[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]





  HOMELAND SECURITY ADVISORY SYSTEM: THREAT CODES AND PUBLIC RESPONSES

=======================================================================

                                HEARING

                               before the

                   SUBCOMMITTEE ON NATIONAL SECURITY,
                   EMERGING THREATS AND INTERNATIONAL
                               RELATIONS

                                 of the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             SECOND SESSION

                               __________

                             MARCH 16, 2004

                               __________

                           Serial No. 108-166

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform


                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
94-837                      WASHINGTON : DC
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                     COMMITTEE ON GOVERNMENT REFORM

                     TOM DAVIS, Virginia, Chairman
DAN BURTON, Indiana                  HENRY A. WAXMAN, California
CHRISTOPHER SHAYS, Connecticut       TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana              CAROLYN B. MALONEY, New York
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
DOUG OSE, California                 DENNIS J. KUCINICH, Ohio
RON LEWIS, Kentucky                  DANNY K. DAVIS, Illinois
JO ANN DAVIS, Virginia               JOHN F. TIERNEY, Massachusetts
TODD RUSSELL PLATTS, Pennsylvania    WM. LACY CLAY, Missouri
CHRIS CANNON, Utah                   DIANE E. WATSON, California
ADAM H. PUTNAM, Florida              STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia          CHRIS VAN HOLLEN, Maryland
JOHN J. DUNCAN, Jr., Tennessee       LINDA T. SANCHEZ, California
NATHAN DEAL, Georgia                 C.A. ``DUTCH'' RUPPERSBERGER, 
CANDICE S. MILLER, Michigan              Maryland
TIM MURPHY, Pennsylvania             ELEANOR HOLMES NORTON, District of 
MICHAEL R. TURNER, Ohio                  Columbia
JOHN R. CARTER, Texas                JIM COOPER, Tennessee
MARSHA BLACKBURN, Tennessee          ------ ------
PATRICK J. TIBERI, Ohio                          ------
KATHERINE HARRIS, Florida            BERNARD SANDERS, Vermont 
                                         (Independent)

                    Melissa Wojciak, Staff Director
       David Marin, Deputy Staff Director/Communications Director
                      Rob Borden, Parliamentarian
                       Teresa Austin, Chief Clerk
          Phil Barnett, Minority Chief of Staff/Chief Counsel

 Subcommittee on National Security, Emerging Threats and International 
                               Relations

                CHRISTOPHER SHAYS, Connecticut, Chairman

MICHAEL R. TURNER, Ohio
DAN BURTON, Indiana                  DENNIS J. KUCINICH, Ohio
STEVEN C. LaTOURETTE, Ohio           TOM LANTOS, California
RON LEWIS, Kentucky                  BERNARD SANDERS, Vermont
TODD RUSSELL PLATTS, Pennsylvania    STEPHEN F. LYNCH, Massachusetts
ADAM H. PUTNAM, Florida              CAROLYN B. MALONEY, New York
EDWARD L. SCHROCK, Virginia          LINDA T. SANCHEZ, California
JOHN J. DUNCAN, Jr., Tennessee       C.A. ``DUTCH'' RUPPERSBERGER, 
TIM MURPHY, Pennsylvania                 Maryland
------ ------                        JOHN F. TIERNEY, Massachusetts
                                     ------ ------

                               Ex Officio

TOM DAVIS, Virginia                  HENRY A. WAXMAN, California
            Lawrence J. Halloran, Staff Director and Counsel
              R. Nicholas Palarino, Senior Policy Analyst
                        Robert A. Briggs, Clerk
             Andrew Su, Minority Professional Staff Member


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on March 16, 2004...................................     1
Statement of:
    Connor, Charles D., senior vice president, communications & 
      marketing, American Red Cross; Michael Wermuth, senior 
      policy analyst, RAND Corp.; Dr. James Jay Carafano, senior 
      research fellow, defense and homeland security, Heritage 
      Foundation; and Kenneth B. Allen, executive director, 
      Partnership for Public Warning.............................    67
    Hughes, General Patrick, Assistant Secretary for Information 
      Analysis, U.S. Department of Homeland Security; Randall 
      Yim, Managing Director, Homeland Security and Justice Team, 
      U.S. General Accounting Office; and Shawn Reese, Analyst in 
      American National Government, Congressional Research 
      Service....................................................     6
Letters, statements, etc., submitted for the record by:
    Allen, Kenneth B., executive director, Partnership for Public 
      Warning, prepared statement of.............................   112
    Carafano, Dr. James Jay, senior research fellow, defense and 
      homeland security, Heritage Foundation, prepared statement 
      of.........................................................    98
    Connor, Charles D., senior vice president, communications & 
      marketing, American Red Cross, prepared statement of.......    70
    Hughes, General Patrick, Assistant Secretary for Information 
      Analysis, U.S. Department of Homeland Security, prepared 
      statement of...............................................     8
    Reese, Shawn, Analyst in American National Government, 
      Congressional Research Service, prepared statement of......    42
    Shays, Hon. Christopher, a Representative in Congress from 
      the State of Connecticut, prepared statement of............     3
    Wermuth, Michael, senior policy analyst, RAND Corp., prepared 
      statement of...............................................    85
    Yim, Randall, Managing Director, Homeland Security and 
      Justice Team, U.S. General Accounting Office, prepared 
      statement of...............................................    19

 
  HOMELAND SECURITY ADVISORY SYSTEM: THREAT CODES AND PUBLIC RESPONSES

                              ----------                              


                        TUESDAY, MARCH 16, 2004

                  House of Representatives,
Subcommittee on National Security, Emerging Threats 
                       and International Relations,
                            Committee on Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:03 a.m., in 
room 2154, Rayburn House Office Building, Hon. Christopher 
Shays (chairman of the subcommittee) presiding.
    Present: Representatives Shays, Turner, Schrock, 
Ruppersberger and Tierney.
    Staff present: Lawrence Halloran, staff director and 
counsel; R. Nicholas Palarino, senior policy analyst; Robert A. 
Briggs, clerk; Jean Gosa, minority assistant clerk; and Andrew 
Su, minority professional staff member.
    Mr. Shays. The Subcommittee on National Security, Emerging 
Threats and International Relations hearing entitled, 
``Homeland Security Advisory System: Threat Codes and Public 
Responses,'' is called to order.
    After a series of vague warnings and alarms, the utility of 
the Homeland Security Advisory System [HSAS], is being 
questioned by State and local officials, first responders and 
the public. Even Department of Homeland Security Secretary Tom 
Ridge recently acknowledged the need to refine the code, five-
color scheme that seems to me to be losing both its credibility 
and its audience.
    Seeing no difference between a perpetually elevated state 
of risk, code yellow, and a high risk of terrorism at code 
orange, Americans risk becoming color blind to the signals that 
are supposed to prompt public awareness and action.
    Since inception of the alert system 2 years ago, the threat 
level has been raised and lowered five times, flashing between 
yellow and orange whenever the volume of intelligence on al 
Qaeda went up or down, but the lack of specificity as to the 
time, place or nature of the perceived threats provided no 
basis upon which to calibrate appropriate public or private 
responses. As a result, governments and critical industries 
broadly increased security measures and incurred substantial 
costs. At the same time, exhortations to carry on as usual in 
the name of economic normalcy dulled any sense of urgency in 
the public at large.
    The Homeland Security Act charges the Under Secretary for 
Infrastructure Protection to administer the HSAS and to provide 
specific warning information and advice about appropriate 
protective measures and countermeasures to the public. The 
current system does not yet appear to meet the statutory 
requirements for specific information or specific advice. 
Whether due to an excess of caution about intelligence sources 
or a reluctance to ask for changed public behaviors and 
sacrifices, the codes and warnings in use today may be a better 
barometer of political realities than public safety risks.
    When a blizzard or hurricane is forecasted, the public is 
not advised to be brave for America and stay in the eye of the 
storm, but when the threat of terrorism is elevated, citizens 
are advised to go about their lives as if no real peril 
approached. We need to make terrorism alerts at least as 
targeted and accurate as storm projections.
    This week, the Select Committee on Homeland Security will 
consider legislation to improve Federal preparedness grants. A 
subcommittee of that bill directs the DHS Secretary to revise 
the alert system to include with each warning more specific 
designations of regions or economic sectors at risk. But other 
refinements could also add to the immediacy and the utility of 
any publicly disseminated terrorism threat codes.
    So we asked our witnesses--and we're very grateful to all 
our witnesses--to discuss the principles of effective risk 
communication that should guide public alerts and warnings and 
to suggest how to improve the Homeland Security Advisory 
System. We appreciate their being here today, and we look 
forward to their testimony.
    At this time, the Chair would recognize the distinguished 
vice chairman, Mr. Turner.
    [The prepared statement of Hon. Christopher Shays follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.001
    
    [GRAPHIC] [TIFF OMITTED] T4837.002
    
    Mr. Turner. Mr. Chairman, thank you. I want to thank you 
for your continued efforts on reviewing the preparedness of our 
country and its appropriate response for the continuing 
terrorist threat that we have.
    I appreciate you holding this hearing on an issue that is 
very important not just for first responders or those who have 
responsibility such as at our airports for looking at the 
issues of security but also for everyday Americans who look at 
the system for guidance.
    I would characterize that most of the responses that I have 
received from airport security personnel, first responders or 
even people just out in the community or businesses that might 
have responsibility for protecting important infrastructure is 
that, as they look at this system, their question continues to 
remain, now what do we do, and I think that it is important for 
us to have the discussion as to how the system can be better 
correlated given a nexus, if you will, to specific responses 
from the community. Thank you.
    Mr. Shays. I thank the gentleman.
    At this time, I would ask unanimous consent that all 
members of the subcommittee be permitted to place an opening 
statement in the record, and that the record remain open for 3 
days for that purpose. Without objection, so ordered.
    I ask further unanimous consent that all witnesses be 
permitted to include their written statements in the record. 
And without objection, so ordered.
    At this time I would recognize our first panel: General 
Patrick Hughes, Assistant Secretary for Information Analysis, 
U.S. Department of Homeland Security; Mr. Randall Yim, Managing 
Director of Homeland Security and Justice Team, U.S. General 
Accounting Office; and Mr. Shawn Reese, Analyst in American 
National Government, Congressional Research Service.
    What we'll do is we will start with you, General Hughes, 
after I swear you all in, and just say that I'm really looking 
forward to this first panel. I particularly appreciate, General 
Hughes, your candor when you testified before the Select 
Committee. I found your testimony on the issue that we're 
discussing very helpful, and I appreciated that, and I 
appreciate you being here as well as Mr. Yim and Mr. Reese.
    As we do with all our witnesses, if you would stand, raise 
your right hands.
    [Witnesses sworn.]
    Mr. Shays. Thank you. Note for the record all our witnesses 
have responded in the affirmative.
    The way we'll proceed, General Hughes, is that we have a 5-
minute clock. We will roll it over to the second 5 minutes and 
I would hope that you would stop sometime in between that 
second if you haven't within the first, but technically we 
allow 10 minutes for your testimony but hope it will be a 
little less.
    Thank you. General Hughes, you're recognized.

 STATEMENTS OF GENERAL PATRICK HUGHES, ASSISTANT SECRETARY FOR 
  INFORMATION ANALYSIS, U.S. DEPARTMENT OF HOMELAND SECURITY; 
 RANDALL YIM, MANAGING DIRECTOR, HOMELAND SECURITY AND JUSTICE 
TEAM, U.S. GENERAL ACCOUNTING OFFICE; AND SHAWN REESE, ANALYST 
IN AMERICAN NATIONAL GOVERNMENT, CONGRESSIONAL RESEARCH SERVICE

    General Hughes. Good morning, Mr. Chairman, Congressman 
Turner. I'd like to thank you very much for the opportunity to 
appear here today. I do think this is an important topic.
    On March 11, 2002, President Bush created the Homeland 
Security Advisory System [HSAS], as a tool to improve 
coordination and communication among all levels of government 
and the private sector and, most importantly, perhaps, with the 
American public in the fight against terrorism. The advisory 
system is binding on the executive branch and suggested, 
although voluntary, for State, local, territorial and tribal 
governments and the private sector. The advisory system is the 
foundation for building a comprehensive, flexible and effective 
communications structure for the dissemination of information 
regarding the risk of terrorist attacks and protective measures 
to all levels of government, homeland security professionals 
and the American people.
    The system, created by Homeland Security Presidential 
Directive 3 and now, pursuant to the Homeland Security Act of 
2002, administered by the Department of Homeland Security, 
identifies a flexible framework for communicating, addressing 
and mitigating terrorist threats to the Nation utilizing a 
threat-based but risk-managed system. During periods of 
heightened concern, the framework provides the ability to 
change the threat condition on a national level but also 
affords the opportunity to target communications to particular 
geographic locales, industry sectors and other affected 
entities.
    The latitude provided by HSPD-3 allows the Department to 
address unforeseen situations and continue to refine the 
advisory system as the need arises. This flexibility is 
critical to the success of the advisory system and essential to 
its effective implementation.
    With the creation of the Department of Homeland Security on 
March 1, 2003, the advisory system evolved into a framework 
that married the analytic assets of the intelligence community, 
which includes the Department of Homeland Security, with the 
Department's unique responsibility to assess the Nation's 
vulnerabilities and implement protective measures.
    Since its creation on March 11, the HSAS threat condition 
has been changed on five separate occasions. In each instance, 
the condition was raised from yellow to orange, but the 
circumstances surrounding each decision to elevate the threat 
condition varied.
    We recognize that a decision to change the threat condition 
has significant economic, physical and psychological impacts on 
the Nation. Therefore, decisions made by the Secretary, in 
consultation with the Assistant to the President for Homeland 
Security, to change the threat condition are made only after 
careful consideration and close coordination with other Federal 
agency heads, including other members of the Homeland Security 
Council.
    In the future, as the Department matures and our 
implementation of the Homeland Security Advisory System 
continues to evolve, we will work diligently to provide 
information that best suits the needs of Federal, State and 
local officials, the private sector and the public. We look 
forward to working with the Congress on ideas to improve the 
system.
    HSAS is simply a tool, one of the many means to an end 
we're all working toward, which is to secure the homeland.
    Thank you, Mr. Chairman, and I'll be pleased to answer any 
questions you may have.
    Mr. Shays. Thank you very much, General.
    [The prepared statement of General Hughes follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.003
    
