper. I understand. Let me take them in reverse order \nof your question. Let me go ahead and address citizenship and \nimmigration services.\n    First, I do agree and the approach we are taking is exactly \nas you described. We have done a couple of things very \nactively. First we have--.\n    Mr. Etheridge. Can you give me a time line as to when we \nwill have it fixed?\n    Mr. Cooper. I will give you our current working targets of \ntiming. The first thing that I had done is I have worked \ndirectly with Director Aguirre and his staff. We have named a \nCIO in Citizenship and Immigration Services. That individual is \nalready on board and working directly with his staff and \ndirectly with the program folks to first, as you properly point \nout, to fix the problems with both the process as well as the \nunderlying information technology that supports those \nprocesses.\n    They will address, first, developing and reengineering any \nof the processes that they find to be inefficient or lend \nthemselves to optimization. Only until that work is done will \nwe then move forward to integrate with other component parts of \nthe organization.\n    So we are following your advice. We are fixing the problems \nfirst, streamlining process, understanding requirements, \nunderstanding the information necessary to support those \nprocesses; then automating within CIS, then integrating. And \nthere is opportunity to integrate in that case management \narena.\n    We have also ongoing an integrated consolidated case \nmanagement effort that is at the very beginning so that the CIS \nfolks, who are developing the work that I am just describing to \nyou, are also part of a larger interdepartmental working group. \nAnd then, in turn, we also have reached out to other Federal \nagencies, like the Department of Justice or the Department of \nEnergy, who have automated solutions in place to then evaluate, \nmight there be an already existing solution that we could reuse \nthat we could bring to bear? And the goal is to optimize, \nstreamline and modernize, but don't necessarily build all this \nstuff from scratch because we are suddenly a new department.\n    Does that give some guidance.\n    Mr. Etheridge. The time line?\n    Mr. Cooper. Here, again, we are moving forward. The time \nline to address the backlog is 6 months, the target that \nDirector Aguirre has given us to direct the backlog and a lot \nof the cases kind of pending, from roughly this time period.\n    Another way of thinking about that is that our goal is to \naddress this and have real solutions on the ground and to have \ncleared that backlog as fast as we can. But Director Aguirre's \ndirection to me and to my team is help us do this by the end of \nthe fiscal year.\n    Mr. Etheridge. October 1?\n    Mr. Cooper. Six months, that is the target, this fiscal \nyear.\n    Very quickly, in the State and local information sharing, \nthat type of thing, as part of the program that I mentioned to \nyou that Under Secretary Libutti is guiding, as part of that, I \nactually have been working along with several of our other \ncolleagues and leaders within the Department, particularly the \noffice of State and local government.\n    We actually have been reaching out through the National \nAssociation of State CIOs and through a number of larger city \nCIOs, my office and me personally. We have been exchanging \ninformation. We have been working to better understand the \nrequirements for information sharing from State and local and \ntribal government and from members of the first responder \ncommunity. We are doing that not only through my office, but \nwhen we have something like Project Safecom which is also \nreaching out on the interoperability issue. That is how we are \ngathering requirements. We are then taking those and applying \nthem and sharing them within the Department and working \ntogether within the Department and State and local partners to \nput solutions on the ground.\n    Mr. Etheridge. I know my time is up. Is that sharing a two-\nway sharing?\n    Mr. Cooper. It is a two-way sharing. In fact, we require \nthem to guide us. We can't see the requirements from the \nFederal environment. We are dependent upon them to provide \nlocal requirements.\n    Mr. Etheridge. In a lot of cases, they are really our eyes \nand ears for those people who don't have the data.\n    Mr. Thornberry. I thank the gentleman for his good \nquestions.\n    The gentleman from New Jersey.\n    Mr. Andrews. Thank you, Mr. Chairman. I would like to thank \nour witnesses for their testimony this morning and for their \nservice to our country. I know they do it at some considerable \nsacrifice.\n    The first thing I thought about last August when I heard \nabout the blackout that was rolling across the northeast United \nStates was whether it was an accident or whether it had been \ndeliberately caused.\n    Let's assume--and happily all the evidence from that is \nthat it was an accident. Let's assume that, this morning, a \nutility company in Wisconsin found evidence that someone was \nhacking into their system with an apparent attempt to bring \ndown the system and bring down the grid. How would you find out \nabout that?\n    Mr. Liscouski. We learned a lot from the blackout, sir, and \nthe processes we established with NCSD and through IP in \ngeneral, particularly as it relates to situational awareness \nduring that blackout period served us very well. For \ninstance--.\n    Mr. Andrews. Not to interrupt, but if that happened this \nmorning, who would tell you?\n    Mr. Liscouski. What we learned in the blackout period was \nthe processes we put in place at that time were exactly the \nsame processes we would learn from an event similar to the \nhypothetical you just provided. We work with FERC, NERC in \nparticular, which is the North American Electrical Reliability \nCouncil, which establishes the ISAC management point for our \nrelationships with all the private sectors that relate to the \nelectric utility companies. They have a very robust capability \nand the communications across the grid to pick up on incidents. \nMost likely, that would be the first indication for us \nreporting back from the private sector back into the ISAC, \ndirectly back into DHS about any activity like that.\n    Mr. Andrews. Would the utility company be required to tell \nyou this, or just do it as a matter of good practice?\n    Mr. Liscouski. There is a requirement--and I am getting a \nlittle bit out of my lane here as it relates to the regulatory \nrequirements set forth by both the FERC and the NERC, FERC in \nparticular; but I believe that there is a requirement to report \nthose outages, but I can't specifically cite the authorization \nfor that regulation.\n    Mr. Andrews. I know this is probably an unknowable answer, \nbut give me your best guess.\n    How long would it take between the discovery of the \nintrusion by the utility company and report of the intrusion to \nresponsible authorities within your division?\n    Mr. Liscouski. There are a lot of dependencies on that \nchain--in the chain of that reporting. The first indication \nwould be the robustness of that particular enterprise that \nmight be under attack to detect an attack. In some cases, it \nmight be a failure that might be the first indication of an \nattack. Where there is more robust capability, they are doing \nnetwork monitoring and there are standards that have been \nsupplied by NERC for implementation for cybersecurity, \nparticularly resulting from the blackout example that would \nallow a utility company to be able to detect what is going on \nand therefore report it.\n    It depends upon the magnitude of the type of attack, their \ncapability to detect that.\n    Mr. Andrews. I think I just heard you say that your ability \nto know would be very dependent upon the robustness of the \ndetection system the utility company has in place. So if they \nhad a weak system in terms of detection, you all might miss it \nall together?\n    Mr. Liscouski. It really depends upon the type of attack. \nIf it is a very specific attack against a specific company, a \nutility company or any other company that might be on the \nInternet, specifically targeting them, there are a couple of \npoints we might be able to get information from, a, from the \nISP which might be monitoring network activity that might see \nan increase of traffic to a specific IP address that might \nresult in a denial of service for instance. The IP could report \nit to us, the target company could report it to us; it really \ndepends upon the scenario. It is not easy to come up with a cut \nand dried answer to say, yes, it can happen, or no, it can't \nhappen.\n    Mr. Andrews. Let us assume that the information was \naccurately reported and let us further assume that there were \ntools at your disposal that would stop the spread of the \nproblem, that you could wall off other parts of networks and \nother parts of systems to protect other parts of the power \ngrid. And let us assume that your best experts in your \ndepartment said that is what you ought to do.\n    Do you have the authority to tell people to do that or not? \nDo you have the authority to tell the other people in the \nutility system that they have to follow those prescriptions or \nnot?\n    Mr. Liscouski. Taking the example, in partnership with the \nDepartment of Energy with whom we have--and the FERC with whom \nwe have a strong relationship in the protection of critical \ninfrastructure, by extension, I would say we have the authority \nto initiate that activity.\n    The actual execution of that authority would be with those \nrespective regulatory agencies that have that specific \nlegislative authority. But in terms of taking an action and \nprescribing a specific action, going back to the earlier \nconversation I had about the HSPD7, we are exactly in the \nmiddle of framing out those roles and responsibilities and how \nwe would broker those relationships.\n    Mr. Andrews. What I think I just heard you say was that if \nyou detected the attack and if you had a clear recommendation \nas to what to do about it from your experts that you would have \nto have some cooperation from the Department of Energy to \nexecute the solution, right?\n    Mr. Liscouski. I think it is more appropriate at the FERC \nlevel.\n    Mr. Andrews. You would have to have some cooperation from \nFERC and there are other regulatory bodies that might have some \nflow in this, too. The Nuclear Regulatory Commission might have \na hand in it?\n    Mr. Liscouski. They might.\n    Mr. Andrews. I raise these questions not just to paint an \ninteresting hypothetical, but I think we have a lot of \ntechnological issues, and we have a lot of very smart \ntechnological people to address them; but I think fundamentally \nwe have a management problem, an analytical problem. And the \nanalytical problem is, who is in charge when we have a crisis?\n    I don't pretend to have an answer, and I don't advocate the \nanswer that government be in charge of private enterprises in \nthese circumstances. I don't want to see that. But we need to \nthink through, ``we,'' the committee, the administration, \neveryone, these protocols, because we don't have a lot of time \nto make these decisions. And even if we have honed the \ntechnology to the point where we know what is going on, and we \nhave some good ideas what to do about it, we have created \nconfusion or dysfunction--you haven't--as to who is in charge \nof what.\n    Mr. Liscouski. I don't think that is the appropriate \ncharacterization. I think we have good leadership. I think DHS, \nthe brilliant part about the creation of this department is it \ndoes pin leadership responsibilities on the Secretary in \nworking through the relationships we have with sector-specific \nagencies. It may not appear to be a direct line of authority, \nbut there is a clear line of communication that--we got \nactivity going, and we have plenty of examples over the recent \nthreat periods of how we have exercised that authority in \ncooperation.\n    Mr. Andrews. Can the Secretary order utility companies to \ndo what your folks would say they should do?\n    Mr. Liscouski. I feel pretty confident we can exercise the \nnecessary actions we would need to get to get the appropriate \naction at that level. We have a cyber IIMG, Interagency \nIncident Management Group, that was stood up subsequent to the \nlive wire exercise that took place this past fall in which the \nlesson there was that we need a cyber response. We quickly \ncreated that capability.\n    I am confident, sir, that we have the leadership that we \nneed. Do we need to refine that and figure out how we do it \nbetter? Absolutely.\n    Mr. Andrews. I realize my time is up. I am not in any way \nimpugning the leadership capabilities of people in these jobs \nnor am I doubting our competence to do them. What I am \nwondering about is because of the relative infancy of this \ndepartment whether a--knowing bureaucratic turf battles to be \nwhat they are, if we were find ourselves mired in a \nbureaucratic turf battle at a time that we had to make some \nvery quick decisions, I think it behooves us to answer those \nquestions in advance so people know clear lines of authority.\n    Mr. Liscouski. We are actively engaged in looking at those \nlines of communication. I would be happy to come back and talk \nto you about that. I wouldn't want you to leave this committee \nroom thinking that we haven't thought about that or we haven't \ntaken activity on that.\n    Mr. Andrews. I certainly don't think. I think we \ncollectively need to think more about it and establish clear \nlines of authority.\n    Mr. Thornberry. Gentleman from Rhode Island.\n    Mr. Langevin. Thank you, Mr. Chairman.\n    And, gentlemen, thank you for being here. I would like to \ntouch on a couple of areas that have already been touched on \nthis morning, first, dealing with JRIES and the second dealing \nwith outreach to private industry.\n    First of all, can you tell us about the relationship \nbetween JRIES and RISSNet? Those people who may not be familiar \nwith it, that is the Regional Information Sharing Network used \nby law enforcement. It is a highly effective tool for \nintelligence sharing and obviously it is a proven entity.\n    It was my understanding that JRIES was supposed to partner \nwith RISSNet, but evidently that has not happened. And, in \nfact, from what I understand, RISSNet has been sidelined by \nDHS. So I would like to ask why it seems that you are pushing \naside a proven system for a brand new one.\n    Second question for Secretary Liscouski: Last week I had a \nmeeting with the IAIP directorate's enterprise architect \nJonathan Houk and a company from my district, Ibis Consulting, \nto discuss how DHS is tapping the vast amount of expertise \nresiding in the private sector. And I was pleased to hear that \nhe is trying to leverage industry resources as much as possible \nin setting up IAIP's enterprise architecture, which is still \nobviously in the planning stages.\n    But aside from Mr. Houk's efforts, I would like to hear \nmore on how effective DHS has been in forging industry \npartnerships. And I would like to hear more from you and Mr. \nCooper about DHS's policies and guidance concerning industry \noutreach, if you would take the RISSNet question first.\n    Mr. Cooper. Let me address that for you, sir.\n    You are correct in that there was a period of time where \nthe communication between the two programs was not occurring \nand was not anywhere near as effective as I think both groups \nand DHS want it to be. Much more recently, myself included, we \nhave gotten that back on track and the RISS.Net team has met \nwith the JRIES team and the program director to reengage and to \nactively build upon the work that RISS.Net has already done and \nto rapidly map into our homeland security information network, \nwhich is now what JRIES is evolving into as far as a label. It \nis a broader scoping. And that change in title properly \nreflects the broader scoping on behalf of DHS. So I do \nacknowledge that there was a temporary delay. We didn't have \nthe effective communication. We believe very strongly that now \nhas been corrected and I know that as of last week, there had \nbeen more recent meetings between the RISS.Net team and the \nJRIES team to move this forward.\n    Mr. Langevin. I am encouraged to hear that.\n    Mr. Liscouski. Sir, with respect to the private sector \noutreach program, we have it in many dimensions. Let me address \nthe cyber one since that is the focus of this panel or meeting \nthis morning.\n    Mr. Yannis has taken a very aggressive approach in \nestablishing private sector partnerships. The first event that \nhe participated in was the cyber summit back in December in \nwhich we were actually able to announce and get him engaged in \nthe private sector outreach program. But subsequent to that, \nthere have been a number of initiatives that he is engaged in. \nThere is a US-CERT, private sector partnership program. They \nare on daily watch calls with the private sector either \ndirectly with private sector entities or through the ISACs. The \ntask forces that have result from the cyber summit are also \nreporting back and are actively engaged with the NCSD in \nproviding information and recommendations about how they can \ninfluence best practices throughout the industry.\n    Across infrastructure protection, we have traditionally \nhave had--traditionally, in a year, if you can establish a \ntradition in the year, we have had active engagement with the \nNSTAC, the National Security Telecommunications Advisory \nCouncil, which is a presidential council established through \nthe NCS; the NIAC, National Infrastructure Advisory Council, \nwhich was established through the legacy organization of the \nCAIO. Those are things we are actively engaged with.\n    The Homeland Security Advisory Council, which was \nestablished by the Secretary, has its own subcouncil, the \nPrivate Sector Advisory Council, with whom we are actively \nengaged. They represent, really, leadership of industries at \nthe top level, at the CEO level, with whom we both exchange \nideas and get influence from, again, the ISACs themselves \nacross all the infrastructure components.\n    The private sector component is one in which I personally \ntake an active leadership role, ensuring that we have got the \nright things going on there. We look for every form possible to \nensure we get both feedback as well as getting our message out \nthere. And importantly, when we get the feedback, it is, what \ndo they believe they need to be doing to better protect our \ncritical infrastructure; and we take that feedback into our \nthinking about how do we develop programs, realistic, going \nback to the consistent, effective, sustainable and measurable \ntypes of approaches we try to take.\n    I could, frankly, better take the remaining time here to \ntalk about the different types of relationships and I would \nlike to address something specific if you have it.\n    Mr. Langevin. Can you talk about your interaction with \nsmall business? Very often they are the innovators and \nentrepreneurs that are out there at your basic level that have \na product they believe can fill a niche. This is what happened \nwith Ibis Consulting, and I put them in touch with the right \npeople.\n    But how easy is it for small business to reach someone at \nDHS and get some type of an answer or an action?\n    Mr. Liscouski. There are two parts to that question.\n    From a protection standpoint, we actively reach out to \nsmall businesses through our partnerships with our private \nsector outreach office, Mr. Al Martinez-Fonts, who you may know \nis a Special Assistant to the Secretary. His office is \nresponsible for ensuring that we don't let any business fall \nthrough the cracks if they are not represented by a specific \ninfrastructure sector themselves, so leveraging partnerships \nwith U.S. Chamber of Commerce, for instance, or other industry \ngroups to reach out to those small businesses to get the word \nabout how to best protect themselves.\n    I was a small business owner and I am a staunch believer in \nwhat they add to the economy. That is the growth engine for the \neconomy. We are very interested in protecting them. In terms of \noutreach and ways they can actually do business with us, I will \ndefer to Steve, but the reality is we have a number of \nmechanisms by which companies can reach DHS.\n    Mr. Cooper. We have specific focus on small--and medium-\nsized businesses. My office works very closely with Kevin \nBoshears, who is the Director of our Office of Disadvantaged \nand Small Business Utilization; and we have actually, with his \nguidance, established some programs to flow and to make \nintroduction connections with small businesses, in particular \nwith my office.\n    I have named a Special Assistant For Industry Liaison, Tom \nBold, and Tom has developed a program that then, in addition to \nKevin's guidance to us, we have established a Web site that \nallows small businesses, medium-sized businesses--any business, \nbut we are trying to focus on small and medium-sized \nbusinesses--to make their products and, services with specific \nareas they believe that they can help us address some of the \nbusiness problems and challenges that we face, known to us.\n    We have--I personally, along with my team, have met with \nmore than 3,000 businesses in the past year. We are trying to \nmeet as many and talk with as many people as we can. We feel \nvery, very strongly, and I have publicly spoken about the fact \nthat we inside the Department don't have all of the technology-\nenabled answers. We are dependent upon a very cooperative, \ncollaborative partnership with industry, particularly small--\nand medium-sized businesses where a lot of the innovation does \noccur.\n    Mr. Langevin. I am encouraged by your answer.\n    Mr. Thornberry. I thank the gentleman.\n    Mr. Liscouski, let me try to see if I can ask a series of \nquestions related to the national strategy to secure \ncyberspace, which the administration issued just before the \nDepartment really was up and running. But it still seems to me \nthat to offer a good blueprint on the issues we need to be \nconcerned about with regard to cybersecurity; and what I would \nlike to do is go through some of the things they said we need \nto work on and have you just at least give us the name of a \nprogram or an effort. We can't get into the details of this \nstuff, or we will never get anywhere, but I am trying to get a \nfeel, over the last year, how much progress have we made.\n    The first priority, as you know, is the National Cyberspace \nSecurity Response System. That is the first priority in the \nnational strategy. And then they talk about public-private \narchitecture for responding to national level cyber incidents. \nThe first specific under that is analysis, tactical, strategic, \nand vulnerabilities.\n    Are we doing those things? Are we analyzing those cyber \nattacks?\n    Mr. Liscouski. We are, sir.\n    Mr. Thornberry. Do you do that or does IA do that; or does \nthe Cyber Division, which is under you, do that? It says \n``analysis,'' so how does that work?\n    Mr. Liscouski. Let me take the first part of what we are \ndoing, and I will tell you how we are doing it. There are a \nnumber of efforts that we have got under the priority one; the \nfirst--and no order of ranking here, just to give you the \namalgamation.\n    There is the critical infrastructure--I am sorry, Computer \nIncident Interagency Management Group that I referred to \nearlier, first part of our response system. There are the \nalerts that we put out through the cyber alert system, as well \nas the efforts we are taking to build our national watch \ncapability. We have got a--one effort dedicated to network flow \nanalysis and situational awareness, and we have got our C1 \nproject, which is our secure and survivable communications.\n    But who does the analysis that is aggregated among these \ntypes of efforts is a combination of--we work closely with our \ninformation analysis colleagues. The unique thing is, you know, \nabout IAIP as we are joined at the hip. We both are resources \nfor each other. In the context of threats, IA has the \nresponsibility of providing us with threat information and that \ncan then be mapped over to vulnerabilities. The technical \nexpertise to understand how those threats can manifest \nthemselves and those vulnerabilities, particularly in the cyber \nworld, is found in the NCSD.\n    So analysis occurs across the soft center of IAIP if we \nlook at where really the heart of what the IAIP organization is \nproviding in terms of value to DHS.\n    I don't mean to be overly complicated about this, but there \nis analysis on both sides of that equation. So as it relates to \npriority 1, we have a very distinct role from the NCSD's \nperspective providing that response capability as well as an \nanalytic capability.\n    Mr. Thornberry. Number two under that same priority is \nwarning, and you just referred to some organization, but that \nis kind of an operational role; it seems to me that is a little \ndifferent from infrastructure protection. I presume that is the \nsame thing. Cyber Division is doing all of that analysis and \nthe operational things and yet they are under infrastructure \nprotection. I think that is kind of a unique situation for \ncyber, but also raises some questions.\n    Mr. Liscouski. It is not unique for cyber. We are doing a \nsimilar way for telecommunications under the NCS. Similarly, \nwithin our protective security division, we are doing an \nanalysis on threat information as it relates to mapping that \nthreat information into vulnerabilities. As I point out, this \nis a very--you can't cut that Gordian knot. It is robustness of \nanalysis going on both sides of the equation.\n    The one way that he might look at it is, threat information \nis sort of incident specific. Vulnerability analysis in terms \nof how vulnerabilities may be exploited might be end results \nspecific. For instance, oftentimes we look at if we want to \ncreate--if a terrorist group is interested in creating a mass \ncasualty type of event, they have a number of different ways \nthey can use that: biological event, chemical event, bombing, \nusing aircraft as missiles. We all know the results and we look \nat different ways we can affect that type of outcome.\n    The analysis that has to go on to exploit vulnerabilities \nin those particular modalities of attack are things that our \norganization is responsible for doing. The intent and who has \ngot the capability of doing those things clearly resides on the \nside of the information and analysis.\n    Mr. Thornberry. Under, still, priority one, one of the \nthings we need, the strategy says, is recovery mechanisms and \ncontinuity plans in Federal cyber systems. Are those under way?\n    Mr. Liscouski. Yes, sir, they are. The partnerships we have \nin cross-infrastructure components, but cyber in particular, is \nintended to be able to recover from an attack as quickly as we \npossibly can, reconstitute ourselves. That is an integral part \nof our protection program.\n    One of the things a good recovery capability does is it \ndevalues the target. One of the protection priorities we have \nis not just hardened targets, but to quickly recover from an \nattack should an attack occur. That effectively devalues the \ntarget if we can recover quickly.\n    Mr. Thornberry. I am not going to go through all of these \nitems. I will skip ahead for a second to priority two, which is \nthreat and vulnerability reduction.\n    Among some of the specific items listed there are securing \nthe mechanisms of the Internet including key Internet \nprotocols, Internet routing, and management of the Internet. \nHow are we working with the private sector to do those things \nthat were specifically set out in the strategy?\n    Mr. Liscouski. We have a number of initiatives currently \nunder way in which we are looking at both the vulnerability of \nthe Internet as well as ways that we need to enhance the \nsecurity of the Internet. One of those efforts, the GEWIS \nprogram, which was the Global Early Warning Information System, \nstarted out as an effort that the NCSD has enhanced \nsignificantly and gained ownership of, is looking broadly \nacross the Internet at the network analysis activity that needs \nto be examined to ensure that we can see attacks coming over \nthe horizon and take protective actions as necessary.\n    Mr. Thornberry. I think what we might like to do is submit \nsome of these other types of questions for the record, going \nthrough the various elements of the strategy, again not looking \nfor detail, because that is way too much, but I do think it is \nimportant for us and for all of those interested in this topic \nto have some idea that at least there are initiatives under way \nfor the various areas, and some of them are not even in your \nbailiwick. But the initiatives that are under way, we need to \nknow that they are under way.\n    I yield to the gentlelady.\n    Ms. Lofgren. I realize we are out of time and we have a \nseries of votes. I have a lot of questions which I will submit \nand look forward to the written response.\n    But I did want to make sure that I understood Mr. Cooper's \nanswer to Mr. Etheridge, because I wrote it down and want to \nmake sure I was not mistaken.\n    Did you say that by the end of this fiscal year we will \nmeet the President's 6-month goal on processing immigration?\n    Mr. Cooper. I am indeed saying that we are going to do \neverything that we possibly can to meet that goal. That is our \ndirection, that is where I am placing additional information \ntechnology resources to help do that.\n    Ms. Lofgren. Thank you very much.\n    Mr. Thornberry. The chairman may have additional questions, \nparticularly for Mr. Liscouski, who has another hearing. Maybe \nMr. Cooper might be more flexible if we need to come back.\n    Mr. Cox. We don't need to come back. I intend to go to the \nfloor for the vote, but I would take a few minutes before we \nleave.\n    Mr. Thornberry. We have the gentleman from Florida here.\n    Mr. Meek. I will yield to the chairman and I will submit my \nquestions for the record.\n    Mr. Cox. I appreciate your courtesy.\n    On the subject of our overall strategic objectives, I am \nimpressed and pleased that the number one strategic objective \nis preventing cyber attacks against America's critical \ninfrastructures. When I look at the priorities as they are laid \nout, I find that the first priority is the response system. The \nsecond priority is threat and vulnerability reduction, which \nhas as its analog the second of the two, the second of the \nthree overall objectives for DHS itself.\n    Likewise, priority 3 is awareness and training. That gets \nto protection. Priority 4 is securing government cyberspace. \nThat, of course, is defensive. And within priority 5, as it is \noutlined, even though it is described as international \ncooperation, there is a bit about intelligence sharing and so \non.\n    But, you know, the main purpose of the Department of \nHomeland Security is to deal with the problem of T and T, \nterrorists and technology, the weapons of mass destruction plus \nterrorists, the possibility that mayone day be upon us. That is \nthe worst thing that could happen to the country and, \ntherefore, the first thing that the Department of Homeland \nSecurity needs to concern itself with.