    [GRAPHIC] [TIFF OMITTED] T4837.004
    
    [GRAPHIC] [TIFF OMITTED] T4837.005
    
    [GRAPHIC] [TIFF OMITTED] T4837.006
    
    [GRAPHIC] [TIFF OMITTED] T4837.007
    
    [GRAPHIC] [TIFF OMITTED] T4837.008
    
    [GRAPHIC] [TIFF OMITTED] T4837.009
    
    Mr. Shays. Mr. Yim.
    Mr. Yim. Chairman Shays, Vice Chairman Turner, members of 
the subcommittee, I thank you for this opportunity to 
participate in this hearing examining the Homeland Security 
Advisory System.
    On February 4, 2004, Admiral Lloyd, the Deputy Secretary of 
the Department of Homeland Security, described the advisory 
system as a blunt instrument and a work in progress, pointing 
out for the first time this past December that the advisory 
system specifically identified economic sectors and 
geographical regions subject to heightened alerts. He and 
members of the House Select Committee on Homeland Security 
agreed that such specificity was critical to maintaining the 
credibility and usefulness of the system, and these remarks are 
consistent with the comments we at GAO have received from State 
and local governments and the private sector.
    We last testified before this committee on February 3rd, 
describing the key characteristics of effective national 
strategies for homeland security and comparing and contrasting 
the extent to which several national homeland security 
strategies contain such characteristics. Our purpose was to 
assist in continual improvement and refinement of these 
strategies.
    Just as with our previous testimony, we hope that our 
preliminary observations of the advisory system will identify 
key characteristics of effective public warning systems, issues 
and factors to be considered and balanced when determining what 
information is to be disseminated and assist in continued 
refinement of the system.
    As with the national strategies, the true value of the 
advisory system will be the extent to which it is useful as 
guidance for, and actually used in implementation of 
prevention, vulnerability reduction, response and recovery 
measures by the relevant parties, including the general public.
    Of course, as General Hughes noted, the Homeland Security 
Advisory System is not and should not be considered the only 
means by which threat and response information is disseminated. 
It is but one of many tools, as he said, used to increase our 
national preparedness. We hope that our testimony will be 
useful in sharpening this edge and increasing its 
effectiveness.
    Specific threat and vulnerability information is received 
by Federal agencies and used by the executive branch in 
determining when to raise or lower the threat advisory systems. 
The key issues then are to what extent, when and with whom such 
information should be shared.
    In your request, this committee suggested a link between 
sharing information and the ability of the recipients to act 
upon this information. While each threat advisory reflects a 
unique fact and circumstance influencing the what, the when and 
with whom issues, risk communication strategies that have 
evolved in numerous contexts have common characteristics that 
may be useful in assisting evolution of the advisory system. 
Effective risk communication can and should not only assist in 
prevention, but also in implementing actions to reduce 
vulnerabilities, prepare for enhanced response and recovery 
should an attack occur.
    On the other hand, poor risk communication can lead to 
complacency, misallocation of valuable limited resources and be 
disruptive and expensive for the affected parties. Preservation 
of credibility and public confidence are important 
considerations in any refinement of the advisory system.
    My written statement describes the operations of the 
system, but, per your request, my oral remarks will focus on 
the types of information that should be conveyed to the general 
public.
    Terrorist threats, as I said, present unique facts and 
circumstances and are still relatively unfamiliar to the 
general public. This uniqueness and unfamiliarity must be 
acknowledged and recognized in devising refinements to the 
system. If these terrorist threats are unique, then unique or 
specific information should be provided to the extent that it's 
available.
    Most would agree that the refinements in the system this 
past November were more useful, focusing on specific sectors 
and geographic areas, but unlike more familiar advisories about 
weather, as you mentioned, Mr. Chairman, or infectious disease, 
specific terrorist threat warnings may allow terrorists to 
alter their tactics or targets in response or increase general 
anxiety in the public for those clearly not at risk. So we must 
acknowledge and account for the fact that some information 
available will not be widely distributed.
    Further, due to the nature of terrorist organizations and 
the types of threats, threat information may be vague, may be 
limited or simply unavailable. Thus, the general public needs 
to be educated so that they understand that false alarms arise 
from inherent uncertainty rather than from poor professional 
practice, that to a certain extent false alarms are inevitable, 
and we must guard against a cumulative apathy among the public 
during what I would term prolonged periods of preparedness.
    Finally, we have to acknowledge a fact of life, that, 
despite everyone's best intention, the threat of terrorist 
activities will cause both rational and not-so-rational 
responses. So, despite our best efforts, there will be 
unintended social, psychological and economic consequences. 
But, as an important point, when designing effective risk 
communication strategies, that we understand and acknowledge 
that these effects will occur and design our strategies 
accordingly to convey information to those receptive, and have 
the ability to act upon that information, while at the same 
time understanding that some will receive this information and 
act or not act upon it in less than optimal ways.
    So what does this mean for refinement of the advisory 
system? As this subcommittee and the chairman has acknowledged, 
we want to convey information that will increase our national 
preparedness. That is, we expect some action as a result of our 
warning. There has to be, then, some connection, some nexus 
between the information to be shared and the ability and 
receptivity to take positive action, forcing our planners not 
only to be intelligence and fact-based providers but, to a 
certain extent, social and psychological scientists, quite a 
difficult task.
    Risk communication experts generally agree that effective 
warnings should specify the nature of the threat, when and 
where it is likely to occur and over what time period, provide 
guidance or actions to be taken and perhaps, above all, assure 
that the information is consistent, accurate, clear and 
provided frequently.
    This is much easier said than done for terrorist warnings, 
but if we focus on the nexus between information and the 
ability to act and the receptivity to act upon it, then some 
patterns emerge, such as more specific information can and 
should be provided to those specially trained to receive and 
act upon the information such as firefighters, emergency 
responders, and we've seen that in the hazardous materials area 
where much more specific information is provided to 
firefighters in case they must enter a building that contains 
potentially toxic materials.
    For the general public and the private sector, State and 
local governments, the same principles can apply. Specific 
information that is useful in making risk management decisions 
should be conveyed so that the resources and intentions are 
focused on the highest priorities, and the capabilities of 
these parties to act are enhanced.
    For example, there may be vague threat information about a 
public sporting event. An individual may still wish to attend, 
but take some simple precautions such as notifying others that 
they are attending, carrying contact phone numbers or just 
simply thinking about the evacuation or escape routes in the 
event of an emergency. A private business may wish to review 
and update its emergency shutdown procedures or be sure that 
people are current on the evacuation routes.
    These are all examples of sharing information that is 
useful for, linked to the capability of the recipients to 
receive and act upon that information, resulting in what 
Admiral Lloyd calls a tactically actionable product.
    The linkage then between information and capability to act 
appear to be what other risk communication experts in the 
second panel discuss when they talk about the psychology of 
risk and risk management perception related to control, to 
choice, the potential for personal impact, the risk benefit 
tradeoffs and trust and a focus on the link on capabilities 
between information. I think it really affects the trust issue, 
trust that the information is accurate and useful, trust that 
the information is being conveyed to those with expertise and 
the ability to act upon it, like the law enforcement and 
emergency responders, and trust that the false alarms are due 
to inherent uncertainty in dealing with terrorist threats 
rather than a lack of competence. As I said, the credibility is 
of utmost importance to maintain.
    In closing, let me end with a few suggestions. If we want 
to foster a closer link between information sharing and 
capabilities, then we need to do a better job of capability 
assessment. We do not have a good inventory on the types of 
infrastructure, equipment, people skills that can be brought to 
bear in a major homeland security emergency or for the major 
missions of prevention, response and recovery vulnerability 
assessment, either horizontally across the Federal Government 
or vertically between the Federal, State, local and private 
sector.
    Homeland Security Presidential Directive 7 was not designed 
to make changes in the advisory system. However, it mandates 
that the Department and other Cabinet agencies inventory, use 
high techniques to map and model, again, to get a basic 
understanding of the capabilities that the existing 
infrastructure within the country can be brought to bear should 
a crisis arise or we wish to prevent a terrorist attack. That 
type of modeling inventory should be combined, again, as one of 
many tools with refinements of the Homeland Security Advisory 
System.
    Finally, if we focus on capabilities, let us not 
underestimate the capabilities of the general public. I, like 
many others, continue to be astounded and grateful for the 
capabilities demonstrated by the public during September 11th, 
during the days following, from acts of heroic rescue to 
incredible acts of kindness during response and recovery, to 
heroism in preventing even greater acts of terrorism.
    So I would close by just noting that the capabilities of 
the general public may be much greater than we think, so let's 
not shortchange the public by assuming too little about the 
types of information that are useful for increasing our 
collective national preparedness.
    Thank you, Mr. Chairman; and I'd be pleased to answer any 
questions.
    Mr. Shays. I thank you.
    First, the substance of your statement, as was the 
substance of General Hughes, was quite outstanding, but I have 
never in my 16 years looked at a statement so well organized 
and so consumer friendly the way you have done it. I'm going to 
take this statement and give it to my staff as an example of 
how I would like to see its work done. It's really 
extraordinary.
    Mr. Yim. Thank you, Mr. Chairman.
    Mr. Shays. Very, very helpful.
    Mr. Yim. I give great credit to my staff. I'm just the 
spokesperson.
    Mr. Shays. Well, I understand, but you all have developed a 
system of trying to make things clear, and it's very helpful 
and an excellent statement as well.
    [The prepared statement of Mr. Yim follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.010
    
    [GRAPHIC] [TIFF OMITTED] T4837.011
    
    [GRAPHIC] [TIFF OMITTED] T4837.012
    
    [GRAPHIC] [TIFF OMITTED] T4837.013
    
    [GRAPHIC] [TIFF OMITTED] T4837.014
    
    [GRAPHIC] [TIFF OMITTED] T4837.015
    
    [GRAPHIC] [TIFF OMITTED] T4837.016
    
    [GRAPHIC] [TIFF OMITTED] T4837.017
    
    [GRAPHIC] [TIFF OMITTED] T4837.018
    
    [GRAPHIC] [TIFF OMITTED] T4837.019
    
    [GRAPHIC] [TIFF OMITTED] T4837.020
    
    [GRAPHIC] [TIFF OMITTED] T4837.021
    
    [GRAPHIC] [TIFF OMITTED] T4837.022
    
    [GRAPHIC] [TIFF OMITTED] T4837.023
    
    [GRAPHIC] [TIFF OMITTED] T4837.024
    
    [GRAPHIC] [TIFF OMITTED] T4837.025
    
    [GRAPHIC] [TIFF OMITTED] T4837.026
    
    [GRAPHIC] [TIFF OMITTED] T4837.027
    
    [GRAPHIC] [TIFF OMITTED] T4837.028
    
    [GRAPHIC] [TIFF OMITTED] T4837.029
    
    [GRAPHIC] [TIFF OMITTED] T4837.030
    
    Mr. Shays. Mr. Reese.
    Mr. Reese. Mr. Chairman, Vice Chairman Turner and members 
of the subcommittee, I thank you for inviting me to testify 
before you today.
    The committee asked me to discuss four points concerning 
the Homeland Security Advisory System: the process the 
Department of Homeland Security uses in determining the threat 
level; the notification process that the Department uses to 
disseminate a change in the threat level; the information 
provided to the public when the threat level changes; and the 
lack of protective measures for States, localities, the public 
and the private sector.
    As General Hughes said, Secretary Ridge, then Director of 
the White House Office of Homeland Security, announced the 
establishment of the Homeland Security Advisory System on March 
12, 2002. This advisory system has five threat levels. At each 
threat level the system prescribes protective measures that are 
mandatory for Federal agencies but only recommends them to 
State and local governments.
    Since the inception to the present, the system has never 
been lower than elevated or yellow, and has been raised to 
orange five times, with the Nation being at orange for a total 
of 87 days.
    If I correctly understand it from statements by Secretary 
Ridge, the process DHS uses in determining the system's threat 
level has three steps: First, DHS receives intelligence reports 
from a variety of entities within the U.S. intelligence 
community.
    Second, upon receiving these reports, the Department 
considers the following: whether the information is credible, 
whether the information is corroborated, whether the reported 
threat is specific and imminent and the gravity of the 
potential consequences of the threat.
    Third, in consultation with the Homeland Security Council, 
the Department decides whether the threat level needs to be 
raised or lowered.
    Once the decision is made to raise the threat level, DHS 
notifies State and local governments, the public and the 
private sector through a variety of communications systems. 
State and local governments receive notification through such 
systems as the National Law Enforcement Telecommunications 
System and conference calls to Governors, State homeland 
security advisers and mayors of selected cities. Selected major 
industries receive notification through such systems as the 
critical emergency operations communications link; and, 
finally, the public is notified through a DHS public statement. 
These public statements provide general reasons for the change 
in threat level, but they do not offer specifics.
    The Department has said that intelligence reports indicate 
an increased probability of a terrorist attack. In the written 
statement I submitted, there is a table that lists the reasons 
and dates of the five changes from yellow to orange. The only 
time DHS has provided specifics on possible targets was on 
February 7, 2003, when the Department stated that intelligence 
reports suggested possible al Qaeda attacks on apartment 
buildings, hotels and soft-skinned targets, but no geographical 
location was identified.
    This leads to my final point, which is what some say is a 
lack of clear guidance on protective measures for States, 
localities, the public and the private sector.
    As I noted earlier, the advisory system has mandatory 
protective measures for Federal departments. These measures, 
however, are only recommended for States and localities, but 
these measures do not address the issue of what actions the 
public should take during heightened threat level. The only 
recommended actions the public received during the five orange 
alerts was to remain vigilant, report suspicious activities to 
the Federal Bureau of Investigation and to carry on with their 
daily lives with a heightened sense of awareness.
    In summary, the advisory system in its present form does 
not provide specifics on why the threat level has been changed, 
nor does it provide clear guidance on actions States, 
localities, the public and the private sector need to take 
during a heightened threat level.
    I thank you, Mr. Chairman and I will welcome any questions 
you or the committee might have.
    Mr. Shays. Thank you very much, Mr. Reese; and we 
appreciate the work of the Congressional Research Service.
    [The prepared statement of Mr. Reese follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.031
    