\n    Such things as pulse weapons directed at our country, \ntherefore, mark what ought to be the top priority in prevention \nthere is clearly superior to dealing with it after it happens, \njust as with any other weapon of mass destruction. So I wonder \nif I could inquire first whether you have it in mind to place \nincreasing emphasis on the prevention piece, because while it \nis occasionally mentioned, I see that we are focused, for \nunderstandable reasons, elsewhere because it is more tractable; \nand specifically whether it is possible to initiate more \nmeaningful collaboration between the National Cyber Division \nand the Department of Defense.\n    Mr. Liscouski. Yes, sir. From our perspective, these \nprograms all roll up into a good preventive and protection \napproach. You can take apart elements and see that they \ncontribute to protection. But every single one of these, from a \nresponse and recovery capability awareness, threat and \nvulnerability reduction, all really do constitute good \nprotection programs. So I would, if I understand your question \ncorrectly, validate this approach in terms of what it \naccumulates--.\n    Mr. Cox. What I am trying to do is distinguish protection \nfrom prevention. We have prevention, protection response. I see \na lot of protection, a lot of response, and I need to \nunderstand more about what we are thinking about doing in the \nprevention area.\n    Mr. Liscouski. In the context of prevention and again, I \ndon't want to be definitionally based here, but as it relates \nprevention, typically the law enforcement component of \ninterdicting, detecting and interdicting what is going on. \nDetection as it relates to prevention is clearly within the \ndomain of what we do. The actual activity related to \ninterdicting or reducing an adversary's ability to attack us is \nnot something that my organization is charged with.\n    Mr. Cox. On the other side of IAIP, in the other half of \nFrank Libutti's brain, we have the essence of the prevention \npiece of DHS, and it would seem to me that that would apply \njust as thoroughly to cyberspace as anything else.\n    Mr. Liscouski. The full circle here--and again, this is \ntrying to cut the Gordian knot, but we look at prevention in \nthe context that you just provided it to occur at the target \nlevel. And the things that we can control in the world, that we \ndo to protect--if I could take some time here for a moment--\nthere are protective activities we engage in which increase \nawareness of group capabilities and tactics that could be \naffected against a specific target.\n    We go out and train the private sector on what to look for, \nthe observables of preincident indication of activity of a \nterrorist attack. Those observables, while they may be \ndisparate pieces of information not directly related to an \nimminent attack, but potentially future planning of an attack, \nare things we can pipe back into our IA folks to assist in the \nprevention role.\n    That is the value add that we have in the ability of \nproviding information from the private sector that we directly \ngain on preincident information that we collect, that we share \nwith our information analysis component that gets put back into \nthe intelligence community to affect good prevention \nmethodologies and good prevention activities. It is finding \nout--and the unique thing about this and the unique thing about \nwhat DHS does, particularly as it relates to IP, is that we \ndeal in the target community; and as a result and as opposed to \nlooking at just the criminal activity or the terrorist activity \nthat goes into targeting the private sector, we are dealing \nwith the targets that are the focus of those terrorist groups.\n    So if we know what to look for and we can train people in \nwhat the observables are, that observable information can \nsignificantly enhance prevention activities as it relates to \nlaw enforcement and the intelligence function.\n    As I pointed out earlier, it is a pretty complex process, \nbut I think it is an extremely articulable one as it relates to \nwhat our role is and how we play together in this space. It \nhappens in the cyber world routinely; as we found out, probing \nor potential exploit probes, things that can be detected in the \ncyber world contribute to that sort of knowledge as well. \nTerrorist groups, we know, use cyber activity to probe physical \ntargets to see what the penetration capabilities are. That \ninformation gets collected similarly as observable--physical \nthings that are observable get reported back to us.\n    I don't know if that responds to your question or not.\n    Mr. Cox. It amply responds given the time that we have. I \nappreciate very much your willingness to speak to the point.\n    I thank the chairman. Please keep in mind my suggestion \nabout deeper cooperation with DOD. I think that that could be \nhelpful.\n    Mr. Liscouski. I could respond to that, too.\n    We actively engage with DOD and we are looking at all \nlevels between NORTHCOM as well as the Assistant Secretary of \nDefense Paul McHale. We have a good partnership there.\n    Mr. Thornberry. I thank the chairman.\n    I would like to ask both witnesses if we can have an \nagreement that because our time has been cut short, that you \nall will make an effort to respond to our written questions, \ntry to within 2 weeks and less than 30 days, and I will commit \nto you to make sure that the questions are reasonable in length \nand scope. If we could have that agreement with both of you, I \nwould appreciate it.\n    I am going to ask one other question at the risk of missing \nthis first vote. You are free to go Mr. Liscouski, but I don't \nknow if anybody is going to be over there anyway because we are \nall voting.\n    But, Mr. Cooper, I want to direct this to you because one \nof the primary reasons that the Department of Homeland Security \nwas created was to integrate 22 different agencies into one \nseamless unit. Now, the total measurement of seamlessness is \nnot having one IT architecture and system with which the \nDepartment can operate, but it is a pretty good one. And yet, \nwhen I look at some of the specifics that you have provided on \nthe progress you have made, you have still got ten different \nfinancial management systems, you have still got eight \ndifferent contracting offices, seven different human resources.\n    I guess it is an area where I am frustrated, frankly, and I \nwant to ask, is the primary difficulty you face figuring out \nwhat you want to do? Is it resolving the technical difficulties \nof merging these 22 different agencies? Or is it something \nelse? Is it money? Is it getting the decisions made to force \npeople to go use somebody else's computer system even though \nthat is not what they have been using?\n    If you had to summarize the difficulty you face in making \nthis one seamless IT department, what is it?\n    Mr. Cooper. I would summarize it in this way: It is a \ncombination of people, process and technology. The technology \nis in fact, honestly, from my professional and kind of sitting \nin the role that I currently sit in, is the least controversial \nand the easiest to effect.\n    However, having said that, it is--in and of itself, the \ntechnology challenges are complex. We know how to do them, so \nthat is the easiest.\n    The second is process. What we don't want to do, if you \npardon the expression, is pave the cowpath. We want to \nreengineer some of the processes that we now use or will use to \neffect threat identification and management or some of the \ncybersecurity activity that Bob has talked about or some of the \nback office processes that I spoke to briefly. That is hard \nwork.\n    We do have--we are making progress. I mentioned the five \nbusiness area focus groups. This is under way. We were a little \nbit slow to get going because we had to do some education. We \nhad to help people understand why this is an important and \nvaluable exercise.\n    We have had the support of the Secretary. We have had the \nsupport of the Deputy Secretary and now we are engaging. All \nareas of the Department are engaging. So that, I feel \ncomfortable that we are under way.\n    Again, we will move as fast as we can move with quality and \nwith speed. It may take us longer than all of us would hope \nthat we could complete.\n    The last and the toughest is people. This is about change. \nAnd that means that in some cases, the right decision or what \nmight come out of these business area focus groups might be \nsuggestions or reengineering that says a process used to be \ndone in many organizational elements and now it might be more \nappropriate to place it in one organizational element, name \nthat organizational element, the managing partner or the \nbusiness process owner to have reach and span of control across \nthat process across the entire Department. That is change, it \nis difficult, and it is about thinking differently and about \ndoing work differently.\n    I don't have exact answers. It is not quite a science yet. \nThere is a little bit of art involved.\n    Mr. Thornberry. I appreciate your analogy of changing the \ntires as the car is moving, because while you are doing this \nstuff, you still have got to guard the borders and still have \nto process the people coming in. And I don't want to minimize \nthat effort.\n    I will say this. I think a number of us will be looking for \nways to help you, maybe even push you a little bit to make sure \nthat this does move as fast as possible. And understanding \nculture and people and reluctance to change, we cannot let that \nobstruct the ability to have a department that is functioning \nas well as it possibly can, because so much is riding on the \nsuccess of this department.\n    So I don't want to make your job more difficult, but on the \nother hand, separation of powers is here for a reason and maybe \nwe can help give you some extra incentive or whatever to get \nthe job done.\n    But I appreciate it. I appreciate both of you being here \nand your answers today, and I appreciate your willingness to \nanswer our written questions promptly. And, with that, the \nhearing is adjourned.\n    [Whereupon, at 11:50 a.m., the subcommittee was adjourned.]\n\n\n                            A P P E N D I X\n\n                              ----------                              \n\n\n                   Questions Submitted for the Record\n\n Questions for Assistant Secretary Robert Liscouski, From Congressman \n                               Dave Camp\n\n    1. Your office has the responsibility to communicate cyber threat \ninformation to the private sector. I am interested in understanding the \ndifferent means you use to accomplish this task. What challenges do you \nface in communicating with large companies (the Financial Services \nSector, for example) versus small business owners and private users? \nWhat are the different means you utilize to reach these different \ngroups, especially given their varying levels of understanding of cyber \nthreats?\n    The primary ways that DHS communicates cyber threat information to \nthe private sector are: (1) through the U.S. Computer Emergency \nReadiness Team (US-CERT) public website at www.us-cert.gov, (2) through \nthe US-CERT's National Cyber Alert System (NCAS), (3) through the US-\nCERT Portal, and (4) through the Information Sharing and Analysis \nCenters (ISACs) in each of the critical infrastructure sectors.\n    The US-CERT public website is our primary means to provide \ninformation to the public at large. It includes relevant and current \ninformation on cyber security issues, current cyber activity, and \nvulnerability resources. To date, the website has received over 3.8 \nmillion hits at an average of 128,000 per day. It also provides a link \nto the National Cyber Alert System (NCAS).\n    NCAS is an operational system developed to deliver targeted, \ntimely, and actionable information to Americans to allow them to secure \ntheir computer systems. Information provided by the NCAS is designed to \nbe understandable to all computer users, technical and non-technical, \nand reflects the broad usage of the Internet in today's society. The \nNCAS provides a communication mechanism through website access and e-\nmail alerts for providing general guidance for users and the ability to \nreach millions of Americans at once with a variety of cyber security \ninformation materials on both a technical and non-technical level. \nThere are currently over 270,000 unique subscribers to the various \nalerts provided by the NCAS, and our challenge is to increase its \noutreach to as many Americans as possible. We are working closely with \nthe National Cyber Security Alliance on expanding the Stay Safe Online \ncampaign, coordinating closely with the Federal Trade Commission on \ntheir information security campaign, and working with other trade \ngroups and industry associations with key cyber security awareness and \noutreach programs.\n    In addition to the public website, US-CERT maintains an active \nsecure online portal that enables the cyber security stakeholder \ncommunities including government and the private sector to communicate \nand collaborate on cyber security efforts. Groups that utilize the US-\nCERT portal include the Chief Information Security Forum (CISO Forum), \nthe National Cyber Response Coordination Group (NCRCG), DHS's Office of \nInfrastructure Protection, the Government Forum for Incident Response \nSecurity Teams (GFIRST), the Multi-State Information Sharing and \nAnalysis Center (MS-ISAC), and the US-CERT staff. One challenge to \nreaching the private sector communities has been creating a trusted \nprotocol for sharing information. That challenge is being addressed in \nthrough the NCSD/US-CERT Outreach and Awareness efforts.\n    In the case of vendor-specific vulnerability or threat information, \nwe communicate directly with appropriate and expert representatives in \nthe individual company when that is possible. The recent Cisco \nvulnerability is a key example of how we communicated--and \ncollaborated--with the private sector on a very specific vulnerability. \nThe ability to communicate with specific companies in such cases is \ncrucial. The appropriate contacts are being developed through the NCSD/\nUS-CERT Outreach efforts and through participants in the US-CERT \nPortal. Outreach targets include the spectrum of the critical \ninfrastructure sectors (through the ISACs, industry associations, \netc.), software developers and researchers, academia, government, the \ninformation technology (IT) vendor and operator community, and others. \nDHS works with various vendors to understand, assess, and inventory \nvulnerabilities so that when threat information is transmitted, it \nincludes specific instructions on how to mitigate or eliminate the \nvulnerability, and what resources exist to obtain help.\n    The ISACs were established as a primary mechanism for two way \ninformation sharing with the critical infrastructure sectors. Many \ncritical infrastructure sectors have developed procedures to widely \ndisseminate their alerts, warnings and advisories, to both large and \nsmall companies, throughout their sector. These sectors involve trade \nassociations, representing smaller companies, who receive information \nfrom the ISAC and who then re-transmit that information to their \nmembers.\n\n    2. How do you utilize Information Sharing and Analysis Centers \n(ISACs) to share and receive threat information? How do you recommend \nstrengthening or improving the relationship between ISACs and DHS for \nthis purpose?\n    DHS/IAIP's Infrastructure Coordination Division within the Office \nof Infrastructure Protection maintains an on-going relationship with \nthe ISACs and is the focal point for all ISAC relationships for \ncritical infrastructure issues. Threat information gained from the \nIntelligence Community through DHS's Office of Information Analysis \nalerts, warnings, and advisories applicable to the critical \ninfrastructures and key resource industries are delivered directly to \nthem through standard agreed upon procedures. DHS/IAIP also provides to \nthem regularly scheduled daily situational briefings, and periodic \nclassified briefings as needed as well as special briefings when there \nis a major change in the threat level. IAIP also meets periodically \nwith the ISAC Council a cross-sector body representing a large number \nof the ISACs, to improve information sharing practices and strategies. \nSuch meetings help to sustain the relationship with the ISACs by \nproactively identifying gaps that need to be mutually addressed.\n    DHS is constantly strengthening its relationship with the ISACs. \nOne of its most critical programs is the implementation of a National \nInfrastructure Coordination Center (NICC) to serve as an operational \nnexus for all of the ISACs. The NICC allows representatives from the \nISACs, industry groups, and key companies within each sector to share \nand receive situational awareness information. These sector experts \nwork both within their areas of expertise and across sectors to \nmaintain constant situational awareness of the status of the critical \ninfrastructure. The NICC provides a centralized mechanism for sharing \ninformation with the ISACs and the private sector in response to an \nevent or crisis. The ISACs will also be expanded to ensure that one \nexists for each critical infrastructure sector and key segments within \neach sector. DHS continues to work with industry to evaluate ways to \nreach the full breadth of each critical infrastructure sector, either \nthrough improvements in the ISAC mechanism or additionally through \nsector coordinating groups.\n    In addition to these regular, ongoing efforts, the Homeland \nSecurity Information Network, once functional, will facilitate real-\ntime communication between DHS and the private sector through the ISACs \nor other sector groups as they form. DHS is also working with the ISACs \non a number of exercises, on a national, regional, and sector basis \nthat will help determine where communication and collaboration \nimprovements can be made.\n\n              Questions From Congressman Sherwood Boehlert\n\n    1. Mr. Liscouski, in a September 2003 letter to Governor George \nPataki, you requested New York's initiative and leadership in the \nMulti-State Information Sharing and Analysis Center (MS-ISAC) and \npromised that DHS would assume a more 'formal' role in the MS-ISAC, \nonce established. New York State and Mr. William Pelgrin, Director of \nCyber Security and Critical Infrastructure Coordination for the state, \nhave been proactive and effective in coordinating and leading the \nMulti-State Information Sharing and Analysis Center. Mr. Pelgrin's \nefforts have resulted in the MS-ISAC involving 49 states and the \nDistrict of Columbia and a business plan, submitted to DHS, which \nhighlights roles, responsibilities, budgets, and additional steps \nneeded for the MS-ISAC. Now that it has been established, what funding \nand support do you plan to provide the MS-ISAC as you work to formalize \nthe relationship between DHS and this critical initiative that you \nrequested?\n    DHS recognizes and appreciates Mr. Pelgrin's efforts to develop and \nexpand the Multi-State ISAC. As part of this effort, we had requested \nthat he engage other like entities within the states, which had \ninformation sharing initiatives on-going, such as NASCIO, and integrate \ntheir efforts. That work is in progress. We are currently reviewing Mr. \nPelgrin's business plan that was developed prior to the implementation \nof new capabilities within DHS, such as the National Cyber Security \nDivision, the US-CERT, and the announcement of the Homeland Security \nInformation Network (HSIN) by Secretary Ridge in March 2004. All of \nthese new capabilities are intended to assist and enhance the core \ncapabilities of the ISACs and bring them up to a common level of \neffectiveness. The Multi-State ISAC will receive the benefits of all \nthese new capabilities including the ability to share information and \ncollaborate on cyber security issues on a 24x7 basis and to further \nintegrate information sharing within and across State and local \ngovernments through the HSIN/US-CERT portal.\n    The Multi-State ISAC and Will Pelgrin have been extremely \nsupportive of the US-CERT and our initiatives to increase national \ncyber security situational awareness. The NCSD has participated on a \nnumber of Multi-State ISAC monthly conference calls throughout 2004 and \nplans to continue to support the mission of the Multi-State ISAC to \nprovide valuable cyber security vulnerability and incident information \nto the State level. Moving forward, NCSD plans to work along with the \nMulti-State ISAC to mutually improve cyber security on both the state \nand federal level. As such, DHS has entered into a contract with the \nMS-ISAC to provide $400,000 in FY04 funds, which the MS-ISAC is \ncurrently using for various outreach efforts such as conference, the \nwebcast series, and other activities. DHS is exploring an increase in \nthe funding for the MS-ISAC in FY05.\n\n     From Congressman Mac Thornberry and Congresswoman Zoe Lofgren\n\n    1. Coordination for Threat Assessments\n        a. How is the National Cyber Security Division (NCSD) working \n        with the Information Analysis Directorate (IA), which has \n        responsibility for information analysis of the threat?\n    The Office of Information Analysis (IA) is DHS' portal to the \nIntelligence Community and is responsible within DHS for all aspects of \nthe intelligence cycle for cybersecurity, such as issuing additional \ncollection or analysis requirements to the rest of the Intelligence \nCommunity. NCSD works with IA on the substance of the collection and \nanalysis requirements.\n    Operationally, the NCSD works with IA through daily threat \nassessment meetings and on an as-needed basis in the case of a specific \nthreat. One example of this coordination was the participation of NCSD \nin partnership with IA to develop the National Intelligence Estimate \n(NIE) ``Cyber Threat Against the Information Infrastructure.'' This \nclassified document is an update of the 2000 NIE of the same title. In \naddition to the regular meetings NCSD participates in daily conference \ncalls with the National Security Agency/NSIRC, the Central Intelligence \nAgency, and the Department of Defense's Joint Task Force Global Network \nOperations (JTF-GNO) to discuss classified cyber activity of note.\n        b. How does the NCSD interact with the Terrorism Threat \n        Integration Center (TTIC) for classified assessments? How are \n        these assessments used and what NCSD products have resulted \n        from TTIC derived information?\n    NCSD interacts with the Terrorism Threat Integration Center (TTIC) \nindirectly through the DHS Homeland Security Operations Center (HSOC). \nNCSD shares the staffing of a 24x7 Infrastructure Protection desk at \nthe HSOC that has direct reach back to the US-CERT, and the HSOC and \nTTIC work closely together on information for both physical and cyber \nthreats. Additionally, NCSD interaction with the TTIC is accomplished \nthrough DHS/IA, law enforcement and intelligence community detailees on \nstaff in IAIP and is developing a comprehensive threat, risk, \nattribution assessment, and response capability.\n    With regard to classified assessments, NCSD participated in \nNational Intelligence Estimate's cyber threat assessment in conjunction \nwith IA and other members of the law enforcement community.\n    To date there are no specific NCSD products that have been produced \nfrom TTIC-derived information.\n        c. Who within DHS has the authority and mission to correlate \n        cyber threat and vulnerability for an overall assessment? When, \n        how, and with whom will this information be shared?\n    As a focal point for cyber security issues related to reducing the \nvulnerability of critical infrastructure or key resources in order to \ndeter, mitigate, or neutralize terrorist attacks, DHS' National Cyber \nSecurity Division (NCSD) has the authority and mission to correlate \ncyber threat and vulnerability information. The NCSD performs this \ncorrelation within the Division in a collaborative effort between the \nUS-CERT Operations branch and the Law Enforcement/Intel branch as the \nlead entities but also in collaboration with other Divisions in the \nOffice of Infrastructure Protection. In addition, as part of the \nNational Infrastructure Protection Plan (NIPP), NCSD is responsible \nfor: (1) conducting risk assessments and determining the necessary \nprotective measures for the information technology industry, and (2) \nproviding guidance to the sector specific agencies with responsibility \nfor other critical infrastructure sectors on how to incorporate cyber-\nrelated vulnerabilities into their vulnerability assessments.\n    NCSD regularly shares information with key stakeholders within DHS, \nincluding the Homeland Security Operations Center (HSOC) through \nexisting daily conference calls or targeted communications, IAIP, and \nother components as appropriate as well as with interagency partners \nthrough the NCRCG, GFIRST, and the Chief Information Security Officer \n(CISO) Forum. As information is cleared through classification \nprocedures, NCSD also shares information with the private sector \nthrough appropriate channels, including the ISACs, the HSIN/US-CERT \nPortal , and the US-CERT NCAS. The public at large can also access \ninformation provided through the NCAS as well as the US-CERT public \nwebsite. In the event that a cyber threat rises to the level of \nnational security, the public will be informed through the Homeland \nSecurity Advisory System (HSAS).\n\n2. Coordination for Cyber Advisories and Warnings\n        a. What organization within DHS is responsible for managing and \n        issuing cyber advisories and warnings?\n    Through its mission to serve as a national focal point for cyber \nsecurity issues and to implement the National Strategy to Secure \nCyberspace, NCSD is responsible for managing and issuing cyber \nadvisories and warnings. Those advisories and warnings are issued to \nthe public and our partners through the NCAS and to specific entities \non an as-needed basis in the case of a targeted vulnerability or \nthreat. Information that is less sensitive and for wider distribution \nis disseminated through the US-CERT public website and the US-CERT \nsecure online portal, as appropriate.\n        b. How will DHS integrate cyber advisories and warnings into \n        the existing Homeland Security Advisory System (HSAS), given \n        that cyber has a unique audience, particularly when those \n        people who must respond to an attack are not the traditional \n        First Responders used for physical national disasters?\n    NCSD provides information for use in the HSAS to be activated as \nappropriate. However, the nature of cyber attacks is that there are \nvarying degrees of cyber activity at any given time that warrant \nadvisory to the cyberspace stakeholder community that does not meet the \ncriteria for raising the national alert status through the HSAS. \nTherefore, US-CERT utilizes the NCAS to notify the entire national, and \ninternational stakeholder community about activities that may warrant \nspecific protective measures but that do not rise to the national \nsecurity level of the HSAS. US-CERT is reaching out to key partners for \nincident response at various levels of sensitivity or urgency through \nthe NCAS, the US-CERT secure online portal, the NCRCG, and the US-CERT \npublic website to communicate with cyber ``first responders'' and other \nstakeholders.\n    In the event of a cyber incident of national significance (or an \nincident with both physical and cyber implications), the NCSD/US-CERT \nand/or NCRCG will provide analysis and recommendations to the IIMG or \nto the Secretary to help inform a decision about whether to raise the \nnational alert level,\n        c. How is the cyber threat and warning mission being integrated \n        into the Homeland Security Operations Center (HSOC)?\n    US-CERT communicates regularly with the HSOC on cyber security \nissues, including participation in daily conference calls and regular \ne-mail and other correspondence. In addition, the NCSD shares the \nstaffing of a 24x7 Infrastructure Protection desk at the HSOC that has \ndirect reach back to the US-CERT for coordinated action as appropriate.\n        d. How will DHS work with other countries when responding to a \n        cyber attack, given that most attacks have effects on \n        information systems around the world?\n    Cyberspace transcends traditional borders and we recognize our \ninternational outreach is crucial to protecting ourselves. As such, DHS \nis active in a number of multilateral and bilateral activities \naddressing cyber security issues such as early warning, response, and \ninformation sharing. NCSD and US-CERT are reaching out to other \ncountries to form strategic partnerships that we will be able to \nleverage in the case of a cyber attack. US-CERT is a member of the \nForum for Incident Response Security Teams (FIRST), an international \ncoalition of government, commercial, and academic organizations that \naims to foster cooperation and coordination in incident prevention, \nprompt rapid reaction to incidents, and promote information sharing \namong members and the community at large. FIRST is one way that US-CERT \nworks with computer security incident response teams (CSIRTs) in other \ncountries when needed to share information, best practices, and \nexperiences. US-CERT also communicates and collaborates with other \nCSIRTs directly.\n    For example, NCSD and US-CERT participate in the cyber security \nefforts of the Asia Pacific Economic Cooperation (APEC), the \nOrganization for American States (OAS), and the Organization for \nEconomic Cooperation and Development (OECD). Their respective programs \nseek to raise awareness about cyber security, provide technical \nassistance and capacity building for emergency response teams, help \ndevelop trusted relationships between response teams, and to build a \nglobal ``culture of security.''\n    On an operational basis, the NCSD and US-CERT are developing closer \nties with the so-called ``Five-Eyes'' countries (United States, United \nKingdom, Canada, Australia, and New Zealand), as well as other \ncountries with key operational capability and interest through \ninformation sharing and cooperative mechanisms. The objective is to \nforge trusted relationships with our counterpart organizations abroad \nand develop the basis for a coordinated response in a cyber incident or \nattack. We seek and have created opportunities to build those \nrelationships in a number of international forums and activities. The \nmost recent example was the multilateral conference on cyber security \nthat DHS/NCSD co-hosted with the German Ministry of the Interior in \nBerlin in October 2004. Government policy makers, managers of CSIRTs \nwith national responsibility, and law enforcement representatives from \nfifteen countries in Europe, Asia Pacific, and the Americas \nparticipated in the conference. The conference focused on developing a \nframework for cyber information sharing and incident response, and \nincluded a tabletop exercise to examine international communication and \ncollaboration channels as well as interactive sessions on international \ninformation sharing and incident response. The participants agreed to \nan initial framework for cyber information sharing and incident \nresponse by identifying points of contact cyber information sharing \nactions in the short term and, and are forming a cooperative mechanism \nto build a more mature framework in the longer term.