    [GRAPHIC] [TIFF OMITTED] T4837.032
    
    [GRAPHIC] [TIFF OMITTED] T4837.033
    
    [GRAPHIC] [TIFF OMITTED] T4837.034
    
    [GRAPHIC] [TIFF OMITTED] T4837.035
    
    [GRAPHIC] [TIFF OMITTED] T4837.036
    
    [GRAPHIC] [TIFF OMITTED] T4837.037
    
    [GRAPHIC] [TIFF OMITTED] T4837.038
    
    Mr. Shays. General, I particularly want to thank you for 
participating with this panel instead of just asking to be 
separate. That is very appreciated. I think we'll be able to 
understand this issue better because of it.
    We are going to recognize Mr. Turner, Mr. Schrock and then 
myself for 10 minutes, 5 minutes and then a rollover for 5 
additional minutes. If someone is asked a question and you want 
to respond to it as well, even if you were not requested to 
answer, please feel free to jump in as well.
    OK. Mr. Turner, you have the floor.
    Mr. Turner. Thank you, Mr. Chairman.
    Being a former mayor, I talk a lot to individuals who are 
responsible for local protective functions, police, fire or 
important infrastructures such as water systems. Also, the 
security personnel at the airport. What I hear from them, which 
is echoed in many of your statements, is the lack of direction 
upon the elevation of the threat level.
    In the materials that we have there are obviously some 
protective measures that are listed, but many times there is a 
lack of specificity as to what one should do that has 
responsibility for important infrastructure. For example, local 
water authority. The threat level was raised. They know they 
need to increase their security. They need to do something, but 
they don't really know what necessarily to do. They don't know 
if enough, if it's not enough. Also, then they worry when the 
threat level is lowered that lessened security during a time of 
lowered threat may not really be in the best interest of 
protecting the community or in responding to the threat.
    While one of you acknowledged that the lowest we had gone 
is yellow, which is elevated--but even in looking at the 
protective measures between yellow and orange, orange says 
restrict facility access to essential personnel. Yellow doesn't 
necessarily provide that.
    Mr. Yim and Mr. Reese, could you please talk for a moment 
about the issue of that lack of nexus, Mr. Yim, that you had 
mentioned for advice to the local officials and their important 
infrastructures, if you have knowledge of some of the things 
that they're doing and the lack of direction that they're 
receiving on what they should be doing. Because I know this is 
very troubling to them.
    Then, General Hughes, if you could speak as to, you know, 
why don't we have more specific standardized recommendations to 
them, more specific direction that--as this code goes up and 
down, where they might feel that, one, they're rising to the 
obligation or, two, that they have, you know, a greater 
direction as to what it means. Mr. Yim.
    Mr. Yim. Thank you, Mr. Turner.
    I think the general perception is that the color-coded 
system is too generic; and, as a result, it's not refined 
enough to be able to provide that specific information. So as 
we evolve the system, we can conceive of different people with 
different expertise receiving different information instead of 
everyone receiving exactly the same. That would go a long way 
toward curing some of the specificity issues.
    So, for example, as we mentioned, if there is to be some 
link between the types of information you receive and your 
ability to react and respond to it, then we can or should be 
providing more specific information to the firefighters, to the 
first protectors, that are trained to use that information, 
allocate the resources appropriately and to act upon it.
    I'm sure that we can devise some manners when we have 
security issues surrounding how much information to disclose, 
if we're limiting the recipients, that perhaps the Federal 
Government would be a bit--feel a bit more comfortable 
conveying more specificity to those targeted-type groups.
    I think it's important, however, that one of the reasons 
that we tend to default to more general warnings is often we 
don't have a good sense of what exactly are the capabilities of 
the recipients of that information to respond. As I said, we 
have not done a good assessment nationally of the capabilities 
of the respective State and local governments to not only 
respond, but also to prevent terrorist attacks, to assess their 
vulnerabilities and reduce their vulnerabilities.
    So I think, to a certain extent, both the assessment and 
the warnings will evolve hand in hand as we have a greater 
sense of the capabilities that the State and local and private 
sector and public can bring to bear in prevention and response. 
As that capability evolves over time, as people get more 
sophisticated in what they need to do, then I think the 
warnings also need to evolve and provide greater information to 
them. We're clearly not there yet. We don't have a good sense, 
and we default then to, as I said, this generic warning system, 
which almost universally people feel is not that useful.
    The only other point I would make on specificity is that 
let's not go too far in specificity in limiting the recipients 
of that information. We should not presume who would find the 
information useful. For example, if we want to target 
geographical areas and limit the information to just those 
residents of New York, we may miss people that are doing 
business via IT or remotely with New York or who are planning a 
trip to New York that may want to make risk-management 
decisions based on threats to other geographical areas.
    So there is going to be a difficult balance between 
providing generic information that raises the country's general 
sense of alert, because we can't always anticipate who would be 
affected by that information, and providing specific 
information to those trained to use their resources wisely and 
to act upon that information.
    Mr. Reese. As we've all stated, numerous State and local 
officials have said that the information that's been provided 
to the threat level change has been generic. Secretary Ridge 
has also stated that sometimes the information has seemed 
generic but there has been a need to provide information to the 
general public and to selected critical infrastructure and the 
private sector and State and local officials. There is a need 
to announce a change in the threat level.
    I am not privy to any information that the Department sends 
out other than what is sent in the public statements to the 
public, so I will just kind of focus on that.
    There seems to be a desire to get a one-glove-fits-all 
situation, or protective measures that if it works well in New 
York then it should work well in Los Angeles. I would say the 
disadvantage to DHS giving specific protective measures or 
information would be that it doesn't foster State and local 
governments possibly to do their own threat and risk 
assessments.
    So I think, on one hand, we do want more information to be 
sent out so people can properly prepare, but on the other--and, 
as you know, CRS, we try to do the advantages and 
disadvantages. We want to ensure that we don't hamper State and 
local officials.
    Another issue that State and local officials bring up is 
when the threat level goes up there's an increase in cost that 
the government incurs. So if it's a specified threat that is 
geographically targeted, then, naturally, we'll--and we'll use 
New York City as an example. If New York City is targeted, 
naturally, we wouldn't want Los Angeles to incur costs more 
than they need, but it is universally--with the State and local 
officials and individuals that work in emergency management, 
there does seem to be a lack of information that causes people 
to question what they're supposed to do and when they're 
supposed to do it.
    Mr. Turner. General Hughes.
    General Hughes. Well, first, I found Mr. Yim's and Mr. 
Reese's comments to be instructive in several ways. I thought 
they were very good. But the issue that I'd like to point out 
to you is the struggle to try to find balance between greater 
specificity and broader information available to the public on 
the one hand and on the other hand generating some kind of a 
reaction in the official State and local, private sector 
environment and, by the way, in the American public that is 
broad enough to encompass the general threat; and that's what 
we strive for at the Department of Homeland Security.
    I will just make the flat statement that, as we now 
administer this system, it is specific, and we do communicate 
specifically with places that are specifically targeted. We do 
not do that in the public domain in general for obvious 
reasons. If we did that in the public domain, we would then 
give away our knowledge base and we would probably end up 
disclosing some of our protective and defensive measures. In my 
view, that would be a very foolhardy thing to do, so----
    Mr. Turner. So, General, are you saying that communities 
that don't have a specific directive with respect--should 
consider themselves lucky in that they are not faced with the 
imminent threat that you're obviously trying to manage?
    General Hughes. Once again, I urge you to have in your 
minds somehow a balance. But, generally speaking, I think what 
you just said is right, that the nature of the threat that's 
communicated to the country at large versus the nature of the 
threat that is communicated specifically to places, times, 
circumstances that we have information about are sometimes very 
different.
    But if I may explain two issues here. The nature of the 
threat can be specific and often is and not rise to the level 
that requires us to change the broader threat condition. That 
is, in effect, this morning there are threats in the United 
States today about specific cities, specific places, specific 
events and specific conditions, but this morning they have not 
risen to a level of concern and to a due consideration for 
broader change across the country. When they do, as they did in 
December 2003, then after due consideration we need to make the 
broader change.
    And I have to explain the last piece of this idea, sir. 
When something is threatened in New York City, the idea seems 
to be that you can divorce that from events in Seattle, but you 
cannot. The two are inextricably interconnected now 
electronically, by transportation, by the features of our 
social order. We are interdependent; and, indeed, the vector 
that the threat comes from may not be precisely known.
    In some cases, when we have to raise the nature of the 
threat to encompass the Nation, the country, we're doing so 
because we may lack specificity, but we have enough general 
information to cause us to rise to that level of concern.
    I'd like to just close my answer on this issue by stating 
that the idea that these colors, the threat conditions that we 
use here, stand alone without any interior specific actions is 
a flawed viewpoint. We do have many different variations on the 
theme of specific, direct communication and coordination and 
specific activities that we can undertake within any of these 
general threat conditions here on this chart.
    So I just--I wanted to get that point across, that the 
basic premise here and some of our conversation seems to me a 
little flawed.
    Mr. Shays. Can you make that last point again? I'm missing 
it.
    General Hughes. Yes, sir. We seem to refer to these colors 
and the conditions they represent as if they are singular, and 
they are not. Each of them has a complex background, some of it 
based upon judgment and specificity of the conditions. So if 
Secretary Ridge, as an example, in due consultation reaches a 
decision to raise the threat level from yellow to orange, there 
are very specific acts based on intelligence that cause that to 
happen.
    There may also be a broad general condition that results 
from that. The color level is an example, manifestation of the 
broad general condition, but the specificity interior to that 
change is very precise. We talk to people directly. We give 
them the knowledge that we have in some form. Often, by the 
way, right now especially in this last raised alert condition, 
we were able to give information that is very closely held in 
the Federal Government to State and some local authorities for 
the purposes of explaining what was going on; and they knew in 
far greater detail than they had in the past what the threat 
was about.
    Mr. Shays. I would just make a point to you that you're 
basically saying to us that this code system is based on 
substantive determination, and that I can accept. But what I'm 
going to be wrestling with when I have a chance to talk to you 
is what does the public have a right to know? In other words, 
you're saying to us when you went to code orange, which is 
elevated, you in essence were saying something pretty 
significant and people better listen, because it wasn't based 
on a best guess. Then the question is, what does that really 
mean to the public?
    Mr. Turner, your time had run out, but do you have any 
closing comment you want to make?
    Mr. Turner. Thank you for asking, actually. I thought the 
General's point was very important when he indicated about the 
vector of a threat.
    For example, we know in the World Trade Center that the 
threat to New York did not emanate in New York, and I think 
that's very important. That's an issue that, in just reading 
these materials and looking at specific threats versus general 
threats, that we might not all be aware; and it was I think a 
very important point.
    Mr. Shays. Mr. Schrock.
    Mr. Schrock. Thank you, Mr. Chairman. With your indulgence, 
I'd like to have an opening comment. Then I have a couple of 
questions.
    First, let me thank General Hughes, Mr. Yim and Mr. Reese 
for their efforts in enhancing the security of our Nation. 
Ensuring our Nation maintains maximum security and vigilance 
while protecting our liberties is a challenge and 
responsibility for which we are all accountable. This task must 
be accomplished in a reflective manner of efficiency, 
expediency and comprehensiveness; and I recognize that this is 
an unprecedented task.
    As we proceed, our growing pains will be felt and the 
learning curve will be challenging. Progress will come from 
innovative ideas, innovative technologies, technological 
improvements and old-fashioned American ingenuity. However, in 
our desire to have in place the very best security advisory 
system we can, there is a dangerous risk in waiting for the 
perfect system. It is incumbent upon us to provide the 
resources and material support for the growth and continued 
improvement of this system.
    I've heard your testimony, read the reports and am becoming 
educated as to the difficulties you are encountering. I 
sympathize with the regulatory, physical and even the 
logistical obstacles that you face.
    In the aftermath of the September 11 attacks, we witnessed 
American resolve as we had never seen before. On all fronts, 
Americans were thinking outside the box. Americans know how to 
make things happen, and we succeed when we're challenged. 
Americans have an inherent right to be informed of the threats 
we face and should be provided sound information and accurate 
and available intelligence. With the Homeland Security 
Presidential Directive 3, the American public is assured of 
that right, be it through Federal, State or local authorities. 
It is our obligation to see that right is provided.
    Secretary Ridge himself has correctly expressed concerns 
over the credibility of the system. We are all remiss if day by 
day efforts are not made and implemented which enhance the 
system's credibility. God forbid this country should sustain 
another terrorist attack in the future, but the reality is we 
had better be prepared.
    We have had 2\1/2\ years since September 11 and have made 
incredible leaps forward, but we are not there yet. I fear 
there has not been sufficient education of the American people 
regarding our advisory system. I would encourage a variety of 
public service announcements to educate Americans.
    As a kid, I remember the air raid sirens and the blank TV 
screens hissing the tests of the emergency broadcast system. I 
think the General and I can relate to that. We knew what that 
meant, and we were informed. Perhaps we need to make a similar 
outreach effort in this age of global terrorism. We must not be 
a government that cries wolf, but we must be a government of 
leadership and accountability. I have no doubt that your 
continued efforts will be successful.
    I wish to express my thanks to the witnesses again and the 
many dedicated personnel who have kept this country free from 
further attack. Their work is to be commended and your 
continued efforts to be encouraged.
    Question, besides the patent answer of give us more 
funding, what is it that Congress can do for you to help 
improve the Homeland Security Advisory System? If more money is 
the only answer, please lay out for us why, and I mean 
specifically, what that additional money will buy for the 
taxpayer.
    General, Mr. Yim, Mr. Reese.
    General Hughes. Well, thank you very much. I really 
appreciated the reference to the Civil Defense System and the 
long-ago insignia of the triangle on the circle. That's 
certainly a very poignant memory for me.
    Mr. Schrock. We knew what it meant, and we remembered.
    General Hughes. We did remember, and I still do to this 
day.
    I think the nature of the threat then, of course, primarily 
couched in terms of the former Soviet Union and the larger 
national strategic threat, is still a national strategic threat 
but couched in a much different way, kind of an ill-defined, 
fuzzy, nonpolitical entity out there that is striking us now as 
opposed to potentially striking us. So I see the threat as very 
imminent in many ways.
    With regard to your direct question, what can you do for 
us, well, I think what you're doing in the course of your work 
is vital. You are, by holding these kind of hearings and by 
engaging with us, assisting to inform and educate the American 
citizenry, and I think that's vital.
    I don't think I am in a position to tell you that we need 
more money. We need your support, and we need your 
understanding of the difficulty of operating this system, and I 
appreciated your comments in that regard.
    I think that your approach here to try to clarify the 
system is the same as the Department of Homeland Security's. We 
have made changes, and that term is kind of interesting. We 
have not radically changed the system, but we have made small 
tune-ups. We have identified procedural mechanisms that we have 
changed or put into use, and other steps have been taken, and, 
in some measure, some of those steps may have been informed or 
motivated by your work. So I would just like to say I can't 
tell you we need any resources right now. Your understanding 
and your involvement are critical, and I appreciate it and 
thank you for it.
    Mr. Yim. Thank you, Mr. Schrock.
    I think, with all due respect to all of the difficult tasks 
the Department faced, one of the things that the Congress can 
do is really hold the Department's feet to the fire in terms of 
doing vulnerability and capability assessments and making those 
assessments complete within a reasonable period of time.
    The new Homeland Security Presidential Directive gave a 
year deadline for the Department to do these critical 
infrastructure assessments and to set national preparedness 
goals. The Congress needs to be an integral part of the 
development of those national preparedness goals, assessments 
of the capabilities, not only at the Federal level but at the 
State and local and the private sector so that Federal programs 
can be designed--they are grant programs or tax policy or 
whatever programs--to stimulate enhancement of those 
capabilities. As we improve the capabilities of the various 
sectors to respond, then I think, as I said before, we will 
continue to evolve then the usefulness of the information that 
can be provided that would link the type of information to the 
capabilities of the recipients of that information.
    So I think there is a public education component, but 
there's also a tremendous oversight component I think, and 
that's GAO's role on behalf of the Congress but also in terms 
of designing Federal programs to stimulate the desired 
behavior. Because I think it will be absolutely clear that the 
Federal Government cannot own or fund 100 percent of everything 
that will need to be done in the Nation for homeland security.
    Mr. Schrock. I think I've heard you say that before.
    Mr. Reese.
    Mr. Reese. Sir, as you know, CRS doesn't make policy 
recommendations, but in my written statement I did provide some 
options should Congress decide that they would want to refine 
the Homeland Security Advisory System, and it's basically the 
two identified in my written statement.
    What I'd like to identify now is vagueness of warning and 
lack of protective measures. Some options for vagueness of 
warning would possibly be have DHS just provide general 
warnings, not to use the Homeland Security Advisory System, 
which they've done twice last year. On September 4, 2003, and 
November 21, 2003, DHS released public statements, general 
warnings. They were via public statements, and the system's 
warning was sent out to State and local governments. This 
addresses the concerns that have been asserted that it causes 
misunderstanding at the local level, but it would not address 
the issue raised by those who say DHS does not give enough 
specificity in the terrorist attack warnings, because, again, 
it's just a general warning, not a specific warning.
    The second option for that would be increased specificity 
of warnings when the threat level is raised. This is something 
that DHS says is a goal. They want to be able to issue high 
alerts to designated cities, geographical regions and 
industries and critical infrastructure.
    Next issue would be lack of protective measures. Some 
cities have already--some regions and cities, when going to 
orange, have already adopted some protective measures on their 
own. Surveillance cameras are activated. Law enforcement 
officers are granted--not granted time off, and so on.
    There's two policy options that Congress could look at. One 
would be just continue as is, allow the State and local 
governments to decide, conduct their own threat and risk 
assessments and decide what they need to do; and then the other 
one would be Federal guidance for State and local governments 
to the public and the private sector.
    The American Red Cross has a list of protective measures 
for the public schools, businesses, neighborhoods, at the 
different threat levels. This could be something that DHS could 
look at but, again, may not be as effective. If DHS were to 
provide specific guidance to State and local, the public, it 
may not be as effective if it was done at the State and local 
level.
    Mr. Schrock. Mr. Chairman, I know my time is up. Let me 
just make one more comment to our witnesses.
    This is a huge, huge issue with me personally. I represent 
the port of Hampton Roads, Norfolk, VA, area; and I worry about 
what they could do to our massive commercial port and the 
largest naval facilities in the world. Then I see what happened 
in Spain the other day and what the, ``knee jerk reaction was 
at the polls.'' I really worry about that. Because what that 
election told me was the terrorists won, and we simply cannot 
allow that to happen anywhere. So anything we can do to enhance 
this not only for this country but share with other countries 
as well will be most appreciated.
    Thank you, Mr. Chairman.
    Mr. Shays. I thank the gentleman.
    Mr. Tierney has agreed that I can go next, and then I'll 
recognize him.
    One thing I do know is that the folks in the Department of 
Homeland Security want a system that works well. I think they 
know it is a work in process.
    For me, the testimony that we have from Kenneth Allen, when 
he says in his testimony, the most important point that emerged 
from the PPW workshop, the workshop they had in 2002, was the 
conclusion that the Homeland Security Advisory System is a 
threat assessment system and not a complete warning system. The 
five colors tell the public that something may happen, but it 
does not identify what and where, and it does not warn citizens 
when an attack is imminent.
    Would any of you disagree with that statement?
    General Hughes. In my written testimony I address that 
issue and in the verbal testimony I gave you today I addressed 
that the Federal Government, the executive branch, especially 
the Federal Government, takes the homeland security advisory 
mechanism as directive in nature, and it compels us to act, but 
the State, local and private sector take it as suggestive, that 
is, the system that we currently operate under. So we do not 
compel the State and local and private sectors under this 
system to take specific actions by law. I think that's somewhat 
constructive.
    By the way, my experience so far is that we receive very 
good cooperation under this system from the State, local and 
private sector. I certainly know that there are complaints 
about some of the issues associated with the system.
    Mr. Shays. I think you're speaking, General, more of what 
I'm asking. I'm not asking whether the government is compelling 
anyone to do anything, whether it's Federal, State or local. 
What I'm asking is whether you agree that it's a threat 
assessment system and not a complete warning system.
    General Hughes. Well, I think that goes to exactly the 
issue that I tried to reply to. To me, if it were a complete 
system, this system might have some compulsory effect 
throughout our country in all of the levels of our social 
order.
    Mr. Shays. Yes. But even if we went one level down and 
didn't compel action--I realize in a storm warning we can tell 
people they've got to get off the Outer Banks, but in the 
system we have, we don't even warn people to get off the Outer 
Banks.
    General Hughes. We do, sir.
    Mr. Shays. Not in this system.
    General Hughes. With regard to the Homeland Security 
Advisory System?
    Mr. Shays. Yes.
    General Hughes. I think--first of all, I think drawing a 
parallel--direct parallel between the weather warning or 
alerting system and the homeland security system is a little 
bit different. I mean, the nature of the terrorist threat is 
about a direct attack on some critical feature of our 
government, our country, our culture, versus the kind of 
indirect and uncertain work of Mother Nature with regard to a 
large storm or natural effect.
    Mr. Shays. See, I feel in a way that the weather threat is 
more certain than the terrorist threat.
    General Hughes. Indeed, at times it may be. I guess the 
issue is whether or not the Department of Homeland Security 
should be in the business of engaging in warning the country 
about weather and about devastating storms that are 
approaching.
    Mr. Shays. And we do that----
    General Hughes. We do that in general terms.
    Mr. Shays. No, we do that in very specific terms, I think, 
General.
    We anticipate a storm. We anticipate it is going to be in 
this area. We would not only tell the law enforcement folks and 
the first responders about it, but you, the general public, 
should take specific action. You need to leave this area. You 
need to board up your house, you need to do the following.
    I don't see any of that in the system that we have as it 
relates to terrorism.
    General Hughes. Sir, if I may just say--by the way, I kind 
of mixed the message there. I meant, we, the Department of 
Homeland Security, don't do that in specific ways about the 
weather.
    Mr. Shays. But can I back up a second? FEMA is part of----
    General Hughes. FEMA is part of that. It is a response 
mechanism. But the National Weather Service----