\n\n3. Framework\n        a. Is DHS developing a cybersecurity framework for public and \n        private use and what is the status?\n    The cyber security framework for the nation is the National \nStrategy to Secure Cyberspace issued by President Bush in February \n2003. The Strategy put forth a framework of five priorities for all \nstakeholders in protecting our nation's information infrastructure and \nprovided a roadmap for both the private and public sectors to undertake \ntoward a more secure cyberspace. DHS is well on our way to implementing \nthe Strategy with our counterpart agencies throughout the government \nand are actively partnering with the private sector to work \ncollaboratively and create a set of public milestones to measure \nprogress. We have consolidated and are leveraging existing programs and \nhave identified new ones toward meeting the mandate of the Strategy.\n        b. What elements are being included in this framework? At a \n        minimum, please include an update for benchmarks, standards, \n        best practices, common criteria and other elements as \n        appropriate.\n    The elements of the framework are set out in the Strategy's five \npriorities:\n        Priority I:A National Cyberspace Security Response System\n        Priority II: A National Cyberspace Security Threat and \n        Vulnerability Reduction Program\n        Priority III: A National Cyberspace Security Awareness and \n        Training Program\n        Priority IV: Securing Government's Cyberspace\n        Priority V:National Security and International Cyberspace \n        Security Cooperation\n    Key elements of our program to meet the mandate of the Strategy are \nas follow:\n        US-CERT--established a 24x7 cyber watch and warning operation \n        with a secure online portal for collaboration, information \n        dissemination, and information exchange;\n        US-CERT Outreach--establishing regular communication and \n        collaboration mechanisms such as US-CERT Portal, US-CERT public \n        website, NCAS and other activities to reach critical \n        infrastructure sectors, software developers, academia, \n        government entities, and other stakeholders.\n        Strategic Initiatives--identification of cyber security \n        programs for the long term, including software assurance, \n        research and development, exercises, training, and education.\n        Law Enforcement and Intelligence Coordination--NCSD works with \n        key parties in the law enforcement and intelligence communities \n        to leverage information and coordinate response to cyber \n        security threats and events.\n    NCSD has identified a set of goals, corresponding objectives, and \nprograms and initiatives to further these goals that map to the five \npriorities of the National Strategy. NCSD is working to develop a set \nof specific milestones to measure progress toward the goals articulated \nin the following strategic framework:\n\n----------------------------------------------------------------------------------------------------------------\n                     PRIORITY                                                NCSD GOALS\n----------------------------------------------------------------------------------------------------------------\nI. National Cyberspace Security Response System     #1 Prevent, predict, detect, and respond to cyber incidents,\n                                                     and reconstitute rapidly after cyber incidents\n----------------------------------------------------------------------------------------------------------------\nII. National Cyberspace Threat and Vulnerability    #2 Work with public and private sectors to reduce\n                                                     vulnerabilities and minimize the severity of cyber attacks\nReduction Program                                   #4 Coordinate with the Intelligence and law enforcement\n                                                     communities to identify and reduce threats to Cyberspace\n----------------------------------------------------------------------------------------------------------------\nIII. National Cyberspace Security Awareness and     #3 Educate and encourage Americans to secure their\n Training Program                                    cyberspace thought a National awareness and training\n                                                     campaign\n----------------------------------------------------------------------------------------------------------------\nIV. Securing Governments' Cyberspace                #1 Prevent, predict, detect, and respond to cyber incidents,\n                                                     and reconstitute rapidly after cyber incidents\n                                                    #2 Work with public and private sectors to reduce\n                                                     vulnerabilities and minimize the severity of cyber attacks\n----------------------------------------------------------------------------------------------------------------\nV. International Cyberspace Security Cooperation    #1 Prevent, predict, detect, and respond to cyber incidents,\n                                                     and reconstitute rapidly after cyber incidents\n----------------------------------------------------------------------------------------------------------------\nCommon to All Priorities                            #5 Build an effective organization\n----------------------------------------------------------------------------------------------------------------\n\n    NCSD has various opportunities and obligations to report to \nCongress on its programs and activities and will continue to do so as \nrequested and on a timely basis.\n        c. How will progress and compliance with voluntary standards \n        and the framework be measured and certified, particularly in \n        the private sector, which owns and operates most of the \n        critical information infrastructure?\n    The private sector has a large role in increasing our nation's \ncyber security, and they are acting upon that responsibility. Private \nsector associations formed the National Cyber Security Partnership \n(NCSP) and are expanding it to include over 20 associations. NCSD is \nparticipating in meetings of the NCSP and others to encourage the \narticulation of a set of priority milestones for implementation of the \npriorities of the National Strategy that can track progress by the \nprivate sector and government.\n        d. What incentives will be provided, or are needed, in order to \n        have government and industry adopt this cybersecurity \n        framework?\n    Much of the Strategy calls for information sharing between the \nprivate and public sectors. Historically, companies and other entities \nhave had concerns about the confidentiality of information shared with \nthe federal government, either independently or through a mechanism \nsuch as the ISACs. Congress enacted the Critical Infrastructure \nInformation Protection Act as part of the Homeland Security Act of 2002 \nto facilitate sharing of the most valuable information about \ncapabilities, threats, vulnerabilities, and deterrence programs \npossible. The law granted an exemption for voluntarily submitted \ncritical infrastructure information from the Freedom of Information Act \n(FOIA) and state sunshine laws. To implement the law, DHS has created \nand led a working group to develop regulations and procedures for \nreceipt, disposition, and use of Protected Critical Infrastructure \nInformation (PCII). In February 2004, DHS created the PCII Program \nOffice, which has developed rigorous safeguarding and handling \nprocedures to manage the information flow and prevent unauthorized \naccess to information submitted under the PCII program.\n    Separately, the market demand for cyber security presents a \nsignificant incentive for both government and industry to adopt the \napproach laid out in the Strategy.\n        e. The National Institute of Standards and Technology (NIST) \n        has been active in developing cybersecurity requirements for \n        industrial control systems. Are these activities being included \n        in DHS efforts to develop cybersecurity standards? How will DHS \n        capitalize on these activities to decrease the vulnerability of \n        privately owned critical infrastructure?\n    Yes, the National Institute of Standards and Technology (NIST) \nefforts to develop cyber security requirements for industrial control \nsystems have been included in DHS' efforts to develop cyber security \nstandards, particularly in NCSD's effort to develop a control systems \nframework.\n    The control systems framework will build upon the work already \ncompleted by the NIST-sponsored Process Control Security Requirements \nForum (PCSRF) and developed in compliance with the ISO 15408 \nrequirements definition language (Common Criteria) to allow for \ninternational acceptance.\n    PCSRF has already developed a system protection profile for \nindustrial control systems? components that serves as an appropriate \nstarting point for this effort. Work continues on the profile, and once \nthe reference components are defined, a vulnerability analysis will be \nconducted to enumerate the relevant operational security requirements \nfor each class of component. These requirements will then be mapped to \na set of security controls based on specific assurance levels and the \ncriticality of the site in terms of impact on critical infrastructure, \neconomic impact and/or potential loss of life due to an environmental \nmanifestation of a successful cyber attack on a control system. Once \nthis definition is complete, specific recommendations will be made to \nimplement the appropriate security controls in each environment.\n    Currently there is a lack of specific guidance in the standards \nthat are being developed for operational control systems \nimplementations. NCSD will continue to work with the standards bodies \nand industry to define any specific sector operational requirements, \nand then to offer rigorously defined security requirements and specific \nrecommendations for security and/or mitigation back to the standards \nbodies and to industry.\n    In addition to the framework, DHS has invested funds to augment the \nexisting testing capability of the National Supervisory Control and \nData Acquisition (SCADA) Testbed officially launched in May 2004 and \nrun jointly by the Idaho National Environmental and Engineering \nLaboratory (INEEL) and Sandia. The National SCADA Testbed is aimed at \nSCADA systems only and aimed strictly at developing the capabilities to \ntest energy sector systems. DHS' test center operates hand-in-hand with \nthe SCADA Testbed, but the DHS effort is focused on the non-energy \nsectors and is trying to work with other existing private and public \ntestbeds as to leverage their efforts and avoid duplication. The DHS \nControl Systems Security and Test Center (CSSTC) and the National SCADA \nTestbed was officially opened in August 2004.\n    Finally, with regard to control systems, NCSD is developing a \ncontrol systems risk/impact decision tool that the US-CERT will be able \nto use for analysis and vulnerability evaluation for control systems.\n\n4. Management\n        a. How is DHS distinguishing cybersecurity roles and \n        responsibilities internally, e.g., NCSD, CIO, TSA, Secret \n        Service, NCS, and others?\n    By virtue of the mandate provided in HSPD #7, NCSD has been given \nthe mandate to ``facilitate interactions and collaborations between and \namong Federal departments and agencies, State and local governments, \nthe private sector, academia and international organizations.'' As \nsuch, NCSD is a national focal point for the public and private sectors \non cyber security issues and it is responsible for coordinating the \nimplementation of the National Strategy to Secure Cyberspace. NCSD \nrecognizes that each of these entities may bring unique capabilities, \nresponsibilities and/or authorities to bear on cyber security issues, \nand as such, NCSD must act as a coordinating body to ensure that these \nentities are acting in concert.\n    When dealing with the internal DHS information systems, the DHS CIO \nhas the responsibility and authority to implement and assure the \nsecurity of such systems. NCSD ensures that the office of the CIO is \nkept informed of the latest cyber threats and is provided with timely, \nactionable information to take steps to protect DHS systems from \nemerging malicious code occurrences.\n    The National Cyber Response Coordinating Group (NCRCG; previously \nknown as the Cyber Interagency Incident Management Group) will \ncoordinate interagency preparedness and operations to respond to, and \nrecover from, cyber incidents and attacks. The role of the NCRCG is \ndiscussed in the Cyber Annex to the National Response Plan. The group \nbrings together senior officials from DHS, law enforcement, defense, \nintelligence, and other government agencies that maintain significant \ncyber security capabilities. The combination of these officials/\nagencies provides the capability to analyze and coordinate a national \nlevel response to any incident that affects cyber assets. In addition \nto the ability to focus portions of their agencies? resources, they \npossess the necessary statutory authority to act.\n    The National Communications System (NCS) is responsible for \ncoordination of the planning for and provision of national security and \nemergency preparedness communications for the Federal government under \nall circumstances. National security and emergency preparedness (NS/EP) \ntelecommunications services are those that are used to maintain a state \nof readiness or to respond to and manage any event or crisis that \ncauses or could cause injury or harm to the population, damage to or \nloss of property, or degrade or threaten the NS/EP of the United \nStates. Both the NCS and NCSD report to the Assistant Secretary for \nInfrastructure Protection, which allows for close coordination on those \ncybersecurity issues that impact each organization.\n    The draft National Response Plan (NRP) is a set of defined \nprocesses that will bring together several DHS functions for cyber \nsecurity. The Cyber Incident Annex of the NRP, as developed by NCSD in \ncoordination with the NCRCG, establishes procedures for a coordinated, \nmultidisciplinary, broad-based approach to prepare for, respond to, and \nrecovery from cyber Incidents of National Significance impacting \ncritical national processes and the national economy. For physical \nincidents, Emergency Support Function 2 (ESF #2)--with NCS as \ncoordinating agency--would coordinate Federal actions to restore \nbackbone connectivity for the Internet and provide priority service to \nNS/EP users. The draft National Response Plan includes tie-ins between \nESF #2 and the Cyber Incident Annex to ensure these functions stay \ncoordinated, which has been operationalized by cross-membership across \nthe NCS, NCRCG and the Interagency Incident Management Group (IIMG).\n    Various DHS components, including Immigration and Customs \nEnforcement (ICE) and the Secret Service have statutory responsibility \nfor investigating cyber crimes. DHS through NCSD has assumed a \nsupporting role in this area. Among the efforts that have been \nundertaken are, the support and administration of the Cyber Cop Portal, \nthe co-sponsorship (with the Department of Justice) of the first \nstatistically valid survey of cyber crime in the US, and the initiation \nof a number of joint meetings to address the issue of cyber attack \nattribution.\n    The Cyber Cop Portal is one of the oldest and most widely used \nmechanisms for sharing information in the electronic crimes community. \nIt consists of over 5,300 members from all 50 states and over 40 \ncountries. Its growth and use brought it to the point where it could no \nlonger be maintained as a voluntary part time project, and it was in \ndanger of being shut off. NCSD has decided to sponsor and administer \nthe portal.\n    NCSD has agreed to provide funding and support to the DOJ Bureau of \nJustice Statistics to assist in the first ever statistically valid \nsurvey of cyber crime in the United States. The effort will involve \nquestionnaires to over 36,000 US businesses covering all critical \ninfrastructure sectors. The results of the survey will provide law \nenforcement and policy makers with a better understanding of the \nproblem and how to allocate resources.\n    One key component in the ability to effectively respond to cyber \nattacks is attribution, determining the source of the attack. This is \nalso one of the most difficult aspects of cyber attack investigations. \nThe solution to the problem is not found in any one community of \ninterest, but across a broad spectrum of disciplines (Intelligence, \nCounter Intelligence, Law Enforcement, private industry, etc.). Under \nthe auspices of the NCRCG, and in conjunction with DOJ, a number of \nattribution meetings have been held or are being planned. These \nmeetings are designed to develop an overall picture of the state of \nattribution throughout the various communities, and then to develop a \nplan to improve it. The plan is due during the second quarter of FY05.\n        b. What measures have been taken to elevate the importance of \n        cybersecurity within the overall mission of DHS and to improve \n        public awareness of cybersecurity issues? Specifically, should \n        cybersecurity be a part of ``READY.GOV'' public web site to \n        make Americans more aware of cybersecurity needs?\n    Cyber security is a priority issue for DHS and the mission for \nNCSD. We are improving public awareness of cyber security issues \nthrough the US-CERT public website and the NCAS launched in January \n2004 as well as through our engagement in the National Cyber Security \nAlliance's Stay Safe Online campaign, our Outreach and Awareness \nbranch, and our partnership with the MS-ISAC to reach state and local \ngovernment. The US-CERT public website provides information on cyber \nsecurity issues, cyber activity, and cyber vulnerabilities. NCAS is our \nprimary mechanism for communicating with the public on cyber alerts, \nsecurity tips, and other useful notifications. We are pursuing ways to \nreach as many Americans as possible through the website, awareness \ncampaigns, and the NCAS as well as other public awareness efforts.\n    DHS is currently expanding the Ready campaign and is developing \nReady for Business and Ready for Kids. Ready for Business is designed \nto help small to medium business owners safeguard their business \noperations in the event of a terrorist attack or other emergency.\n    Preliminary messages for the campaign center around three key \nthemes: Ensuring Business Continuity, Safeguarding and Preparing Your \nEmployees, and Safeguarding your Computer Systems (cyber security). The \nthird theme will help businesses owners understand better the need for \ncyber security and also how to achieve it. It will encompass topics \nsuch as how to prevent computer viruses, how to detect computer \nviruses, how to preserve and back-up computer data, and how to prevent \nhacker intrusion.\n    DHS is working with the Advertising Council to develop content and \nmessages that will inform and motivate business owners to take action. \nThe messages will be distributed through a variety of vehicles that \nwill target business owners and operators.\n        c. Some have suggested that the NCSD should be elevated within \n        the DHS organization--either as a direct report to the \n        Secretary Ridge or to the Under Secretary for Information \n        Analysis and Infrastructure Protection. What is the \n        Department's view of such a change?\n    The Department is working closely with the Homeland Security \nCouncil to evaluate this and other policy and organizational options \nrelated to elevating and expanding the current role of the NCSD.\n\n5. Wireless Funding\n        a. The National Communications System program budget for \n        Wireless Priority Service is $78M. The office of the Chief \n        Information Officer (CIO) includes funding for wireless \n        activities at $100M. How are your office, the CIO, and Science \n        and Technology Directorate working together on developing these \n        programs?\n    In summary, each program has a very distinct mission employing \ndifferent technologies. DHS/IAIP recognizes the need to continually \nassess opportunities to insure integration of communications as well as \nefficiencies of programs. DHS has established forums for the review and \nultimate execution of such a strategy and is coordinating all of its \nprograms efforts. The IAIP NCS is an inter-agency body responsible \n(through E.O. 12472) to support the President in providing priority \ntelecommunications services across federal, state and local entities \nthat assures the greatest opportunity to communicate during all crises. \nThe NCS Wireless Priority Service (WPS) program was directed by the \nNational Security Council and subsequently authorized by the FCC. WPS \nis a National Security/Emergency Preparedness (NS/EP) priority service \nprogram utilizing based in the commercial/public cellular networks for \ndesignated Federal, State, Local and critical infrastructure owner \nleadership. The DHS CIO office focuses on managing the wireless assets \nfor the department with a significant focus on the private Land Mobile \nRadio (LMR) network users of the federal entities transferred to DHS. \nThey are also engaged with DOJ in leveraging its capabilities and \ndevelopment of LMR interoperable communications for the Federal law \nenforcement community. In terms of coordination, the NCS programs, \nthrough exhibits 300, are reviewed and approved by the DHS CIO office. \nThe CIO office also has established a wireless management working group \nwhich IAIP NCS participates in regularly to review technology issues \nand evolution as well as identify areas that will create efficiencies \nof all programs. A primary long term objective, in addition to assuring \ninteroperability of DHS assets, is to integrate WPS capabilities with \nall wireless solutions as technology enables.\n    IAIP, DHS' CIO Office and the S&T Directorate, along with other \nDirectorates, also work together on common interoperability challenges \nthrough the Department's new Office of Interoperability and \nCompatibility. This Office, housed within the S&T Directorate, was \ncreated to coordinate the multiple interoperability efforts and needs \nof the Department as well as look to leveraging the vast range of \ninteroperability programs and efforts within the Federal government. \nAdditionally, the DHS S&T Directorate manages the SAFECOM Project \ncharged with partnering with state and local governments to improve the \ninteroperability of federal, state and local LMR communications for \nfirst responders. In this area as well, IAIP support to DHS S&T through \nparticipation and review of Project SAFECOM activities, includes \nassuring that the WPS can effectively interoperate with Project SAFECOM \nsolutions as technology dependency eases to a more open environment.\n        b. Describe how First Responders will be able to benefit from \n        the results of these efforts.\n    First Responders are increasing their dependence on wireless \ncommunications for command and control during emergency operations. The \nWPS program provides government and private sector leadership, such as \nincident commanders, with priority access to the public cellular \ninfrastructure. The WPS link improves the commander's ability to \nreceive reports from and give instructions to First Responder teams and \nother supporting organizations. Without the WPS link, command and \ncontrol could be degraded because of cellular call-congestion in the \nvicinity of the incident/ emergency for all government and private \nsector leadership.\n    Deployment of WPS across the wireless industry is essential to a \nfull public network based emergency capability for response as well as \nCOOP and COG needs. WPS is the cellular augmentation of the Government \nEmergency Telecommunications Service (GETS). It is anticipated that in \nthe future technology will enable the integration of these capabilities \nwith the interoperable Land Mobile Radio (LMR) private systems employed \nby the broad based first responder community.\n\n                 Questions From Congressman Jim Turner\n\n    1. When the National Cyber Security Division (NCSD) was created in \nJune of last summer, the Department announced it would build upon the \nexisting capabilities of several agencies with cyber responsibilities \ntransferred to DHS, including the National Communications System (NCS). \nThe NCS, however, has remained separate from the NCSD. Yet, the NCS \nremains responsible for several cybersecurity initiatives, including \nthe ``Network Security Information Exchanges (NSIE)'' and the ``Cyber \nWarning Information Network.'' The proposed budget continues to keep \nthe NCS activities separate from the NCSD. Isn't it counterproductive \nto have so many core cyber functions outside the National Cyber \nSecurity Division? Wasn't the creation of the National Cyber Security \nDivision intended to provide a focal point for cyber security threat \nand vulnerability assessment, as well as information sharing, within \nthe Department?\n    The June 2003 DHS announcement forming the NCSD was not intended to \nsuggest that NCS would be fully absorbed into NCSD. The NCS is an \ninteragency organization formed under Executive order 12472 to support \nthe President in the provision of National Security/Emergency \nPreparedness (NS/EP) Telecommunications meeting the need of the federal \ngovernment under all wartime and non-wartime crisis conditions. This is \na critical mission that now addresses infrastructure protection issues \nin addition to its traditional COOP/COG focus.\n    The NSIE referenced in the question is a government and industry \neffort initiated under the auspices of the President's National \nSecurity Telecommunications Advisory Committee (NSTAC) and is managed \nthrough the NCS National Coordinating Center for Telecommunications \n(NCC). It addresses a very broad range of security issues potentially \naffecting the telecommunications infrastructure. Cyber security is only \none component of these issues and the NCSD sits on the NSIE to address \nthese matters. Also referenced in the question is the Cyber Warning \nInformation Network (CWIN). When first envisioned, this private network \nwas focused on the cyber arena, as the development of the US-CERT \nbecame firm and with further analysis, IP recognized that this \ncapability had far more utility than originally intended. CWIN is \nintended to provide information and warnings across all infrastructures \nto our State, local, and industry partners. CWIN has been transferred \nto the IP Infrastructure Coordination Division (ICD) where it will \nsupport the cross-sector needs for all IP divisions.\n    In order to facilitate coordination between these elements, \nInfrastructure Protection is currently building out a watch center \nfacility, the National Information Coordination Center (NICC) that will \ninclude NCSD, US-CERT, NCS, and ICD. Co-locating these groups on in a \nsingle watch center facility will facilitate the fast and efficient \nsharing of information. Initial move in to this facility is scheduled \nfor the first quarter of 2005.\n    2. The IAIP budget includes a $1.9 million increase for conducting \ncyber exercises such as ``Live Wire,'' which was a simulation of a \nterrorist attack on computer, banking, and utility systems. There are, \nhowever, existing cyber exercises that are up-and-running. Over two \nyears--since before the Department was created--the city of San Antonio \nplanned and conducted ``Operation Dark Screen,'' a cyber terrorism \nexercise that involved both the public and private sector and was \ndesigned to help the city defend and respond to a cyber attack. Even \nwithin the Department, the Secret Service is reaching out to the \nprivate sector and supporting table-top exercises to address the \nsecurity of private infrastructures. What is the IAIP Directorate doing \nto integrate and coordinate with existing cyberexercises such as these? \nHow much of the requested $1.9 million will go towards these existing \nexercises that have been tested and proven? In addition, what is DHS \ndoing to ensure that our local communities and towns, who will provide \nthe cyber-first responders in the time of crisis, are prepared? Isn't \nit true that there is no individual entity or individual within IAIP \nresponsible for coordinating all of the cyberexercises being put on by \nthe government and, as a result, there may be duplicative efforts?\n    Whereas the first responder and emergency management communities \nhave been exercising at national, regional, and local levels for many \nyears, the cyber response community is quickly catching up. The U.S. \nGovernment has an active program of exercises to assess preparedness \nand processes in the event of an attack on the Nation. DHS has \nestablished a National Exercise Program Office (NEP) to coordinate \nscheduling and participation in the exercises sponsored by various \nagencies. The IAIP Directorate is coordinating its exercise planning \nwith the NEP, which is the responsibility of the DHS Office of Domestic \nPreparedness. The IAIP Under Secretary's Office has an Exercise \nManagement Program (EMP) that maintains regular contact with members of \nthe exercise community and coordinates with the NEP to facilitate the \nDirectorate's participation in exercises. NCSD's coordination efforts \nentail scheduling cyber security exercises with NEP as well as \nintegrating cyber scenario components into other planned exercises as \nappropriate. These coordination efforts with NEP assist in minimizing \nthe duplication of exercise efforts.\n    NCSD's involvement in the NEP is guided by two principles: (1) \nwhile cyber is only one element of a multifaceted NEP, cyber elements \nmust be closely coordinated with other elements of that program to \nensure efficient use of limited resources and the most effective return \non exercise investments; (2) cyber exercise elements must not be \nsidelined or relegated to an ``afterthought'' category within the NEP.\n    In October 2003, numerous federal agencies participated in \nLivewire, the first ever national-level cyber exercise to baseline our \ncapabilities for responding to national cyber attack. The exercise \ninvolved more than 300 participants representing more than 50 \norganizations across the federal, state, and local governments, as well \nas the private sector. Cyber attack simulation scenarios were developed \nto stress cyber interdependencies across America's critical \ninfrastructures and baseline government agencies' abilities to \ncollaborate across the public and private sectors. Information gleaned \nfrom Livewire and similar exercises aimed at ensuring security of \ncritical infrastructures are being used to improve our national \nincident response processes.