    Mr. Shays. Fair enough. That part you are saying is 
Commerce.
    General Hughes. In direct answer to your question, though, 
I think we do have exact parallels to what you are talking 
about. We do change actions, the actions of people, everyday 
people at airports, at ports of entry, at transit points. We 
change the condition in which they act often in connection with 
threats to the homeland.
    To me, it is very similar to asking people to evacuate.
    Mr. Shays. I am not sure we do it consistently then. When 
we went from--and let me say that one of the challenges that I 
have, which is--I understand why the colors confuse people. 
Green is low. Blue is guarded or general. Yellow is elevated or 
significant. Orange is high. Red is severe.
    In other words, you have--under threat risk, you have 
green, you say is low, blue is guarded, yellow is elevated, 
orange is high, red is severe. We are only going between 
elevated and high.
    General Hughes. So far.
    Mr. Shays. Yes. But, you know, there are some parts of the 
country that probably should be guarded or low, frankly. I mean 
there are. And you have some--probably places in Montana, you 
know, and they intuitively know that. And there are some places 
in Montana that may be the other way, depending on--but what I 
wrestle with is, when I am told as a Member of Congress what 
the threat is, I am thinking to myself, whom do I tell? I know 
what the threat is. I know we are concerned about a dirty bomb. 
I know that we are concerned that it may be exploded in four or 
five cities. I know that it may happen at a point in which 
there is a large gathering of people.
    So I process that information and I say, you know, I don't 
know if I want my daughter going there.
    And I also know that we were concerned that there might be 
a hijacking of a plane with some pretty horrific results, from 
Europe. Now, I know that. So when I had school kids' parents 
call me and up and say, we are thinking our school kids are 
going to Europe, I have to wrestle with whether what I know, I 
warn them; or whether I just say, no, just do what you normally 
would do.
    Well, I know I am not letting my daughter go there. She can 
go to South America, she can go to Asia, she is not going to 
Europe, at least with my recommendation, while you are at code 
orange. And you know why I am saying that?
    And what I also know is that others who had the same 
warning told me that they would react the same way, and they 
told their friends. So we told our friends what not to do, but 
we didn't tell the public.
    Walk me through why the public doesn't have a right to know 
what we are concerned about.
    General Hughes. Well, first, I think the premise that I 
would like to begin on is that our issue is to warn the public 
to the degree that judgment dictates that we warn the public, 
but not to incite the public to unnecessary actions. We try to 
do that in the system by carefully characterizing the nature of 
the threat and carefully administering it.
    I would just like to say that I am from Montana, by the 
way.
    Mr. Shays. I saw you smile.
    General Hughes. The nature of the modern environment here 
is that some group or person can originate from a place distant 
from the point of attack like, perhaps, Montana, and could 
indeed, if the vigilance and alertness and warning level were 
high enough in Montana, be found out before they get to a point 
of attack elsewhere, let's say, Los Angeles as an example.
    And so the nature of this is, when the condition seems to 
rise to a level of national concern, we apply these gradations 
that you talked about here on the chart.
    Mr. Shays. But let me just be candid with you. There are no 
gradations, in my judgment. We just go from one to the other. 
There is a yellow and an orange. We aren't using the others. We 
aren't.
    General Hughes. Well, I see it differently. In my view, we 
are going from an elevated condition to a high condition. And 
in the English language that is a relatively reasonable 
gradation. Higher means that you are at greater imminence.
    Mr. Shays. OK. It seems to me, but what it says to me is--
we are already at elevated and we are going to high; that says 
something to me in the general public that I am being told by 
the Department to discontinue doing what you normally do.
    General Hughes. Once again, sir, that is the specificity I 
was talking about with the way we administer the system.
    In broad, general terms, in the most recent case where we 
went from yellow to orange, there was no need for us to give 
specific guidance to the broad population of the United States 
beyond what we did in raising the threat level condition.
    But we did give, sir, much specific guidance to those 
places, those sectors, those elements of our culture which were 
specifically affected with regard to the threat information we 
had.
    Mr. Shays. Let me ask you this then. What you are really 
suggesting is that our system is so good that if you tell the 
authorities, the public that has no need of concern because it 
is a foolproof system, that they will catch whoever is going to 
do it.
    I don't think the Department would want to be in the 
position of making that statement.
    General Hughes. I hope I didn't say that. I am trying to 
illustrate to you the problem we have, and I do think it is a 
challenge, which Mr. Yim and Mr. Reese have talked about, too, 
finding balance in this presentation to the American public.
    What I would like to say is that I think we have done a 
good job in the most recent case especially. We are learning as 
we go along. I think Mr. Turner and Mr. Schrock both noted the 
evolution of this. We are indeed learning as we go along about 
how to administer this system.
    Mr. Shays. Let me just say this--and, Mr. Yim, I am over my 
time, and I thank Mr. Tierney. But what I want to say to you 
is, if in fact we went to code orange, as we did based on a 
dirty bomb and some other things, and if in fact there was a 
dirty bomb explosion and people had been gathering in a public 
place, to what extent would the Department have been--not 
duplicitous--to what extent should it be held responsible?
    If my child had gone to a public place that ultimately had 
what we were concerned might happen, who would be at fault?
    General Hughes. Well, I think that we would, if we have 
information about that specific place. But we did not have that 
kind of specific issue in most cases.
    You speak there of a period of time and of a place and of a 
condition or event. In some few cases, we have had that kind of 
tactical information. But in most cases we had a broad, general 
kind of threat condition, actually coming from different sorts 
of--we use the term ``information streams,'' and they are 
characterized differently. But collectively, when those streams 
are brought together, the broad threat condition here in the 
United States during December and January was complex enough 
and high enough for us to change the color and issue specific 
instructions, in some cases, you may recall.
    Mr. Shays. But only to the authorities, not to the general 
public. To the general public, they were told to do what they 
normally do?
    General Hughes. Yes. In some cases the general public may 
have been the beneficiary of the actions of the official 
government without generally knowing if there was a great 
threat to them.
    Mr. Shays. Thank you.
    Mr. Yim.
    Mr. Yim. Mr. Chairman, I think there are two quick points I 
would like to make, because I do generally agree that it is 
more the threat advisory, a threat assessment, than a warning 
system, for, I think, some subtle reasons.
    First, we often consider the color code as a point-in-time 
warning system or assessment system when, in fact, an effective 
warning system is a process, as I think some of your witnesses 
following us will say. It is not just a point-in-time warning.
    There are obviously differences between the weather and 
terrorists. But if you think about how we handle weather 
advisories, if a storm is very far off the coast, you are very 
vague in the information about the landfall and points of 
impact. As we develop more information, we can develop more 
specificity and give greater information to those that are 
potentially affected without needlessly warning or needlessly 
causing anxiety to those that are going to be outside the path 
of a storm.
    The problem that we have, often, with the terrorist threat 
advisory is, it is either on or off. It is either yellow or 
orange, on or off, rather than considering it as a process. And 
I think, as it evolves, more specificity can be given during 
periods of orange alert. It is not just we declare orange alert 
on May 17th, here is the information; you are not going to hear 
from us again until we lower the alert level. I think that 
process needs to be recognized.
    The second point is, we tend to aggregate that. It is 
clearly a question of balance, as General Hughes points out. 
But it is also the danger of aggregating data. One of the 
things that the Department uses when it determines whether to 
go to orange alert is, they assess both the potential--the 
risk, the potential of the threat, the probability of the 
threat, and the severity of the risk should it occur. We 
probably shouldn't blend that data together. Those are two bits 
of information that are important for people to know.
    So if you have a low consequence, a low probability event, 
but a tremendously high consequence, you may take certain types 
of preventive action. If you have a fairly high probability of 
occurrence, but the consequence is relatively low, it is not a 
weapon of mass destruction, you may take different types of 
preventive or response measures.
    The aggregation of those two concepts into the decision to 
raise from yellow to orange, I think, exacerbates the problem, 
making it worse.
    Mr. Shays. I am going to say, there is no way, Mr. Tierney, 
you are going to get the floor right away, just after this 
statement. I don't pretend this is an easy issue.
    For me, I stay up at night thinking what I would do, 
General Hughes, if I was in your circumstance and we firmly 
believed that there was the potential of a nuclear attack in a 
city and that there was a potential cell that we thought had a 
weapon, material, and that they were somehow planning in a 
city.
    I mean, if you tell the public, there could be a horrific 
exodus that would kill literally tens of thousands of people; 
and yet, if it happens and 100,000 people are killed, there 
would be hell to pay. And I don't know the answer. But I do 
know we've got to talk about it.
    And ultimately the public has to have some sense of what 
these warnings mean. They can't just be for the law enforcement 
folks. So we have to find a way to have it make sense. And I 
would also say, it just seems to me that we should try--and I 
think the second panel is going to say this--we should try 
somehow to have the warnings in natural disasters as well as 
the terrorist disasters somehow have some uniformity in terms 
of words, in terms of warnings that--and again, I think you are 
going to learn from some of the second panel.
    I hope your folks, as well as the first--and your own 
comments, and maybe from us, I hope they take the information 
from this hearing and process it.
    Mr. Tierney.
    General Hughes. May I just make one comment about your 
statement there, Mr. Shays? I think that what you had to say 
was very important.
    I don't know how to explain this, but I take this very 
personally, since I am the intelligence officer who delivers 
the information to make this decision. And the thing that keeps 
me literally awake and on edge was what you described, a 
catastrophic strike against the United States that goes 
unwarned.
    And there are no easy answers to this, but I would just 
like to let you know that I appreciate very much your 
recognizing and verbalizing that point. And that is not 
procedural so much as it is a matter of judgment, a matter of 
the heart, a matter of feeling, a matter of intellect and 
analysis, and a matter of condition and circumstance. It is a 
vital piece of work that has been given to me to do, and I 
treat it very, very seriously.
    Mr. Shays. Thank you, General.
    Mr. Tierney, thank you for your patience.
    Mr. Tierney. You know, when you talk about all of this--and 
I think the comments that the chairman made about what 
individuals are supposed to take from this are well taken. But 
if you put yourself in the position of the local law 
enforcement or fire fighters or responders on that, what is the 
status right now of our system in terms of a situation where 
you go from yellow to orange, what specifically might, say, a 
police chief in a coastal community like Newburyport, MA know 
to do with respect to any given asset if it just goes from 
yellow to orange? Is he to protect the seaport and against a 
nuclear power plant just north of him, as well as chemical 
facilities, other things that matter; or is there enough 
specificity in there that he knows where to marshal his 
resources?
    General Hughes. Currently, we would deliver specific 
information to the police or to first responders or to other 
officials about a given location, a given sector of endeavor, 
such as a nuclear power plant's operation, or other conditions 
that we have specificity about, if we have it--if we have it. 
And we would do that relatively precisely, and we would not 
generally do that in public because to disclose that kind of 
knowledge in a public environment would, first, give away the 
fact that we have the knowledge and, thereby, potentially put 
how we got that information at risk; and it would also 
contribute to a broad, general feeling that would be 
unnecessary, in my view.
    We would accomplish the work of the authorities or the 
safety of the citizenry in the specificity that we treat that 
information with.
    Mr. Tierney. So you are saying, if you went from yellow to 
orange nationwide, that--and you had information that it was 
something that might relate to a nuclear power plant in the 
northeast, that is the information you would give to all 
interested law enforcement and other first responders across 
the country, so that others would not be in the same type of 
cautionary situation as would those people in the northeast?
    General Hughes. That is one way to put it.
    The other way to put it--which is, I think, a little bit 
less palatable, but it is the way in which we have to do it--we 
would give that information only to the locale that we had 
specific information about.
    Mr. Tierney. So here is the thing that I am talking about. 
That you give an alert from yellow to orange nationwide. Then 
you let the people in Oregon know that there--you have 
information specifically for them.
    My police department is running around taking care of 
everything--putting people on overtime, calling the Coast Guard 
for support over there, calling the National Guard for some 
other facilities or whatever. Are they right or wrong to react 
like that?
    General Hughes. They are right. And this is one of the 
complex issues here. And I think I would like to use Madrid as 
an example here. We are now under a condition of what I would 
refer to as simultaneity. We cannot depend upon an attack to 
come in a single place at a single time.
    Mr. Tierney. I was talking about an incident where the only 
information you had about any attack was with some specificity.
    General Hughes. Yes.
    Mr. Tierney. That is--the answer is still, you don't 
communicate that to responders across, so that the Oregon 
people are really heightened, and the other people can take a 
different, more nuanced look at that, and they have to go full 
out?
    General Hughes. Yeah. I understood your question, sir. I 
guess the issue for me is that maybe the premise here is a 
little bit further than I would care to go.
    If we had specific information about a problem in Oregon, 
we would talk directly to the authorities in Oregon and not 
raise the national threat condition, depending upon the nature 
of the information.
    Mr. Tierney. If you had information that related to nuclear 
power plants, let's say----
    General Hughes. Then we would talk to the nuclear power 
plant sector.
    Mr. Tierney. And not the others?
    General Hughes. OK.
    Mr. Tierney. So when you go from yellow to orange 
nationally, then you have less specificity, you are doing that 
because you have some information, but you are not certain of 
the extent.
    General Hughes. Before you came in, I explained in the case 
of the December-January timeframe, we had both specific 
information about specific issues of threat, and the threat 
condition generally rose to the level that we decided we needed 
to make a national change in the threat advisory system. And 
that probably will occur again in the future.
    And I might just say, sir, that in that case, generally it 
would not be a single piece of specific information, but 
several in different places.
    Mr. Tierney. When you notify the local officials on that, 
what communications system are you using now?
    General Hughes. There are a variety of communications 
systems to use. For State and local, we have the JRIES system--
--
    Mr. Tierney. I was interested in looking at that. In fact, 
that was going to be my next question, what is the 
functionality of the JRIES system and how widespread is its 
use? And how sophisticated are we in that technology?
    Because I am aware of similar systems being used in the 
military, developed out of MIT with General Myers and General 
Kellogg; and we have looked at those extensively, and they are 
working quite well in connecting military bases.
    Now, I know they are being tried elsewhere. Are you 
familiar with that? Is that the type of system that JRIES is 
going to evolve into, and where are we in that evolution?
    General Hughes. Indeed, sir, JRIES grows out of the 
military system. It was begun by the military, and we have 
begun to adopt it. We are proliferating it as rapidly as we 
can. We intend to encipher some of it, especially to the States 
and major cities, at the Secret level as rapidly as we can do 
so, so that they have a greater body of knowledge available to 
them.
    Mr. Tierney. Simultaneously?
    General Hughes. I think the answer that I would like to 
give you is, we are not limited by the systems we can use, 
there are so many, to include, by the way--and I thank my 
colleagues for mentioning this--the fact that Secretary Ridge 
and other officials of government do make public statements 
using our national media to communicate the position of the 
government.
    Mr. Tierney. I understand. It was the simultaneity that I 
was thinking of, of being very effective and very useful. And 
the JRIES system, if we can raise that to the level that I 
believe that it can accomplish, to me that is a powerful tool; 
and you can get on there to address the people that you want, 
with the specificity that you have, and people have a much more 
detailed idea of what it is that they have to respond to, just 
what knowledge that you have, you can keep it to a secure 
group.
    So if I am allowed, Mr. Chairman, just one last?
    What is the status of that now in terms of your use? How 
long--how far along the chain is JRIES?
    General Hughes. I hate to give you a percentage of 
fielding, but it is very far along. We are proliferating it 
very rapidly out to the States and the major cities especially, 
and to some local organizational entities. We have a plan to go 
to the county level in perhaps not every county in the United 
States right away, I don't want to make you think that this is 
going to happen overnight, but over the long term we will 
evolve to the county level.
    We have other alternatives, other communications 
alternatives that are in being now, that go especially to the 
State and some localities and, by the way, to the private 
sector. An example would be SIPRNET, the National Guard 
communications systems, the national telephone system, which we 
can use. We have provided secure telephones to State and local 
officials in many cases, especially in major cities, and often 
in the private sector those kinds of secure communications 
means are available. We can use the Internet, and we do for 
general information.
    We really are not limited here. We are trying to make a 
coherent system that everyone can understand and depend upon. 
And in my view, I am the key player in that issue, and I would 
say that by the end of this calendar year, we will achieve a 
very coherent and very robust, broad system of communications 
and interaction here in the United States that will not only go 
from the government to our State, local, private sectors, 
tribal and other territorial responders, but it will come back 
to us from them, with their views, their local knowledge, their 
input. That is, I think, a vital piece of this.
    Mr. Tierney. Who is your principal contractor in the JRIES?
    General Hughes. I don't think we have a principal 
contractor for JRIES, because it is a governmental-owned 
system. But we do have contractors associated with putting it 
in place, a number of them.
    Mr. Tierney. OK.
    Thank you, Mr. Chairman.
    Mr. Shays. I thank the gentleman.
    We are going to go to our next panel, but I want to say 
this and get some kind of response here. I don't believe, 
General, that anyone here is questioning whether we should have 
gone to code orange. I don't even think--and so I am convinced, 
trust me, I am so convinced that I responded differently based 
on the code orange. It meant something to me.
    What I would like you to do is just comment on what Mr. Yim 
talked about in terms of risk communication experts generally 
agree that effective warnings should be specific--the nature of 
the threat, when and where it is likely to occur, and over what 
period of time, provide guidance or actions to be taken, and 
perhaps, above all, assure that the information is consistent, 
accurate, clear and provided repeatedly.
    I guess the issue that I wonder about is, do you disagree 
with this recommendation, so it is--you shook your head so you 
don't disagree?
    General Hughes. No, I don't.
    Mr. Shays. So the question is how we move forward? Is that 
the issue?
    General Hughes. Yes. I think--once again, I hate to use the 
word ``evolution'' or learning and doing all the time, but I 
think it is the right way to characterize this. I think Mr. 
Yim's characterization with those words you just voiced are 
generally right.
    I do think--once again, we do find ourselves juxtaposed 
against the need to secure some of the information we have and 
to communicate it so that it can be used by appropriate 
authorities and not alarm or unnecessarily excite the general 
public. This is a matter of great judgment at times and can be 
second-guessed and criticized.
    As you said, you gave us credit for doing the best that we 
possibly can, and we are certainly trying to do that. We will 
learn, using Mr. Yim's construct here, more about how to 
communicate specificity out to the larger country than we have 
in the past.
    However, the point of protection of the information 
probably revolves around the degree to which we can be specific 
and, at the same time, make sure that we don't further endanger 
our public by giving away to those who would strike us some 
kind of information that would allow them then to find a seam 
or a gap and hit us where we did not expect.
    Mr. Shays. I understand it is a fine line. But I would 
suggest this to you, that it was known from almost day 1 that 
we were having a problem with flights from Europe. We knew it, 
the terrorists knew it, and the general public was hearing 
about it kind of indirectly.
    And I would just suggest to you that some of what we knew, 
since the terrorists knew and the government knew, the only 
thing you can argue is that we wouldn't want to disclose 
sources and methods. But I don't think you necessarily have to 
disclose sources and methods to disclose information to the 
public that would then get them to decide whether or not they 
want to do something.
    I just make this point to you. If, in fact, we thought that 
large--we were reading it in the newspaper and the newspapers 
were correct, but it wasn't coming from Homeland Security that 
large public gatherings were a very real target, then unlike 
the way I responded publicly, which I would do differently, I 
think the public would at least need to know that they should 
make choices, that we think we protected this large public 
gathering, that we are confident of what we have in place, but 
you need to know it is a target, and so when you go, you go 
with some risk--if it is to raise the flag, show you are brave, 
whatever, but it might tell a parent, maybe they are not going 
to send their 14-year-old child. And then I want to tell you 
why I think this is important.
    If, in fact, something does happen, you have more 
credibility the next time. I will tell you, there will be hell 
to pay if the public isn't warned about something that 
everybody else knew about in government. Then they will never 
believe you.
    I will just illustrate it this way. When we were warning 
right after September 11th that we could deal with smallpox, 
that we had all of the resources necessary to deal with it, I 
knew that was simply a lie. It was not true. When I 
confronted--and I will say it more generally, I just simply 
knew it was not true.
    When I spoke to the individual involved, he said we were 
trying to make the public feel more comfortable and to lower 
their anxiety. My comment to him was, though, if there was an 
outbreak and there was this lack of ability to deal with it, 
they will never believe you forever, and then--no matter what 
the government says. So I guess truth in this process is 
important too.
    And let me just close by saying, first, is there any 
panelist that wants to make a comment? Is there anything that 
you felt we should have asked that was not asked that you want 
to put on the record? Anything based on what you have heard 
said today that you want to put on record?
    Mr. Yim. Just a 10-second comment, if I could, Mr. 
Chairman.
    I think we should err on the public's right-to-know side, 
because the public has a great appetite for information. I have 
a great appetite for information. If I am not going to get it 
from a credible source, I may get it from a source with much 
less reliable information. I would rather receive it from the 
Department of Homeland Security than receive it from the 
Internet.
    Mr. Shays. OK.
    Any other comments?
    General, you are great to be here. Thank you for 
participating in this panel. It has been very helpful. And we 
know that you clearly want to make this system work better. I 
believe in the system, the process, I know it has to work 
better though.
    Mr. Reese, thank you as well. Mr. Yim, thank you.
    We are going to announce our second panel: Mr. Charles D. 
Connor, senior vice president, communication and marketing, 
American Red Cross; Mr. Michael Wermuth, senior policy analyst, 
RAND Corp.; Dr. James J. Carafano, senior research fellow, 
defense and homeland security, Heritage Foundation; and Mr. 
Kenneth B. Allen, executive director, Partnership for Public 
Warning.
    All four of you, if you would, stay standing.
    [Witnesses sworn.]
    Mr. Shays. Note for the record, our four witnesses have 
responded in the affirmative.
    You have all been here for the questions and responses and 
statements of the first panel. Feel free to incorporate that in 
your statement; feel free to depart from your statement. That 
will be part of the permanent record. And I want to let you 
know that we really thank you. We think this is a very 
significant issue, and we appreciate your participation in our 
trying to understand it better.
    We will start, as you are sitting, with you, Mr. Connor, 
first.