\n    While Livewire brought together a number of players for a large-\nscale event simulation, other exercises target specific areas or agency \nconcerns. For example, the United States Secret Service's (USSS) \nElectronic Crimes Task Forces (ECTFs) have been running smaller \nregional and sector-specific tabletop exercises over the past eighteen \nmonths. These exercises are designed to help coordinate efforts in a \ntargeted geographic area and are tailored to a specific regional \ninfrastructure, such as the energy industry in Houston, TX, the high-\ntechnology industry in San Francisco, CA, and the banking and finance \nindustry in Charlotte, NC. In February 2004, the National Defense \nUniversity ran its Dark Portal exercise and in August 2004, a cyber \nsecurity workshop co-hosted by NCSD and the National Security Council \nwas held at the National Defense University. This tabletop workshop \nexercise included members of the National Cyber Response Coordination \nGroup (NCRCG), as well as multi-agency key decision makers in the U.S. \nGovernment cyber security realm.\n    NCSD has sponsored several exercises that test cyber readiness in \nvarious geographic locations and critical infrastructure sectors across \nthe Nation. In September and October 2004, a series of regional \nexercises were held in Seattle, WA (Blue Cascades II) and New Orleans, \nLA (Purple Crescent II). Both exercises were successful in highlighting \ndependencies between cyber and physical infrastructures and \ninterdependencies among critical infrastructures. These exercises also \nidentified and tested the coordination and cooperation among federal, \nstate, and local governments with the private sector in the case of \nattacks (both cyber and physical) on the critical infrastructures in \nthose regions of the U.S. In addition, each of the exercises \nillustrated the need to continue to provide outreach and cyber \neducation to local emergency management and physical security \nprofessionals as well as identify and improve shortfalls in emergency \npreparedness.\n    DHS EMP serves as the lead organization in the development, \nfacilitation and participation of a week-long, cabinet-level national \nexercise (``TOPOFF3'') to be held in the summer of 2005. These national \nexercise programs occur every two years and involve the same basic set \nof participants. The exercise for TOPOFF3 represents a joint physical \nand cyber scenario, with NCSD leading the development of the cyber \ncomponent for the exercise. It will test not only response to attacks, \nbut also continuity of government and operations, emergency response at \nthe state, regional and local levels, and containment and mitigation of \nchemical, nuclear, and other attacks, etc. NCSD is also working with \nDHS to ensure a more prominent cyber component in the follow-on TOPOFF \nseries of exercises for 2007 and beyond.\n    The lessons learned from these and other exercises will form the \nbackdrop for an NCSD-sponsored National Cyber Exercise planned for \nNovember 2005. Planning activities are currently underway with initial \ngroundwork already laid for this effort. In September 2004, a key \nstakeholder meeting was held to discuss the scope and objectives with \ncritical infrastructure sector lead agencies. NCSD is in the process of \nplanning the Initial Planning Conference (IPC) for the National Cyber \nExercise that will include representatives from various government \nagencies and the private sector. The IPC will allow the opportunity for \nthe stakeholders to establish clear and concise goals and objectives \nfor the National Cyber Exercise as well as to discuss and develop \npossible scenarios.\n\n    The objectives of the National Cyber Exercise are to:\n        1. Sensitize a diverse constituency of private and public-\n        sector decision-makers to a variety of potential cyber threats \n        including strategic attack;\n        2. Familiarize this constituency with DHS' concept of a \n        national cyber response system and the importance of their role \n        in it; and\n        3. Practice effective collaborative response to a variety of \n        cyber attack scenarios, including crisis decision-making.\n        4. Provide an environment for evaluation of interagency and \n        cross-sector business processes reliant on information \n        infrastructure.\n        5. Measure the progress of ongoing U.S. efforts to defend \n        against an attack.\n        6. Foster improved information sharing among government \n        agencies and between government and industry.\n        7. Identify new technologies that could provide earlier warning \n        of attacks.\n        8. Define the roles and responsibilities of government agencies \n        and industry.\n\n    Questions for Chief Officer Steven Cooper, From Congressman Mac \n                Thornberry and Congresswoman Zoe Lofgren\n\n1. Cybersecurity Standards\n    Question: a. How are technical cybersecurity standards being \nestablished and enforced across the Department for information \ntechnology purchases, processes, and practices?\n    Technical Cybersecurity Standards are promulgated through the \nTechnical Reference Model portion of the Department's Enterprise \nArchitecture Program. There are also mature standards established \nthrough the Federal Information Processing Standards. The Information \nSystem Security Managers at the organizational elements are responsible \nfor ensuring compliance with standards. In addition, regular Program \nand Acquisition reviews check for compliance with published standards.\n    The Department's long-term strategic approach for the enforcement \nof information technology security standards is to verify policy and \nstandards compliance during the Security Test and Evaluation phase of \nthe system Certification and Accreditation (C&A) process. DHS is \ncurrently in the process of establishing an enterprise C&A application \nthat will maintain an online repository of all C&A documentation and \nenforce the use of Department mandated C&A methodologies. This \napplication will generate comprehensive system test procedures and \nprocesses to fully map system compliance with DHS policy and standards. \nThe current status of implementing this C&A tool is that DHS has \ncompleted the Requirements Definition phase and product evaluation \nphase, and have an operational pilot system which has given phenomenal \nresults. We expect to have a Department implementation in the near \nfuture.\n    The Department also verifies proper implementation of policy and \nstandards by\n    conducting NIST 800-26 reviews of security controls in accordance \nwith Office of Management and Budget Memorandum M-03-19. These reviews \nare ongoing.\n\n    Question: b. Who sets cybersecurity requirements for the Department \nand how are they communicated to the technology developer or purveyor?\n    DHS follows cybersecurity standards requirements established by the \nCommittee for National Security Systems for its classified systems, and \nthe Office of Management and Budget, and National Institute of \nStandards and Technology guidance for it unclassified systems. \nAdditionally, mission specific requirements are promulgated through the \ninternal Management Directives, as well as through the Technical \nReference Model of the Department's Enterprise Architecture. These have \nbeen provided to industry in general, and are also specifically called \nout when appropriate in contracting vehicles.\n\n    Question: c. How are cybersecurity standards requirements being \nincorporated in calls for proposals, grants or other contracting \nmechanisms?\n    The DHS Science and Technology (S&T) Directorate is in the process \nof establishing a DHS-internal Cyber Security Standards Working Group. \nWithin the S&T Directorate, the working group will include \nrepresentatives from the Standards and Cyber Security R&D portfolios, \nas well as representatives from S&T's Chief Information Officer (CIO) \ngroup. Outside of S&T, invitations to serve on the working group have \nbeen extended to the DHS Office of the CIO, the National Cyber Security \nDivision and the National Communications System in the Information \nAnalysis and Infrastructure Protection Directorate, and the United \nStates Secret Service. This group will collectively identify what cyber \nsecurity standards requirements should be incorporated into S&T's R&D \nportfolio investment plans.\n\n    Question: d. In what areas of cybersecurity do you see a need for \nnew or better standards, benchmarks, and other elements of a \ncybersecurity framework, and what can DHS do to help implement such a \nframework?\n    With new areas of technology emerging every day as well as new \napplications of existing technology, there is always a need to refine \nexisting standards and promote new ones. The emergence of MPLS has \nopened many new questions and the means to securely implement reliable, \nsecure wireless networks continues to be a challenge, as does the \nmanagement of geospatial data and Law Enforcement Information. DHS \nworks closely with the Federal cooperative process through bodies such \nas the National Institute of Standards and Technology and the Committee \nfor National Security Systems to ensure the success of these efforts.\n\n    Question: e. Does the office of the Chief Information Officer (CIO) \nuse any cybersecurity standards and processes recommended by the \nNational Cybersecurity Division (NCSD), National Institute of Standards \nand Technology (NIST), and National Security Agency (NSA) to secure the \nDHS enterprise architecture?\n    To the best of our ability, all relevant standards from national \nbodies such as NIST, NSA and NCSD are applied throughout DHS. This \nincludes relevant FIPS and similar standards for procurement and \ninternal processes such as self assessments and Certification and \nAccreditation are explicitly standards based.\n\n    Question: f. How does NCSD provide actionable cybersecurity \ninformation to the CIO to consider in its enterprise architecture \nimplementation?\n    DHS participates in the interagency US CERT process. As a member of \nUSCIRC, DHS like all participating agencies, gets alerts, warning and \nmitigation tools in a timely manner. In addition, there is a constant \nand constructive exchange of information between the National Cyber \nSecurity Division and the Office of the CIO for timely notifications of \nrelevant issues. Actionable items--such as those that may significantly \ncompromise confidentiality or availability are given the highest \npriority for incorporation into the Department's security architecture \nwhich is integral to the Department's Enterprise Architecture.\n\n2. Purchasing Power\n    Question: a. What specific actions has DHS taken to improve its \nFISMA report card in order to become government model for secure \ninformation systems?\n    DHS has implemented a COTS enterprise product to provide automated \nsupport for 800-26 assessments, manage FISMA metric reporting, as well \nas Department-wide Plans of Actions and Milestones (POA&M). This \nproduct is being used to generate a Digital Dashboard showing \nOrganization Element performance metrics and overall DHS performance \nmetrics, and access to this system has been made available to the OIG \nto ensure veracity of FISMA data reported by Organizational Elements. \nAccess to the Digital Dashboard will be made available to senior \nmanagement in the near future to ensure that senior managers are \ndirectly involved with the Department's Information Security Program. \nIn the past few moths we have implemented several enhancements made to \nFISMA reporting product for improving reporting of 800-26 and C&A \nmetrics. This enhancements include a) 800-26 integrity checking; 2) \ncomputed metrics for 800-26 assessments and C&A; capability to upload \nassessment and C&A artifacts; 4) better tracking of C&A deliverables. \nWe have purchased an Enterprise license for a C&A tool (SecureInfo \nRMS). This tool has been installed on an Enterprise server and all OEs \nare currently using the tools with DHS ramping up to full mandatory \nuse. The DHS baseline policy has been mapped to this tool and use of \nthe tool will ensure that the C&A SRTM is mapped to DHS policy. We have \nprepared and submitted a POA&M to OMB to achieve full ATO on all \ncurrently reported systems by the end of July, 2005. To ensure \ncontinued progress we have formed a DHS security working group to focus \non FISMA reporting and FISMA issues.\n\n    Question: b. Many witnesses before the Subcommittee have suggested \nthat a powerful tool the federal government possesses in cybersecurity \nis its buying power. Has DHS used this power to induce hardware or \nsoftware manufacturers to provide more secure systems?\n    Every new information technology contracting vehicle put into place \nby the Department includes robust security standards. Additionally, the \nDepartment regularly engages information technology vendors to ensure \nthat strong security is integral to product development and \nimplementation. Sec. \n\n3. Wireless Funding\n    Question: a. The office of the CIO includes funding for wireless \nactivities at $100M. The National Communications System (NCS) program \nbudget for Wireless Priority Service is $78M. How are your office, the \nNCS, and the Science and Technology Directorate working together on \ndeveloping these programs?\n    The Wireless Management Office (WMO), within the DHS Office of the \nChief Information Officer, is mandated to lead and coordinate the \nDepartment's programs, projects, and initiatives that involve the \nwireless transport of information, including voice, data, and \nmultimedia. The WMO's mission, ``To be the model program office, \nproviding state-of-the art wireless capabilities to preserve our \nfreedoms and protect America,'' serves to focus and provide direction \nfor the program's activities and services to ensure the effective use \nof wireless technologies across the Department's organizational \nelements. As part of its mission, the WMO integrates its activities \nwith the National Communications System (NCS) and the wireless \ninitiatives of S&T to meet evolving homeland security requirements. The \nWMO is primarily focused on wireless communications to support internal \nDHS missions. The NCS is responsible for directing the Wireless \nPriority Service program which supports commercial, private sector \nwireless capabilities.\n    The WMO is working with NCS and the DHS S&T Directorate in \nimplementing program activities through groups such as the Wireless \nWorking Group (WWG). The WWG is a coordination body established to \nensure DHS-wide approaches to wireless communications are developed and \nimplemented in an integrated manner. The WMO chairs the WWG, which is \ncomposed of 80 representatives from all of the DHS organizational \nelements with wireless communications as part of their mission. The \nmajority of the WMO's coordination with the NCS and DHS S&T occurs \nthrough its participation on the WWG to collect DHS organizational \nelements wireless requirements, coordinate resource utilization, and \nensure organizational elements play an integrated roll in centralized \nDHS wireless concepts (e.g., system designs, user requirements, \noperational concepts, procurement contracts). This collaborative \napproach is consistent with the Department's customer service strategy \nand allows for on-going feedback and confirmation that the WMO is \nadequately addressing the needs of its customers and stakeholders.\n    Question: b. Describe how First Responders will be able to benefit \nfrom the results of these efforts.