    STATEMENTS OF CHARLES D. CONNOR, SENIOR VICE RESIDENT, 
    COMMUNICATIONS & MARKETING, AMERICAN RED CROSS; MICHAEL 
   WERMUTH, SENIOR POLICY ANALYST, RAND CORP.; DR. JAMES JAY 
    CARAFANO, SENIOR RESEARCH FELLOW, DEFENSE AND HOMELAND 
SECURITY, HERITAGE FOUNDATION; AND KENNETH B. ALLEN, EXECUTIVE 
            DIRECTOR, PARTNERSHIP FOR PUBLIC WARNING

    Mr. Connor. Thank you, Mr. Chairman and members of the 
subcommittee, for your gracious invitation to testify this 
morning. My name is Chuck Connor, and I serve as senior vice 
president of communication and marketing at the American Red 
Cross national headquarters here in Washington.
    The American Red Cross is a nationwide network of nearly 
900 chapters and 36 blood services regions dedicated to saving 
lives and helping people prevent, prepare for and respond to 
emergencies.
    With 1.2 million volunteers and 32,000 employees, the Red 
Cross annually mobilizes relief to families affected by nearly 
70,000 disasters. We also train almost 12 million people each 
year in life-saving skills. The Red Cross is the largest 
supplier of blood and blood products to more than 3,000 
hospitals across the Nation. We also assist victims of 
international disasters and conflicts at locations worldwide.
    One of our most important partnerships is government at 
every level--Federal, State and local. Government relies on the 
American Red Cross to address the huge challenges of public 
preparedness, particularly in the all-hazards environment we 
spoke of today. We believe that everything the Red Cross can do 
in this important area relieves some of the burden on 
government agencies and first responders.
    As the Department of Homeland Security has assumed the huge 
responsibility for domestic security, it has correctly focused 
on operational procedures. Conversely, it is our responsibility 
at the Red Cross to prepare the American public.
    In January, Red Cross president and CEO, Marty Evans, 
issued a strong wake-up call to the American public to get 
prepared. Despite growing concerns about terrorism and man-made 
disasters, Americans have generally failed to take the most 
basic steps to ensure their own safety.
    According to a study the American Red Cross commissioned 
last year, close to 60 percent of Americans, fully 175 million 
of our fellow citizens, are entirely unprepared for a disaster 
of any description. In February 2003, the Red Cross launched 
the Together We Prepare Campaign. This program challenges 
individuals and communities to take responsibility for their 
safety and that of their families at home, in school, and in 
businesses and neighborhoods.
    By following five basic steps we can all move toward 
greater safety. Those five steps are: make a plan, build a kit, 
get trained, volunteer, and give blood. Mr. Chairman, please 
mark your calendars, our next blood drive in the House is 
scheduled for April 15th.
    We believe that the more empowered and self-sufficient you 
and I feel, the more immediately effective we can be in a 
crisis situation. The bottom line, regardless of the 
responsibilities of government, in the end, all of us must take 
charge of our own destinies.
    The strategic direction of the Red Cross is to be America's 
partner and a leader in mobilizing communities to help people 
prevent, prepare for and respond to disasters and other life-
threatening emergencies. A critical part of this effort 
includes public education regarding the meaning of each alert 
level within the Homeland Security Advisory System, and the 
immediate actions required to ensure safety and security.
    As you know, the White House issued Homeland Security 
Directive 3 in March 2002, which established the five threat 
conditions for a possible terrorist attack. General 
explanations were given for preparedness activities for each 
level, but these were intended mainly for government agencies.
    However, across the country, there arose questions of, what 
does a condition yellow mean to me or my family? What does this 
mean for my business or my children's school?
    Working with the Office of Homeland Security at the time, 
the Red Cross developed and released specific disaster 
readiness guidelines for individuals, families, neighborhoods, 
schools, and businesses. Each color-coded threat category was 
further expanded to provide recommendations for each of these 
different audiences. These Red Cross-developed guidelines have 
been incorporated into the Department's own public 
communications.
    As part of our expanding preparedness and response role, we 
are continuing to keep America informed of the Department's 
terrorist threat level recommendation and the appropriate 
actions to take if the level is raised or lowered. And I 
believe you will see the chart on the wall there, which is 
germane to what we are talking about here.
    Once notified of a status level change, the Red Cross 
implements procedures and protocols to ensure that the 
organization can provide a swift, efficient and supportive 
response in case of an incident.
    Similarly, the public looks to the Red Cross as a primary 
source of emergency preparedness information. When a change in 
status takes place, the Red Cross communicates practical 
emergency preparedness information to the public through 
national news releases and the communication resources of our 
Nationwide Disaster Services Network.
    Preparedness information empowers all of us who use it to 
be more responsible for our own security and that of our 
family. This vital education effort befits our stature as 
America's premier disaster response organization.
    In a world where the forces of nature and man too often 
collide, the Red Cross is truly a beacon, showing Americans the 
way to safety. We owe it to ourselves, our families, our 
communities to prepare for the unexpected.
    Thank you again, Mr. Chairman, for this opportunity to 
appear before your panel. I would be pleased to answer 
questions later.
    Mr. Shays. Thank you, Mr. Connor.
    [The prepared statement of Mr. Connor follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.039
    
    [GRAPHIC] [TIFF OMITTED] T4837.040
    
    [GRAPHIC] [TIFF OMITTED] T4837.041
    
    [GRAPHIC] [TIFF OMITTED] T4837.042
    
    [GRAPHIC] [TIFF OMITTED] T4837.043
    
    [GRAPHIC] [TIFF OMITTED] T4837.044
    
    [GRAPHIC] [TIFF OMITTED] T4837.045
    
    [GRAPHIC] [TIFF OMITTED] T4837.046
    
    [GRAPHIC] [TIFF OMITTED] T4837.047
    
    [GRAPHIC] [TIFF OMITTED] T4837.048
    
    [GRAPHIC] [TIFF OMITTED] T4837.049
    
    [GRAPHIC] [TIFF OMITTED] T4837.050
    
    Mr. Shays. Mr. Wermuth.
    Mr. Wermuth. Thank you, Mr. Chairman, committee members, 
for the opportunity to be here today to address this important 
issue.
    Mr. Chairman, according to my count, this is the fourth 
time I have had the pleasure of being before this committee in 
that many years. I would also say that before September 11th, I 
could have counted on both hands the number of people who were 
providing national leadership on this issue, and of course, the 
chairman ranks among those people before September 11th.
    My remarks today are going to be focused on relevant 
research and related activities in connection with the 
congressionally mandated advisory panel to assess domestic 
response capability for terrorism involving weapons of mass 
destruction, also known as the Gilmore Commission.
    In accordance with its statutory mandates, the advisory 
panel delivered its fifth and final report to the President and 
the Congress on December 15th of last year. The strategic 
visions, themes and recommendations in that report were 
motivated by the unanimous view of the panel, that its final 
report should attempt to define a future state of security 
against terrorism, one that the panel chose to call America's 
New Normalcy.
    In developing that report, panel members all agreed at the 
outset that it could not postulate as part of its vision a 
return to a pre-September 11th normal. It was the panel 
members' intention to articulate a vision of the future that 
subjects terrorism to a logical place in the array of threats 
from other sources that the American people face every day, 
from natural diseases and other illnesses to crime to traffic 
and other accidents, to mention just a few.
    That report focuses on conceptualizing a strategic vision 
for the Nation that in the future has achieved in both 
appearance and reality an acceptable level of capabilities to 
cope with the uncertain and ambiguous threat of terrorism as 
part of dealing with all hazards. In developing that strategic 
vision, the advisory panel was guided by the recognition that 
the threat of terrorism can never be completely eliminated and 
that no level of resources can prevent the United States from 
being attacked in the future.
    The panel believes that the Nation is achieving a critical 
understanding of the risk posed to America by terrorism, an 
understanding that derives from America's inherent strengths, 
the strength in our Constitutional form of government and, in 
particular, the strength of our people.
    As a group of American citizens with broad experience in 
government at all levels and in the private sector, the panel 
members can see from those national strengths an ability to 
respond to the threat of terrorism with firm resolve and 
through concrete actions across the full spectrum of awareness, 
prevention, preparedness, response and recovery.
    Its goal was to articulate a strategy to achieve a steady 
state 5 years into the future, a vision shaped by a broad and 
well-grounded American perspective on the threat of terrorism 
and focused particularly, because of this panel's mandate, on 
State and local response entities.
    As part of that vision, the panel depicts a desirable state 
5 years in the future in a number of specific areas, including, 
among them, State, local and private sector empowerment; 
intelligence, information sharing; and enhanced critical 
infrastructure protection.
    Of course, a true national alert system will have an impact 
certainly in those four areas; and potentially in what the 
panel addressed. But as you have heard from other witnesses, 
the Homeland Security Advisory System, any true alert system or 
warning system, however you would like to couch it, is only one 
piece of a much more involved and complex process of 
intelligence collection, analysis and dissemination, and 
information sharing. As was mentioned by the previous panel of 
witnesses, the actual status of response capabilities, the 
assessment of vulnerabilities, which are part and parcel of 
what the Department of Homeland Security is doing, as well as 
those at the State and local level and the private sector, and 
the responsibility and the authority to act.
    After the panel described a future vision that included the 
words, ``The national warning system has been refined to 
provide more geographically and sector-specific information, 
based on the actual or potential threats, as its vision of the 
future.'' It went on, in a following section that it called a 
Roadmap for the Future, to articulate a specific recommendation 
based on the following conclusions.
    The panel said, ``The Homeland Security Advisory System has 
become largely 'marganilized,''' was the term that they used. 
``This may be attributed to a lack of understanding of its 
intended use as well as the absence of a well orchestrated plan 
to guide its implementations at all levels of government and 
within the public. The Governor of Hawaii chose to maintain a 
blue level in February when the Federal Government raised its 
level to orange. And the Governor of Arizona announced that his 
State would likely do the same thing based on particular 
threats.''
    Organizations surveyed by RAND for the panel had a number 
of suggestions for improving the Homeland Security Advisory 
System. Between 60 and 70 percent of State and local 
organizations suggested providing additional information about 
the threat type of incident likely to occur, where the threat 
is likely to occur, and during what time period, to help guide 
them in responding to the change in threat.
    And I have included, for the committee's information, an 
actual extract of that survey of some 1,200 State and local 
response organizations, as well as the tabular information on 
how they responded based on their own disciplines.
    The panel specifically said, ``We recommend that DHS revise 
the Homeland Security Advisory System to include using, one, a 
National Alert System to notify emergency responders about 
threats specific to their jurisdiction; two, providing training 
to emergency responders about what preventive actions are 
necessary; and three, creating a process for providing specific 
guidance to potentially affected regions or sectors when 
threats are changed.'' All of that just affirms what you have 
heard from other witnesses this morning.
    But several points are really worthy of consideration here. 
First, an alert process of this type is neither a total 
solution nor a single point of failure. Second, it is, by its 
own title, advisory. It does not require anything. Most 
importantly, most importantly, any alert system will only be as 
effective as the intelligence upon which it is based, making 
that function especially critical. And without delving into 
continuing deficiencies in the whole intelligence and 
information collection, analysis and dissemination, I 
respectfully call the panel's attention to the extensive 
discussion of that subject contained in the advisory panel's 
fifth report.
    Mr. Chairman, State and local governments, as you well 
know, and as other members of the subcommittee know, have a 
threshold responsibility for public safety and health. And they 
must do things that they determine are best for their own 
jurisdictions within their own existing resource constraints.
    With better assessments, with better alerts, based in large 
measures on more comprehensive and focused threat information, 
they will be able to make more well informed decisions.
    As the committee has already heard this morning, there have 
been changes in recent days. Over the end of the year holiday 
period, the flights from Europe that the chairman talked about 
earlier, all of those, in our opinion, are steps in the right 
direction. I would even venture to say that perhaps the 
advisory panel might not have been as specific in its 
recommendation now as it was in the fall of last year, because 
there are improvements that are headed in the right direction.
    But the Federal Government still needs to do a better job. 
It needs to do better about engaging States and localities and 
the private sector in part of that process. The Terrorist 
Threat Integration Center [TTIC], may--and I stress ``may''--
prove to be a valuable tool in that direction, but only time 
will tell.
    Some States and even some major cities have taken more upon 
themselves to be able to make valid risk assessments based on 
information that they derive from a lot of sources, and the 
private sector is becoming more involved as well.
    So, in conclusion, I would say that progress is being made. 
DHS has indicated a new amount of flexibility and innovation in 
the way that they are now handling the advisory system. There 
are probably some other fairly significant things that could be 
done. I did not include any specific recommendations beyond the 
panel's recommendation in my testimony, but I do have an 
opinion or two about maybe some specific things that could be 
done if anyone would like to ask for that during the question-
and-answer period.
    Mr. Chairman and members, again, thanks for the opportunity 
to participate. I look forward to your questions.
    Mr. Shays. Thank you, Mr. Wermuth, thank you very much.
    [The prepared statement of Mr. Wermuth follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.051
    
    [GRAPHIC] [TIFF OMITTED] T4837.052
    
    [GRAPHIC] [TIFF OMITTED] T4837.053
    
    [GRAPHIC] [TIFF OMITTED] T4837.054
    
    [GRAPHIC] [TIFF OMITTED] T4837.055
    
    [GRAPHIC] [TIFF OMITTED] T4837.056
    
    [GRAPHIC] [TIFF OMITTED] T4837.057
    
    [GRAPHIC] [TIFF OMITTED] T4837.058
    
    [GRAPHIC] [TIFF OMITTED] T4837.059
    
    [GRAPHIC] [TIFF OMITTED] T4837.060
    
    Mr. Shays. And, Dr. Carafano, thank you.
    Dr. Carafano. Thank you, Mr. Chairman. Thank you for 
inviting me to speak on this important topic.
    I have a lengthy statement for the record which I will 
submit. I would like to briefly summarize the high points of 
that, which are why I think this is an important subject; the 
good things I think which are going on, which I don't think 
have been touched on enough; some concerns about the current 
system; and then, I think, a look to the future of what we 
really need to think about for the long term.
    I think it's worth just reviewing and why this is important 
is four reasons: First and foremost is, I think the HSAS could 
be a key tool for welding the disparate national, Federal, 
State and local systems we have into a national system, which I 
truly think is the Federal role, is getting the resources where 
they need to be, when they need to be, for what they think 
needs to be done to protect American citizens.
    The second is, I do think that a properly run system can 
have an effect in terms of preventing, deterring and mitigating 
terrorist acts. I think that is an important fact.
    The third one, which has already been touched on, is there 
are enormous physical implications for this. It is widely 
reported it costs the Federal Government $1 billion a week to 
let the system--the Conference of Mayors says it costs about $7 
million dollars for local jurisdictions to do this. So every 
time we change the level, the physical implications are really 
large, and those need to be taken into account.
    And, fourth, I think we really need to look at the long-
term psychological impact that this system will have on the 
Nation. I strongly encourage further research in that area to 
determine how Americans are really going to react to this 
system over the long term.
    Just very quickly in terms of the good things that are 
going on, that I think deserves to be mentioned. The Homeland 
Security Council is playing an increasingly important role. 
They meet each time the level is changed. I think there is good 
coordination, at least from the outside, across Federal 
agencies in terms of coordinating Federal efforts to respond to 
the changing alerts. I think that is important.
    I think at the deputies level behind the scene, there is an 
improving increase in coordination. I think that is good.
    I think the Homeland Security Operations Center that the 
Department of Homeland Security has established, is an 
important asset. It plays an important role in managing the 
implementation of the system. It is a credit to the Department 
that they have stood it up, and the role that it plays. And I 
do think the announcement that Secretary Ridge made of the 
Homeland Security Information Network, which was mentioned in 
the last panel, is important and most important because I think 
it will provide a collaborative tool at a classified level that 
allows key people at Federal, State and local levels to 
communicate with each other, which in the end is really 
important to making the advisory part of this system important.
    I do have several concerns. On the Federal level, my 
primary concern is with the TTIC, the Terrorist Threat 
Integration Center, and that I think in the future the TTIC 
should play an increasingly important role in implementing 
HSAS, in determining when it should be implemented and how it 
should be implemented. As I talked about before, I am concerned 
that TTIC is not under the Department of Homeland Security, I 
don't think that is what the intent of the Homeland Security 
Act of 2002--I don't think it allows the Secretary to actually 
fulfill his role.
    I mentioned a number of recommendations in the report. I 
think in the end the IA portion of IAPA in TTIC need to be 
fully integrated. I think they need to be under DHS. I think 
the Secretary of DHS needs the legislative authority over the 
TTIC similar to the kinds of things that the JCS has over who 
can participate in the joint staff, that were implemented in 
the Goldwater-Nichols reforms.
    I do think that the problem with the system is at the State 
and local and public level. I understand what DHS has said, but 
the perception is that the HSAS is the key risk management 
communication tool to the Nation. And the general consensus is 
that it lacks useful guidance to actually be that. I mean, you 
can say what you want, but the research shows that if a warning 
is credible, specific, understandable and actionable, it is not 
a warning.
    I would recommend delinking the color code from the 
warnings that we give to State and local and the public. I 
think, as mentioned before, the State and local warnings need 
to be regional and functional in nature.
    As I mentioned, I think DHS has been moving in that 
direction. After we changed back from code orange at Christmas, 
they kept a specific alert on for the airline industry and 
certain airports. I think that is a sign that they are moving 
in the right direction.
    I think the other key piece to this is, we really need 
national performance standards, because State and local 
governments are never going to be able to act appropriately 
unless they know what is expected of them. And I am very 
supportive of the Cox-Turner Bill. I think that would be a step 
in the right direction, in putting in a requirement for these 
standards to be in place, because I think they are a key part 
of what we need to do to have a good system.
    The public system, I think we need to move to a simple, 
two-tiered system, a watch-and-warning system similar to what 
we do for weather alerts. People are already conditioned to 
that. I mean, we need a simple standard. We need to tell people 
what we can when we can. We need to provide specific directions 
and specific actions; otherwise, these warnings are simply not 
meaningful.
    I also think we need to have realistic expectations about 
what we can expect. The research shows that, by and large, 
unless people are conditioned to a disaster, if they have had 
experience in a forest fire or earthquake or something, that 
they tend not to prepare. And so we can put out all the 
warnings that we want, but unless we have a really serious 
education system in this country, it is unlikely that people 
are going to do much with these warnings.
    And even if we do have an extensive education system, it is 
really questionable what kind of large impact it is going to 
have in terms of raising public preparedness. And I just--I--as 
we look to the future, one of the most important things you 
need to think about is the back end of the system. We don't 
spend near enough time on that. We are talking about getting 
alerts to people, but what we need to do is start training the 
next generation of leaders at the State and local level and 
private industry, who know how to react to these alerts.
    One of the things I did in preparing for this testimony is, 
I screened about 100 Web sites from State and local governments 
and various industries, and the results are uniformly 
disappointing. Most people take the Federal color code system, 
and they just put that page up on their Web site. They say, 
here is what to do. So we are not training the next generation 
of leaders who can really react to nuanced warnings officially. 
And I have a series of recommendations in my testimony which I 
will be happy to go into.
    With that, I will conclude my statement. Thank you.
    Mr. Shays. Thank you, Doctor.
    [The prepared statement of Dr. Carafano follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.061
    
    [GRAPHIC] [TIFF OMITTED] T4837.062
    
    [GRAPHIC] [TIFF OMITTED] T4837.063
    
    [GRAPHIC] [TIFF OMITTED] T4837.064
    
    [GRAPHIC] [TIFF OMITTED] T4837.065
    
    [GRAPHIC] [TIFF OMITTED] T4837.066
    
    [GRAPHIC] [TIFF OMITTED] T4837.067
    
    [GRAPHIC] [TIFF OMITTED] T4837.068
    
    [GRAPHIC] [TIFF OMITTED] T4837.069
    
    [GRAPHIC] [TIFF OMITTED] T4837.070
    
    [GRAPHIC] [TIFF OMITTED] T4837.071
    
    Mr. Shays. Mr. Allen.
    Mr. Allen. Thank you, Mr. Chairman, members of the 
committee. My name is Kenneth Allen. I am the executive 
director of the Partnership for Public Warning. I appreciate 
this opportunity to appear before the subcommittee to talk 
about the Homeland Security Advisory System, but most of all, I 
want to talk about the public.
    The objective of a public warning system is to provide 
people at risk with timely and accurate information so that 
they can take protective action. Effective public warnings can 
save lives, reduce property losses and speed economic recovery.
    Public warning empowers citizens by providing them with the 
information they need during times of emergency to make 
informed decisions and take protective actions. Four years ago, 
the President's National Science and Technology Council issued 
a report concluding that many in our society are at risk 
because we do not have an effective national public warning 
system. That message was confirmed on September 11, 2001.
    On that terrible day, not a single national public warning 
system was ever activated. The Partnership for Public Warning 
was established in January 2002 by concerned emergency 
management officials from around the country. Because public 
warning is an issue that encompasses all levels of government 
and relies upon a private-sector infrastructure, PPW was 
created as a nonprofit, public-private partnership.
    We are the only national organization addressing the issue 
of public warning. And let me emphasize that many of our 
members and many of the proponents of the creation of PPW were 
the local and State officials and emergency managers involved 
in this issue. In fact, the chairman of our board is the 
director of the Florida Management Agency, so we are truly a 
public-private partnership.
    Less than 3 months after our creation, the government 
proposed the Homeland Security Advisory System. We provided 
comments on the initial proposal and have continued to monitor 
it and evaluate the system.
    In June 2000, we hosted a 4-day workshop with experts from 
government, industry and academia to look at the proposed 
system. The most significant finding was the one that the 
chairman noted earlier, this is not a complete warning system. 
It is merely a threat advisory system. It tells us that 
something may happen, but it doesn't tell us what, where or 
when.
    The best description I have heard of the HSAS is that it is 
America's ``mood ring,'' and even a mood ring probably comes 
with more specific actions such that if it is black, you need 
to get help. We need to address that issue.
    As a result of the workshop, we provided recommendations in 
2002 to the Office of Homeland Security. Last November, as 
people began to look at the HSAS and Secretary Ridge talked 
about making changes, we decided that someone ought to ask the 
public and local and State government what they thought about 
it; and we initiated our own request for public comment.
    The comments we received included the following points: The 
current system is too vague. It is inconsistent with existing 
alert and warning scales. It would be more effective if it used 
standard terminology and message formats. When there is a 
change in the threat level, State and local officials should be 
notified before the public is notified. One color does not fit 
all. Advisories should be tailored to specific geographic 
regions, industry sectors and other potential targets.
    A terrorist warning system should be developed to 
complement the advisory system. It should be linked to existing 
alert and systems such as the emergency alert system, and NOAA 
weather radio. And most of all, we should employ a multitude of 
technologies to reach people when there is a risk.
    After almost 2 years of operation under the HSAS, I think 
it is clear from the record and this hearing that changes are 
needed. A more useful system, an effective system, can and 
should be developed.
    We are not here today to criticize those who developed the 
HSAS. This is a complex and difficult challenge; and we believe 
that the system in place has been a good first step, and the 
Department of Homeland Security is to be commended on its 
efforts. It is time for us to work together, however, on a more 
effective solution.
    In my testimony, I have some of the elements of an 
effective public warning system. Applying those elements to the 
HSAS, we have the following recommendations: one, make the 
threat advisory scale consistent with other existing threat 
scales; two, refine the system to provide information on a 
local, regional and industry-specific basis; three, provide 
more guidance regarding the protective actions that citizens 
should take; four, develop a public warning system for 
terrorist threats to complement the threat advisory scale; 
five, integrate the HSAS with existing public alert and warning 
systems and move toward the national public warning capability; 
and six, collaborate with State and local government, the 
private sector and the public on the development of a more 
effective terrorist alerting system.
    The last two recommendations are the most important. 
Americans do not expect their government to preserve and 
protect them from all risk. The public, however, does expect 
the government will at least provide timely and effective 
information on imminent risk. Many, if not most, Americans 
believe that an effective national warning capability exists. 
It does not.
    Existing national alert and warning systems are fragmented 
and uncoordinated. Individuals at risk often fail to get timely 
information, fail to understand or act on the information, and 
often do not know where to go for additional information.
    Those not at risk who receive warnings of little relevance 
may come to view the system with skepticism if not distrust. 
The HSAS is an example of this fragmentation. Instead of 
building upon existing alert and warning capabilities, we have 
created another system and layered it on top of what we already 
have.
    The solution is a national integrated public warning 
capability that can be used to alert the public during all 
types of the emergencies, from terrorism to national disasters 
to accidents. We have done some work in that area, and I would 
be glad to talk to the committee if you wish to pursue that.
    But our final and most important recommendation is the need 
for cooperation and partnerships. Protecting our Nation's 
security must be a collaborative effort in which government, 
industry and the public work together. This is especially true 
if we were to develop an effective Homeland Security Advisory 
System.
    The Federal Government cannot develop an effective system 
on its own; no organization or individual has all the answers. 
Moreover, local and State governments, private industry and the 
public must understand and implement a terrorism warning 
system. To do so effectively, those stakeholders should be part 
of the process to design and operate the system.
    We urge the Department of Homeland Security to participate 
in a collaborative forum with all of the stakeholders.
    September 11th taught us that the unthinkable can happen. 
Future tragedies, whether natural or manmade, are not a matter 
of if but when. Lives can be saved and losses reduced through 
effective public warning. Americans expect their government to 
protect them and believe an effective warning capability 
exists. It doesn't exist today, but we can put it in place 
quickly if we work together. There is no excuse for further 
delay. This is an important issue. We commend the committee on 
its leadership in this area and look forward to working with 
you. Thank you.
    [The prepared statement of Mr. Allen follows:]