\n    The activities of the WMO, in partnership with DHS S&T and the NCS, \ndirectly benefits first responders at all levels of the government by \nequipping them with the wireless capabilities to fulfill their missions \nof protecting the homeland. By building strong relationships that \nfoster increased coordination among first responders, enabling and \nenhancing their wireless capabilities, the DHS WMO--in coordination \nwith DHS S&T and NCS--are achieving several objectives to the benefit \nof first responders, including--\n        - Implementing integrated, nationwide tactical communications \n        capabilities for DHS organizational elements and other public \n        safety first responders\n        - Providing technical assistance and implementation of wireless \n        enhancements\n        - Advancing the use of emerging wireless technologies among \n        first responders\n    These objectives are being met through several major initiatives \nsupported by the WMO and coordinated with DHS S&T and the NCS.\n    Integrated Wireless Network (IWN): The mission of the Integrated \nWireless Network (IWN) project is to provide a consolidated, nationwide \napproach to reliable, seamless, interoperable wireless communications \nto support federal agencies and officers engaged in the conduct of law \nenforcement, protective services, homeland defense, and disaster \nresponse within the Departments of Homeland Security, Justice, and \nTreasury. The IWN will serve as the day-to-day tactical communications \nnetwork for the DHS, Justice, and Treasury user community, as well as \nfor those within DHS and Treasury, replacing outdated and antiquated \nlegacy communications systems. As a result, the IWN, in every sense, \nwill serve as the lifeline that directly supports the wireless \ncommunications capabilities of first responders.\n    The IWN represents an investment in voice and data communications \ntechnologies, the completed system will establish a 24 x 7 \ncommunications network, complete with support services that will \ninclude major disaster recovery and contingency capabilities (e.g. \nsystem back-up). A centrally managed and coordinated approach to this \ninitiative ensures that common, standards-compliant technologies are \nprocured, thereby fostering interoperability between and among federal \nagencies for more effective and efficient enforcement activities, as \nwell as provisioning communications interoperability with our state and \nlocal partners for event management and crisis response.\n    G4High Risk Metropolitan Areas Interoperability Project: With the \ndemand for improved intergovernmental communications necessitated by \nhomeland security concerns, federal agents must increasingly \ninteroperate with other federal, state, and local public safety \nentities. The project was initiated to improve federal interoperability \nwith local first responders in the highest threat areas across the \ncountry. The project is being implemented in coordination with the \ninteroperability efforts of the WMO, SAFECOM, and the Office of \nDomestic Preparedness (ODP).\n    WMO Sponsored Projects: The WMO is supporting several projects that \nare improving the wireless communications capabilities of agencies at \nall levels of the government.\n    DC Broadband Project: The District of Columbia is currently \nimplementing a cost-effective, high-speed, wide area, wireless data \nnetwork that will permit the use of interoperable, broadband, wireless \ndata applications for public safety communications. This network will \nallow first responders in the NCS to use full-motion, high-resolution \nvideo monitoring and other bandwidth-intensive monitoring tools to \nimmediately share time-critical incident and emergency event \ninformation.\n    This will enhance regional and federal first responder \ncapabilities. It will also provide accurate interoperability usage \nprofiles and results, collect data on network performance (data \nthroughput, coverage, latency, and effective of spread spectrum \ntechnologies), and implement public safety application requirements and \noperations improvements.\n    Phoenix Mesa Interoperability Project: This project provides an \nopportunity for the WMO to partner with state and local agencies and \nbuild upon existing communications system infrastructure. The WMO plans \nto leverage this existing system by installing federal very high \nfrequency (VHF) trunked repeaters at select locally-owned radio \nfrequency (RF) sites. The project should result in several key \nbenefits, including the demonstration of an innovative application that \ncan be replicated across the country, providing potential long-term \ncost savings for IWN implementation, and serving as a model for \ncoordination and partnerships among federal, state, and local agencies \nand first responders.\n    The primary goal of the project is to demonstrate the feasibility \nof local and federal agencies utilizing common infrastructure while \noperating within different frequency bands. To accomplish this goal, \nthe WMO partnered with the cities of Phoenix and Mesa, Arizona, who \nwere two of the first cities in the country to implement a regional \nTIA/EIA-102 Project 25 800-megahertz trunked system. The installation \nof these repeaters will enable the WMO to use existing system assets \nsuch as shelters, towers, connectivity, and network management \ninfrastructure.\n    SAFECOM: Linking federal tactical communications to local, state, \nand tribal public safety first responders is critical to ensuring \nseamless, wireless communications at the scene of the incident and \nimproving officer safety. In 2002, as part of the President's \nManagement Agenda, the White House established SAFECOM as the umbrella \nprogram within the Federal Government to oversee all communication \ninteroperability initiatives and projects. Through SAFECOM, the Federal \nGovernment is addressing public safety communications issues in a more \ncoordinated, comprehensive, and effective way.\n    The WMO is working with SAFECOM to improve wireless communications \ninteroperability among federal, state, and local public safety first \nresponders. The WMO does so by recognizing and supporting the crucial \nrole of SAFECOM to the benefit of first responders to include--\n        <bullet> Creating and adopting standards\n        <bullet> Recognizing interoperability and communications issues\n        <bullet> Identifying current initiatives that address \n        interoperable communications issues, and\n        <bullet> Developing coordinated strategies to leverage work, \n        while decreasing the unnecessary duplication of efforts.\n    Collectively, the programs are providing the vital link to improve \nvertical interoperability among over 100 federal agencies with public \nsafety response to over 44,000 local and state first responders.\n    Federal Partnership for Interoperable Communications (FPIC): The \nFPIC works to advance federal wireless communications interoperability \nacross federal first responders by fostering intergovernmental \ncooperation. The FPIC pursues this mission by advancing the following \ngoals to the benefit of the federal wireless community: providing \ntechnical and operational advice to SAFECOM and federal departments and \nagencies; educating federal users about wireless communications \nequipment, security, and operations standards and best practices; and \ncoordinating wireless communications interoperability efforts within \nthe Federal Government.\n    As members of FPIC, the WMO and SAFECOM work to improve federal \nwireless communications first responders through standing committees \nand working groups. Standing committees--such as the Standards, \nSecurity, and Spectrum Standing Committees--coordinate ongoing FPIC \nactivities. Working groups are established to consider, investigate, \nand/or act on a specific activity or subject area of interest to \nmembers. The FPIC may establish partnerships with state/local \norganizations, associations, departments, bureaus, agencies, or \nindividuals as appropriate. In this way, projects of mutual concern to \nall of the wireless public safety community can be addressed in a \ncooperative manner.\n    Question: 4. To what degree do the DHS enterprise architecture \nplans integrate with the federal enterprise architecture effort? How is \nDHS working with other departments to establish cybersecurity \nstandards?\n\nSupport for Federal Initiatives\n    EA is one of the means by which visibility into IT assets can \nenable the federal government to find business and financial \nefficiencies. Our alignment to the Office of Management and Budget \n(OMB) Federal Enterprise Architecture (FEA) continues throughout all of \nour Enterprise Architecture (EA) efforts. Our FEA and e-government \ninitiatives are discussed below.\n\nSupport for the Federal Enterprise Architecture\n    Our EA planning project was driven by the concepts and products of \nthe OMB FEA Reference Models. We have aligned the various EA artifacts \nwith the five FEA Reference Models: the Business Reference Model, the \nData and Information Reference Model, the Service/Component Reference \nModel, the Technical Reference Model, and the Performance Reference \nModel. And, more importantly, we have embraced the two FEA foundation \nconcepts: Line of Sight for program effectiveness and Component and \nService Based Architectures for effective reuse and repeatability.\n    Business Reference Model. The FEA Business Reference Model drove \nthe development of our business model. Several of the Business \nReference Model Lines of Business are directly applicable to DHS (in \nparticular, Homeland Security and Disaster Management). For all other \nbusiness activities within the DHS business value chain level, there is \na one-to-one link to the Business Reference Model Lines of Business. \nThe EA Business Model includes a matrix that shows the relationship \nbetween our business activities and the Business Reference Model \nSubfunctions. It is important to note that every business activity in \nthe EA Business Model is mapped to a Business Reference Model Sub-\nfunction. As a result of this alignment, OMB should be able to readily \nidentify functional commonality of DHS with other federal agencies.\n    Data and Information Reference Model. The Data Reference Model \nconsists of a layered model for decomposing collections of information, \nfrom Subject Areas down to Data Objects and their properties. We \nadopted this approach and classified the information required to \nsupport the homeland security business activities at the Subject Area \nand Data Object levels. Further decomposition and description of the \ndata objects will be performed in the next phase of the EA process. Our \nData Architecture aligns with the Data Reference Model concepts by \nproviding a common, consistent way of categorizing and describing data \nto facilitate data sharing and integration.\n    Service Component Reference Model. The DHS EA project has fully \nembraced the FEA Service/Component Reference Model's component-based \napproach to the reuse of applications, application capabilities, \ncomponents, and business services across the federal government. OMB \ncreated the Service/Component Reference Model specifically to identify \nservice components and their relationship to the technology \narchitectures of federal agencies. We leveraged the Service/Component \nReference Model in two important manners: (1) the structure of our \nApplication Architecture is a set of interworking components that has \ndirect ties to the Service/Component Reference Model, and (2) our \nTechnology Architecture applies a set of technology patterns that is \nderived directly from the technology aspects of the reference model.\n    The Application Architecture has been constructed to leverage \nreusable components that can be acquired once and used to provide \nservices to many applications. It shows the structure of this component \nreuse. From the set of component architecture diagrams, it can be seen \nthat there is a significant opportunity to apply this reuse concept \nthroughout DHS (and across other government agencies). The result \nshould be considerable cost savings, as well as greatly improved \ninteroperability and flexibility of applications.\n    The Technology Patterns of our EA are repeatable solutions to \nrecurring technical challenges. These patterns employ technologies \ndescribed in the DHS Technical Reference Model (discussed below) and \nprovide capabilities as described in the FEA Service/Component \nReference Model. For example, the Business Intelligence/Data Warehouse \ntechnology pattern of our EA aligns with the Business Intelligence \nService Type of the FEA reference model.\n    Technical Reference Model. The initial formulation of the DHS \nTechnical Reference Model began with the taxonomy as well as the \ntechnical services, protocols, and interfaces specified in the FEA \nTechnical Reference Model. The DHS model extends and refines the FEA \nmodel where necessary to reflect the additional functional and \ntechnology requirements of DHS. In deriving the DHS model from the FEA \nmodel, we have also made adjustments to better align the technology \ncategories with the physical layering of services that exist in vendor \nand open source products. The Domain level (Tier 3) categories of the \nDHS model have all been mapped to the FEA model, so that comparisons \ncan be directly made with the technical reference models from other \nagencies.\n    Performance Reference Model. Although this FEA reference model was \nstill under development during our EA planning project, an initial \nattempt was made to align our Business Model with the intent of the \nPerformance Reference Model, based on draft materials provided by OMB. \nSpecifically, the Business Model includes a table that defines the \noutcomes or measurement categories and corresponding indicators \n(metrics) for each cross-cutting, corporate activity defined in the \nHomeland Security Value Chain. Measurement categories are defined for \neach activity in six areas: Mission and Business Results, Customer \nResults, and Process and Activities, People, Technology, and Other \nFixed Assets. This guidance within the DHS EA will provide specific DHS \nIT programs with a starting point for applying the Performance \nReference Model within their Exhibit 300 submissions to OMB.\n\nSupport of E-Government Initiatives\n    The Target EA and Transition Strategy identified several \nopportunities to leverage on-going e-Government initiatives. As you may \nbe aware, the Department is currently the managing partner for the \nDisaster Management and Safecom e-Gov initiatives. The Department is \nalso actively participating in six additional e-gov initiatives. For \nexample, there are three major organizations within the department that \nprovide grants to state, local, private industry, academia, and \nindividuals for a variety of reasons that participate in the e-Grants \neffort. We will be looking more closely at this mode of delivery and \nhow it may leveraged into the EA program.\n    Finally, the target EA identifies a concept for homeland security \ninformation sharing and knowledge flow--the Homeland Security \nInformation Sharing Architecture--based on a concept of Communities of \nInterest adopted from the intelligence community. Information sharing \nwith state, local, tribal, and other federal government entities is a \ncritical function of DHS, both as a source of information and as the \n``first responders'' to an incident. Implementation of this information \nsharing architecture will provide value to homeland security community \nby driving results and productivity through effective information \nsharing.\n    In addition to the initiatives for which DHS has the lead \nresponsibility, we expect to be a major contributing player or user of \nseveral others. We are committed to transitioning to projects such as \ne-Authentication, e-Clearance, e-Payroll, e-Travel, and HR Integration. \nWe are actively gaining more knowledge about these initiatives so that \nour role in supporting them and their particular timelines and \ncapabilities can be integrated seamlessly into our target and \ntransition strategy.\n\n                                 <all>\n\x1a\n</pre></body></html>\n"