    [GRAPHIC] [TIFF OMITTED] T4837.072
    
    [GRAPHIC] [TIFF OMITTED] T4837.073
    
    [GRAPHIC] [TIFF OMITTED] T4837.074
    
    [GRAPHIC] [TIFF OMITTED] T4837.075
    
    [GRAPHIC] [TIFF OMITTED] T4837.076
    
    [GRAPHIC] [TIFF OMITTED] T4837.077
    
    [GRAPHIC] [TIFF OMITTED] T4837.078
    
    [GRAPHIC] [TIFF OMITTED] T4837.079
    
    [GRAPHIC] [TIFF OMITTED] T4837.080
    
    [GRAPHIC] [TIFF OMITTED] T4837.081
    
    [GRAPHIC] [TIFF OMITTED] T4837.082
    
    [GRAPHIC] [TIFF OMITTED] T4837.083
    
    [GRAPHIC] [TIFF OMITTED] T4837.084
    
    [GRAPHIC] [TIFF OMITTED] T4837.085
    
    [GRAPHIC] [TIFF OMITTED] T4837.086
    
    Mr. Shays. I thank the gentleman.
    One of my staff in hearing the issue of, you know, we are 
taking steps in the right direction, said it is hard to be 
satisfied with steps in the right direction. As former Senator 
Nunn points out, a gazelle being chased by a hungry cougar is 
taking steps in the right direction. Survival is a matter of 
velocity, speed, not vector direction. And I guess it is a 
combination of a lot of things, but interesting.
    Mr. Schrock. How do I top that? Thank you all for being 
here. I want to start with Colonel Carafano. You mentioned that 
the TTIC, you thought it should fall under the Department of 
Homeland Security, but as a DOD function. Its product and 
analysis is integrated with the DHS Homeland Security Advisory 
System. If Secretary Ridge consults with his council before 
raising or lowering color codes, why yank it out of DOD?
    Dr. Carafano. TTIC, now as I understand it, is statutorily 
run by the Director of Central Intelligence, and it is 
actually--it is an interagency group, obviously. It has DHS 
members. It's mostly CIA members. I think they're going to 
potentially go to about 250, and over half of those will be 
CIA. I think the intent of the Homeland Security Act of 2002 is 
that the Secretary of Homeland Security is responsible for the 
integration and dissemination of terrorist threat information.
    It just seems to me that unless we have somebody that we 
can put a finger in the chest and say, ``You are responsible 
for this,'' unless he is in charge of the resources of the 
organization and the membership of the organization, what the 
organization does, that we haven't truly met the intent of the 
law. And I know Mike has a different interpretation on who 
ought to have the rose pinned on him for this. I will let him 
chime in.
    Mr. Schrock. Colonel Wermuth.
    Mr. Wermuth. Jim and I have had this discussion before.
    Mr. Schrock. Obviously.
    Mr. Wermuth. I think the TTIC is appropriately placed 
somewhere other than within a single department. In the first 
place, the Department of Homeland Security doesn't own 
everything, even at the Federal level. More importantly, it's 
our experience in studying issues like this that when an entity 
becomes part of a single department, that's how it's viewed. 
It's part of that department. It doesn't tend to be viewed as 
something that can provide services outside the department, and 
clearly, the Department of Justice, Department of Health and 
Human Services, DOD itself and other Federal entities, much 
less States and localities, need some of the product that is 
generated from an organization like a TTIC.
    So I would suggest that a TTIC-like entity does need to be 
placed not directly under a particular department of the 
Federal Government but more freestanding to do the broader 
strategic approach to fusing intelligence information, if you 
will, fusing it and analyzing it and disseminating it.
    At the same time, Jim is absolutely right that the 
Department of Homeland Security needs more capability to take 
that information, maybe to take information from a lot of other 
sources, and process it, analyze it and disseminate it and make 
it actionable within DHS's own mission, which is of course to 
provide better alerts, better warnings, better advisories 
across this entire spectrum to States, localities, the private 
sector and perhaps the public at large. It's the level that, 
from my perspective, it's the level you're talking about. We 
need a broader, strategic, accountable organization like the 
TTIC; DHS needs an operational organization to do the same 
kinds of stuff for the execution of its own mission, both.
    Dr. Carafano. If I could just add one point, one point on 
which we both agree is--I think it's a great recommendation in 
the commission report--there should be strong State and local 
representation in the TTIC so when we implement these alerts, 
we have people who understand what State and local people do 
and we can translate that quickly into language that State and 
local people can act on. I think that's a good recommendation.
    Mr. Schrock. Mr. Allen, Colonel Wermuth talked about 
marginalization in the Gilmore Commission report, that the 
Advisory Panel states, ``The Homeland Security Advisory System 
has become largely marginalized.'' Do you all believe that, and 
what actions should DHS take to make this system more credible?
    Mr. Wermuth. Well, for the reasons that the panel stated in 
much more detail than I did in the testimony, it has become 
marginalized because people now are not necessarily taking it 
seriously or taking different kinds of action that you might 
anticipate that they would take, for whatever reason, whether 
it's resource considerations or just local politics. I mean, 
there are reasons why States and localities might decide to 
choose to do something or not to do something just based on 
political realities.
    I said in my remarks I didn't have any specific 
recommendations beyond what the panelists said, but now I'll 
offer one in response to Congressman Schrock's question.
    I think we need two systems or maybe two components of a 
system, and it has been talked about here already, but we need 
a system that is a warning system for the people who have, as I 
referred to it in my remarks, the authority and the 
responsibility to take action. We need a system that is 
directed to States and localities and those elements of the 
private sector that are involved in critical infrastructure 
protection that really provides a more targeted, more focused, 
more specific level of threat information for those entities to 
take specific action.
    Then it would seem we need a more general system--and Jim 
talked about this as well--that is directed to the public, that 
says to the public--he said two tiers; I might suggest three, a 
lower and a medium and a high one--that would say, at the low 
end, ``You, the general public, are not expected to do 
anything.'' We have governments and the private sector that are 
taking actions in connection with certain things, one that is a 
little bit higher than that, that says, ``You need to be more 
aware of your surroundings and, perhaps, take some specific 
actions,'' and a third level that says, ``Gee, at this level, 
you really need to consider not traveling, doing things, you 
know, to be more observant, more vigilant of your 
surroundings.''
    But it seems like this broad five-tiered system that 
applies to everybody--all of the witnesses this morning have 
agreed--that's probably not a good idea, that there has to be 
more specific things focused on the segments of our society 
that have both the authority and the responsibility to act, 
governments and those elements of the private sector that we've 
identified, the public at large, and I'm not sure you can 
devise a single system that would apply across that spectrum.
    Now, having said that, we ought to tell the public if we 
have different processes, and we probably will eventually have 
different processes. As some different processes have already 
started being applied, let's tell the public about those, so it 
doesn't look like we're telling governments and selected people 
one thing and telling the public something else. Let's describe 
all of the processes to our public and let them take that 
information on board and do what they will with it, but it 
doesn't seem to be helpful to expect the public always to react 
to a change in threat levels when it really doesn't affect the 
entire public.
    Mr. Allen. If I could just add to that, I would agree. One 
of the lessons of the risk communication is that different 
audiences respond differently to different warnings, and we are 
not--this is not one audience. State and local officials are 
one. Private industry officials are another. The public is 
another. Even the media is an important audience we should be 
dealing with, and we need to recognize and develop a system 
that can communicate with each of those effectively.
    Second of all, and again, I will reiterate this again, we 
need to integrate this with other systems. We have between 10 
and 20 different threat scales in this country for different 
hazards. Even in terrorism, the FBI has a four-tiered level, 
and we had DOD Threatcon. It's very confusing for folks to know 
which system applies.
    Third, collaboration. Let's let State and local governments 
work with DHS and the private sector to develop a system that 
works for all of us.
    And fourth and finally and a point that you made earlier 
is, we need public education. When we grew up in the 1950's and 
we had all of those civil defense programs and we practiced 
getting under the desk, we knew what to do in the event of an 
emergency.
    When the Iron Curtain came down, somehow we lost sight of 
all of that, and it's time, perhaps, to spend a little bit of 
effort teaching the public simple things such as what does a 
siren mean if you hear one go off. In different parts of the 
country, it means different things. So public education is a 
key part of what we need to do.
    Mr. Schrock. Let's follow on to HSAS for a minute. Since 
the creation of the HSAS, a number of issues have arisen and 
two, I think, that stand out: the vagueness of the warnings and 
the system's lack of protective measures. And various 
recommendations have been to refine the system, adding 
specificity to the alerts, and developing protective measures 
for the public.
    Mr. Allen kind of touched on this, but how can we add more 
specificity about the nature of the threat when alert levels 
rise, and why don't we have recommended, standardized 
protective measures for State and local governments, private 
businesses and the public?
    As Mr. Allen said, a siren going off in my hometown means 
there's a fire. In Kansas, it could mean a hurricane--I mean, a 
tornado. So how can we put that all together? Because there are 
so many things out there, nobody knows what to believe. 
Consequently, everybody ignores everything.
    Mr. Allen. You're absolutely right. And of course, in some 
places, a siren means gather all of the volunteer firemen.
    Mr. Schrock. True.
    Mr. Allen. Clearly you don't want to reveal sources of 
intelligence, and I don't think anybody is asking for that, but 
there are a couple of ways to deal with the issue. One is to 
create a codified process that the public understands. In other 
words, that we understand and the State and local officials 
understand how decisions are being made about raising or 
lowering the threat levels, what are the protocols and criteria 
used in that process, what are the protocols for communicating 
with people.
    Right now the raising and lowering of the threat level is a 
black box to most in the public. We don't know what goes on 
inside that black box. We don't know what goes into that 
decision, and then we aren't sure what's going to be 
communicated and when. So you can deal with a lot of the 
problem by providing more information right up front about how 
decisions are made, how and when they are going to be 
communicated.
    And then as you get down the road, you do need to put a 
process in place to share information with the public. We know 
from history that people generally do not panic, that they 
would prefer to have more information than less information. 
And most of all, as somebody said, let's not underestimate the 
intelligence of the American public, and let's share with them 
as much as we can.
    Mr. Schrock. Thank you, Mr. Chairman.
    Mr. Shays. Thank you.
    Mr. Ruppersberger.
    Mr. Ruppersberger. I'd like to get more into the TTIC issue 
and where the information goes. Are you familiar with the 
analysis and coordination centers that certain States have 
developed? It just so happened last week I visited the Maryland 
analysis and coordination center, and I think, from my 
observations, it's working very well, because what you have 
there, it's more like a strike force concept. You don't have to 
worry about the bureaucracy and who is in charge, but you have 
FBI. You have CIA. You have NSA. You have State and local. You 
have Customs. You have Immigration. You have all of these 
groups. And what has been effective, I think, is that it's up 
and down. Information is flowing up and down.
    Now, how would you analyze that--and that was really put 
together, I believe, out of necessity, because there was a lot 
of frustration, especially on the local level, that information 
was not coming from the hierarchy of the Federal level. How 
would you analyze that operation? And I understand Maryland's 
operation, I think, was one of the first, but it's being looked 
at and being implemented in other States. How would you analyze 
that as it relates to TTIC?
    Mr. Wermuth. I would say that certainly Maryland's effort 
is great. California, of course, has one that they call their 
California Terrorist Integration Center. The city of New York, 
of course, is another example of how a major municipality is 
handling the issue.
    I would just say that all of those are important pieces of 
this entire process. A lot of them have been developed, as you 
said, Congressman, as a matter of necessity, because States and 
localities felt like they were not getting enough information, 
and they had to do a better job at either the State or local 
level for coordinating it. But it goes back to the 
recommendation that the advisory panel made about the Terrorist 
Threat Integration Center. That's why it's important from the 
panel's perspective, why, in our view, the Terrorist Threat 
Integration Center, the Federal-level entity that looks at this 
strategically, has to have representation from organizations 
like the Maryland analysis center, like the California center, 
like New York, embedded into their staff on a day-to-day basis 
so that you have this complete perspective, not only from the 
Federal level but also from the State and local level.
    Mr. Ruppersberger. But do you see a duplication of effort 
occurring between that and this group?
    Mr. Wermuth. Not at all, because when you divide this, if 
you will, in military terms--strategic, operational and 
tactical--you need all of the elements. And the New York 
operation is tactical. The Maryland operation tends to be both 
operational and tactical, because it's working with the 
Maryland community. Same thing in California.
    So all of these are complementary efforts. It's my same 
opinion about the TTIC being separate and independent so that 
it serves all of the customers, but other entities needing 
their other capability at the operational level inside 
departments. The Department of Treasury just formed a new 
intelligence and analysis center for money operations, for 
financial transactions by terrorists. I think all of those 
things are important, not duplicative but complementary 
depending on what the level of activity that you're talking 
about, tactical, operational or strategic.
    Mr. Ruppersberger. Let's get--yes?
    Dr. Carafano. If I could follow on that. I really think the 
State and local analysis centers are essential, and they're 
really the missing piece of the puzzle and the piece that will 
allow us to get away from the blunt instrument we now have. 
Because what you need is--if you have these analysis centers 
that can really take the information and interpret it to 
understand what should be done in that local situation, then 
DHS can move away from the blunt instrument, and they can pass 
more focused analysis to the regional and the functional areas, 
and then they can do their analysis to interpret if it's 
applicable for them.
    So I think these are complementary with TTIC, and I think 
something like HSIN, the Homeland Security Information Network, 
which could provide a bridge between TTIC and DHS and these 
other organizations so they can talk collaboratively, will 
really allow us to have a much, much more nuanced system.
    Mr. Ruppersberger. You said that you think those systems 
like the one that I visited in Maryland are very good, but 
there are some concerns about TTIC. What would your 
recommendation be? Is it because you don't have one boss, 
because you have a combination of FBI, CIA? And yet, in the 
analysis center, you have the whole group together. What would 
your recommendation be to make it more effective so that 
Secretary Ridge could be in a position to make the proper 
recommendations and get the right intelligence?
    Dr. Carafano. First of all, I think TTIC will always have 
to be an interagency organization. It should never be anything 
but an interagency organization.
    Mr. Ruppersberger. Yes. I agree.
    Dr. Carafano. And second, I think you have to have one guy 
in charge, you have to have one guy responsible, and I really 
think that should be the Secretary of Homeland Security.
    My third recommendation would be to then give him the tools 
to ensure that the other pieces of the Federal system cooperate 
appropriately, and the model I would use is what we use for the 
Joint Chiefs of Staff. When we passed the Goldwater-Nichols Act 
and said the Joint--the chairman gets to decide who is on his 
staff, and you have certain education requirements. You have 
certain experience requirements. You have certain accreditation 
requirements, and then he has certain budgeting authority.
    So if he has all the tools to make the other Federal 
agencies, then I think you've built a system for the long term 
and, most importantly, you have a chest that you can put your 
finger in and say, ``This is the guy that's responsible for 
bringing it all together, connecting the dots and telling 
everybody what they need to know and when they need to know 
it.''
    Mr. Wermuth. The only point of disagreement there is in the 
placement of the TTIC, as I mentioned earlier. The Advisory 
Panel believes the TTIC ought to be separate and independent 
from my Department. And in fact, if you want to pin the rose on 
a single person, this panel recommended that what it calls the 
National Counterterrorism Center, that we think probably will 
help serve as a model for the TTIC, really ought to report not 
to the Director of Central Intelligence but directly to the 
White House. So clearly you can pin a rose directly on an 
individual there, the guy in charge of all of the Federal----
    Mr. Ruppersberger. Where is the funding going to come from, 
the White House? You're going to have to have the resources. 
Where are the resources going to come from?
    Mr. Wermuth. You might very well have to have a separate 
appropriation for an organization like this. You could do it as 
part of intelligence authorizations. Because it's an 
interagency organization, it could also be part and parcel--as 
it is right now, with the TTIC--it could be part and parcel of 
other agency appropriations that help to fund an entity like 
that.
    Mr. Ruppersberger. Let's get to the--is the light still 
green?
    Mr. Shays. We did another one.
    Mr. Ruppersberger. The issue as far as--is it information 
coming in and not properly analyzed? Is it information that's 
there and not getting to the right people? Let's focus on what 
the real issue is with TTIC.
    Mr. Wermuth. It's all of the above. Before the TTIC, before 
other perhaps similar types of interagency entities, various 
agencies were collecting information, analyzing information in 
some cases, disseminating information without either having a 
willingness to share or having an understanding of what needed 
to be shared with other entities.
    Mr. Ruppersberger. Let me get back to my original question 
because of the time.
    Why is the coordination centers--why do they seem to be 
working very well while there are still issues with TTIC? Would 
you analyze the two and why you feel one is working better than 
the other right now?
    Dr. Carafano. I think, quite honestly, if you talk to most 
State and local governments, they will say that there's more 
information going into the system than coming out. And there 
are lots of reasons for that, connectivity, security 
clearances. How do we share information? It's a learning 
process. I'd be reticent to say there's one reason why we're 
not communicating down as well as I think we're communicating 
up, and I think that all of these things are really going to 
have to be addressed before you see a marked improvement.
    Mr. Ruppersberger. Let me get to another area. I was a 
former county executive, during September 11, and went through 
sending our police officers into overtime to synagogues and FBI 
buildings, Social Security buildings, those type of things. I 
see the U.S. Conference of Mayors reported last year that it 
cost U.S. cities approximately $70 million per week in extra 
overtime, security, personnel costs, and I think the Heritage 
Foundation estimates that it costs the Federal Government $1 
billion per week.
    Do we need--what would you recommend as far as a procedure, 
as it related to geography and specificity? Now, again, I know 
that there is a lot of different intelligence, there is a lot 
of chatter, but in the end, our intelligence is pretty strong 
in a lot of areas. The issue of specificity and locale, for 
instance transportation versus an issue involving an airplane 
issue or whatever it is, that we need to continually--when we 
hear the chatter, when things go up--to throw it out to the 
whole country. And that is No. 1.
    And second, then what would the recommendation be, if we 
could get to a geographical issue or specificity, how would you 
implement that? Through code colors or what?
    Mr. Allen. I don't have the specific answer for you, 
because I think it's going to depend on the region and the 
sector. Industry sectors might----
    Mr. Ruppersberger. My question is for the whole country, is 
it--do you think it would work to declare a certain area in the 
East Coast and not declare California? Because then all of a 
sudden----
    Mr. Allen. I think it would work the same way the State 
Department can advise you that certain nations of the world are 
unsafe to travel in or travel to them at your own risk. I think 
if we develop a specific system targeted at specific geographic 
and industrial sectors and we educate the public as to what it 
means--I mean, I think a lot of this comes from the confusion 
on the part of the public as was discussed here. What does it 
mean when the threat level goes up? Does it mean everyone is 
affected the same? I think we can develop a much more effective 
system that's targeted at the specific threats because----
    Mr. Ruppersberger. Automatically, all local jurisdictions 
and most States, they are spending millions of dollars that 
maybe we don't have to spend.
    Mr. Allen. Well, one of the things we heard today, for 
example, is that DHS does try to communicate with State and 
local governments, and where they have specific information, as 
I understood, what they were saying was, ``After we send out 
the general notice, we will call those where we have specific 
information.'' So maybe it's a matter of putting a protocol in 
place that if you're a local community and you don't get a call 
within the hour, you know that there is no specific threat 
targeted at your jurisdiction.
    Mr. Ruppersberger. But most people will cover themselves by 
doubling up and pulling the people in overtime. It happens. 
Believe me, that's reality. The numbers are there.
    Mr. Allen. It is reality, but remember, no system is going 
to be mandatory, but each community and each citizen, all we 
can do is provide them with as much information as possible to 
make informed decisions.
    Mr. Ruppersberger. You can keep talking. I can't. But the 
specificity--I'm just asking--well, fine if we can. It depends 
on who the chairman is. He's a good chairman.
    What I'm getting to, is it realistic to think that we could 
come up with a plan that would deal with the issue of 
specificity, geography so that if in fact we know--and we can 
have, our intelligence is a lot more specific in certain 
arenas--that California, as an example, doesn't have to spend 
overtime when in fact you might need to do that on the East 
Coast, that's kind of what I'm--is there--do you all feel that 
there's a possibility to come up with a system like that? Would 
that be confusing? Would that--because once it goes, believe 
me, all--you know how elected officials always want to be re-
elected. They are going to make sure they cover their bases.
    Mr. Wermuth. It will never be perfect but better than it is 
now. Because of the ambiguity of terrorist threats, you'll 
never be able to devise a 100 percent system, but we can do it 
better and less costly at the State and local level, 
absolutely.
    Dr. Carafano. I would just like to say, I think it's 
important to de-link in the minds of the public and the State 
and local governments the HHS color-coded system from what they 
do every day. I think it works fine at the Federal level 
because you're coordinating centralized agencies, but I think 
we need to get people to think we're organizing the Federal 
Government effort; and for State and local governments and the 
public, we need to provide them watches and warnings that are 
applicable to them, and I do think that is an achievable 
system.
    Mr. Allen. I agree, it is achievable. Collaboration and 
education are the two key components, but we can do that.
    Mr. Ruppersberger. OK.
    Mr. Shays. I thank you, gentlemen. I'm going to ask all of 
you this question, including you, Mr. Connor, but I'm going to 
also have a specific question for you, Mr. Connor. I want to 
know how you transform from a threat assessment to a real 
warning system. I mean, I know we've been talking about it and 
it's in your testimony, but I want you to give me the first and 
second, say, the third most important steps DHS can do. I want 
you to think about that, and first ask you, Mr. Connor, you had 
mentioned in your testimony the work of the Red Cross in 
preparedness lessens the burden on Government agencies and 
first responders and yet the organization relies primarily on 
charitable donations to perform this important work in support 
of Government at all levels.
    I want to know, what additional resources do you need to 
continue to be successful in your effort to prepare the 
American public and to respond to the 70,000 disasters in any 
given year?
    Mr. Connor. Yes, Mr. Chairman. The Red Cross, through its 
nearly 900 community based chapters nationwide, is on the scene 
with first responders immediately following disasters, both 
natural and manmade, and as part of the first-response 
community, we provide direct support to fire, police, EMS, and 
we are integrated into State and local disaster preparations 
and training. Yet we are unable currently to apply directly for 
first-responder funding to meet these requirements we 
discussed. We must rely currently on local municipalities to 
include us in their grant applications.
    Mr. Shays. And why is that?
    Mr. Connor. Pardon me, sir?
    Mr. Shays. Why is that?
    Mr. Connor. I am advised that this is currently, if I'm not 
mistaken, the DHS interpretation of the statute. They've had--
they have a narrow interpretation of first responder, and it 
is, as I understand it, fire, police and EMS, if I'm correct in 
that. And so they are the entities that have the eligibility to 
apply directly for grants and not Red Cross, currently.
    Mr. Shays. How do you describe your relationship with the 
Federal Government?
    Mr. Connor. We are a Federal instrumentality. The President 
appoints our chairman. We have several Cabinet members who are 
ex officio members of our board of Governors but we are not a 
Federal agency. We rely, almost to the 100 percent extent, on 
donations of that nature.
    Mr. Shays. Yet you have an actual specific role to play 
when disasters----
    Mr. Connor. We do. We are listed, if I may--we are in the 
National Response Plan, and we have the role for mass care, 
which is spelled out in the Federal----
    Mr. Shays. And of course, you wouldn't want to change that, 
but the issue is, should you be allowed to----
    Mr. Connor. Correct. Our point is, we have a lot of work to 
do. We are committed to be partners with DHS at the national 
level and the local level. We really want to do this. It takes 
resources. And to the extent we could be eligible for grants 
directly, that would be helpful----
    Mr. Shays. So the issue is not that you would get a grant 
but at least that you would be eligible----
    Mr. Connor. That's correct. That's correct.
    Mr. Shays. No. That makes sense.
    Mr. Connor. Thank you.
    Mr. Shays. Let me have all of you, including Mr. Connor, 
let's start with you, Mr. Allen--I mean, first off, we 
basically all agree here that we have a threat assessment, but 
we don't really have a warning system yet, and that's the 
nodding of heads--can't be recorded, is all yes. OK.
    Now, so how do we move from threat assessment to a real 
warning system? Tell me the first few steps. Give me two. You 
can give me one. You can give me four.
    Mr. Allen. Can I give you an example, Mr. Chairman? Let's 
say that there is a threat that there's going to be an anthrax 
attack or a dirty bomb here in the Washington, DC area, and the 
government has elevated the level to severe, and then they get 
more information that it is a real likelihood that something is 
going to happen. In a warning system, some of the steps you 
would go through in the decisionmaking process, the first might 
be to notch it up by notifying the local officials to keep an 
eye out for this sort of behavior or to watch this sort of 
activity and provide them specific information to the extent 
you can.
    But let's say, again, that, at some level, you're going to 
go and say you have to notify the public. Currently, there is 
no capability within the HSAS or within the DHS threat system 
to provide an actual public warning to the public. In other 
words, if they were going to notify us, there's not even a 
linkage between the HSAS and the NOAA weather radio or the 
Emergency Alert System, our two national warning systems to get 
information out. There should, at a minimum, be a linkage--if 
there's going to be a public warning, that we have a process 
and a procedure to notify citizens over television and radio 
via EAS and NOAA weather radio. We do not have that.
    Second of all, we need to have decided in advance what are 
we going to tell citizens to do. It's no good warning them if 
you don't tell them what you're going to do. Do you want them 
to shelter in place? Do you want them to evacuate? So we need a 
plan prior to any of this happening.
    But the first step would be to develop that linkage between 
the threat assessment and the threat warning and the systems 
that we already have in place to communicate with the public in 
times of emergency. That would be the first step. And there's a 
lot more we could do, but let's keep it simple.
    Mr. Shays. Thank you. We intend, as this committee, to 
write a report on what we're going to recommend to DHS 
because--and we are going to use a good deal of what we've 
learned from the first and second panel. You've provided some 
rich information. I do want to encourage you to feel free to 
continue to dialog with the committee, all of you, in terms of 
recommendations. That would be helpful.
    Doctor.
    Dr. Carafano. I would establish a public system, a two-
tiered system of watches and warnings. In order to issue a 
watch or a warning, you would have----
    Mr. Shays. Let's start again. You're talking too quickly.
    Dr. Carafano. I would establish a public system that would 
consist of a two-tiered system of watches and warnings, and in 
order to issue a watch or a warning, you would have to provide 
information that was credible, specific, understandable and 
actionable. If you couldn't meet those four criteria, then 
issue a press release or something else.
    Mr. Shays. I'm going to come back to your comment. I'm 
going to give you a specific example, and tell me what you 
would want the public to know.
    Mr. Wermuth. There needs to be some distinctions made 
between threat assessments and warnings. Unfortunately, the 
lexicon, even within the Federal Government, about what really 
is a true threat assessment is different depending on which 
agency you talk to; so in the first place, we need better 
definitions. But I would offer that we need various types of 
threat assessments to start with, strategic threat assessments, 
who are our enemies, what are their motivations, what are their 
capabilities. And then with that information, you can make some 
more strategic decisions about the application of resources.
    Warnings, on the other hand--and I think Jim and I agree 
here. In fact, I think from what I've heard, all of us would 
agree warnings have to do with actionable intelligence, 
something that causes you to say not only is there this threat 
but it is this specific and here is what you ought to be doing, 
perhaps within a range of various activities depending on who 
your sector is.
    So to me, a threat assessment is something at a higher 
level. A true warning system has to be based on something more 
current, more actionable, more tactical, if you will, than 
broader threat assessments about who our enemies are and what 
they intend to do and what they have the capabilities to do, so 
that then you can overlay that with your vulnerabilities in 
performing a good risk analysis for the application of 
resources and other kinds of activities.
    Mr. Shays. I'm going to come back, Mr. Wermuth, and want to 
know how specific they would have to be in an example I'll give 
you.
    Mr. Connor.
    Mr. Connor. Mr. Chairman, the Red Cross's emphasis is on 
preparing the public for all hazards, kinds of affairs, and we 
understand this debate, and we think it's properly left in the 
Federal arena. Whatever the outcome is, we want to be helpful 
to DHS in whatever system is----
    Mr. Shays. Well, let me ask you this, though, do you think 
the public needs to be warned about potential terrorist 
threats, or do you think it should just be threat assessment?
    Mr. Connor. Mr. Chairman, I don't think that is a question 
for the Red Cross.
    Mr. Shays. Fair enough. I'm comfortable. So now, let me 
give you a specific example. Let's just suppose that we believe 
that the Europeans aren't doing a good enough job of making 
sure terrorists are able to get onto airplanes. Let's assume 
that they may use a biological agent on the plane and that we 
think that is a very real possibility. Let's also assume that 
we're concerned about a dirty bomb being detonated when a large 
group of people are gathering and that we surmise that it may 
be in 5 to 12 cities.
    And we have decided to respond by warning all the officials 
about this concern. We are asking the Europeans to put marshals 
on airplanes. We are asking them to do a better job of 
checking. Let's assume that we are going into our cities to try 
to determine whether there is in fact any hint of radioactive 
material and that we are particularly guarding those larger 
events.
    Let's also assume that we have such a concern that there 
might be an outbreak, that we even have sharpshooters at large 
public gatherings.
    Now, tell me, if I'm being told that and that's what I know 
as well as a Member of Congress, what do you think the public 
has the right to know?
    Mr. Allen. Mr. Chairman, well, you didn't pick an easy 
example.
    Mr. Shays. I thought I picked a damn realistic one.
    Mr. Allen. But a very realistic one. From the point of view 
of the partnership, we would err on the side of telling the 
public more information than less, enough to let them make 
informed decisions about whether or not they want to go to a 
large crowd gathering.
    Mr. Shays. Or travel at your own risk.
    Mr. Allen. Or travel at your own risk.
    We would also hope that the decision on releasing that 
information or not is made collaboratively in a process in 
which State and local government officials also have a right to 
play a role and that it's just not DHS and the Federal 
Government making that decision.
    But we think that--we believe that it's the basic precept 
of our society. The public has a right to know, and unless 
there's a reason from an intelligence perspective not to, we 
would err in sharing it with the citizens and letting them make 
their own decisions.
    Dr. Carafano. I think everything you just stated would be 
the perfect basis for a usable warning to the general public, 
certainly much, much more useful than going from one color to 
another. Everything that you describe, there are things where 
individuals can take actionable things on their own behalf to 
protect themselves, and I think that would be a foundation for 
a perfectly valid announcement.
    And I would add, I think DHS's press announcement where 
they talked about concerns about airlines in late February and 
stuff, I think that came closer to the kind of thing that we 
would be looking for, but I don't think there's anything that 
you just said that wouldn't be perfectly appropriate in an 
announcement.
    Mr. Wermuth. Let me use your examples to explain what I 
think is the difference between threat announcements or threat 
analysis and warnings. In the airline example, I think we could 
and should tell the American people, on a regular basis if 
necessary, that we know that terrorists are still interested in 
commercial airliners and that we think some of our European 
allies are not providing enough security measures at airports 
to prevent them from getting onto airplanes. That's kind of a 
threat advisory. Right? People can process that information and 
make decisions about whether to travel or not.
    It rises to a warning level when, as we did around the 
holiday season and again around the first of February, say we 
have specific information that terrorists may be trying to 
board flights out of Heathrow and out of Paris coming in this 
direction. That rises, to me, to the level of a warning that 
says, ``You may really want to consider not flying on some of 
those routes, because we have specific actionable 
intelligence.'' That's the distinction between the two.
    But I would agree with my colleagues here on the panel, 
that I think the public has a right to know. In the dirty bomb 
instance, you don't have to tell the people exactly how many 
people you have as sharpshooters, for example, what kinds of 
weapons that they have, but perhaps you ought to say we're 
concerned enough that we're providing additional security 
forces that have the authority to interdict potential 
terrorists, including the possible use of force at arms.
    I just think that information is important enough to 
disseminate to the public and then let them make a decision. 
They may still decide to go to that sporting event or that 
public gathering, whatever it happens to be, but tell them 
enough where they can make an informed decision without 
necessarily talking about either intelligence sources or 
methods or for that matter enforcement methods, on the other 
hand.
    Mr. Shays. I'm just struck by the fact that you're 
basically saying what seems to logical to me and so respectful 
of the public, and yet that was really a real life example. 
That wasn't a made-up example. That was a real-life example 
that occurred in the last few months.
    Mr. Ruppersberger, I'm going to have a few more questions, 
so if you want to join in?
    Mr. Ruppersberger. I want to get back to TTIC, because I 
know it's important, and it's just not working as well as it 
should. Is there anything that you would recommend to us as far 
as legislation is concerned on how we might be able to fix 
TTIC?
    Mr. Wermuth. That it be a mandate: full-time representation 
in the TTIC from State and local entities of the Maryland type, 
of the California type, of the New York type. Whether you allow 
States and localities to pay for that or whether you provide 
direct Federal funding through grants or otherwise, that would 
allow some of these entities to provide their full-time 
representation, I don't think that entity is ever going to have 
the full picture, is ever going to be as effective as it could 
be, unless it has that kind of representation; and it can't be 
a quarterly meeting with a few State and local representatives 
coming to the TTIC and sitting around the table. It has to be 
full-time, every day.
    As one person described it, you'll learn more when you're 
talking to your colleagues around the coffee pot than you will 
in exchanging pieces of paper or having advisory meetings.
    Mr. Ruppersberger. From a legislation point of view, do you 
think there's a need for legislation to reform it or to dictate 
something?
    Mr. Wermuth. It may very well be that it would require very 
specific legislation or at least broader authority for Federal 
grants to be used by States and localities, if they choose to 
do so, to send representation to the TTIC, particularly those 
States in major metropolitan areas that perhaps are at higher 
risk, from everybody's viewpoint at higher risk, and we could 
sit here and name some of those.
    Mr. Ruppersberger. Dr. Carafano.
    Dr. Carafano. I would legislate the requirement for State 
and local participation in TTIC. I would legislate something 
similar to the Goldwater-Nichols requirements for JCS for 
participation in TTIC. I would do all of the funding for TTIC 
through the DHS so that DHS got basically a go/no-go on how the 
funds and other agencies participating in TTIC will be spent.
    And then finally, I would do a technical amendment to the 
Homeland Security Act of 2002. I would take TTIC, and I would 
take the IA portion of IAIP, merge them into one organization 
and put them under the jurisdiction of the Secretary of 
Homeland Security.
    Mr. Shays. Thanks, gentlemen. I'm not going to keep you 
here much longer, but I need to--this doesn't seem as difficult 
for me as I think it probably is, because I just start with the 
basic premise that the public has a right to know. But what I 
do wrestle with is, then, when don't they have a right to know 
or when would I cause more harm than good.
    Tell me, if you were in the position of having to do not 
only an assessment, a risk assessment, but a warning, what 
would become the most difficult tradeoffs for you that would 
maybe suggest that the public would not have a right to know? 
And you all have had to have thought about it. I mean, it 
just--you're in this line of work.
    Mr. Wermuth. That one, of course, is difficult, but all I 
can do is to say, without having a specific example, there are 
not many scenarios that I can think of where you wouldn't want 
to tell the public something. I know the situation you're 
talking about right after September 11th when the question was 
asked, ``are we prepared for biological attacks,'' and what the 
answer was to that question on national television--I think the 
rationale behind not telling the public in that case is 
absolutely the wrong rationale. We have to trust the American 
people to take this information on board and process it. 
Whether it's natural disasters or emerging natural infectious 
diseases or a deliberate attack, I think we can tell them what 
you would, as a citizen, want to know without necessarily 
disclosing intelligence sources and methods or perhaps all of 
the steps that governments at all levels are taking to help 
protect them, because that might disclose things to the bad 
guys. You have to tell them what the threats are and what that 
means to them in terms of risk. I think it's wrong to take any 
other approach.
    Mr. Allen. General Hughes said that making those decisions 
about what to share is a balance, and I would agree with him to 
an extent, but I think the balance needs to be shifted a little 
bit.
    Hopefully, we will never be--have the difficult decisions 
that I guess they had during World War II in the bombing of 
Coventry when they decided not to share that information in 
order not to divulge the source of the intelligence.
    Mr. Shays. That's a great example, isn't it?
    Mr. Allen. It is a great example. And the only example I 
could think of when you wouldn't share it is when the potential 
loss to the Nation is greater from sharing it than not sharing 
it, and I truthfully can't conceive in 99 times out of 100 
where that would be the case.
    So I think that the balance, again, needs to be shifted to 
the side of informing the public, letting them make their own 
decisions about their lives and their families.
    The President said we're at war on terrorism, but unlike 
other wars, where we had an ocean between us and the 
battlefield, it's here, and I think we're all combatants in 
that war. And I think, as combatants, we all have a right to 
know whatever we can to protect ourselves and our communities. 
So I would err on informing people.
    Dr. Carafano. I agree. I think that the two concerns are, 
one, compromising sources or methods and, two, doing something 
that might facilitate a terrorist attack and might make it 
easier. I think those would be my two primary concerns.
    Mr. Shays. You all, again, are such experts, I want to ask 
you this. Could what happened in Spain happen in the United 
States?
    Mr. Wermuth. Certainly. It's part and parcel of this entire 
public information, education process. I think governments at 
all levels have an obligation to tell people we cannot protect 
you against everything all of the time. You will never be 100 
percent secure in any number of contexts within our society, 
whether it's within your freedom of travel, whether it's within 
your ability to communicate with each other through 
increasingly sophisticated communication systems. We ought to 
be explaining that to the American people.
    It really is the basis of what the Advisory Panel described 
as its new normalcy. Be straightforward with the American 
people. We can't protect you against everything. Yes, there are 
risks with train travel in the United States, but just because 
we're vulnerable, as this panel would say, doesn't necessarily 
mean that there is a threat out there that exists to exploit 
that vulnerability.
    Could it happen here? Yes. But that's what makes 
intelligence collection, analysis and dissemination so 
critically important. It's not just because we're vulnerable or 
the things that scare us to death. It's understanding who the 
enemy is, what their motivations are, what their capabilities 
are and being able to take action on that depending on what the 
threatened attack is at any point in time. But to me, the 
answer to the question is, sure.
    Mr. Shays. Dr. Carafano.
    Dr. Carafano. I agree.
    Mr. Shays. And the answer is, yes, again?
    Dr. Carafano. Yes. I would agree.
    Mr. Shays. OK. Mr. Allen, as well, is saying he would 
agree.
    I would also put into perspective we lose about 120 people 
every day in automobile accidents. It blows me away every time 
I think about it. You know, the number last year was 440,000, 
and so we do know there are a lot of things we do at risk. It's 
just nice to know it, and, I mean, nice--I just think it's 
important to know it.
    Let me ask you, is there anything that we should have asked 
that we didn't? Is there anything that you would have liked to 
have responded to that we didn't ask? Anything you want to put 
on the record?
    Mr. Connor. Mr. Chairman we would love to put in the record 
our thanks to Mr. Ruppersberger for his great support of the 
Red Cross and his statement on the floor of the House last week 
for March as Red Cross month. Thank you.
    Mr. Shays. That's probably the most important thing that 
happened all day today, that you thanked him.
    Dr. Carafano. I'd just like to reiterate a call that I 
think we need to pay much more attention to educating the next 
generation of State and local and Federal leaders on how to do 
preparedness better, how to do response better, and it's a 
serious education challenge that I don't think we've fully 
taken on.
    Mr. Allen. I just want to commend the chairman and this 
committee for addressing this issue, the whole issue of public 
warning. I think it's because so many people are involved, and 
nobody has been in charge of it. And somebody needs to pay 
attention to it, and we commend you for doing so.
    Mr. Shays. Thank you. We're not going to let up on it, and 
we do know we have people of good will, but we do think 
politics is kind of interfering, in some cases, with good 
judgment, regretfully, and I just think that we just need to 
keep plugging away at it, and I thank you all for providing us 
tremendous data and information and opinion. Thank you.
    This hearing is now adjourned.
    [Whereupon, at 12:48 p.m., the subcommittee was adjourned.]

                                 
